Cookies Policy
The website need some cookies and similar means to function. If you permit us, we will use those means to collect data on your visits for aggregated statistics to improve our service. Find out More
Accept Reject
  • Menu
About

About

Currently, I am a fourth year Ph.D. student under the MAPi doctoral programme, and a researcher at HASLab/INESC TEC, working for project SafeCloud and NanoSTIMA. I hold a M.Sc. thesis in Informatics Engineering from University of Minho.

My research interests are cryptography and information security, more specifically regarding secure multiparty computation protocols relying on trusted hardware. The goal of my Ph.D. project is to improve the implementation of high-assurance multiparty computation protocols, by bridging the gap between rigorous theoretical security models and efficient practical implementations. Relevant contributions in this context include the first provable security approach for formalizing security guarantees of Isolated Execution Environments (IEEs), and the first general approach to implementing MPC protocols using IEE-enabled systems.

Interest
Topics
Details

Details

  • Name

    Bernardo Luís Portela
  • Role

    Senior Researcher
  • Since

    01st January 2014
003
Publications

2024

Flow Correlation Attacks on Tor Onion Service Sessions with Sliding Subset Sum

Authors
Lopes, D; Dong, JD; Medeiros, P; Castro, D; Barradas, D; Portela, B; Vinagre, J; Ferreira, B; Christin, N; Santos, N;

Publication
31st Annual Network and Distributed System Security Symposium, NDSS 2024, San Diego, California, USA, February 26 - March 1, 2024

Abstract

2023

General-Purpose Secure Conflict-free Replicated Data Types

Authors
Portela, B; Pacheco, H; Jorge, P; Pontes, R;

Publication
2023 IEEE 36TH COMPUTER SECURITY FOUNDATIONS SYMPOSIUM, CSF

Abstract
Conflict-free Replicated Data Types (CRDTs) are a very popular class of distributed data structures that strike a compromise between strong and eventual consistency. Ensuring the protection of data stored within a CRDT, however, cannot be done trivially using standard encryption techniques, as secure CRDT protocols would require replica-side computation. This paper proposes an approach to lift general-purpose implementations of CRDTs to secure variants using secure multiparty computation (MPC). Each replica within the system is realized by a group of MPC parties that compute its functionality. Our results include: i) an extension of current formal models used for reasoning over the security of CRDT solutions to the MPC setting; ii) a MPC language and type system to enable the construction of secure versions of CRDTs and; iii) a proof of security that relates the security of CRDT constructions designed under said semantics to the underlying MPC library. We provide an open-source system implementation with an extensive evaluation, which compares different designs with their baseline throughput and latency.

2023

Soteria: Preserving Privacy in Distributed Machine Learning

Authors
Brito, C; Ferreira, P; Portela, B; Oliveira, R; Paulo, J;

Publication
38TH ANNUAL ACM SYMPOSIUM ON APPLIED COMPUTING, SAC 2023

Abstract
We propose Soteria, a system for distributed privacy-preserving Machine Learning (ML) that leverages Trusted Execution Environments (e.g. Intel SGX) to run code in isolated containers (enclaves). Unlike previous work, where all ML-related computation is performed at trusted enclaves, we introduce a hybrid scheme, combining computation done inside and outside these enclaves. The conducted experimental evaluation validates that our approach reduces the runtime of ML algorithms by up to 41%, when compared to previous related work. Our protocol is accompanied by a security proof, as well as a discussion regarding resilience against a wide spectrum of ML attacks.

2023

Privacy-Preserving Machine Learning on Apache Spark

Authors
Brito, CV; Ferreira, PG; Portela, BL; Oliveira, RC; Paulo, JT;

Publication
IEEE ACCESS

Abstract
The adoption of third-party machine learning (ML) cloud services is highly dependent on the security guarantees and the performance penalty they incur on workloads for model training and inference. This paper explores security/performance trade-offs for the distributed Apache Spark framework and its ML library. Concretely, we build upon a key insight: in specific deployment settings, one can reveal carefully chosen non-sensitive operations (e.g. statistical calculations). This allows us to considerably improve the performance of privacy-preserving solutions without exposing the protocol to pervasive ML attacks. In more detail, we propose Soteria, a system for distributed privacy-preserving ML that leverages Trusted Execution Environments (e.g. Intel SGX) to run computations over sensitive information in isolated containers (enclaves). Unlike previous work, where all ML-related computation is performed at trusted enclaves, we introduce a hybrid scheme, combining computation done inside and outside these enclaves. The experimental evaluation validates that our approach reduces the runtime of ML algorithms by up to 41% when compared to previous related work. Our protocol is accompanied by a security proof and a discussion regarding resilience against a wide spectrum of ML attacks.

2022

Boolean Searchable Symmetric Encryption With Filters on Trusted Hardware

Authors
Ferreira, B; Portela, B; Oliveira, T; Borges, G; Domingos, H; Leitao, J;

Publication
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING

Abstract
The prevalence and availability of cloud infrastructures has made them the de facto solution for storing and archiving data, both for organizations and individual users. Nonetheless, the cloud's wide spread adoption is still hindered by dependability and security concerns, particularly in applications with large data collections where efficient search and retrieval services are also major requirements. This leads to an increased tension between security, efficiency, and search expressiveness. In this article we tackle this tension by proposing BISEN, a new provably-secure boolean searchable symmetric encryption scheme that improves these three complementary dimensions by exploring the design space of isolation guarantees offered by novel commodity hardware such as Intel SGX, abstracted as Isolated Execution Environments (IEEs). BISEN is the first scheme to support multiple users and enable highly expressive and arbitrarily complex boolean queries, with minimal information leakage regarding performed queries and accessed data, and verifiability regarding fully malicious adversaries. Furthermore, BISEN extends the traditional SSE model to support filter functions on search results based on generic metadata created by the users. Experimental validation and comparison with the state of art shows that BISEN provides better performance with enriched search semantics and security properties.

Supervised
thesis

2023

Privacy in Telecom Fraud Detection

Author
Eduardo Carvalho Santos

Institution
UP-FCUP

2023

Speculative Execution Resilient Cryptography

Author
Rui Pedro Gomes Fernandes

Institution
UP-FCUP

2023

Detection of Encrypted Malware Command and Control Traffic

Author
Carlos António de Sousa Costa Novo

Institution
UP-FCUP

2022

Security in Data Aggregation for Eventually Consistent Systems

Author
Pedro Miguel de Jesus Jorge

Institution
UP-FCUP

2022

Detection of Encrypted Malware Command and Control Traffic

Author
Carlos António de Sousa Costa Novo

Institution
UP-FCUP