Cryptography for the Cloud

Similar documents
Secure Computation Martin Beck

Authenticity of Public Keys

Paillier Threshold Encryption Toolbox

Associate Prof. Dr. Victor Onomza Waziri

Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon

Computing on Encrypted Data

NEW CRYPTOGRAPHIC CHALLENGES IN CLOUD COMPUTING ERA

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

3-6 Toward Realizing Privacy-Preserving IP-Traceback

QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University

How To Protect Your Data From Attack

Information Security

Client Server Registration Protocol

E-Democracy and e-voting

Introduction to Cryptography

Verifiable Delegation of Computation over Large Datasets

Restructuring the NSA Metadata Program

A Study on Secure Electronic Medical DB System in Hospital Environment

Top Ten Security and Privacy Challenges for Big Data and Smartgrids. Arnab Roy Fujitsu Laboratories of America

preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.

Secure Large-Scale Bingo

Overview of Public-Key Cryptography

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Providing Data Protection as a Service in Cloud Computing

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Privacy, Security and Cloud

CS 758: Cryptography / Network Security

Introduction. Digital Signature

Fully homomorphic encryption equating to cloud security: An approach

Cloud Data Storage Security and Public Auditing

A Simulation Game for Teaching Secure Data Communications Protocols

Cryptography & Network Security. Introduction. Chester Rebeiro IIT Madras

Secure Collaborative Privacy In Cloud Data With Advanced Symmetric Key Block Algorithm

A Comprehensive Data Forwarding Technique under Cloud with Dynamic Notification

Information Security Theory vs. Reality

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Lesson 4: Introduction to network security

Journal of Electronic Banking Systems

Verifiable Outsourced Computations Outsourcing Computations to Untrusted Servers

Secure cloud access system using JAR ABSTRACT:

Chapter 2 TSAS: Third-Party Storage Auditing Service

Public Key Cryptography. c Eli Biham - March 30, Public Key Cryptography

Privacy Patterns in Public Clouds

Homomorphic encryption and emerging technologies COSC412

Efficient and Secure Dynamic Auditing Protocol for Integrity Verification In Cloud Storage

CPSC 467b: Cryptography and Computer Security

Improving data integrity on cloud storage services

COSC 472 Network Security

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems

Cryptography and Network Security

Security Sensor Network. Biswajit panja

EXAM questions for the course TTM Information Security May Part 1

CIS 5371 Cryptography. 8. Encryption --

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Exploring Privacy Preservation in Outsourced K-Nearest Neighbors with Multiple Data Owners

Dynamic Query Updation for User Authentication in cloud Environment

Professor Radha Poovendran EE Department, University of Washington, Seattle, WA & Professor Dawn Song EECS Department, University of California,

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY

Hushmail Express Password Encryption in Hushmail. Brian Smith Hush Communications

The Relationship Between PCI, Encryption and Tokenization: What you need to know

Secure and Efficient Data Retrieval Process based on Hilbert Space Filling Curve

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Message Authentication Code

Practical Yet Universally Composable Two-Server Password-Authenticated Secret Sharing

Sync Security and Privacy Brief

Efficient File Sharing in Electronic Health Records

Information Security Basic Concepts

Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records

Message authentication and. digital signatures

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

A NOVEL APPROACH FOR MULTI-KEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA

Enabling Public Auditing for Secured Data Storage in Cloud Computing

THE UNIVERSITY OF TRINIDAD & TOBAGO

Elements of Security

CSCE 465 Computer & Network Security

Security and Privacy in Cloud Computing

Boosting Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data

Security/Privacy Models for "Internet of things": What should be studied from RFID schemes? Daisuke Moriyama and Shin ichiro Matsuo NICT, Japan

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Identity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks

Privacy and Verifiability for Data Storage in Cloud Computing. Melek Ӧnen August 17, 2015 IFIP Summer School, Edinburgh

Approaches for privacy-friendly Smart Metering: Architecture using homomorphic encryption and homomorphic MACs

Ensuring Integrity in Cloud Computing via Homomorphic Digital Signatures: new tools and results

cipher: the algorithm or function used for encryption and decryption

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

What is network security?

2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec

Introduction to Information Security

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1

Best Practices for Network Security. Name. University/College. Unit Name. Unit Code. Lecturer

Data Storage Security in Cloud Computing

Capture Resilient ElGamal Signature Protocols

SECURITY ENHANCEMENT OF GROUP SHARING AND PUBLIC AUDITING FOR DATA STORAGE IN CLOUD

Cloud Computing. servers. Cloud is a phrase that resembles the sharing process. Basically Cloud

New Constructions and Practical Applications for Private Stream Searching (Extended Abstract)

An Introduction to Cryptography and Digital Signatures

Transcription:

Cryptography for the Cloud ENS - CNRS - INRIA Cyber-Sécurité - SPECIF CNAM, Paris, France - November 7th, 2014

The Cloud Introduction 2

Access from Anywhere Introduction 3

Available for Everything One can Store documents, photos, etc Share them with colleagues, friends, family Process the data Ask queries on the data Introduction 4

With Current Solutions The Cloud provider knows the content and claims to actually identify users and apply access rights safely store the data securely process the data protect privacy Introduction 5

But For economical reasons, by accident, or attacks data can get deleted any user can access the data one can log all the connected users all the queries to analyze and sell/negotiate the information Introduction 6

Requirements Users need more Storage guarantees Proof of storage Encryption Privacy guarantees confidentiality of the data anonymity of the users Anonymous Authentication Private Information Retrieval obliviousness of the queries How to process users queries? Introduction 7

FHE: The Killer Tool Fully Homomorphic Encryption allows to process encrypted data, and get the encrypted output AND ENOT Encrypted Inputs Inputs EOR NOT EAND Circuit ENOT Encrypted Outputs Outputs EAND OR AND EOR Confidentiality 8

Outsourced Processing no information about the input/output data ENOT Encrypted Inputs EOR EAND Circuit EOR EAND ENOT Encrypted Outputs Inputs Outputs Confidentiality 9

Private Computations no information about the input/output data nor the program Encrypted Inputs + Circuit Description EOR EAND ENOT EAND Universal Circuit EOR ENOT Encrypted Outputs Inputs Program Outputs Confidentiality 10

FHE: Ideal Solution? Allows private storage Allows private computations Private queries in an encrypted database Private «googling» The provider does not learn the content the queries Privacy by design the answers But each gate requires a few minutes Confidentiality 11

Confidentiality & Sharing Encryption allows to protect data the provider stores them without knowing them nobody can access them either, except the owner How to share them with friends? Specific people have full access to some data: with public-key encryption with multiple recipients Specific people have specific access such as partial information, statistics or agregation Confidentiality 12

Broadcast Encryption But a key manager generates decryption keys Requirement to avoid trusted authority: either a broadcast system per sender or a decentralized (ad-hoc) broadcast encryption scheme Confidentiality 13

Functional Encryption The sender generates sub-keys K f : From C = Encrypt(m), Decrypt(K f, C) outputs f(m) This allows controlled sharing of data But receivers keys are specific to the sender: many secrets! Confidentiality 14

Interactivity Fully Homomorphic Encryption is non-interactive all the computations to be done in the Cloud without any additional hint from the user Decentralized Broadcast Encryption impossible without interactions between the players Some interactivity can help additional hints from the user but latency issues Efficient & Secure two/multi-party Computation Interactivity 15

Multi-Party Computation input output output input output input input output input input output output Secure Multi-Party Computation Ideally: each party gives its input and just learns its output for any ideal functionality Interactivity 16

Multi-Party Computation input output input output input output Secure Multi-Party Computation Ideally: each party gives its input and just learns its output for any ideal functionality In practice: many interactions between the parties Latency too high over Internet Interactivity 17

x n Ex: Private DB Queries x 1 x 2 i x 3 F x i Obliviousness of the queries The client learns x i and nothing else The database does not learn anything Interactivity 18

Projective Hashing sk Hash H unpredictable KeyGen W = pk ProjHash H H=Hash(sk,W) can be used as a random mask Knowledge of a witness w required to unmask w such that R(W,w)=1 Projective Hashing 19

PH and Private Queries L 1 and L 2 two distinct NP-hard languages in X A word Wi is in L i if and only if there exists a witness wi such that Ri(Wi,wi)=1 (Mi)i (ski,pki)i KeyGen Hi = Hash(ski,W) W (pk Ci = Mi Hi i,ci)i b W Lb H b = ProjHash(pk b,w,w) Mb = Cb Hb Secure Oblivious Transfer Projective Hashing 20

Diffie-Hellman One can efficiently instantiate Projective Hashing with Diffie-Hellman L = {(g r, h r )} X = {(g r, h s )} = G 2 sk = (a,b) and pk = g a h b H = Hash(sk,(u,v)) = u a v b = pk r = ProjHash(pk,(u,v),r) = H if (u,v) = (g r, h r ) L if (u,v) L, H is random, perfectly independent of pk Evaluations and communications are quite efficient Projective Hashing 21

Conclusion Threat However strong the trustfulness of the Cloud provider may be, any system or human vulnerability can be exploited against privacy Cryptography for the Cloud Fully-safe access to the Cloud for everybody whatever the behavior of the provider The provider is just trusted to store the data (can be controlled) process and answer any request (or DoS) A privacy breach cannot be checked 22

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information