Privacy and Verifiability for Data Storage in Cloud Computing. Melek Ӧnen August 17, 2015 IFIP Summer School, Edinburgh



Similar documents
Privacy and Security in Cloud Computing

Multi-User Searchable Encryption in the Cloud. Cédric Van Rompay, Refik Molva, and Melek Önen ISC 2015 September 10, 2015 Trondheim, Norway

Verifiable Delegation of Computation over Large Datasets

SECURE AND TRUSTY STORAGE SERVICES IN CLOUD COMPUTING

Cloud Security Introduction and Overview

Is it Time to Trust the Cloud? Unpacking the Notorious Nine

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment

Review On Deduplicating Data and Secure Auditing in Cloud

Enhancing Data Security in Cloud Storage Auditing With Key Abstraction

Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records

Publicly Verifiable Conjunctive Keyword Search in Outsourced Databases

Cloud Data Storage Services Considering Public Audit for Security

preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.

SECURITY ENHANCEMENT OF GROUP SHARING AND PUBLIC AUDITING FOR DATA STORAGE IN CLOUD

Performance Evaluation Panda for Data Storage and Sharing Services in Cloud Computing

A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA

CONSIDERATION OF DYNAMIC STORAGE ATTRIBUTES IN CLOUD

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

Sharing Of Multi Owner Data in Dynamic Groups Securely In Cloud Environment

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY

RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM

SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD

ADVANCE SECURITY TO CLOUD DATA STORAGE

TITLE: Secure Auditing and Deduplicating Data in Cloud(Survey Paper)

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Cloud Security and Managing Use Risks

DATA SECURITY IN CLOUD USING ADVANCED SECURE DE-DUPLICATION

SHARED DATA & INDENTITY PRIVACY PRESERVING IN CLOUD AND PUBLIC AUDITING

Secure Computation Martin Beck

Side channels in cloud services, the case of deduplication in cloud storage

Data Storage Security in Cloud Computing for Ensuring Effective and Flexible Distributed System

ISSN Index Terms Cloud computing, outsourcing data, cloud storage security, public auditability

Improving data integrity on cloud storage services

RSA BASED CPDP WITH ENCHANCED CLUSTER FOR DISTRUBED CLOUD STORAGE SERVICES

Verifying Correctness of Trusted data in Clouds

Data Storage Security in Cloud Computing

Public Cloud Security: Surviving in a Hostile Multitenant Environment

Secure Distribution of File on Cloud

STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM

Energy Efficiency in Secure and Dynamic Cloud Storage

Towards a compliance audit of SLAs for data replication in Cloud storage

Currency and Correctness of Content in Object Storage Networks

Keywords: - Ring Signature, Homomorphic Authenticable Ring Signature (HARS), Privacy Preserving, Public Auditing, Cloud Computing.

How To Secure Cloud Computing, Public Auditing, Security, And Access Control In A Cloud Storage System

Secrecy Maintaining Public Inspecting For Secure Cloud Storage

IMPLEMENTATION CONCEPT FOR ADVANCED CLIENT REPUDIATION DIVERGE AUDITOR IN PUBLIC CLOUD

Survey Paper on Integrity Auditing of Storage

A Survey on Secure Auditing and Deduplicating Data in Cloud

How To Design A Cloud Data Storage Service For A Cloud Computer System

Verifiable Outsourced Computations Outsourcing Computations to Untrusted Servers

A Survey on Secure Storage Services in Cloud Computing

Index Terms Cloud Storage Services, data integrity, dependable distributed storage, data dynamics, Cloud Computing.

Data Integrity by Aes Algorithm ISSN

NEW CRYPTOGRAPHIC CHALLENGES IN CLOUD COMPUTING ERA

An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud

Comments on "public integrity auditing for dynamic data sharing with multi-user modification"

Data Protection: From PKI to Virtualization & Cloud

SECURE AND EFFICIENT PRIVACY-PRESERVING PUBLIC AUDITING SCHEME FOR CLOUD STORAGE

Security of Cloud Storage: - Deduplication vs. Privacy

Implementation of Privacy-Preserving Public Auditing and Secure Searchable Data Cloud Storage

Enabling Public Auditing for Secured Data Storage in Cloud Computing

February. ISSN:

Chapter 1: Introduction

Secure Data Sharing in Cloud Computing using Hybrid cloud

A Survey on Data Integrity of Cloud Storage in Cloud Computing

Enhance Data Security in Cloud Computing using Layered Interleaving Approach

JAVA IEEE Privacy Policy Inference of User-Uploaded Images on Content Sharing Sites Data Mining

Secure Way of Storing Data in Cloud Using Third Party Auditor

Identifying Data Integrity in the Cloud Storage

An Efficient Multi-Keyword Ranked Secure Search On Crypto Drive With Privacy Retaining

A Secure and Dependable Cloud Storage Service in Cloud Computing

PRIVACY PRESERVING PUBLIC AUDITING FOR SECURED DATA STORAGE IN CLOUD USING BLOCK AUTHENTICATION CODE

Cryptographic Data Security over Cloud

Cloud Computing. Cloud Computing An insight in the Governance & Security aspects

A NOVEL APPROACH FOR MULTI-KEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA

Cloud Data Service for Issues in Scalable Data Integration Using Multi Authority Attribute Based Encryption

Efficient Remote Data Possession Checking In Critical Information Infrastructures Ensuring Data Storage Security In Cloud Computing

Analysis of Secure Cloud Data Sharing Within a Group

Associate Prof. Dr. Victor Onomza Waziri

Index Terms: Cloud Computing, Third Party Auditor, Threats In Cloud Computing, Dynamic Encryption.

Integrity Verification In Multiple Cloud Storage Using Cooperative PDP Method

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

An Efficiency Keyword Search Scheme to improve user experience for Encrypted Data in Cloud

ISSN: (Online) Volume 2, Issue 1, January 2014 International Journal of Advance Research in Computer Science and Management Studies

PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTING

Ensuring Data Storage Security in Cloud Computing By IP Address Restriction & Key Authentication

International Journal of Infinite Innovations in Engineering and Technology. ISSN (Online): , ISSN (Print):

Data management using Virtualization in Cloud Computing

Transcription:

Privacy and Verifiability for Data Storage in Cloud Computing Melek Ӧnen August 17, 2015 IFIP Summer School, Edinburgh

Cloud Computing Outsourcing storage & computation High availability No IT maintenance cost Decreased Costs Elasticity & Flexibility Slide 2

CSA s Notorious Nine Data breaches Unauthorized access to client data Data Loss Accidental or malicious destruction Account hijacking Stolen credentials Insecure APIs Adversary steals data from cloud Denial of Service Intolerable system slowdown Malicious insiders More powerful attackers Abuse of cloud services Adversary rents the cloud Insufficient due diligence Mismatched expectations Shared technology issues Adversary breaks out of the hypervisor Slide 3

Clouds as Adversaries To trust or how to trust? Security Models & Requirements Honest but curious Confidentiality & Privacy Malicious Privacy + Integrity & Transparency Challenge Do not cancel cloud advantages Privacy & Integrity Big Data Lightweight operations at client side Slide 4

Privacy and verifiability for cloud computing Privacy and verifiability for data outsourcing Data encryption with storage efficiency Privacy preserving de-duplication Efficient verification of data storage Proofs of Retrievability Privacy and verifiability for data processing Computation over encrypted data Privacy preserving word search Verifiable computation Verifiable word search Slide 5

Storage efficiency with deduplication Storing duplicate data only once Total space savings up to 90-95% in backup applications Slide 6

Conflict with privacy D = Hello World D = Hello World ENCRYPTION with K1 ENCRYPTION with K2 owhfgr0wgr[w hfrw0[h0[ergh e0[gh0[eg dfjl;dbfrwbfirbf roepthwobgfr ugtwertgrtwu Slide 7

One solution: Convergent encryption Key = hash(data) D = Hello World D = Hello World ENCRYPTION with H(D) ENCRYPTION with H(D) klfgwilegfiorw egtriegtiergiei ergriegrigfifiw klfgwilegfiorw egtriegtiergiei ergriegrigfifiw Vulnerability to dictionary attacks Slide 8

Secure deduplication based on popularity Different protection based on popularity Popular data belongs to t users less secure protection to be deduplicated use convergent encryption Unpopular data likely to be unique, highly sensitive stronger protection no need for deduplication use stronger encryption Related work [Janek et. al. 2014] Combination of convergent encryption with threshold encryption Significant storage and bandwidth overhead Slide 9

Idea: Secure popularity detection [DPM 15] Data protection solutions Popular data convergent encryption (CE) Unpopular data symmetric encryption (SE) Idea: Check popularity Encrypt B with CE lookup for CE(B) CE(B) exists deduplication CE(B) does not exist encrypt B with SE Requirement: secure lookup if B unpopular, popularity check should not reveal B Secure lookup based on perfect hashing Slide 10

Privacy and verifiability for cloud computing Privacy and verifiability for data outsourcing Data encryption with storage efficiency Privacy preserving de-duplication Efficient verification of data storage Proofs of Retrievability Privacy and verifiability for data processing Computation over encrypted data Privacy preserving word search Verifiable computation Verifiable word search Slide 11

Verification of data storage Motivating scenario: outsourced storage Is my data still there? Requirements for evidence of correct storage Unlimited integrity checks by client No data transfer Efficient verification Slide 12

Proofs of Retrievability: Related Work Deterministic solutions [Deswarte et.al, Filho et.al,..] Costly verification performed on the entire data Probabilistic solutions [Ateniese et.al., Juels et.al., Shacham et.al...] Homomorphic tags Optimized communication costs Expensive preprocessing of the file before outsourcing Significant storage overhead Randomly located sentinels Light computation at the client, small storage overhead Limited number of checks Slide 13

Proofs of Retrievability: StealthGuard [ESORICS 14] w E n c r y p t w Slide 14

Proofs of Retrievability: StealthGuard Word Search Query (Privacy Preserving) w w 1 w 2 w 3 w 4 n Yes/No Yes/No Yes/No Yes/No Yes/No Missing word Missing data split Slide 15

Privacy and verifiability for cloud computing Privacy and verifiability for data outsourcing Data encryption with storage efficiency Privacy preserving de-duplication Efficient verification of data storage Proofs of Retrievability Privacy and verifiability for data processing Computation over encrypted data Privacy preserving word search Verifiable computation Verifiable word search Slide 16

Privacy preserving word search Outsourced DB Service several years corporate data regularly stored in the Cloud Privacy Encryption by the customer Query: search for word How to find it without downloading the entire DB? Requirement for a new solution to search words in an encrypted DB with privacy Find Blocks including W Slide 17

Privacy requirements Storage privacy No information on stored data need for data encryption Query privacy No information on the targeted word query privacy, query indistinguishability No information on the result response privacy Related work Mostly focused on the query privacy aspect only Query expressiveness

Our approach Querier = Owner Data privacy AND Query privacy Querier = authorized third party Data privacy AND Query privacy On-the-fly authorization & revocation Multi-Querier, Multi-Owner Data privacy AND Query Privacy (becomes mandatory!) On-the-fly authorization/revocation scalability Slide 19

PRIvacy preserving word Seach in MapReduce Semantically secure encryption Data privacy [PETS 12] Word search transformed to PIR problems (single bit) Query privacy Parallelism with MapReduce Map: Evaluate small PIR problem on each InputSplit Reduce: combine mapper output with simple addition Slide 20 20

PRISM - Upload File w 0, w 1,.... w n-1 WordEncrypt E(w 0 ), E(w 1 ),.... E(w n-1 ) Upload E(w i ),... E(w j ) E(w k ),... E(w l ) E(w m ),... E(w n ) E(w u ),... E(w v ) User Cloud Mapper hash(e(w i )) X,Y, b X Binary Map Y b Slide 21

PRISM Word Search hash(e(w)) Query for word w X,Y, b PIR query for (X,Y) User Mapper Cloud Binary Map PIR(X,Y) x PIR(X,Y) x PIR(X,Y) x PIR(X,Y) x homomorphic Reducer E(result) User Slide 22

Privacy preserving delegated word search Application Scenario: Auditing with privacy Transparency Logging Logs can be outsourced to the cloud User privacy Encrypted logs Accountability Auditor searches on encrypted logs Revoke authorized querier at any point of time Idea Privacy preserving word search Combine PIR with Cuckoo Hashing Third party authorization and revocation Combine ABE with OPRF [SECRYPT 14] Slide 23

MUSE: Multi-User Searchable Encryption Recommender systems Smart metering User A User B... User Z Cloud Huge number of users (writers) AND queriers (Readers)... No coordination/trust among readers and writers Slide 24

Idea: Proxy-based privacy preserving lookup [ISC 15] Writers Readers User A User B... User Z Slide 25 Cloud privacy against cloud Based on PIR Privacy against Proxy Based on underlying bilinear encryption Proxy...

Privacy and verifiability for cloud computing Privacy and verifiability for data outsourcing Data encryption with storage efficiency Privacy preserving de-duplication Efficient verification of data storage Proofs of Retrievability Privacy and verifiability for data processing Computation over encrypted data Privacy preserving word search Verifiable computation Verifiable word search Slide 26

Verifiable word search Motivating scenario: outsourced anonymized data File Upload Search Query for keywords Users Search results + Proofs Requirements for proof of search response Public delegatability: anyone can issue a query Public verifiability: anyone can verify the response Efficient verification Slide 27

Idea: Polynomial accumulators + Merkle trees [SPC 15] Verifiable test of membership Define P for each file f such that: P(w) = 0 if w f Compute public accumulator Acc(f) = g P(α) Proof of membership result P(w),witness Ω w =g Qw(α) s.t. P(α)=(α-w).Q w (α)+p(w) Verification e(ω w, g α g -w ) e(g P(w),g) == e(acc(f), g) cost increases with # words, one polynomial per file use Merkle trees

Slide 29 Conclusion Privacy preserving storage & computation Privacy preserving word search Privacy preserving deduplication Verifiable storage & computation Verifiable word search Proof of retrievability Data integrity Next? Efficient FHE solutions Meanwhile, continue research on dedicated primitives Unified framework Do not cancel cloud advantages Big Data Lightweight operations at client side

Acknowledgments EU Pojects Co-Authors Monir Azraoui, Pasquale Puzio, Cédric Van Rompay Kaoutar Elkhiyaoui, Erik Blass, Roberto di Pietro, Refik Molva Slide 30

Papers Publicly verifiable conjunctive keyword search in outsourcing databased, M. Azraoui, K. Elkhiyaoui, M. Önen, R. Molva, SPC 2015, Multi-user searchable encryption in the cloud, C. Van Rompay, R. Molva, M. Önen, ISC 15 PerfectDedup, P. Puzio, R. Molva, M. Önen, S. Loureiro, DPM 2015 StealthGuard: Proofs of Retrievability with hidden watchdogs, M. Azraoui, K. Elkhiyaoui, R. Molva, M Önen, ESORICS 2014 Privacy preserving delegated word search, K. Elkhiyaoui, M. Önen, R. Molva, SECRYPT 2014 PRISM- Privacy preserving Search in Map Reduce, E.-O. Blass, R. di Pietro, R. Molva, M. Önen, PETS 2012

THANK YOU melek.onen@eurecom.fr

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information