Privacy and Security in Cloud Computing



Similar documents
Privacy and Verifiability for Data Storage in Cloud Computing. Melek Ӧnen August 17, 2015 IFIP Summer School, Edinburgh

Multi-User Searchable Encryption in the Cloud. Cédric Van Rompay, Refik Molva, and Melek Önen ISC 2015 September 10, 2015 Trondheim, Norway

SECURE AND EFFICIENT PRIVACY-PRESERVING PUBLIC AUDITING SCHEME FOR CLOUD STORAGE

preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Improving data integrity on cloud storage services

Security Aspects of. Database Outsourcing. Vahid Khodabakhshi Hadi Halvachi. Dec, 2012

EPiC: Efficient Privacy-Preserving Counting for MapReduce

A Survey of Cloud Storage Security Research. Mar Kheng Kok Nanyang Polytechnic

EPiC: Efficient Privacy-Preserving Counting for MapReduce

RSA BASED CPDP WITH ENCHANCED CLUSTER FOR DISTRUBED CLOUD STORAGE SERVICES

Verifiable Delegation of Computation over Large Datasets

Secure Distribution of File on Cloud

Computing on Encrypted Data

BILINEAR PAIRING BASED PUBLIC AUDITING FOR SECURE CLOUD STORAGE USING TPA

A NOVEL APPROACH FOR MULTI-KEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA

Implementation of Privacy-Preserving Public Auditing and Secure Searchable Data Cloud Storage

A Survey and Analysis of Solutions to the. Oblivious Memory Access Problem. Erin Elizabeth Chapman

Identifying Data Integrity in the Cloud Storage

Secure cloud access system using JAR ABSTRACT:

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Big Data - Security and Privacy

Developing and Investigation of a New Technique Combining Message Authentication and Encryption

Remote Data Integrity Checking for Public Clouds

Verifying Correctness of Trusted data in Clouds

EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE

Index Terms Cloud Storage Services, data integrity, dependable distributed storage, data dynamics, Cloud Computing.

An Efficient Multi-Keyword Ranked Secure Search On Crypto Drive With Privacy Retaining

Analysis on Secure Data sharing using ELGamal s Cryptosystem in Cloud

SECURITY ENHANCEMENT OF GROUP SHARING AND PUBLIC AUDITING FOR DATA STORAGE IN CLOUD

IMPLEMENTATION CONCEPT FOR ADVANCED CLIENT REPUDIATION DIVERGE AUDITOR IN PUBLIC CLOUD

Hadoop. MPDL-Frühstück 9. Dezember 2013 MPDL INTERN

Storage Systems Autumn 2009

Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre

A Proxy-Based Data Security Solution in Mobile Cloud

Data Integrity by Aes Algorithm ISSN

An Efficient and Secure Data Sharing Framework using Homomorphic Encryption in the Cloud

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Survey on Efficient Information Retrieval for Ranked Query in Cost-Efficient Clouds

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment

Energy Efficiency in Secure and Dynamic Cloud Storage

MACs Message authentication and integrity. Table of contents

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY

Data Grid Privacy and Secure Storage Service in Cloud Computing

AN EFFECTIVE STUDY ON IMPROVED DATA AUTHENTICATION IN CLOUD SYSTEM

A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA

CS573 Data privacy and security in the cloud. Slide credits: Ragib Hasan, Johns Hopkins University

ISSN Index Terms Cloud computing, outsourcing data, cloud storage security, public auditability

PORs: Proofs of Retrievability for Large Files

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Facilitating Efficient Encrypted Document Storage and Retrieval in a Cloud Framework

Verifiable Outsourced Computations Outsourcing Computations to Untrusted Servers

PRIVACY-PRESERVING PUBLIC AUDITING FOR SECURE CLOUD STORAGE

Secure Collaborative Privacy In Cloud Data With Advanced Symmetric Key Block Algorithm

Professor Radha Poovendran EE Department, University of Washington, Seattle, WA & Professor Dawn Song EECS Department, University of California,

Data storage security in Cloud

Security for Cloud & Big Data

International Journal of Infinite Innovations in Engineering and Technology. ISSN (Online): , ISSN (Print):

Authorized Auditing of Big Data Stored on Cloud with Auditability Aware Data Scheduling

How To Ensure Data Integrity In Clouds

Data Security & Availability in Multi-Cloud Storage with Cooperative Provable Data Possession

Near Sheltered and Loyal storage Space Navigating in Cloud

Third Party Auditing For Secure Data Storage in Cloud through Trusted Third Party Auditor Using RC5

Surveying Cloud Storage Correctness using TPA with BLS

Secure Way of Storing Data in Cloud Using Third Party Auditor

Data Storage Security in Cloud Computing for Ensuring Effective and Flexible Distributed System

Privacy Preserving Similarity Evaluation of Time Series Data

IMPLEMENTATION OF RESPONSIBLE DATA STORAGE IN CONSISTENT CLOUD ENVIRONMENT

1 Construction of CCA-secure encryption

Efficient Remote Data Possession Checking In Critical Information Infrastructures Ensuring Data Storage Security In Cloud Computing

OVERVIEW OF SECURITY ISSUES IN CLOUD COMPUTING

CSCE 465 Computer & Network Security

Secure Data Exchange: A Marketplace in the Cloud

Secure File Sharing in the Cloud by Row Complete Matrix Re-encryption Method

Securing Data in the Cloud

Security Issues in Querying Encrypted Data

How To Create A Multi-Keyword Ranked Search Over Encrypted Cloud Data (Mrse)

Keywords Cloud Computing, CRC, RC4, RSA, Windows Microsoft Azure

Efficient and Secure Dynamic Auditing Protocol for Integrity Verification In Cloud Storage

Secure Role-Based Access Control on Encrypted Data in Cloud Storage using Raspberry PI

PiCsMu: A Cloud Overlay to Store and Manage Data

Towards a compliance audit of SLAs for data replication in Cloud storage

Chapter 2 TSAS: Third-Party Storage Auditing Service

February. ISSN:

DESIGN AND IMPLEMENTATION OF A SECURE MULTI-CLOUD DATA STORAGE USING ENCRYPTION

AN EFFICIENT AUDIT SERVICE OUTSOURCING FOR DATA IN TEGRITY IN CLOUDS

Data Storage Security in Cloud Computing

Development of enhanced Third party Auditing Scheme for Secure Cloud Storage

Erasure correcting to enhance data security in cloud data storage

Public Key Encryption that Allows PIR Queries

Official Arbitration with Secure Cloud Storage Application

Enable Public Audit ability for Secure Cloud Storage

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Karagpur

Tackling The Challenges of Big Data. Tackling The Challenges of Big Data Big Data Systems. Security is a Negative Goal. Nickolai Zeldovich

Cryptography: Motivation. Data Structures and Algorithms Cryptography. Secret Writing Methods. Many areas have sensitive information, e.g.

Verifying a Secret-Ballot Election with Cryptography

Private Inference Control For Aggregate Database Queries

New Techniques for Private Stream Searching

Cryptography and Network Security

An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud

Transcription:

Réunion CAPPRIS 21 mars 2013 Monir Azraoui, Kaoutar Elkhiyaoui, Refik Molva, Melek Ӧnen Slide 1

Cloud computing Idea: Outsourcing Ø Huge distributed data centers Ø Offer storage and computation Benefit: Cost reduction Ø Parallelization Ø Maintenance, reliability Main phases Ø Data upload Ø Computation upload (Java classes) Ø MapReduce Ø Result return Many large files 2

Privacy in Cloud Computing Sensitive data Ø Companies F Internal data F Human resources information Ø Governmental organizations F Prefecture: license plates, car owners... Challenge: Prying clouds Ø Adversary = honest-but-curious cloud Ø Data & Computation privacy Ø Do not cancel cloud advantages Ø Lightweight operations at the client side 3

Current Research Focus Proof of retrievability Handling encrypted data Accountability A4Cloud EU Project 4

Current research focus (cont d) Proof of Retrievability Ø Integrity Ø Very large amounts of data Ø Integrity proofs computed by untrusted clouds Ø Blockless verification PoR: Juels 2007 Provable Data Possession: Ateniese 2007 5

Current research focus (cont d) Handling encrypted data Ø Prying clouds F Data encrypted by the cloud Ø Very large amounts of data F Operations in the cloud performed by the cloud provider Solution for word search: PRISM 6

Handling encrypted data - scenario Data retention scenario Ø Internet Service Provider retains customers log/access data (for 6 years!) Ø Example: DNS logs (time, IP, hostname) Logs Save money: Outsource to cloud Challenge Ø Protect customer Privacy against prying clouds F Privacy: Encrypt log entries Ø Support queries: Has x accessed y (at time z)? F Word S Search Ø Efficiency: Leverage clouds massive parallelism F M MapReduce 7

PRIvacy preserving Search in MapReduce Contribution Ø Allows finding files containing words in clouds F Contrary to server-based solutions, e.g., Boneh et.al. 04 ( PEKS ), Song et.al. 00, Popa et.al. 11 ( Crypt-DB ) Ø Data privacy: No (non trivial) data analysis Ø Computation privacy: query privacy, query unlinkability Ø Evaluation: privacy proofs and implementation (11% overhead) Main idea Ø Word existence transformed to PIR problems Ø Map: Evaluate PIR problem per mapper on each InputSplit Ø Reduce: combine mapper output with simple addition Ø User decodes output, decides existence 8

PRISM: MapReduce Overview word? File Idea: Transform search for word into PIR Encrypt query & Upload Query for word Q(word) User E( ) E( ) E( ) E( ) Q(word) Q(word) Q(word) Q(word) InputSplit Mapper PIR Matrix E(0) homomorphic E(1) E(0) E(0) Reducer Cloud E(1) E(0) Result 9

PRISM - Upload Data privacy stateful cipher Ø efficient encryption AES Ø Indistinguishability AES + Plaintext counter Example: - K d = HMAC(K,d) - Initialize: γ w = 0 - Encrypt: E(w, γ w ), γ w = γ w + 1 - Maintain counter γ w for each w E(w) = E(w, γ w ) AES Pairing (e.g., padding + concatenation) Plaintext counter PRISM Privacy Privacy and Security Preserving Cloud Search Computing MapReduce 10

PIR: Private Information Retrieval d 1 d 2 d 3 d 4 1101 0100 1000 1010 k? wants to retrieve some data d k Upload: Data Matrix M d k Should not learn what is retrieved Query: User computes & send α= [ α 1, α 2,.., α k,.., α t ] Ø α k =b(1+ a k.n) mod p E(1) Ø α i = b(a i.n) mod p E(0) Process: Server computes β= 1 2... t 1 1 1 0 1 2 0 1 0 0... 1 0 0 0 t 1 0 1 0 11

PRISM Search: Query transformation User: PrepareQuery(w) Ø If w exists F W has been encrypted at least onceà E(w,1) has been uploaded Ø Computes candidate position: F CP : <X,Y> = E(w,1) Ø Compute PIR input α= [ α 1, α 2,.., α k,.., α t ] F α k =b(1+ a k.n) F α i = b(a i.n) α 2 = E(1) α i = E(0) PIR 1 2... t 1 Ø Send α to the cloud Query privacy 2... t CP 12

PRISM-Search: Map & Reduce Map: PIR Matrix construction (PIR matrix M data) Ø Matrix initialization to 0 Ø H( C i ),j 1 =1 compute CP i =<X i,y i >= C i Map: Process query: Column sums Ø For all rows F Compute: σ j = α i. M i,j σ 1 = α 3 + α 4 =E(0) σ 2 = α 2 + α 4 =E(1) C 1 C 2 C 3 C 4 PIR 1 2... t Map:Both steps repeated q times Ø Send q vectors σ Reduce: Ø Aggregation = addition Ø Homomorphism correctness 1 0 0 01 01 2 0 0 1 0 01... 0 1 0 01 01 t 01 01 0 01 13

PRISM Result analysis Receive t sums Ø Decrypt σ Y 0 1 0 1 Decision Ø D(σ Y ) =0 & h(c i )=1 contradiction, w cannot be in file Ø Otherwise w might be in file: false positives (collisions) Run q>1 rounds of PRISM Ø Depending on t, q,... tailor false positives probabilities Ø Result: after q rounds, w is in file with high probability 14

Overview: Privacy Properties Encryption of w using Stateful-Cipher Ø Idea: instead Pseudorandom of encrypting Permutation w, encrypt w with counter γ w Assumption Ø C := E(w, γ w ), γ w :=γ w +1 for each occurrence of w Ø Initialize γ w to 1, search for ciphertext E(w, 1) PIR scheme (computation of P-values) Ø query for column k (= candidate position, based on w) Trapdoor Group Ø P k := b (1 + a k N) mod Assumption p à E(1) a i random number Ø P i k := b a i N mod p à E(0) b, N, p system parameters We formally prove IND-CPA 15

Implementation Setup Ø Log scenario, search in encrypted DNS entries Ø DNS log file from local internet provider F 16 days, 3*10 8 log entries, total of 26 GByte F (Timestamp, customer IP, target host) Ø Hadoop 0.20.2, out of the box installation F 9 workers, 1 master F Fedora 11, 2.5Ghz Pentium Dual-Core, 4GByte RAM, à 16 CPUs F 96 Mbyte InputSplit (120 MByte) Ø Crypto tools: F AES 256bit (Gnu Crypto Library V2.0.1), F Trapdoor Group Assumption PIR using Java BigNumber(!) Analysis Ø Comparison with two baselines ( empty maps) 16

Evaluation Results 17

PRISM - Summary Searching for data in cloud is challenging Cloud untrusted, data encrypted Efficient solutions required PRISM Ø Efficient search on encrypted data in MapReduce Ø Main idea: map search to small PIR problem, combine partial results during reduce Ø 11% overhead over non-private search Ø Runs on standard MapReduce today (as offered by Amazon, Google, Microsoft, IBM ) 18

Conclusion Cloud computing Ø Revisit old problems Ø New setting F scalability F untrusted provider Future work Ø PRISM performed by third parties Ø Main focus on PoR Ø Accountability secure logging 19

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information