a pass scheme in clouding computing protecting data privacy by authentication and secret sharing
Download
Skip this Video
Download Presentation
Jyh-haw Yeh Dept. of Computer Science Boise State University

Loading in 2 Seconds...

play fullscreen
1 / 14

Jyh-haw Yeh Dept. of Computer Science Boise State University - PowerPoint PPT Presentation


  • 103 Views
  • Uploaded on

A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing. Jyh-haw Yeh Dept. of Computer Science Boise State University. Cloud Computing Introduction. Cloud provides services – software,, platform, Infrastructure.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Jyh-haw Yeh Dept. of Computer Science Boise State University' - zody


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
a pass scheme in clouding computing protecting data privacy by authentication and secret sharing

A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing

Jyh-haw Yeh

Dept. of Computer Science

Boise State University

cloud computing introduction
Cloud Computing Introduction
  • Cloud provides services – software,, platform, Infrastructure.
  • Clients are charged by per-use basis.
  • Capital Expenditure (CapExp) -> Operational Expenditure (OpExp)
  • Multi-tenancy: better resource utilization
  • Reliability: redundant sites
  • Security: better protection from outside attacks.
  • Security: big ? from malicious cloud employees.
the problem to solve
The Problem to solve
  • Protecting clients’ data privacy from cloud employee.
  • Perfect solution: fully homomophic encryption algorithm (FHEA). No practical algorithm available.
  • Without FHEA, 100% data privacy may not be possible.
pass scheme
PASS Scheme
  • Protect data Privacy by Authentication and Secret Sharing (PASS).
  • Objective: minimize the risk of leaking private data.
  • Approach:
    • Encrypt data by a key shared with the client.
    • Do not store the key anywhere in the cloud.
    • Use secret sharing to authenticate users and recover the shared key.
pass scheme1
PASS Scheme
  • 5 security components:
    • Public key cryptosystem (PKC): published by cloud.
    • Key agreement (KA): agree on a shared key and two secret shares at registration.
    • Key management (KM): keep a profile for each client.
    • Authentication(AUTH):
      • client’s counter <-> server’s counter;
      • Computed hashed key from client’s request<-> stored hashed key
    • Access control (ACL): second defense for a time frame that the secret key is in use for processing a query.
pass scheme2
PASS Scheme
  • Design guideline:
    • Ensure secret isolation (secret compartment).
    • Security with a higher priority than efficiency.
    • Choose a design choice that would benefit multiple security components.
pass scheme pkc
PASS Scheme - PKC
  • PASS chooses ECC over RSA.
  • ECC: a curve is chosen over a prime p. A base point G with an order n.
  • Cloud provider publishes the ECC domain parameter <p, a, b, G, n>.
  • Each cloud entity (server, clients) sets up his own public-private key pair.
    • Server: public , private , where
    • Client i: public , private , where
pass scheme key agreement
PASS Scheme – Key Agreement
  • Each client iand the cloud server s agree on a data encryption key and two secret shares (known to the client) and (known to the server).
  • The secret shares are used to recover the encryption key.
pass scheme key agreement1
PASS Scheme – Key Agreement
  • Encryption key agreement:
    • Client i chooses a random number and then sends to the server s
    • Server s chooses a random number and then sends to the client i
    • Both compute a point
    • Agree on an encryption key : the x-coordinate of
pass scheme key agreement2
PASS Scheme – Key Agreement
  • Secret shares agreement:
    • Both computes a point and let be the x-coordinate of the point
    • Both construct a same poly
    • With both secret shares, the poly and then the secret key can be recovered
pass scheme key management
PASS Scheme – Key Management
  • The cloud keeps a profile for each client i
  • Hashed key and server request counter for authentication
  • Security label for access control
pass scheme client authentication
PASS Scheme – Client Authentication
  • Client keeps his own request counter
  • Client  Server:
  • Server decrypt and get both and
  • Client authentication succeeds if both
    • the stored hashed key matches the hashed key derived from secret shares
    • The server and client request counters are matched
pass scheme access control
PASS Scheme – Access Control
  • Security label: (security level, {categories})
  • Security level: secret, non-secret
  • Each client iis a category
  • All query servers/processes are in category “query-system”  {all }
  • Security label for client i’s profile: (secret, { })
pass scheme integrating five components
PASS Scheme – Integrating five Components
  • Step1 - 4 for initial client registration: key agreement and data encryption
  • Step 5-12 for a query processing
  • Diagram in the following link shows these steps.
  • http://cs.boisestate.edu/~jhyeh/pass_diagram.pdf
ad