1. Cryptographic Approach for Delegation and Authorization in Cloud Computing Di Ma NSF Workshop on Security for Cloud Computing Mar. 15 ~ Mar. 16, 2012 Arlington, VA

2. Di Ma Delegation and Authorization in Cloud Computing delegation and authorization end-to-end security adversary models Relationship with other panel talks: Aim for end-to-end security Two Areas to Look At 1.Fine-grained access control (or authorization) –Complex access policy to support fine-grained authorization –Delegation from owner to cloud: to achieve fine-grained temporal access control –Delegation from user to cloud: to support mobile device access 2.Computation over encrypted/authenticated data 2 New data sharing platform:  Multi-owner and multi-user at large scale  Data sharing through cloud  Untrusted but resourceful cloud Deal with untrusted server and user Leverage resourceful cloud

3. Di Ma Delegation and Authorization in Cloud Computing Attribute-Based Encryption (ABE) for Fine-Grained Access Control of Encrypted Data in Clouds  Cipher-policy attribute-based encryption –Encryptors can specify access policy as a boolean formmular ccess tree structure where Intermediate nodes: AND, OR gates Leaf nodes: attributes expressed as strings –Access privileges (access keys): list of attributes –Access policy is embedded into the ciphertext and authorized user is allowed to access (decrypt) the data based on her attributes 3 End-to-end authorization Owner defines access policy, not the server Access policy is enforced by the encryption algorithm, not the server Scalability Complexity is dependent on #attributes; independent of #users

4. Di Ma Delegation and Authorization in Cloud Computing Issue 1: Secure Comparison for Complex Policy Enforcement 4 Efficient secure comparison mechanism is needed to express complex policy required by fine-grained access control How to support various cryptographic comparison? How to support multi-dimensional attribute?

5. Di Ma Delegation and Authorization in Cloud Computing Issue 2: Encryption Delegation for Fine-grained Temporal Control 5  Time is an important access control parameter  The corresponding access policy changes when time flies In March, access policy [Jan, Jun] implicitly becomes [Mar, Jun] Time attribute can expire Efficient encryption delegation mechanism is needed to achieve fine-grained temporal access control or (more generally), how to transform ciphertext with a more restrictive policy

6. Di Ma Delegation and Authorization in Cloud Computing Issue 3: Decryption Delegation for Mobile Device Access  Cloud computing provides services accessible anytime, anywhere from any networked devices –A large portion of cloud services is anticipated to be accessed through mobile devices which are comparably resource constrained may access real-time cloud services 6 Efficient decryption delegation mechanism is needed to shift (majority) decryption from mobile user to cloud to reduce user-side computation

7. Di Ma Delegation and Authorization in Cloud Computing Computation over Encrypted/Authenticated Data 7

8. Di Ma Delegation and Authorization in Cloud Computing  Initially explored, formal privacy model is introduced in 2011  Support SUM over messages of very small size The state-of-the-art Single-key Multiple-key Homomorphic encryption for encrypted data Homomorphic signature for authenticated data  Initially explored, formal security and privacy models are just introduced recently  Support computations: Quoting substring, subset predicate, average  Traditional homomorphic encryption schemes belong to this category –Concept has existed for 30 years  Efficient semi-homomorphic schemes exist  Fully-homomorphic encryption schemes are not practical  No solution that supports end-to-end authentication of computation result is available yet  Related work: secure aggregation in sensor networks –“commit and re-check” involving multiple rounds of interaction (no end-to-end security)  Traditional homomorphic encryption schemes belong to this category –Concept has existed for 30 years  Efficient semi-homomorphic schemes exist  Fully-homomorphic encryption schemes are not practical  Initially explored, formal privacy model is introduced in 2011  Support SUM over messages of very small size Elaine Shi, T-H. Hubert Chan, Eleanor Rieffel, Richard Chow, Dawn Song. Privacy-Preserving Aggregation of Time-Series Data. In NDSS, Feb. 6~9, 2011.  Initially explored, formal security and privacy models are just introduced recently  Support computations: Quoting substring, subset predicate, average Jae Hyun Ahn, Dan Boneh, Jan Camenisch, Susan Hohenberger, abhi shelat,and Brent Waters. Computing over Authenticated Data. In TCC, Mar. 19~21, 2012.  No solution (that supports end-to-end authentication of computation result) is available yet  Related work: secure aggregation in sensor networks –“commit and re-check” involving multiple rounds of interaction (no end-to-end security)

9. Di Ma Delegation and Authorization in Cloud Computing Summary 9 1.Fine-grained access control (or authorization) –Secure comparison for complex policy enforcement –Encryption delegation from owner to cloud: to enforce fine-grained temporal access control –Decryption delegation from user to cloud: to support mobile device access 2.Computation over encrypted/authenticated data –Homomorphic encryption in single-/multi-key models –Homomorphic signature in single-/multi-key models