Presentation is loading. Please wait.

Presentation is loading. Please wait.

2011 IEEE TrustCom-11 Sushmita Ruj Amiya Nayak and Ivan Stojmenovic 2013.04.29 Regular Seminar Tae Hoon Kim.

Published byBrook Quinn Modified over 8 years ago

Similar presentations

Presentation on theme: "2011 IEEE TrustCom-11 Sushmita Ruj Amiya Nayak and Ivan Stojmenovic 2013.04.29 Regular Seminar Tae Hoon Kim."— Presentation transcript:

1 2011 IEEE TrustCom-11 Sushmita Ruj Amiya Nayak and Ivan Stojmenovic 2013.04.29 Regular Seminar Tae Hoon Kim

2 /21 Contents 1. Introduction 2. Related work 3. Background A. Model and assumptions B. Formats of access policies C. Mathmatical background D. Lewko-Waters ABE Scheme 4. Proposed scheme: DACC 5. Security of DACC 6. Performance 7. Conclusion and Future work 2

3 /21 Introduction  Cloud is emerging technology  User only require a terminal, a smart phone, table connected internet  User can rent the storage, computing resources of a server provided by a company  Application services  e.g) Google Apps, Microsoft online  Infrastructural support  e.g)Amazon’s EC2, Eucalyptus, Nimbus  Platform  e.g)Amazon’s S3, Windows Azure 3

4 /21 Introduction  Two important to preserve  security of data  In cloud, Users trying to access data  privacy of users  Only services are authorized user  Using public key cryptographic techniques  User should ensure that  The cloud is not tampering with user’s data and computational results 4

5 /21 Introduction  Method of not tampering user data & computational results  Hide the data from the clouds  Use of homomorphic encryption techniques[9][10]  Code obfuscation[11]  Important problem : Anonymously search data in Cloud(range, multidimensional, complex queries)  Is achieved searchable encryption[12][13]  Takes keywords in encrypted form and return results Without knowing the keyword or the retrieved records 5

6 /21 Introduction  Consider following scenarios  Patients store their medical records in cloud  Different users can access different data field  The same data fields might be accessed by a selective group of people(authorized set)  Example)the patient’s medical history and drug administration can be accessed by doctors and nurses, but not by hospital management staff  Access Control : Granting access rights to certain users and forbidding other users to access data 6

7 /21 Introduction  Method of granting access  To attach list of all valid users to data  problem : 1. Each time the list has to be checked to see if user is valid -> huge computation and storage cost  To encrypt data is by using public keys of valid users  Problem : 1. The same data then must be encrypted several times -> may result in huge storage cost  ABE(Attribute Based Encryption) : owners encrypted data with attributes that they possess and store the information in the clouds 7

8 /21 Introduction  KDC(Key Distributed Center)  Users are given attributes and secret keys by KDC  Set of attributes are able to decrypt the information  E.g)(A, doctor, Key), (B, doctor, Key), (A, staff, Key) (A, patient, Key) (C, doctor, Key)  Earlier work[17] : owners encrypt data with attributes(Not requried KDC)  Problem : increase the total number of secret keys given to users- >increases storage and communication overhead  In this paper, proposes DACC is  Cloud has cipher text(unable to decrypt cipher text)  Owner decide on attributes that users should have and users receive decryption keys  KDC distributes secret keys to user 8

9 /21 Related work  Sahai and Waters[19] ABE  A user has a set of attributes in addition to its unique ID  Shamir[20] IBE(Identity-based-encryption)  Each user in IBE scheme has a unique identity  Bethencourt et al,. [21] Ciphertext-policy  Receiver has the access policy in the form of a tree, with attributes as leaves and monotonic access structure with AND, OR and other threshold gates. 9

10 /21 Related work  KDC(attribute authority) is assumed to be honest  May not hold; a distributed system, authorities can fail or be corrupt  Chase[23] multi-authority ABE  Distribute attribute, and secret keys to users  Wang et al[26],. Hierarchical access control mechanism  Relies on Bethencoure et al[21], and Hierarchical IBE[27] 10

11 /21 Background A. Model and assumptions  KDCs which may be even servers scattered in different countries, that generate secret keys for the users  Assume that the cloud is honest but curious 11

12 /21 Background : B. Format of access policies 12

13 /21 Background : C. D.  C. Mathematical background  Use bilinear pairings on elliptic curves  D. Lewko-Waters ABE scheme  Consist of four steps  1)System Initialization  2)Key and attribute distribution to users by KDCs  3)Encryption of message by sender  4)Decryption by receiver 13

14 /21 Proposed Scheme:DACC  A. Sketch of DACC  1. Initially the parameters of the scheme and the size of group are decided(2 32 +1)  2. KDC A j selects the set of attributes L j  3. An owner U u who wants to store information in cloud, chooses a set of attributes I u which are specific to the data it wants to encrypt’  4. convert the access tree to a Matrix R 14 A j = j 번째 KDC, L j = KDC A j 가 소유한 attribute 의 잡합 I [j,u] U u 가 준 attribute 의 집합

15 /21 Proposed Scheme:DACC  An Example; professional n/w  J1:Engineering, J2(CS Research), J3(Faculty positions)  P1:Canada P2:US 15

16 /21 Security of DACC, Performance  Security of DACC  Show that only authorized users can decrypt the data in clouds  Theorem : Our access control scheme is secure, collusion resistant and allows access only to authorized users  Proof  Performance  Calculate the computation and communication overhead of DACC scheme and DACC with revocation 16

17 /21 Conclusion  In DACC, the cloud is assumed to be honest  If not possible to satisfy, care should be taken  The authenticity of the data must be verified by the user  hide the identity of the users and owners at the same time provide their authentication  Future work  Hide the access structure from the cloud, by scrambling the matrix in some way 17

18 /21 18

19 /21 Appendix : Method  Method 1 : One way to hide the data from clouds  Method 2 : Use of homomorphic encryption techniques(4 generation) data Sends msg : Homomorphicly encrypted data Return result : Return encrypted data http://www2.readersnews.com/sub_read.html?uid=34467&section=sc1 19

20 /21 Appendix : Method  Method 3 : Code obfuscation  Method 4 : Searchable encryption : Obfuscation Code : Return data Provide result encrypted data 20

21 /21 Appendix : DACC KDC 2 posses KDC of list (HospitalA, doctor, SK 2,1), (HospitalB, doctor, SK 2,2), (HospitalA, Staff, SK2,3) A2A2 A 2 of attribute set L j Owner UuUu Access tree User n1 User n2 IuIu User n1 User n2 Matrix R SSH:Secure Shell protocol : Using SSH 1 1 2 2 3 3 Cyper text Matrix R C1C2 21

Download ppt "2011 IEEE TrustCom-11 Sushmita Ruj Amiya Nayak and Ivan Stojmenovic 2013.04.29 Regular Seminar Tae Hoon Kim."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Attribute-based Encryption

Attribute-based Encryption
Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,
Russell Martin August 9th, 2013. Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.

Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Data Integrity Proofs in Cloud Storage Sravan Kumar R, Ashutosh Saxena Communication Systems and Networks (COMSNETS), 2011 Third International Conference.

Data Integrity Proofs in Cloud Storage Sravan Kumar R, Ashutosh Saxena Communication Systems and Networks (COMSNETS), 2011 Third International Conference.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Shouting from the Rooftops: Improving Email Security Dr. Maury Pinsk FRCPC University of Alberta Division of Pediatric Nephrology.

Shouting from the Rooftops: Improving Security Dr. Maury Pinsk FRCPC University of Alberta Division of Pediatric Nephrology.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.

Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.
Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,

Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,
Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.

Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
Authentication, Authorization and Accounting

Authentication, Authorization and Accounting
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.

Similar presentations

Ads by Google