Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Slides:



Advertisements
Similar presentations
TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
Advertisements

The Diffie-Hellman Algorithm
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
0 - 0.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
MULTIPLYING MONOMIALS TIMES POLYNOMIALS (DISTRIBUTIVE PROPERTY)
ADDING INTEGERS 1. POS. + POS. = POS. 2. NEG. + NEG. = NEG. 3. POS. + NEG. OR NEG. + POS. SUBTRACT TAKE SIGN OF BIGGER ABSOLUTE VALUE.
SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION
MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts
Cryptography encryption authentication digital signatures
RSA.
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Public Key Cryptosystem
Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.
1 Kerberos Anita Jones November, Kerberos * : Objective Assumed environment Assumed environment –Open distributed environment –Wireless and Ethernetted.
© S Haughton more than 3?
1 An Asymmetric Fingerprinting Scheme based on Tardos Codes Ana Charpentier INRIA Rennes Caroline Fontaine CNRS Télécom Bretagne Teddy Furon INRIA Rennes.
Linking Verb? Action Verb or. Question 1 Define the term: action verb.
Lets play bingo!!. Calculate: MEAN Calculate: MEDIAN
Past Tense Probe. Past Tense Probe Past Tense Probe – Practice 1.
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
Addition 1’s to 20.
25 seconds left…...
Test B, 100 Subtraction Facts
Week 1.
We will resume in: 25 Minutes.
Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.
Rennes, 23/10/2014 Cristina Onete Commitment Schemes and Identification/Authentication.
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
1 Complexity ©D.Moshkovitz Cryptography Where Complexity Finally Comes In Handy…
Off-the-Record Communication, or, Why Not To Use PGP
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Data Integrity Proofs in Cloud Storage Sravan Kumar R, Ashutosh Saxena Communication Systems and Networks (COMSNETS), 2011 Third International Conference.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.
PRIAM: PRivate Information Access Management on Outsourced Storage Service Providers Mark Shaneck Karthikeyan Mahadevan Jeff Yongdae Kim.
ASYMMETRIC CIPHERS.
Strong Password Protocols
Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.
Sinaia, Romania August, TH Workshop “Software Engineering Education and Reverse Engineering” Dhuratë Hyseni, Betim Çiço South East European University.
Cryptography, Authentication and Digital Signatures
Lecture 11: Strong Passwords
Identity-Based Secure Distributed Data Storage Schemes.
Key Management Celia Li Computer Science and Engineering York University.
Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.
Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
When DRM Meets Restricted Multicast A Content Encryption Key Scheme for Restricted Multicast and DRM Min FENG and Bin ZHU Microsoft Research Asia.
SPEAKER: HONG-JI WEI DATE: Efficient and Secure Anonymous Authentication Scheme with Roaming Used in Mobile Networks.
1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.
Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption.
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.
1 SFS: Secure File Sharing For Dynamic Groups In Cloud Shruthi Suresh M-tech CSE RCET.
Presentation transcript:

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and Science (CloudCom), 2010 IEEE Second International Conference on

2 Outline Introduction Security requirements Progressive elliptic curve encryption scheme Trusted sharing on untrusted cloud servers Security analysis Related work Conclusions

Introduction With cloud computing, data owners have only limited control over the IT infrastructure. Cloud service providers have excessive privileges. 3

Introduction The general idea of the proposal mechanism is to encrypt the data before storing on the cloud. On sharing the data, the encrypted data will be re-encrypted without being decrypted first. The re-encrypted data will then be cryptographically accessible to the authorize user only. 4

Security requirements 1.Data stored on the cloud should be confidential. 2.Sharing of the data can be achieved by the authorization by the data owner. 3.Permissions given by data owner cannot be transferred to others by the permission bearer. 5 Alice Bob Cloud Storage Provider Trudy

Security requirements The challenge of meeting the requirements is that secure data sharing needs to be achieved via an untrusted cloud storage provider. 6

Progressive elliptic curve encryption The PECE scheme allows a piece of data to be encrypted multiple times using different keys such that the final cipertext can be decrypted in a single run with a single key. The encryption and decryption are both based on Elliptic Curve Cryptography. 7

Notation Let m be a piece of data, U be a set of N users. For each, has the secret key k i. Let q be a random number agreed by all The encryption is performed in the order of For, it computes Where 8

Encrypt When all has participated in the encryption process, the final encrypted data is as follows. 9

Decrypt Let, then m e can be decrypted by a single operation as follows. 10

Trusted sharing on untrusted cloud servers 11

Notation k a : Alice private key (Alices key is not used) k a G : Alice public key k b : Bob private key k b G : Bob public key k c : Cloud Storage Provider private key k c G: Colud Storage Provider public key Assuming k c shared with Alice (the key kc can be a key that is dynamically generated by Alice and the Cloud Provider mutually) 12

Trusted sharing on untrusted cloud servers 13 Alice Bob Cloud Storage Provider Random number r, t Random number r c, r b

Algorithm Proof 14

Security Analysis Unauthorized Access to Data: 1.The attacker acquires a credential that can decrypt the data without the help of the Cloud Storage Provider. To acquire such a credential, the attacker will need the knowledge of rk c G + tG, or the knowledge of the three secrets of r, k c and t. As m, r, k c, and t are all kept in secret, the knowledge of rk c G+tG, or the knowledge of the three secrets of r, k c and t, are not possible. 15

Security Analysis 2.The attacker acquires a credential that can decrypt the data with the help of the Cloud Storage Provider. To acquire such a credential, the attacker must have the knowledge of r b, k b, or the knowledge of r b k b G. As r b is delivered to Bob in the form of r b G, it is not possible for the attacker to calculate r b from r b G. k b is a secret that is kept in private by Bob, hence the attacker could not acquire k b. 16

Security Analysis Information Disclosure During Sharing To acquire the clear data during the sharing, an attacker must either have the decryption key for m e, m c or m b. The above discussion proves that the attacker cannot decrypt m e or m b. To decrypt m c, the attacker needs the knowledge of r c k c G. As k c is the private secret kept by the Cloud Storage Provider, the attacker could be able to calculate r c k c G from r c G. 17 m c =m e + r c k c G + t c G

Attacker Use Case 18

Conclusions Limitations: This work assumes that the private key of the cloud provider is known to the data owner. This is a very strong assumption as no system administrators would want to share their systems keys with users, making it impractical to be deployed. The proposed algorithm and the protocol are less efficient than those protocols that requires only a single ECC encryption operation 19

Conclusions Contributions: 1.Identify the need for implementing trusted data sharing over untrusted cloud storage providers. 2.Propose a progressive encryption scheme based on elliptic curve encryption. 3.Devise a scheme for secure sharing on the cloud. 4.Perform a comprehensive security analysis of the proposed scheme and show that the scheme achieves trusted sharing over untrusted cloud servers. 20

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.