Presentation is loading. Please wait.

Presentation is loading. Please wait.

How can we prove that cloud files are encrypted.?

Published byBlake Martin Modified over 6 years ago

Similar presentations

Presentation on theme: "How can we prove that cloud files are encrypted.?"— Presentation transcript:

1 How can we prove that cloud files are encrypted.?
Hourglass Schemes Marten Van Dijk ,Ari Juels , Alina Oprea Ronald , Emil Stefanov, Nikos Triandopoulos Presented by Siva Prasad Reddy Nooli

2 Overview Introduction General Framework Hourglass Scheme
Alternative approaches Framework Description (Encoding and Operation) Hourglass Protocol Phases Hourglass Functions (Butterfly, Permutation and RSA) Hourglass Performance Conclusion

3 Introduction Uncontrolled data leakage is an enormous problem today
Cloud providers offer the service with simple API Data encryption is most required to secure client data Very difficult to provide transparency to tenants about handling the sensitive data The General Framework uses watermark so that source of data leakage is identified

4 General Framework General framework is constructed that will design the protocols for ensuring that data of client is stored “at the rest” in an encoding of client’s choice General Framework will help cloud service provider to understand the source of data leakage with embedded watermark The framework introduces the concept of encoding cloud data in clients choice and remotely verifying the data A misbehaved cloud provider would have to double their storage in order to reply correctly to client challenges

5 Hourglass Scheme Named after the ancient time telling device Hourglass
Hourglass Scheme translates cipher text file into encapsulation file Encapsulation file is denoted by H Cipher text file is denoted by G Time period for encapsulation is denoted by T When challenged by client the cloud provider should able to retrieve the file in < T

6 Hourglass Schemes Solution
encryption hourglass Original File Encrypted File Encapsulated File client verifies encryption client assists client verifies by periodically challenging random file blocks client uploads file (Source: arijuels.com)

7 Example of Hourglass Function
Inversion of small image hash function will help in gaining intuition that assumes computational source F is consisted of “n” blocks each of l bits, that helps the client to verify format preserving encryption to F Recovery of G from H is easily possible by computing hash values of Gi For small values of l, transformation of Gi to Hi is computationally costly on average Now let the case be such that the client wishes to verify format preserving encryption to F for obtaining cipher text G

8 Example of Hourglass Function… (Cont.)
Let h: {0, 1}* {0, 1}l, denotes fixed-length hash function. Hi = h-1 (Gi) for every i that belongs to {1, … n} Recovery of G from H is very practical from this function Gi = h (Hi) for i ϵ [1; n] Even for fairly small values of l (e.g 35-bit or 40-bit blocks)The transformation from Gi to Hi is computationally cost on average A honest server that has stored H just retrieves and serves Hi and is a quick operation A cheating server that has stored only plain text F will take more to generate the file Hi on the fly

9 Alternative approaches
Trusted computing offers authentic information Ensure that all the data of the client is stored on the enabled hardware Data can be handled by client from different location . (Source: Diva-portal.org)

10 Framework Description
Framework Encoding: Specifies an encoding algorithm under specified input tenant Framework Operation: Hourglass Scheme HG is specified (Source: Fu and Kone,)

11 Framework Encoding Components of Framework encoding

12 Framework Operation Framework Operation Components

13 Generic Hourglass Protocol
Assurance to client that data is outsourced in encoded format G Fast output encode by watermarking and encryption Help server to store file F on the air Randomly selected blocks of H is chosen by client to ensure that F is stored in H format Hourglass Protocol has three phases- file encoding, hourglass encapsulation and format checking

14 General Hourglass Protocol

15 Hourglass Protocol Phases
1. File Encoding 2. Hourglass Encapsulation 3. Format Checking

16 Hourglass Function (Butterfly)
Example of butterfly network with case n = 8 Each set of values Gj [1],…Gj [n] is row of nodes Two edges connect to each other at “w” Hourglass involves n log2n Total computational cost O(n log n) Structure of overlapping binary series Function is full-file PRP d = log2n Cryptographic operation w to pair of blocks in sequence

17 Hourglass Function (Permutation based)
Permutation based hourglass function Hourglass Function compute H to be the permutation of data element in G permutation that excessively G symbols across H, achieve highest security Hourglass Function (Permutation based) No cryptographic operation Security depends on performance characteristics of rotational drives Block size “l” of encryption algorithm must be larger than symbol size z Security Analysis is consisted of Drive Model, Time Bound and Parallelism

18 Hourglass Function (RSA Based)
Apply RSA signing to translate encode format G to H for file F Each block of encoded file is mapped with hourglass block Resource is computation based and no assumption for storage usage

19 Typical RSA Hourglass function (Source:arijuels.com)
𝑭: 𝑭 𝟏 𝑭 𝟐 𝑭 𝟑 𝑭 𝟒 𝑭 𝒏 𝑮: 𝑮 𝟏 𝑮 𝟐 𝑮 𝟑 𝑮 𝟒 𝑮 𝒏 𝑯: 𝑯 𝟏 𝑯 𝟐 𝑯 𝟑 𝑯 𝟒 𝑯 𝒏

20 Comparison of Hourglass Functions
𝑶 𝒏 RSA exponentiations 𝑶 𝒏 𝐥𝐨𝐠 𝒏 AES operations 𝑶 𝒏 random memory accesses less practical more practical RSA Butterfly Permutation less assumptions more assumptions RSA assumptions storage speed seek inefficiency in rotational drives (Source: arijuels.com)

21 Hourglass Performance
Butterfly Function is minimum of 4 times faster than local machine due to AES support Permutation hourglass function is 8 times faster on Amazon due to cryptographic operation RSA is less efficient than butterfly and permutation

22 In-memory performance of Hourglass Function (Butterfly-Permutation Scheme) local machine Amazon EC2

23 Conclusion Hourglass scheme with cryptographic construction is introduced Hourglass schemes leverage server resource bounds to achieve their security Clients will get remote access to verify their files in terms of security Hourglass Scheme will prove to be most valuable way of penetrating abstraction layer of cloud Hourglass Scheme will restore security assurances at times of cloud- based outsourcing

24 Reference List Hourglass Schemes: How to prove that cloud files are Encrypted :- Marten van Dijk, Ari Juels, Alina Oprea, Ronald L. Rivest , Emil Stefanov, Nikos Triandopoulos M. Abadi, M. Burrows, M. Manasse, and T. Wobber. Moderately hard, memory-bound functions. ACM Trans. Internet Technol., 5:299– 327, May 2005 E. Giberti. Honesty box: EBS performance revisited. Blog posting, available at M. Jakobsson and A. Juels. Proofs of work and bread pudding protocols. In Communications and Multimedia Security, pages 258– 272, 1999 M. H. Manshaei, Q. Zhu, T. Alpcan, and J.-p. Hubaux. Game theory meets network security and privacy. Main, V(April):1–44, 2010

25 Thank you.!

Download ppt "How can we prove that cloud files are encrypted.?"

Similar presentations

Hourglass Schemes: How to Prove that Cloud Files Are Encrypted

Hourglass Schemes: How to Prove that Cloud Files Are Encrypted
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
ONE WAY FUNCTIONS SECURITY PROTOCOLS CLASS PRESENTATION.

ONE WAY FUNCTIONS SECURITY PROTOCOLS CLASS PRESENTATION.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Data Integrity Proofs in Cloud Storage Sravan Kumar R, Ashutosh Saxena Communication Systems and Networks (COMSNETS), 2011 Third International Conference.

Data Integrity Proofs in Cloud Storage Sravan Kumar R, Ashutosh Saxena Communication Systems and Networks (COMSNETS), 2011 Third International Conference.
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 10 09/15/2011 Security and Privacy in Cloud Computing.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
On Error Preserving Encryption Algorithms for Wireless Video Transmission Ali Saman Tosun and Wu-Chi Feng The Ohio State University Department of Computer.

On Error Preserving Encryption Algorithms for Wireless Video Transmission Ali Saman Tosun and Wu-Chi Feng The Ohio State University Department of Computer.
Authentication Approaches over Internet Jia Li

Authentication Approaches over Internet Jia Li
M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.

M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.
Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.

Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.

1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
Pretty Good Privacy (PGP) Security for Electronic Email.

Pretty Good Privacy (PGP) Security for Electronic .
Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme

Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme
Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.

Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.
ECE 101 An Introduction to Information Technology Information Coding.

ECE 101 An Introduction to Information Technology Information Coding.
EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.

EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.

Similar presentations

Ads by Google