Presentation is loading. Please wait.

Presentation is loading. Please wait.

A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University."— Presentation transcript:

1 A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University

2 Cloud Computing Introduction  Cloud provides services – software,, platform, Infrastructure.  Clients are charged by per-use basis.  Capital Expenditure (CapExp) -> Operational Expenditure (OpExp)  Multi-tenancy: better resource utilization  Reliability: redundant sites  Security: better protection from outside attacks.  Security: big ? from malicious cloud employees.

3 The Problem to solve Protecting clients’ data privacy from cloud employee. Perfect solution: fully homomophic encryption algorithm (FHEA). No practical algorithm available. Without FHEA, 100% data privacy may not be possible.

4 PASS Scheme Protect data Privacy by Authentication and Secret Sharing (PASS). Objective: minimize the risk of leaking private data. Approach: – Encrypt data by a key shared with the client. – Do not store the key anywhere in the cloud. – Use secret sharing to authenticate users and recover the shared key.

5 PASS Scheme 5 security components: – Public key cryptosystem (PKC): published by cloud. – Key agreement (KA): agree on a shared key and two secret shares at registration. – Key management (KM): keep a profile for each client. – Authentication(AUTH): client’s counter server’s counter; Computed hashed key from client’s request stored hashed key – Access control (ACL): second defense for a time frame that the secret key is in use for processing a query.

6 PASS Scheme Design guideline: – Ensure secret isolation (secret compartment). – Security with a higher priority than efficiency. – Choose a design choice that would benefit multiple security components.

7 PASS Scheme - PKC PASS chooses ECC over RSA. ECC: a curve is chosen over a prime p. A base point G with an order n. Cloud provider publishes the ECC domain parameter. Each cloud entity (server, clients) sets up his own public-private key pair. – Server: public, private, where – Client i: public, private, where

8 PASS Scheme – Key Agreement Each client i and the cloud server s agree on a data encryption key and two secret shares (known to the client) and (known to the server). The secret shares are used to recover the encryption key.

9 PASS Scheme – Key Agreement Encryption key agreement: – Client i chooses a random number and then sends to the server s – Server s chooses a random number and then sends to the client i – Both compute a point – Agree on an encryption key : the x-coordinate of

10 PASS Scheme – Key Agreement Secret shares agreement: – Both computes a point and let be the x-coordinate of the point – Both construct a same poly – – With both secret shares, the poly and then the secret key can be recovered

11 PASS Scheme – Key Management The cloud keeps a profile for each client i Hashed key and server request counter for authentication Security label for access control Client ID Security Label

12 PASS Scheme – Client Authentication Client keeps his own request counter Client  Server: Server decrypt and get both and Client authentication succeeds if both – the stored hashed key matches the hashed key derived from secret shares – The server and client request counters are matched

13 PASS Scheme – Access Control Security label: (security level, {categories}) Security level: secret, non-secret Each client i is a category All query servers/processes are in category “query-system”  {all } Security label for client i’s profile: (secret, { })

14 PASS Scheme – Integrating five Components Step1 - 4 for initial client registration: key agreement and data encryption Step 5-12 for a query processing Diagram in the following link shows these steps. http://cs.boisestate.edu/~jhyeh/pass_diagram.pdf http://cs.boisestate.edu/~jhyeh/pass_diagram.pdf

Download ppt "A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University."

Similar presentations

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
BY JYH-HAW YEH COMPUTER SCIENCE DEPT. BOISE STATE UNIVERSITY Proxy Credential Forgery Attack to Two Proxy Signcryption Schemes.

BY JYH-HAW YEH COMPUTER SCIENCE DEPT. BOISE STATE UNIVERSITY Proxy Credential Forgery Attack to Two Proxy Signcryption Schemes.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.

Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.
World-Wide Web and Client-Server Authentication using Kerberos by Phoenix Malizia.

World-Wide Web and Client-Server Authentication using Kerberos by Phoenix Malizia.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Lect. 11: Public Key Cryptography. 2 Contents 1.Introduction to PKC 2.Hard problems  IFP  DLP 3.Public Key Encryptions  RSA  ElGamal 4.Digital Signatures.

Lect. 11: Public Key Cryptography. 2 Contents 1.Introduction to PKC 2.Hard problems  IFP  DLP 3.Public Key Encryptions  RSA  ElGamal 4.Digital Signatures.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Overview of Cryptography Anupam Datta CMU Fall 2007-08 18739A: Foundations of Security and Privacy.

Overview of Cryptography Anupam Datta CMU Fall A: Foundations of Security and Privacy.
W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.

W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange
Public-Key Cryptography and RSA CSE 651: Introduction to Network Security.

Public-Key Cryptography and RSA CSE 651: Introduction to Network Security.
ASYMMETRIC CIPHERS.

ASYMMETRIC CIPHERS.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
Asymmetric encryption. Asymmetric encryption, often called public key encryption, allows Alice to send Bob an encrypted message without a shared secret.

Asymmetric encryption. Asymmetric encryption, often called "public key" encryption, allows Alice to send Bob an encrypted message without a shared secret.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

Similar presentations

Ads by Google