Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Key-Aggregate Cryptosystem for Scalable Data Sharing in Clou

No description
by

Anuradha Ramakrishnan

on 12 May 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Key-Aggregate Cryptosystem for Scalable Data Sharing in Clou

ANURADHA RAMAKRISHNAN
CSCI 7002 - Computer Security

Cloud Storage
Why Cloud??
Security Issues
Dropbox has become “problem child” of cloud security
A year ago, Dropbox disclosed that all of its users’ files were publicly accessible for nearly four hours due to a bug in the company’s authentication mechanism.

In April, a security hole was discovered in Dropbox’s iOS app, which allowed anyone with physical access to your phone to copy your login credentials — because it stored user login information in unencrypted text files

Now some user usernames and passwords were stolen “from other websites,” and their accounts accessed.
Objectives
KEY-AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING IN CLOUD STORAGE
Cloud Storage

Traditional Approach

Types of Encryption

Various Approaches

Key Aggregrate Cryptosystems

Conclusion
Cloud Storage
Types of Encryption
Symmetric
Oldest and best-known technique
Same key used to encrypt and decrypt
key needs to stored securely

Asymmetric
Uses public and private key
Slower than symmetric
More flexible
Google’s Cloud Platform Gets Improved Hadoop Support With BigQuery And Cloud Datastore Connectors
Amazon Merges Kindle Personal Documents With Cloud Drive
HP Finds Mobile Tax Apps Lacking On Security, Privacy
Traditional Approach
VARIOUS APPROACHES
Key Assignment Schemes
Symmetric Key Encryption
IBE with Compact Key
Attribute Based Encryption
Key Aggregate Cryptosystems
Key Assignment Schemes
A method to generate tree hierarchy of symmetric-keys by using repeated evaluation of block cipher on a fixed graph.

The concept can be generalized from a tree to a graph.
Symmetric Key Encryption
Transmitting large number of keys in broadcast scenario.

A composite modulus N = p * q is chosen where p and q are two large random primes.

A master-secret key Y is chosen at random

Each class is associated with a distinct prime ei.

All these prime numbers can be put in the public system parameter.

A constant-size key for set is



IBE with Compact Key
Attribute - Based Encryption
Attribute-based encryption (ABE), allows each ciphertext to be associated with an attribute.


The master-secret key holder can extract a secret key for a policy of these attributes so that a ciphertext can be decrypted by his key if its associated attribute conforms to the policy
Key Aggregate Cryptosystem
Steps in KAC
Setup
Executed by the data owner to setup an account on an untrusted server
It outputs the public system parameter param, which is omitted from the input of the other algorithms


KeyGen()
Executed by the data owner to randomly generate a public/master-secret key pair (pk,msk)
Steps in KAC
Extract
Executed by the data owner for delegating the decrypting power for a certain set of ciphertext classes to a delegatee.
Input = master-secret key msk and a set S of indices corresponding to different classes
Outputs = aggregate key for set S denoted by K

Decrypt
Executed by a delegatee who received an aggregate key KS generated by Extract.
Input = KS and the set Si, where index i = ciphertext class
outputs = m if i element of S.

To ensure data privacy, a traditional way is to rely on the server to enforce the access control after authentication which means any unexpected privilege escalation will expose all data.







Data from different clients can be hosted on separate virtual machines (VMs) but reside on a single physical machine. Data in a target VM could be stolen by instantiating another VM coresident with the target one .
Data breaches
A virtual machine could use side-channel timing information to extract private cryptographic keys in use by other VMs on the same server.

Data loss
The prospect of seeing your valuable data disappear into the ether without a trace.

IBE is a public - key encryption, where the public key of a user can be set as an identity string of the user.

Trusted party or the private key generator holds the master - secret key and issues to each user with respect to its identity.

Encryptor takes public parameter and user identity to encrypt the message

Recipient can decrypt the ciphertext by his secret key
Comparison between KAC and other schemes
Conclusion
Cloud Storage
KEY-AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING IN CLOUD STORAGE
Anuradha Ramakrishnan
CSCI 7002 Computer Security
REFERENCES
[1] Cheng-Kang Chu, Sherman S.M. Chow, Wen-Guey Tzeng, Jianying Zhou, and Robert H. Deng, “Key-Aggregate Cryptosystem for Scalable Data Sharing in Cloud Storage“, IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 25, NO. 2, FEBRUARY 2014.

[2] L. Hardesty, Secure Computers Aren’t so Secure. MIT press, http://www.physorg.com/news176107396.html, 2009.

[3] C. Wang, S.S.M. Chow, Q. Wang, K. Ren, and W. Lou, "Privacy Preserving Public Auditing for Secure Cloud Storage” IEEE Trans.Computers, vol. 62, no. 2, pp. 362-375, Feb. 2013.

[4] M.J. Atallah, M. Blanton, N. Fazio, and K.B. Frikken, “Dynamic and Efficient Key Management for Access Hierarchies,” ACM Trans. Information and System Security, vol. 12, no. 3, pp. 18:1-18:43,2009.

[5] J. Benaloh, M. Chase, E. Horvitz, and K. Lauter, “Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records,” Proc. ACM Workshop Cloud Computing Security (CCSW ’09), pp. 103-114, 2009.

[6] F. Guo, Y. Mu, Z. Chen, and L. Xu, “Multi-Identity Single-Key Decryption without Random Oracles,” Proc. Information Security and Cryptology (Inscrypt ’07), vol. 4990, pp. 384-398, 2007.

[7] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data,”Proc. 13th ACM Conf. Computer and Comm. Security (CCS ’06), pp. 89-98, 2006.

Full transcript