SlideShare une entreprise Scribd logo

Protection of identity information in cloud computing without ttp

Télécharger en tant que PPTX, PDF
Mithil Parab
Mithil Parab

Reflects the entire details about the IEEE paper along with the basics of Cloud. So as to understand the paper and the efforts put in by the authors.

Formation
1  sur  56
Protection of Identity Information in Cloud Computing without Trusted Third Party Authors: Rohit Ranchal, Bharat Bhargave , Lotfi Ben Othmane, Leszek Lilien, Anya Kim, Myong Kang, Mark Linderman IEEE International Symposium on Reliable Distributed System Presented by Mithil S. Parab Roll No:122113013 Seat No: 11 Guide: Prof. Nitesh Naik 06-03-2014 1
Outline Introduction  Relate works  Select research problems  Proposed schemes  ◦ Multi-party computing ◦ Predicate encryption scheme ◦ Active Bundle Scheme  Conclusions 06-03-2014 2
Definition of cloud computing - (NIST)  Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction 06-03-2014 3
Larry Ellison- CEO, Oracle “The computer industry is the only industry that is more fashion-driven than women's fashion” 06-03-2014 4
Tely HD Pro – integration  Blue Jeans Network  Mobical – cloud provider used to sync mobile phone data over the air.  06-03-2014 5
Cloud Architecture 06-03-2014 6
Type of Cloud Computing 06-03-2014 7
Cloud Service Layers - Characteristics Software as a Service (SaaS) • Sometimes free; easy to use; good consumer adoption; proven business models • You can only use the application as far as what it is designed for Platform as a Service (PaaS) • Developers can upload a configured applications and it “runs” within the platform’s framework; • Restricted to the platform’s ability only; sometimes dependant on Cloud Infrastructure provider Infrastructure as a Service (IaaS) • Offers full control of a company’s infrastructure; not confined to applications or restrictive instances • Sometimes comes with a price premium; can be complex to build, manage and maintain 06-03-2014 8
Cloud Service Layers - Containing Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Business Processes Industry Applications CRM/ERP/HR Middleware Development Tooling Servers Networking 06-03-2014 Database Storage Java Runtime Data Center Fabric 9
Cloud Service Layers - Example Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) 06-03-2014 10
DEPLOYMENT MODELS Public Cloud Private Cloud Hybrid Cloud Public Cloud  Computing infrastructure is hosted by cloud vendor at the vendors premises.  and can be shared by various organizations.  E.g. : Amazon, Google, Microsoft, Sales force 06-03-2014 11
DEPLOYMENT MODELS Public Cloud Private Cloud Hybrid Cloud Private Cloud  The computing infrastructure is dedicated to a particular organization and not shared with other organizations.  more expensive and more secure when compare to public cloud.  E.g. : HP data center, IBM, Sun, Oracle, 3tera 06-03-2014 12
DEPLOYMENT MODELS Public Cloud Private Cloud Hybrid Cloud Hybrid Cloud  Organizations may host critical applications on private clouds.  where as relatively less security concerns on public cloud.  usage of both public and private together is called hybrid 06-03-2014 cloud. 13
Advantages of Cloud Computing           Lower computer costs. Improved performance. Reduced software costs. Instant software updates. Improved document format compatibility. Unlimited storage capacity. Increased data reliability. Universal document access Easier group collaboration Device independence 06-03-2014 14
Disadvantages of Cloud Computing  Requires a constant Internet connection:  Cloud computing is impossible if you cannot connect to the Internet.  Since you use the Internet to connect to both your applications and documents, if you do not have an Internet connection you cannot access anything, even your own documents.  A dead Internet connection means no work and in areas where Internet connections are few or inherently unreliable, this could be a deal-breaker.  When you are offline, cloud computing simply does not work. 06-03-2014 15
IDaaS 06-03-2014 16
 Multiple passwords are recipes for disaster, Agree ?  SSO – Single Sign On 06-03-2014 17
06-03-2014 18
06-03-2014 19
Introductions  In cloud computing, entities may have multi accounts associate with a single or multi service provider(SP).  Share sensitive identity information(Personal identifiable information or PII) along with associated attributes of the same entity across services can be lead to mapping of the identity to the entity, tantamount to privacy loss. 06-03-2014 20
IDM 06-03-2014 21
Introductions  Identity management(IDM) is one of the core components in cloud privacy and security and can help alleviate some of the problems associated with cloud computing.  To use a cloud service, a user need to authenticate herself/himself to it.  The user has to give away some private information, which uniquely identifies the user to SP. That is user’s PII(Personal identifiable information). 06-03-2014 22
06-03-2014 23
Identity Management Architecture      Enterprise Service Bus (ESB)- 20+ IDM services are exposed. Authentication, Authorization, Password Management, Provisioning, and Policy. (scalable and extensible) Process Engine- request approval, removal of access, audit events, etc. Ex-CRM system may publish data to a predefined email address. Scripting -Groovy Script, integrates well with the framework. 06-03-2014 24
Identity Management Architecture Audit and Compliance- capturing audit events and publish them to the ESB.  Reporting- tools to create reports and graphs.  Identity manager removes the users from the systems that they no longer need and adds the users to systems that do need access to.  Similarly, if a user leaves the company, all access would be promptly terminated.  06-03-2014 25
Introductions  Obtaining the user’s PII gives some assurance to SPs about the user’s identity, which helps SP to decide whether to permit to its service or not.  The propose of an IDM system is to decide upon the disclosure of this information in a secure manner.(ex-Flash) The main problem for Bob is to decide which portion of his PII should he disclose, and how do disclose it in a secure way. 06-03-2014 26
Related work  Different solutions use different ways of sending user’s PII for negotiation with the SPs. The common ways are: ◦ Use of a Trusted Third Party(TTP). The major issue with such approach in cloud computing are:  (a) TTP could be a cloud service, so SP could be TTP ; therefore, TTP may not be an independent trusted entity anymore.  (b) Using a single TTP. 06-03-2014 27
Related work  Different solutions use different ways of sending user’s PII for negotiation with the SPs. The common ways are: ◦ Prohibiting untrusted host. A client application holding PII must be executed on trusted host to prevent malicious host from accessing PII. 06-03-2014 28
Relate works PRIME- using TTP – IdP  Windows CardSpace  OpenID  06-03-2014 29
Windows CardSpace 06-03-2014 30
Select Research Problems  Authenticating without disclosing PII ◦ When a user sends PII to authenticate for a service, the user may encrypt it. However, PII is decrypted before an SP uses it. As soon as PII is decrypted, it becomes prone to attacks.  Using services on untrusted host ◦ The available IDM solutions require user to execute IDM from a trusted host. They do not recommend using IDM on untrusted hosts, such as public host 06-03-2014 31
Proposed scheme  The goal in the paper is to assure that IDM does not use TTP for verifying credentials.  This implies that IDM could use TTPs for other purpose, such as the use of a TTP by IDM for management of decryption key. 06-03-2014 32
Proposed scheme  Proposed an approach for IDM in cloud computing that: ◦ Does not require TTPS  This is achieved through the use of multi-party computing, in which secret are split into shares distributed to different hosts. 06-03-2014 33
Proposed scheme  Proposed an approach for IDM in cloud computing that: ◦ Can be used for an untrusted or unknown hosts  This is achieved though the use of the active bundle scheme. An active bundle has a self-integrity check mechanism, which triggers apoptosis(a complete selfdestruction) or evaporation(a partial self-destruction) when the check fails. 06-03-2014 34
Proposed scheme  Proposed an approach for IDM in cloud computing that: ◦ Uses encrypted data when negotiating the use of PII for authentication to services in cloud computing  This is achieved by using predicate over encrypted data. 06-03-2014 35
Multi-party computing  Threshold secret sharing ◦ First, a secret data item D is divided into n shares D1, D2, …, Dn, then a threshold k is chosen, so that:  To recover D, k or more of arbitrary Di’s are required.  Using any k-1 or fewer Di’s leaves D completely undetermined. 06-03-2014 36
Multi-party computing  A function f using secret input from all the party. Involves n party, which calculate only partial function output.  One of the player is selected as the dealer(DLR), and is provide the partial function outputs to find out the full results of function computation.  Let f be a linear function of degree n known to each of the n party, and t be an arbitrary threshold value, and Pi denote Party i, and xi denote the secret input of Pi for f. 06-03-2014 37
Multi-party computing  Let a1, a2 , …,an be distinct non-zero elements in the domain of f. Player Pi is assigned the point ai.  DLR will receive from the n parties the partial outputs of f calculated by the n parties using their respective secret inputs x1, x2,…, xn.  Each party Pi generates a polynomial hi of degree t such that hi(0)=xi 06-03-2014 38
Multi-party computing  Each party Pi send to each Pj one si,j=hi(aj) of Pj’s input.  Then, each Pi computes a portion of function f using share si,j of the input that it has or received from n-1 other parties. 06-03-2014 39
Predicate encryption scheme  Predicate encryption scheme allows evaluating predicate with encrypted data. ◦ For example, Alice can compute the predicate using encrypted data. 1. 2. 3. 4. Setup Encrypt(PK,PII) KeyGen(PK,MSK,p) Query(PK,CT,TKp) PK,MSK CT TKP p(PII) ◦ Alice uses a Setup algorithm scheme that generate a public key PK and a secret key MSK. 06-03-2014 40
Predicate encryption scheme  Predicate encryption scheme allows evaluating predicate with encrypted data. ◦ For example, Alice can compute the predicate using encrypted data. 1. 2. 3. 4. Setup Encrypt(PK,PII) KeyGen(PK,MSK,p) Query(PK,CT,TKp) PK,MSK CT TKP p(PII) ◦ Alice uses PK to encrypt her PII and gets ciphertext CT. 06-03-2014 41
Predicate encryption scheme  Predicate encryption scheme allows evaluating predicate with encrypted data. ◦ For example, Alice can compute the predicate using encrypted data. 1. 2. 3. 4. Setup Encrypt(PK,PII) KeyGen(PK,MSK,p) Query(PK,CT,TKP) PK,MSK CT TKP p(PII) ◦ Alice has the function p representing a predicate that she wishes to evaluate for her CT. ◦ She uses the KeyGen algorithm, PK ,MSK and p to output the token TKP. 06-03-2014 42
Predicate encryption scheme  Predicate encryption scheme allows evaluating predicate with encrypted data. ◦ For example, Alice can compute the predicate using encrypted data. 1. 2. 3. 4. Setup Encrypt(PK,PII) KeyGen(PK,MSK,p) Query(PK,CT, TKP) PK,MSK CT TKP p(PII) ◦ She gives TKP to the host that evaluates the token for CT, and returns the result p(PII) to Alice. 06-03-2014 43
Proposed schemes  An owner O encrypts PII using algorithm Encrypt and O’s public key PK. Encrypt outputs CT-the encrypted PII.  The secret key MSK is spilt between n parties.  SP transform his request for PII to a predicate represented by function P.  SP send share of p to the n parties who hold the shares of MSK. 06-03-2014 44
Proposed schemes  The n parties execute together KeyGen using PK, MSK, and P and return TKP to SP.  SP call the algorithm Query that take as input PK, CT, TKP and produces p(PII) which is evaluation of the predicate.  The owner O is allow to use the service only when the predicate evaluate to “true”. 06-03-2014 45
Active Bundle Scheme  Include: ◦ Identity data:  Data used for authentication, getting service, using service  The data are encrypted ◦ Metadata : Describe active bundle and its privacy policy  (a) integrity check metadata  (b) access control metadata  (c) dissemination control metadata 06-03-2014 46
Active Bundle Scheme  Includes: ◦ Virtual machine(VM):manages and controls the program code enclosed in a bundle.  Enforcing bundle access control policies through apoptosis, evaporation  Enforcing bundle dissemination policies  Validate bundle integrity ◦ Disclosure policy:  A set of rule for choosing which identity data to disclose 06-03-2014 47
Active Bundle Scheme  Active bundle send from a source host to the destination.  An active bundle ascertain the host’s trust level through a TTP.  Using its disclosure policy, it decides whether the host may be eligible to access all or part of bundle’s data, and which portion of sensitive data can be revealed to it. 06-03-2014 48
Active Bundle Scheme  The remaining data may be evaporated as specified in the access control polies, protecting the data.  An active bundle may realize its security is about to be compromised. ◦ It may discover that its self-integrity check fail ◦ Or the trust level of its host is to low  The active bundle may choose to apoptosize , that is perform atomically a clean self-destruction. 06-03-2014 49
Active Bundle Scheme Figure : Enabling an active bundle on destination host 06-03-2014 50
Advantages  No need for TTPs - data exchange between a bundle and its host is local to the host, it protects PII from man-in-the-middle, side channel and collaborative attacks.  Authentication without disclosing unencrypted data.  Protection of identity data from untrusted hosts-data reach unintended destination or are tampered with, they apoptosize or evaporate. 06-03-2014 51
Resilience to Attacks Correlation attacks on IDM - acquires a set of PIIs and is able to correlate it to the physical identity.  Amazon cloud is prone to side-channel attacks and it would be possible to steal data, once the malicious VM is placed on the same server as its target.  Approaches that do not use a TTP reduce the risk of such attacks.  06-03-2014 52
Conclusions  It is very likely that user end up having multiple identities in multiple service providers security repositories, as well as multiple credential and multiple access permissions for different services provided by different SPs.  There is a strong need for an efficient and effective privacy-preserving system that is independent of TTPs, able to unambiguously identify users that can be trusted. 06-03-2014 53
References [1] R. Gellman (2009), “Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing”, In the Proceedings of World Privacy Forum. [2] Karunanithi. D, Shiyamala Devi V. P, Sambath. M (January 2013), “User Centric Access Control in Cloud Using Identity Management” International Journal of Engineering and Innovative Technology (IJEIT) Volume 2, Issue 7. [3] E. Shi (Oct. 2008), “Evaluating Predicates over Encrypted Data,” Ph.D.Thesis. Carnegie Mellon University, Pittsburgh, PA. [4] A. Shamir (Nov. 1979), “How to Share a Secret,” Communications of the ACM, vol. 22(11), pp. 612n613. 06-03-2014 54
References [5] L. Ben Othmane, and L. Lilien (Aug 2009), “Protecting Privacy in Sensitive Data Dissemination with Active Bundles”, Proc. 7th Annual Conference on Privacy, Security & Trust (PST 2009), Saint John, New Brunswick, Canada. [6] Ranchal, R., Bhargava, B. ; Othmane, L.B. ; Lilien, L. ; Anya Kim ; Myong Kang ; Linderman, M. (2010), “Protection of Identity Information in Cloud Computing without Trusted Third Party”, In the Proceedings of Reliable Distributed Systems, 29th IEEE Symposium. [7] S. Fischer-Hubner, and H. Hebdom, XPRIME - Privacy and Identity Management for Europe.Onlineat: ttps://www.primeproject.eu/prime_products/reports/fmwk/ub_del D14.1.c_ec_wp14.1 _v1_final.pdf. 06-03-2014 55
Thank You Queries?.. 06-03-2014 56

Recommandé

Moving to the Cloud When & Where
Moving to the Cloud When & WhereMoving to the Cloud When & Where
Moving to the Cloud When & Where
Mohammed Sajjad Ali
 
Cloud Security Mechanisms
Cloud Security MechanismsCloud Security Mechanisms
Cloud Security Mechanisms
Mohammed Sajjad Ali
 
Comparison of data security in grid and cloud
Comparison of data security in grid and cloudComparison of data security in grid and cloud
Comparison of data security in grid and cloud
eSAT Publishing House
 
Comparison of data security in grid and cloud computing
Comparison of data security in grid and cloud computingComparison of data security in grid and cloud computing
Comparison of data security in grid and cloud computing
eSAT Journals
 
Fundamental concepts and models
Fundamental concepts and modelsFundamental concepts and models
Fundamental concepts and models
Asmaa Ibrahim
 
Paper1
Paper1Paper1
Paper1
Vikas Khairnar
 
IRJET- Simultaneous ammunition for the multi-cloud computing simulation
IRJET- Simultaneous ammunition for the multi-cloud computing simulation IRJET- Simultaneous ammunition for the multi-cloud computing simulation
IRJET- Simultaneous ammunition for the multi-cloud computing simulation
IRJET Journal
 
Cloud Computing Security Issues
Cloud Computing Security IssuesCloud Computing Security Issues
Cloud Computing Security Issues
Stelios Krasadakis
 

Recommandé

Moving to the Cloud When & Where
Moving to the Cloud When & WhereMoving to the Cloud When & Where
Moving to the Cloud When & Where
Mohammed Sajjad Ali
 
Cloud Security Mechanisms
Cloud Security MechanismsCloud Security Mechanisms
Cloud Security Mechanisms
Mohammed Sajjad Ali
 
Comparison of data security in grid and cloud
Comparison of data security in grid and cloudComparison of data security in grid and cloud
Comparison of data security in grid and cloud
eSAT Publishing House
 
Comparison of data security in grid and cloud computing
Comparison of data security in grid and cloud computingComparison of data security in grid and cloud computing
Comparison of data security in grid and cloud computing
eSAT Journals
 
Fundamental concepts and models
Fundamental concepts and modelsFundamental concepts and models
Fundamental concepts and models
Asmaa Ibrahim
 
Paper1
Paper1Paper1
Paper1
Vikas Khairnar
 
IRJET- Simultaneous ammunition for the multi-cloud computing simulation
IRJET- Simultaneous ammunition for the multi-cloud computing simulation IRJET- Simultaneous ammunition for the multi-cloud computing simulation
IRJET- Simultaneous ammunition for the multi-cloud computing simulation
IRJET Journal
 
Cloud Computing Security Issues
Cloud Computing Security IssuesCloud Computing Security Issues
Cloud Computing Security Issues
Stelios Krasadakis
 
Secure Cloud Hosting.paper
Secure Cloud Hosting.paperSecure Cloud Hosting.paper
Secure Cloud Hosting.paper
jagan339
 
Smart, Secure and Efficient Data Sharing in IoT
Smart, Secure and Efficient Data Sharing in IoTSmart, Secure and Efficient Data Sharing in IoT
Smart, Secure and Efficient Data Sharing in IoT
Angelo Corsaro
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
ijceronline
 
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...
IRJET Journal
 
A Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
A Trusted TPA Model, to Improve Security & Reliability for Cloud StorageA Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
A Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
IRJET Journal
 
Data Security in Cloud Computing Using Linear Programming
Data Security in Cloud Computing Using Linear ProgrammingData Security in Cloud Computing Using Linear Programming
Data Security in Cloud Computing Using Linear Programming
IOSR Journals
 
A Secure Model for Cloud Computing Based Storage and Retrieval
A Secure Model for Cloud Computing Based Storage and RetrievalA Secure Model for Cloud Computing Based Storage and Retrieval
A Secure Model for Cloud Computing Based Storage and Retrieval
IOSR Journals
 
F01113945
F01113945F01113945
F01113945
IOSR Journals
 
Cloud Computing Security Issues and Challenges
Cloud Computing Security Issues and ChallengesCloud Computing Security Issues and Challenges
Cloud Computing Security Issues and Challenges
paperpublications3
 
176
176176
176
vivatechijri
 
Enhancing Data Storage Security in Cloud Computing Through Steganography
Enhancing Data Storage Security in Cloud Computing Through SteganographyEnhancing Data Storage Security in Cloud Computing Through Steganography
Enhancing Data Storage Security in Cloud Computing Through Steganography
IDES Editor
 
Cloud computing security through symmetric cipher model
Cloud computing security through symmetric cipher modelCloud computing security through symmetric cipher model
Cloud computing security through symmetric cipher model
ijcsit
 
Implementing security groups in open stack
Implementing security groups in open stackImplementing security groups in open stack
Implementing security groups in open stack
Rishabh Agarwal
 
Improve network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicImprove network safety through better visibility – Netmagic
Improve network safety through better visibility – Netmagic
Netmagic Solutions Pvt. Ltd.
 
Rp059 Icect2012 E694
Rp059 Icect2012 E694Rp059 Icect2012 E694
Rp059 Icect2012 E694
Sandeep Saxena
 
Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235
Editor IJARCET
 
Security Issues’ in Cloud Computing and its Solutions.
Security Issues’ in Cloud Computing and its Solutions. Security Issues’ in Cloud Computing and its Solutions.
Security Issues’ in Cloud Computing and its Solutions.
IJCERT JOURNAL
 
Security Issues in Cloud Computing
Security Issues in Cloud ComputingSecurity Issues in Cloud Computing
Security Issues in Cloud Computing
Jyotika Pandey
 
Single Sign-on Authentication Model for Cloud Computing using Kerberos
Single Sign-on Authentication Model for Cloud Computing using KerberosSingle Sign-on Authentication Model for Cloud Computing using Kerberos
Single Sign-on Authentication Model for Cloud Computing using Kerberos
Deepak Bagga
 
Security of Data in Cloud Environment Using DPaaS
Security of Data in Cloud Environment Using DPaaSSecurity of Data in Cloud Environment Using DPaaS
Security of Data in Cloud Environment Using DPaaS
IJMER
 
IT-35 Cloud Computing Unit 1.pptx
IT-35 Cloud Computing Unit 1.pptxIT-35 Cloud Computing Unit 1.pptx
IT-35 Cloud Computing Unit 1.pptx
adad129366
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Kshitij Mittal
 

Contenu connexe

Tendances

Smart, Secure and Efficient Data Sharing in IoT
Smart, Secure and Efficient Data Sharing in IoTSmart, Secure and Efficient Data Sharing in IoT
Smart, Secure and Efficient Data Sharing in IoT
Angelo Corsaro
 
Cloud Computing Security Issues and Challenges
Cloud Computing Security Issues and ChallengesCloud Computing Security Issues and Challenges
Cloud Computing Security Issues and Challenges
paperpublications3
 
176
176176
176
vivatechijri
 
Enhancing Data Storage Security in Cloud Computing Through Steganography
Enhancing Data Storage Security in Cloud Computing Through SteganographyEnhancing Data Storage Security in Cloud Computing Through Steganography
Enhancing Data Storage Security in Cloud Computing Through Steganography
IDES Editor
 
Cloud computing security through symmetric cipher model
Cloud computing security through symmetric cipher modelCloud computing security through symmetric cipher model
Cloud computing security through symmetric cipher model
ijcsit
 
Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235
Editor IJARCET
 
Security Issues’ in Cloud Computing and its Solutions.
Security Issues’ in Cloud Computing and its Solutions. Security Issues’ in Cloud Computing and its Solutions.
Security Issues’ in Cloud Computing and its Solutions.
IJCERT JOURNAL
 
Single Sign-on Authentication Model for Cloud Computing using Kerberos
Single Sign-on Authentication Model for Cloud Computing using KerberosSingle Sign-on Authentication Model for Cloud Computing using Kerberos
Single Sign-on Authentication Model for Cloud Computing using Kerberos
Deepak Bagga
 

Tendances (19)

Secure Cloud Hosting.paper
Secure Cloud Hosting.paperSecure Cloud Hosting.paper
Secure Cloud Hosting.paper
 
Smart, Secure and Efficient Data Sharing in IoT
Smart, Secure and Efficient Data Sharing in IoTSmart, Secure and Efficient Data Sharing in IoT
Smart, Secure and Efficient Data Sharing in IoT
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...
 
A Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
A Trusted TPA Model, to Improve Security & Reliability for Cloud StorageA Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
A Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
 
Data Security in Cloud Computing Using Linear Programming
Data Security in Cloud Computing Using Linear ProgrammingData Security in Cloud Computing Using Linear Programming
Data Security in Cloud Computing Using Linear Programming
 
A Secure Model for Cloud Computing Based Storage and Retrieval
A Secure Model for Cloud Computing Based Storage and RetrievalA Secure Model for Cloud Computing Based Storage and Retrieval
A Secure Model for Cloud Computing Based Storage and Retrieval
 
F01113945
F01113945F01113945
F01113945
 
Cloud Computing Security Issues and Challenges
Cloud Computing Security Issues and ChallengesCloud Computing Security Issues and Challenges
Cloud Computing Security Issues and Challenges
 
176
176176
176
 
Enhancing Data Storage Security in Cloud Computing Through Steganography
Enhancing Data Storage Security in Cloud Computing Through SteganographyEnhancing Data Storage Security in Cloud Computing Through Steganography
Enhancing Data Storage Security in Cloud Computing Through Steganography
 
Cloud computing security through symmetric cipher model
Cloud computing security through symmetric cipher modelCloud computing security through symmetric cipher model
Cloud computing security through symmetric cipher model
 
Implementing security groups in open stack
Implementing security groups in open stackImplementing security groups in open stack
Implementing security groups in open stack
 
Improve network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicImprove network safety through better visibility – Netmagic
Improve network safety through better visibility – Netmagic
 
Rp059 Icect2012 E694
Rp059 Icect2012 E694Rp059 Icect2012 E694
Rp059 Icect2012 E694
 
Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235Ijarcet vol-2-issue-7-2232-2235
Ijarcet vol-2-issue-7-2232-2235
 
Security Issues’ in Cloud Computing and its Solutions.
Security Issues’ in Cloud Computing and its Solutions. Security Issues’ in Cloud Computing and its Solutions.
Security Issues’ in Cloud Computing and its Solutions.
 
Security Issues in Cloud Computing
Security Issues in Cloud ComputingSecurity Issues in Cloud Computing
Security Issues in Cloud Computing
 
Single Sign-on Authentication Model for Cloud Computing using Kerberos
Single Sign-on Authentication Model for Cloud Computing using KerberosSingle Sign-on Authentication Model for Cloud Computing using Kerberos
Single Sign-on Authentication Model for Cloud Computing using Kerberos
 

Similaire à Protection of identity information in cloud computing without ttp

Security of Data in Cloud Environment Using DPaaS
Security of Data in Cloud Environment Using DPaaSSecurity of Data in Cloud Environment Using DPaaS
Security of Data in Cloud Environment Using DPaaS
IJMER
 
IT-35 Cloud Computing Unit 1.pptx
IT-35 Cloud Computing Unit 1.pptxIT-35 Cloud Computing Unit 1.pptx
IT-35 Cloud Computing Unit 1.pptx
adad129366
 
A survey on data security in cloud computing issues and mitigation techniques
A survey on data security in cloud computing issues and mitigation techniquesA survey on data security in cloud computing issues and mitigation techniques
A survey on data security in cloud computing issues and mitigation techniques
eSAT Publishing House
 
An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...
IJECEIAES
 
Insuring Security for Outsourced Data Stored in Cloud Environment
Insuring Security for Outsourced Data Stored in Cloud EnvironmentInsuring Security for Outsourced Data Stored in Cloud Environment
Insuring Security for Outsourced Data Stored in Cloud Environment
Editor IJCATR
 
Challenges and Proposed Solutions for Cloud Forensic
Challenges and Proposed Solutions for Cloud ForensicChallenges and Proposed Solutions for Cloud Forensic
Challenges and Proposed Solutions for Cloud Forensic
IJERA Editor
 
Cloud Auditing With Zero Knowledge Privacy
Cloud Auditing With Zero Knowledge PrivacyCloud Auditing With Zero Knowledge Privacy
Cloud Auditing With Zero Knowledge Privacy
IJERA Editor
 
Iirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environment
Iaetsd Iaetsd
 
A proposed Solution: Data Availability and Error Correction in Cloud Computing
A proposed Solution: Data Availability and Error Correction in Cloud ComputingA proposed Solution: Data Availability and Error Correction in Cloud Computing
A proposed Solution: Data Availability and Error Correction in Cloud Computing
CSCJournals
 

Similaire à Protection of identity information in cloud computing without ttp (20)

Security of Data in Cloud Environment Using DPaaS
Security of Data in Cloud Environment Using DPaaSSecurity of Data in Cloud Environment Using DPaaS
Security of Data in Cloud Environment Using DPaaS
 
IT-35 Cloud Computing Unit 1.pptx
IT-35 Cloud Computing Unit 1.pptxIT-35 Cloud Computing Unit 1.pptx
IT-35 Cloud Computing Unit 1.pptx
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar report
 
A survey on data security in cloud computing issues and mitigation techniques
A survey on data security in cloud computing issues and mitigation techniquesA survey on data security in cloud computing issues and mitigation techniques
A survey on data security in cloud computing issues and mitigation techniques
 
IRJET- Medical Big Data Protection using Fog Computing and Decoy Technique
IRJET- Medical Big Data Protection using Fog Computing and Decoy TechniqueIRJET- Medical Big Data Protection using Fog Computing and Decoy Technique
IRJET- Medical Big Data Protection using Fog Computing and Decoy Technique
 
Security Issues in Cloud Computing Solution of DDOS and Introducing Two-Tier ...
Security Issues in Cloud Computing Solution of DDOS and Introducing Two-Tier ...Security Issues in Cloud Computing Solution of DDOS and Introducing Two-Tier ...
Security Issues in Cloud Computing Solution of DDOS and Introducing Two-Tier ...
 
CLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEWCLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEW
 
IRJET- Proficient Public Substantiation of Data Veracity for Cloud Storage th...
IRJET- Proficient Public Substantiation of Data Veracity for Cloud Storage th...IRJET- Proficient Public Substantiation of Data Veracity for Cloud Storage th...
IRJET- Proficient Public Substantiation of Data Veracity for Cloud Storage th...
 
An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...
 
Security in cloud (and grid) computing Overview
Security in cloud (and grid) computing OverviewSecurity in cloud (and grid) computing Overview
Security in cloud (and grid) computing Overview
 
Insuring Security for Outsourced Data Stored in Cloud Environment
Insuring Security for Outsourced Data Stored in Cloud EnvironmentInsuring Security for Outsourced Data Stored in Cloud Environment
Insuring Security for Outsourced Data Stored in Cloud Environment
 
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
Privacy Preserving in Authentication Protocol for Shared Authority Based Clou...
 
IRJET - Multitenancy using Cloud Computing Features
IRJET - Multitenancy using Cloud Computing FeaturesIRJET - Multitenancy using Cloud Computing Features
IRJET - Multitenancy using Cloud Computing Features
 
Challenges and Proposed Solutions for Cloud Forensic
Challenges and Proposed Solutions for Cloud ForensicChallenges and Proposed Solutions for Cloud Forensic
Challenges and Proposed Solutions for Cloud Forensic
 
IRJET- Cloud Computing Review
IRJET- Cloud Computing ReviewIRJET- Cloud Computing Review
IRJET- Cloud Computing Review
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Cloud Auditing With Zero Knowledge Privacy
Cloud Auditing With Zero Knowledge PrivacyCloud Auditing With Zero Knowledge Privacy
Cloud Auditing With Zero Knowledge Privacy
 
Iirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environment
 
A proposed Solution: Data Availability and Error Correction in Cloud Computing
A proposed Solution: Data Availability and Error Correction in Cloud ComputingA proposed Solution: Data Availability and Error Correction in Cloud Computing
A proposed Solution: Data Availability and Error Correction in Cloud Computing
 

Dernier

1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 

Dernier (20)

Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 

Protection of identity information in cloud computing without ttp

  • 1. Protection of Identity Information in Cloud Computing without Trusted Third Party Authors: Rohit Ranchal, Bharat Bhargave , Lotfi Ben Othmane, Leszek Lilien, Anya Kim, Myong Kang, Mark Linderman IEEE International Symposium on Reliable Distributed System Presented by Mithil S. Parab Roll No:122113013 Seat No: 11 Guide: Prof. Nitesh Naik 06-03-2014 1
  • 2. Outline Introduction  Relate works  Select research problems  Proposed schemes  ◦ Multi-party computing ◦ Predicate encryption scheme ◦ Active Bundle Scheme  Conclusions 06-03-2014 2
  • 3. Definition of cloud computing - (NIST)  Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction 06-03-2014 3
  • 4. Larry Ellison- CEO, Oracle “The computer industry is the only industry that is more fashion-driven than women's fashion” 06-03-2014 4
  • 5. Tely HD Pro – integration  Blue Jeans Network  Mobical – cloud provider used to sync mobile phone data over the air.  06-03-2014 5
  • 7. Type of Cloud Computing 06-03-2014 7
  • 8. Cloud Service Layers - Characteristics Software as a Service (SaaS) • Sometimes free; easy to use; good consumer adoption; proven business models • You can only use the application as far as what it is designed for Platform as a Service (PaaS) • Developers can upload a configured applications and it “runs” within the platform’s framework; • Restricted to the platform’s ability only; sometimes dependant on Cloud Infrastructure provider Infrastructure as a Service (IaaS) • Offers full control of a company’s infrastructure; not confined to applications or restrictive instances • Sometimes comes with a price premium; can be complex to build, manage and maintain 06-03-2014 8
  • 9. Cloud Service Layers - Containing Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Business Processes Industry Applications CRM/ERP/HR Middleware Development Tooling Servers Networking 06-03-2014 Database Storage Java Runtime Data Center Fabric 9
  • 10. Cloud Service Layers - Example Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) 06-03-2014 10
  • 11. DEPLOYMENT MODELS Public Cloud Private Cloud Hybrid Cloud Public Cloud  Computing infrastructure is hosted by cloud vendor at the vendors premises.  and can be shared by various organizations.  E.g. : Amazon, Google, Microsoft, Sales force 06-03-2014 11
  • 12. DEPLOYMENT MODELS Public Cloud Private Cloud Hybrid Cloud Private Cloud  The computing infrastructure is dedicated to a particular organization and not shared with other organizations.  more expensive and more secure when compare to public cloud.  E.g. : HP data center, IBM, Sun, Oracle, 3tera 06-03-2014 12
  • 13. DEPLOYMENT MODELS Public Cloud Private Cloud Hybrid Cloud Hybrid Cloud  Organizations may host critical applications on private clouds.  where as relatively less security concerns on public cloud.  usage of both public and private together is called hybrid 06-03-2014 cloud. 13
  • 14. Advantages of Cloud Computing           Lower computer costs. Improved performance. Reduced software costs. Instant software updates. Improved document format compatibility. Unlimited storage capacity. Increased data reliability. Universal document access Easier group collaboration Device independence 06-03-2014 14
  • 15. Disadvantages of Cloud Computing  Requires a constant Internet connection:  Cloud computing is impossible if you cannot connect to the Internet.  Since you use the Internet to connect to both your applications and documents, if you do not have an Internet connection you cannot access anything, even your own documents.  A dead Internet connection means no work and in areas where Internet connections are few or inherently unreliable, this could be a deal-breaker.  When you are offline, cloud computing simply does not work. 06-03-2014 15
  • 17.  Multiple passwords are recipes for disaster, Agree ?  SSO – Single Sign On 06-03-2014 17
  • 20. Introductions  In cloud computing, entities may have multi accounts associate with a single or multi service provider(SP).  Share sensitive identity information(Personal identifiable information or PII) along with associated attributes of the same entity across services can be lead to mapping of the identity to the entity, tantamount to privacy loss. 06-03-2014 20
  • 22. Introductions  Identity management(IDM) is one of the core components in cloud privacy and security and can help alleviate some of the problems associated with cloud computing.  To use a cloud service, a user need to authenticate herself/himself to it.  The user has to give away some private information, which uniquely identifies the user to SP. That is user’s PII(Personal identifiable information). 06-03-2014 22
  • 24. Identity Management Architecture      Enterprise Service Bus (ESB)- 20+ IDM services are exposed. Authentication, Authorization, Password Management, Provisioning, and Policy. (scalable and extensible) Process Engine- request approval, removal of access, audit events, etc. Ex-CRM system may publish data to a predefined email address. Scripting -Groovy Script, integrates well with the framework. 06-03-2014 24
  • 25. Identity Management Architecture Audit and Compliance- capturing audit events and publish them to the ESB.  Reporting- tools to create reports and graphs.  Identity manager removes the users from the systems that they no longer need and adds the users to systems that do need access to.  Similarly, if a user leaves the company, all access would be promptly terminated.  06-03-2014 25
  • 26. Introductions  Obtaining the user’s PII gives some assurance to SPs about the user’s identity, which helps SP to decide whether to permit to its service or not.  The propose of an IDM system is to decide upon the disclosure of this information in a secure manner.(ex-Flash) The main problem for Bob is to decide which portion of his PII should he disclose, and how do disclose it in a secure way. 06-03-2014 26
  • 27. Related work  Different solutions use different ways of sending user’s PII for negotiation with the SPs. The common ways are: ◦ Use of a Trusted Third Party(TTP). The major issue with such approach in cloud computing are:  (a) TTP could be a cloud service, so SP could be TTP ; therefore, TTP may not be an independent trusted entity anymore.  (b) Using a single TTP. 06-03-2014 27
  • 28. Related work  Different solutions use different ways of sending user’s PII for negotiation with the SPs. The common ways are: ◦ Prohibiting untrusted host. A client application holding PII must be executed on trusted host to prevent malicious host from accessing PII. 06-03-2014 28
  • 29. Relate works PRIME- using TTP – IdP  Windows CardSpace  OpenID  06-03-2014 29
  • 31. Select Research Problems  Authenticating without disclosing PII ◦ When a user sends PII to authenticate for a service, the user may encrypt it. However, PII is decrypted before an SP uses it. As soon as PII is decrypted, it becomes prone to attacks.  Using services on untrusted host ◦ The available IDM solutions require user to execute IDM from a trusted host. They do not recommend using IDM on untrusted hosts, such as public host 06-03-2014 31
  • 32. Proposed scheme  The goal in the paper is to assure that IDM does not use TTP for verifying credentials.  This implies that IDM could use TTPs for other purpose, such as the use of a TTP by IDM for management of decryption key. 06-03-2014 32
  • 33. Proposed scheme  Proposed an approach for IDM in cloud computing that: ◦ Does not require TTPS  This is achieved through the use of multi-party computing, in which secret are split into shares distributed to different hosts. 06-03-2014 33
  • 34. Proposed scheme  Proposed an approach for IDM in cloud computing that: ◦ Can be used for an untrusted or unknown hosts  This is achieved though the use of the active bundle scheme. An active bundle has a self-integrity check mechanism, which triggers apoptosis(a complete selfdestruction) or evaporation(a partial self-destruction) when the check fails. 06-03-2014 34
  • 35. Proposed scheme  Proposed an approach for IDM in cloud computing that: ◦ Uses encrypted data when negotiating the use of PII for authentication to services in cloud computing  This is achieved by using predicate over encrypted data. 06-03-2014 35
  • 36. Multi-party computing  Threshold secret sharing ◦ First, a secret data item D is divided into n shares D1, D2, …, Dn, then a threshold k is chosen, so that:  To recover D, k or more of arbitrary Di’s are required.  Using any k-1 or fewer Di’s leaves D completely undetermined. 06-03-2014 36
  • 37. Multi-party computing  A function f using secret input from all the party. Involves n party, which calculate only partial function output.  One of the player is selected as the dealer(DLR), and is provide the partial function outputs to find out the full results of function computation.  Let f be a linear function of degree n known to each of the n party, and t be an arbitrary threshold value, and Pi denote Party i, and xi denote the secret input of Pi for f. 06-03-2014 37
  • 38. Multi-party computing  Let a1, a2 , …,an be distinct non-zero elements in the domain of f. Player Pi is assigned the point ai.  DLR will receive from the n parties the partial outputs of f calculated by the n parties using their respective secret inputs x1, x2,…, xn.  Each party Pi generates a polynomial hi of degree t such that hi(0)=xi 06-03-2014 38
  • 39. Multi-party computing  Each party Pi send to each Pj one si,j=hi(aj) of Pj’s input.  Then, each Pi computes a portion of function f using share si,j of the input that it has or received from n-1 other parties. 06-03-2014 39
  • 40. Predicate encryption scheme  Predicate encryption scheme allows evaluating predicate with encrypted data. ◦ For example, Alice can compute the predicate using encrypted data. 1. 2. 3. 4. Setup Encrypt(PK,PII) KeyGen(PK,MSK,p) Query(PK,CT,TKp) PK,MSK CT TKP p(PII) ◦ Alice uses a Setup algorithm scheme that generate a public key PK and a secret key MSK. 06-03-2014 40
  • 41. Predicate encryption scheme  Predicate encryption scheme allows evaluating predicate with encrypted data. ◦ For example, Alice can compute the predicate using encrypted data. 1. 2. 3. 4. Setup Encrypt(PK,PII) KeyGen(PK,MSK,p) Query(PK,CT,TKp) PK,MSK CT TKP p(PII) ◦ Alice uses PK to encrypt her PII and gets ciphertext CT. 06-03-2014 41
  • 42. Predicate encryption scheme  Predicate encryption scheme allows evaluating predicate with encrypted data. ◦ For example, Alice can compute the predicate using encrypted data. 1. 2. 3. 4. Setup Encrypt(PK,PII) KeyGen(PK,MSK,p) Query(PK,CT,TKP) PK,MSK CT TKP p(PII) ◦ Alice has the function p representing a predicate that she wishes to evaluate for her CT. ◦ She uses the KeyGen algorithm, PK ,MSK and p to output the token TKP. 06-03-2014 42
  • 43. Predicate encryption scheme  Predicate encryption scheme allows evaluating predicate with encrypted data. ◦ For example, Alice can compute the predicate using encrypted data. 1. 2. 3. 4. Setup Encrypt(PK,PII) KeyGen(PK,MSK,p) Query(PK,CT, TKP) PK,MSK CT TKP p(PII) ◦ She gives TKP to the host that evaluates the token for CT, and returns the result p(PII) to Alice. 06-03-2014 43
  • 44. Proposed schemes  An owner O encrypts PII using algorithm Encrypt and O’s public key PK. Encrypt outputs CT-the encrypted PII.  The secret key MSK is spilt between n parties.  SP transform his request for PII to a predicate represented by function P.  SP send share of p to the n parties who hold the shares of MSK. 06-03-2014 44
  • 45. Proposed schemes  The n parties execute together KeyGen using PK, MSK, and P and return TKP to SP.  SP call the algorithm Query that take as input PK, CT, TKP and produces p(PII) which is evaluation of the predicate.  The owner O is allow to use the service only when the predicate evaluate to “true”. 06-03-2014 45
  • 46. Active Bundle Scheme  Include: ◦ Identity data:  Data used for authentication, getting service, using service  The data are encrypted ◦ Metadata : Describe active bundle and its privacy policy  (a) integrity check metadata  (b) access control metadata  (c) dissemination control metadata 06-03-2014 46
  • 47. Active Bundle Scheme  Includes: ◦ Virtual machine(VM):manages and controls the program code enclosed in a bundle.  Enforcing bundle access control policies through apoptosis, evaporation  Enforcing bundle dissemination policies  Validate bundle integrity ◦ Disclosure policy:  A set of rule for choosing which identity data to disclose 06-03-2014 47
  • 48. Active Bundle Scheme  Active bundle send from a source host to the destination.  An active bundle ascertain the host’s trust level through a TTP.  Using its disclosure policy, it decides whether the host may be eligible to access all or part of bundle’s data, and which portion of sensitive data can be revealed to it. 06-03-2014 48
  • 49. Active Bundle Scheme  The remaining data may be evaporated as specified in the access control polies, protecting the data.  An active bundle may realize its security is about to be compromised. ◦ It may discover that its self-integrity check fail ◦ Or the trust level of its host is to low  The active bundle may choose to apoptosize , that is perform atomically a clean self-destruction. 06-03-2014 49
  • 50. Active Bundle Scheme Figure : Enabling an active bundle on destination host 06-03-2014 50
  • 51. Advantages  No need for TTPs - data exchange between a bundle and its host is local to the host, it protects PII from man-in-the-middle, side channel and collaborative attacks.  Authentication without disclosing unencrypted data.  Protection of identity data from untrusted hosts-data reach unintended destination or are tampered with, they apoptosize or evaporate. 06-03-2014 51
  • 52. Resilience to Attacks Correlation attacks on IDM - acquires a set of PIIs and is able to correlate it to the physical identity.  Amazon cloud is prone to side-channel attacks and it would be possible to steal data, once the malicious VM is placed on the same server as its target.  Approaches that do not use a TTP reduce the risk of such attacks.  06-03-2014 52
  • 53. Conclusions  It is very likely that user end up having multiple identities in multiple service providers security repositories, as well as multiple credential and multiple access permissions for different services provided by different SPs.  There is a strong need for an efficient and effective privacy-preserving system that is independent of TTPs, able to unambiguously identify users that can be trusted. 06-03-2014 53
  • 54. References [1] R. Gellman (2009), “Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing”, In the Proceedings of World Privacy Forum. [2] Karunanithi. D, Shiyamala Devi V. P, Sambath. M (January 2013), “User Centric Access Control in Cloud Using Identity Management” International Journal of Engineering and Innovative Technology (IJEIT) Volume 2, Issue 7. [3] E. Shi (Oct. 2008), “Evaluating Predicates over Encrypted Data,” Ph.D.Thesis. Carnegie Mellon University, Pittsburgh, PA. [4] A. Shamir (Nov. 1979), “How to Share a Secret,” Communications of the ACM, vol. 22(11), pp. 612n613. 06-03-2014 54
  • 55. References [5] L. Ben Othmane, and L. Lilien (Aug 2009), “Protecting Privacy in Sensitive Data Dissemination with Active Bundles”, Proc. 7th Annual Conference on Privacy, Security & Trust (PST 2009), Saint John, New Brunswick, Canada. [6] Ranchal, R., Bhargava, B. ; Othmane, L.B. ; Lilien, L. ; Anya Kim ; Myong Kang ; Linderman, M. (2010), “Protection of Identity Information in Cloud Computing without Trusted Third Party”, In the Proceedings of Reliable Distributed Systems, 29th IEEE Symposium. [7] S. Fischer-Hubner, and H. Hebdom, XPRIME - Privacy and Identity Management for Europe.Onlineat: ttps://www.primeproject.eu/prime_products/reports/fmwk/ub_del D14.1.c_ec_wp14.1 _v1_final.pdf. 06-03-2014 55