1 / 16

Cloud Computing Security

Cloud Computing Security. Monir Azraoui , Kaoutar Elkhiyaoui , Refik Molva , Melek Ӧ nen , Pasquale Puzio December 18, 2013 – Sophia-Antipolis, France. Cloud Computing – Outsourcing storage & computation. High availability No IT maintenance cost Decreased Costs

olinda
Télécharger la présentation

Cloud Computing Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cloud Computing Security MonirAzraoui, KaoutarElkhiyaoui, RefikMolva, MelekӦnen, Pasquale Puzio December 18, 2013 – Sophia-Antipolis, France

  2. Cloud Computing – Outsourcing storage & computation High availability No IT maintenance cost Decreased Costs Elasticity & Flexibility Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France

  3. CSA’s Notorious Nine – From 2010 to 2013 Data breaches • Unauthorized access to client data Data Loss • Accidental or malicious destruction Account hijacking • Stolen credentials Insecure APIs • Adversary steals data from cloud Denial of Service • Intolerable system slowdown Malicious insiders • More powerful attackers Abuse of cloud services • Adversary rents the cloud Insufficient due diligence • Mismatched expectations Shared technology issues • Adversary breaks out of the hypervisor Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France

  4. Clouds as Adversaries To trust or how to trust? Do not cancel cloud advantages Lightweight operations at client side Cloud Security Big Data • Security Models & Requirements • Honest but curious • Confidentiality & Privacy • Data privacy • Computation privacy • Malicious • Privacy + Integrity & Transparency • Verifiability • Challenge Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France

  5. Cloud Security Research at EURECOM [PETS’12, Tclouds’13] [CloudCom’13] [Under submission] • Honest-but-curious cloud • Privacy preserving word search • Privacy preserving de-duplication • Malicious cloud • Proof of Retrievability Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France

  6. Proof of Retrievability - Overview [Under submission] [Deswarte et. al, Filho et. al, ..] [Ateniese et. al., Juels et. al., Shacham et.al...] • Challenge • No more physical possession of data • Lack of resources at the client side • Related work • Deterministic • Verification of the entire data  costly • Probabilistic • Tags for each block + random verification  Costly generation of tags • randomly located sentinels => limited verification • Our solution - StealthGuard • Randomly generated watchdogs • privacy preserving search of watchdogs Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France

  7. Cloud Security Research at EURECOM [PETS’12, Tclouds’13] [CloudCom’13] [Under submission] • Honest but curious cloud • Privacy preserving word search • Privacy preserving de-duplication • Malicious cloud • Proof of Retrievability Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France

  8. Privacy preserving word search Logs Pri S M • A concrete Scenario: Data retention • Internet Service Provider retains customers’ log/access data (for 6 years…!) • Example: DNS logs (time, IP, hostname) • Save money: Outsource to cloud • Challenge • Protect customer Privacy against prying clouds • Privacy: Encrypt log entries • Support queries: “Has x accessed y (at time z)?” • Word Search • Efficiency: Leverage clouds’ massive parallelism • MapReduce Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France Slide8

  9. PRIvacy preserving Search in MapReduce • Contribution • Data privacy: No (non trivial) data analysis • Computation privacy: query privacy, query unlinkability • Parallelism with MapReduce • Evaluation: privacy proofs and implementation (11% overhead) • Main idea • Word search transformed to PIR problems (single bit) • Map: Evaluate small PIR problem on each InputSplit • Reduce: combine mapper output with simple addition • User decodes output, decides existence Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France Slide9

  10. PRISM - Overview [PETS’12] File Query for “word” Idea: Transform search for “word” into PIR query User Q(word) word? Encrypt & Upload InputSplit E( ) E( ) E( ) E( ) Q(word) Q(word) Q(word) Q(word) Mapper “PIR Matrix” E(0) Cloud E(1) E(0) E(0) ∑ homomorphic Reducer E(1) Result Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France Slide10

  11. Further work - Delegated word search [Tclouds’13] • Scenario • Auditing • Additional privacy requirement • Authorized access with revocation • Initial solution based on • One-time key for search • Attribute based encryption for key retrieval Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France

  12. Cloud Security Research at EURECOM [PETS’12, Tclouds’13] [CloudCom’13] [Under submission] • Honest but curious cloud • Privacy preserving word search • Privacy preserving de-duplication • Malicious cloud • Proof of Retrievability Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France

  13. Privacy preserving deduplication • Deduplication • Duplicated data stored only once • 90-95% space saving • Conflict with privacy • Encryption prevents detection • Initial solution • Convergent encryption • Key = hash(data) • Vulnerable to dictionary attacks Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France

  14. ClouDedup - Overview [CloudCom’13] Confidentiality & block-level deduplication Countermeasure against CE vulnerability Negligible performance impact Transparent to the storage provider Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France

  15. Conclusion Do not cancel cloud advantages Big Data Lightweight operations at client side • Privacy preserving storage & computation • Suitable data encryption • Privacy preserving primitives • Word search • statistics: sum, average, etc. • .. • Privacy preserving deduplication • Verifiable storage & computation • Verifiable word search • Proof of retrievability • Data integrity Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France

  16. THANK YOU melek.onen@eurecom.fr

More Related