Download
cloud computing security n.
Skip this Video
Loading SlideShow in 5 Seconds..
Cloud Computing Security PowerPoint Presentation
Download Presentation
Cloud Computing Security

Cloud Computing Security

154 Views Download Presentation
Download Presentation

Cloud Computing Security

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Cloud Computing Security MonirAzraoui, KaoutarElkhiyaoui, RefikMolva, MelekӦnen, Pasquale Puzio December 18, 2013 – Sophia-Antipolis, France

  2. Cloud Computing – Outsourcing storage & computation High availability No IT maintenance cost Decreased Costs Elasticity & Flexibility Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France

  3. CSA’s Notorious Nine – From 2010 to 2013 Data breaches • Unauthorized access to client data Data Loss • Accidental or malicious destruction Account hijacking • Stolen credentials Insecure APIs • Adversary steals data from cloud Denial of Service • Intolerable system slowdown Malicious insiders • More powerful attackers Abuse of cloud services • Adversary rents the cloud Insufficient due diligence • Mismatched expectations Shared technology issues • Adversary breaks out of the hypervisor Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France

  4. Clouds as Adversaries To trust or how to trust? Do not cancel cloud advantages Lightweight operations at client side Cloud Security Big Data • Security Models & Requirements • Honest but curious • Confidentiality & Privacy • Data privacy • Computation privacy • Malicious • Privacy + Integrity & Transparency • Verifiability • Challenge Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France

  5. Cloud Security Research at EURECOM [PETS’12, Tclouds’13] [CloudCom’13] [Under submission] • Honest-but-curious cloud • Privacy preserving word search • Privacy preserving de-duplication • Malicious cloud • Proof of Retrievability Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France

  6. Proof of Retrievability - Overview [Under submission] [Deswarte et. al, Filho et. al, ..] [Ateniese et. al., Juels et. al., Shacham et.al...] • Challenge • No more physical possession of data • Lack of resources at the client side • Related work • Deterministic • Verification of the entire data  costly • Probabilistic • Tags for each block + random verification  Costly generation of tags • randomly located sentinels => limited verification • Our solution - StealthGuard • Randomly generated watchdogs • privacy preserving search of watchdogs Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France

  7. Cloud Security Research at EURECOM [PETS’12, Tclouds’13] [CloudCom’13] [Under submission] • Honest but curious cloud • Privacy preserving word search • Privacy preserving de-duplication • Malicious cloud • Proof of Retrievability Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France

  8. Privacy preserving word search Logs Pri S M • A concrete Scenario: Data retention • Internet Service Provider retains customers’ log/access data (for 6 years…!) • Example: DNS logs (time, IP, hostname) • Save money: Outsource to cloud • Challenge • Protect customer Privacy against prying clouds • Privacy: Encrypt log entries • Support queries: “Has x accessed y (at time z)?” • Word Search • Efficiency: Leverage clouds’ massive parallelism • MapReduce Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France Slide8

  9. PRIvacy preserving Search in MapReduce • Contribution • Data privacy: No (non trivial) data analysis • Computation privacy: query privacy, query unlinkability • Parallelism with MapReduce • Evaluation: privacy proofs and implementation (11% overhead) • Main idea • Word search transformed to PIR problems (single bit) • Map: Evaluate small PIR problem on each InputSplit • Reduce: combine mapper output with simple addition • User decodes output, decides existence Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France Slide9

  10. PRISM - Overview [PETS’12] File Query for “word” Idea: Transform search for “word” into PIR query User Q(word) word? Encrypt & Upload InputSplit E( ) E( ) E( ) E( ) Q(word) Q(word) Q(word) Q(word) Mapper “PIR Matrix” E(0) Cloud E(1) E(0) E(0) ∑ homomorphic Reducer E(1) Result Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France Slide10

  11. Further work - Delegated word search [Tclouds’13] • Scenario • Auditing • Additional privacy requirement • Authorized access with revocation • Initial solution based on • One-time key for search • Attribute based encryption for key retrieval Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France

  12. Cloud Security Research at EURECOM [PETS’12, Tclouds’13] [CloudCom’13] [Under submission] • Honest but curious cloud • Privacy preserving word search • Privacy preserving de-duplication • Malicious cloud • Proof of Retrievability Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France

  13. Privacy preserving deduplication • Deduplication • Duplicated data stored only once • 90-95% space saving • Conflict with privacy • Encryption prevents detection • Initial solution • Convergent encryption • Key = hash(data) • Vulnerable to dictionary attacks Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France

  14. ClouDedup - Overview [CloudCom’13] Confidentiality & block-level deduplication Countermeasure against CE vulnerability Negligible performance impact Transparent to the storage provider Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France

  15. Conclusion Do not cancel cloud advantages Big Data Lightweight operations at client side • Privacy preserving storage & computation • Suitable data encryption • Privacy preserving primitives • Word search • statistics: sum, average, etc. • .. • Privacy preserving deduplication • Verifiable storage & computation • Verifiable word search • Proof of retrievability • Data integrity Cloud Computing Security – December 18, 2013 Sophia-Antipolis, France

  16. THANK YOU melek.onen@eurecom.fr