Your SlideShare is downloading. ×
Secure Multiparty Computation or: How I learned to stop worrying and love the cloud
Secure Multiparty Computation or: How I learned to stop worrying and love the cloud
Secure Multiparty Computation or: How I learned to stop worrying and love the cloud
Secure Multiparty Computation or: How I learned to stop worrying and love the cloud
Secure Multiparty Computation or: How I learned to stop worrying and love the cloud
Secure Multiparty Computation or: How I learned to stop worrying and love the cloud
Secure Multiparty Computation or: How I learned to stop worrying and love the cloud
Secure Multiparty Computation or: How I learned to stop worrying and love the cloud
Secure Multiparty Computation or: How I learned to stop worrying and love the cloud
Secure Multiparty Computation or: How I learned to stop worrying and love the cloud
Secure Multiparty Computation or: How I learned to stop worrying and love the cloud
Secure Multiparty Computation or: How I learned to stop worrying and love the cloud
Secure Multiparty Computation or: How I learned to stop worrying and love the cloud
Secure Multiparty Computation or: How I learned to stop worrying and love the cloud
Secure Multiparty Computation or: How I learned to stop worrying and love the cloud
Secure Multiparty Computation or: How I learned to stop worrying and love the cloud
Secure Multiparty Computation or: How I learned to stop worrying and love the cloud
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Secure Multiparty Computation or: How I learned to stop worrying and love the cloud

1,620

Published on

Presentation from Cloud Computing Demystified

Presentation from Cloud Computing Demystified

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,620
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 1
  • 2. Secure Multiparty Computation or: How I learned to stop worrying and love the cloud
    Jakob I. Pagter
    Alexandra Instituttet A/S
  • 3. Alexandra Instituttet A/S
    Applied Research in ICT
    Focus areas
    • GTS – Advanced Technology Institute
    • 4. Non-profit
    • 5. Owned by members
    • 6. Apx. 50 companies and public institutions
    • 7. Apx. 100 employees and growing fast
    • 8. www.alexandra.dk
    Business development
    Interactive Spaces
    Security
    New Ways of Working
    Software
    Pervasive Positioning
    Computer Graphics
    Pervasive Healthcare
  • 9. What is…
    Secure Multiparty Computation (SMC)
    Cloud Computing
    Cheap (economies of scale/pay-by-the-drink)
    Elastic
    Innovation catalyst
    Maybe more secure…?
    Working on encrypted data
    30 years old news
    Not science fiction
    Slow
    Simplifying security policies
  • 10. (Some) attack vectors in the cloud
    Outsiders
    Platform/provider
    Insiders
    Neighbours
  • 11. Rasing the confidentiality bar
  • 12. Shallow Cloud Confidentiality
    Loss of strong confidentiality
    Loss of cloud benefits
    web server..
    Computation: decrypted!
    ?!
    Storage: encrypted
    Local computation
  • 13. Deep Cloud Confidentiality
    web server..
    Computation: encrypted!
    Storage: encrypted
  • 14. SMC and Deep Confidentiality
    Pros
    Cons
    Strong confidentiality – all the way
    Secure
    Simple
    Efficient
    Performance
    Special purpose computations only
    Introduces overhead (cost)
    Find setups where these are properly balanced!
    (not necessarily easy…)
  • 15. Case: SMC+Cloud-based auction system
    Electricity market
    • Very non-transparent for buyers
    • 16. Hard to find customers outside own region for sellers
    Security concerns
    • Bid rigging
    • 17. Collusion
    • 18. Fake bids to find customers
  • Case: energiauktion.dk (through partisia.com)
    2. Submit bids
    1. Define auction
    3. Find winner
    4. Make the deal
  • 19. Case: SMC+Cloud benefits
    • low startup cost (uncertainty regarding #customers) "only pay when there is a customer" :)
    • 20. daily peak in heavy computations (due to SMC)
    • 21. elasticity ensures
    • 22. that induced cost overhead is minimal
    • 23. We can handle performance requirements
    • 24. deep confidentiality => secure, simple, efficient
    The right balance!
  • 25. SMC Example: private DB “joins”
    Insurance company
    National health register
    Desirable outcome
  • 26. SMC Example: private information retrieval
    Blood sample
    Result encrypted and shared
    Analysis
    Query
    result
    QUERY
    Only the patient knows query and result
    RESULT
    Anonymous computation
  • 27. SMC Example: storage (not really SMC, but hey…)
    http://allmydata.org/source/tahoe/trunk/docs/about.html
  • 28. SMC: Work-in-progress
    Ongoing research
    CACE
    COBE
    CFEM
    www.cfem.dk
    Public kick-off October 13-15
  • 29.
  • 30. Eksempel: auktionpåfølsomme data
    CSP-2
    web-server (CSP-1)
    DB
    DB
    SMC
    DB
    CSP-3
    Java-applet
    Krypteret bud
    DB
    CSP-4
    byder
    budafgivning
    beregning på krypterede data!
  • 31. Virtualiseringog multi-tennancy
    Outsourced
    Lokalt
    • Andre brugerekørerpåsamme hardware (ellersoftwareinstans)
    Cloud
  • 32. Eksemplerpåtrusler
    Oktober 2007/salesforce.com
    Spearphishing mod ansat
    Kundedata udleveret
    Adgang til kundedata, bla. fra en række banker
    http://voices.washingtonpost.com/securityfix/2007/11/salesforcecom_acknowledges_dat.html
    November 2009/ACM CCS:
    Angreb på Amazon AWS
    Placere deres system på udvalgt hardware
    Aflure fortrolige data via hypervisor.
    Amazon har rettet det problem

×