Cryptographic Data Splitting and Cloud Computing

2,804 views

Published on

AFCEA Technology Over Bagels - Cryptographic Data Splitting and Cloud Computing

Published in: Technology
1 Comment
2 Likes
Statistics
Notes
  • tis shit lows rabbits
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
2,804
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
47
Comments
1
Likes
2
Embeds 0
No embeds

No notes for slide

Cryptographic Data Splitting and Cloud Computing

  1. 1. Cryptographic Data Splitting & Cloud Computing By Kevin L. Jackson, Engineering Fellow NJVC, LLC Presented to: AFCEA Technology Over Bagels October 12, 2010
  2. 2. The New IT Era IDC September 2008 rev date 10/12/2010
  3. 3. What is Cloud Computing An Amalgamation of Technologies An Amalgamation of Technologies – Converging on a Revolutionary and Transformational Services Delivery Model “A pay-per-use model for enabling available, convenient and on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. ” Other terms frequently associated with “cloud computing” include: NIST Definition - “network-centric” - “application service provider (ASP)” - “external hosting” and “co-location” - “private cloud = Intranet-based” © 2008 Science Applications International Corporation. All rights reserved. SAIC and the SAIC logo are registered trademarks of Science Applications International Corporation in the U.S. and/or other countries.
  4. 4. Non-Scalable Applications Are Expensive and Risky  Non-scalable applications suffer from diminishing returns on added resources  As the business grows, per transaction costs INCREASE  At some point the application will hit a wall, leading to:  Application crashes (and potential disaster for the business – at huge cost)  Expensive process of re-architecting the application every few months/years Non-Linear Scalability (15% Contention) $1,200,000 $1,000,000 Server cost: $20,000 Total Solution Cost $800,000 $600,000 Single server throughput: The Scalability 1,000 tx/sec $400,000 Wall Contention: $200,000 15% $0 1,000 2,000 3,000 4,000 5,000 6,000 7,000 8,000 9,000 10,000 Required Throughput (e.g., Tx/Sec)
  5. 5. The Goal: Linear Scalability On Demand  No diminishing returns on scale  No code changes when scaling  Drop in another box and increase capacity linearly $1,200,000 $1,000,000 $800,000 $600,000 $400,000 $200,000 $0 1,000 2,000 3,000 4,000 5,000 6,000 7,000 8,000 9,000 10,000 1,000 tx/sec tx/sec tx/sec tx/sec 2,000 3,000 4,000 Linear Scalability Non-Linear Scalability (15% Contention)
  6. 6. Cloud Computing Value 140 120 100 OPEX 80 Cost 60 Capability Demand Traditional 40 CAPEX 20 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 140 120 100 80 Cost (20% premium) 60 Capability Demand Cloud OPEX 40 20 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Courtesy The Open Gro
  7. 7. Economic Benefit (Booz Allen Hamilton, October 2009)
  8. 8. Speed of Cost Reduction, Cost of Change Courtesy The Open Gro
  9. 9. Optimizing Ownership Use Courtesy The Open Gro
  10. 10. Optimizing Time to Deliver Capability Courtesy The Open Gro
  11. 11. Value and Capabilities  Time  Reduce time to deliver/execute mission  Increased responsiveness/flexibility/availability  Cost  Optimizing cost to deliver/execute mission  Optimizing cost of ownership (lifecycle cost)  Increased efficiencies in capital/operational expenditures  Quality  Environmental improvements  Experiential improvements
  12. 12. Government Cloud Computing United States Federal Chief Information Officers Council Data.gov & IT Dashboard Defense Information Systems Agency (DISA) Rapid Access Computing Environment (RACE) US Department of Energy (DOE) Magellan General Services Administration (GSA) Apps.gov Department of the Interior National Business Center (NBC) Cloud Computing NASA Nebula National Institute of Standards and Technology (NIST) United Kingdom G-Cloud European Union Resources and Services Virtualization without Barriers Project (RESERVOIR) Canada Canada Cloud Computing Cloud Computing and the Canadian Environment Japan The Digital Japan Creation Project (ICT Hatoyama Plan) The Kasumigaseki Cloud
  13. 13. Communications Infrastructure Continuum Military Tactical Edge High Performance The Mainstream Mobile, Ad Hoc Networks Internet Networks Some Common Characteristics Some Common Characteristics Some Common Characteristics • Stable infrastructure • Mixed range of assets • Ad hoc assets • Fiber optic/High-speed RF/wireless • Mixed media • Generally wireless optical • Tending to higher bandwidth • Design for degraded operation • Highest bandwidth • Overprovisioned • Large variability in latency and • Low latency bandwidth • Low to high latency •Connection-oriented links • Highly dynamic routing • Table-based routing • Policy-based QoS • More distributed network service • Mixed policies in forwarding and models required QoS • Change is the norm
  14. 14. Humanitarian Assistance and Disaster Response (HADR) Humanity & Infrastructure  Damaged local infrastructure  Heterogeneous mobile support/response infrastructure  Secure/Sensitive/Unsecure information requirements  Network flexibility paramount
  15. 15. Cloud Computing  Not a technology but a new way of provisioning and consuming information technology  An automated SOA implemented with “brutal standardization” over a virtualized infrastructure (compute, storage, networks) enables cloud computing Key Benefits Key Concerns  Significant cost reductions  Standards  Reduced time to capability  Portability  Increased flexibility  Control/Availability  Elastic scalability  Security  Increase service quality  IT Policy  Increased security  Management / Monitoring  Ease of technology refresh  Ecosystem  Ease of collaboration  Increased efficiency
  16. 16. Cloud Computing Security  Increased virtualization (Compute, Storage, Network)  Modification of infrastructure centric security policies  Support of information risk management profiles  “Brutal standardization” to increase automation and reduces opportunity for human error  Increased infrastructure visibility to improve ability to deploy, monitor and enforce security policies  Implementation of advanced data-centric security technologies  Global File Systems / Content Addressable Storage  Global, Shared Infrastructures  Dynamic, Non-traditional Coalitions
  17. 17. Cryptographic Data Splitting (SecureParser® ) Cryptographically splits data Document E-mail Database Email - Database Video Map Imagery Imagery Creates physically separate fault tolerant Shares High-efficiency cryptographic module: CDIP & COI Framework • Provably-secure Computational Secret Sharing • Cryptographic Data Splitting AES Encryption • Data Integrity Protection • Modules can be change out, e.g. AES could be changed with a Random Bit Split TYPE I encryption as requirement called for “M of N ” Fault Tolerance Share Authentication Physically Separate Shares •Written to Storage – Data at Rest •Written to Networks – Data in Motion • Created at any IO Point in the system 1 2 3 4 User Definable • Number of Shares • Fault Tolerance • Key Management
  18. 18. SecureParser Key Management
  19. 19. Independent Testing and Evaluation 2005 CWID: AFCA assessment & AF C2 Battle Lab demo “…as demonstrating the potential to be labeled as an MLS/PL-4 System…” 2005 DISA: Technical Information Panel (TIP) “…found to have merit for further evaluation and consideration for use as an information assurance technology…potential to fundamentally alter the way storing and securing of data is approached.” 2006 SOCOM: National Center for the Study of Counter-terrorism and Cybercrime IV&V completed successfully for SOCOM MLS Pilot Project 2006 EUCOM Combined Endeavor: Joint Interoperability Test Center (JITC) “…value of the SecureParser was obvious. This capability not only offers increased security of data, but reduces costs by eliminating the need for redundant resources.” 2008 Selected by DISA as a demonstration solution for CWID’08 - June 08 Selected by NSA for HAP Trade Study as a Crypto Service and for DAR
  20. 20. ISR Data – Collection to War fighter IA Collection Communication Storage and Sharing. Hiding War Fighter Data in Plain Site on the Access GIG. Geographically distributed Data and Servers X X Data transmitted through multiple paths (Satellite and Terrestrial) WAN/DIB X Ground ISR Data Processing center Secure ISR Secure and Highly Secure ISR Data Secure and Highly Secure and Highly Data Available Sharing Available Storage and Available COI ISR Communications Integrated Backup Data Sharing
  21. 21. Conclusion  Cloud Computing represents an important shift in the consumption and delivery of information technology  Shift from infrastructure-centric to data-centric computing (and security)  Cryptographic data splitting can support the security needs of this new era.
  22. 22. Thank You ! Kevin L. Jackson Director Cloud Computing Services NJVC, LLC (703) 335-0830 Kevin.Jackson@NJVC.com http://kevinljackson.blogspot.com http://govcloud.ulitzer.com

×