Secure Multiparty Computation or: How I learned to stop worrying and love the cloud

2,019 views

Published on

Presentation from Cloud Computing Demystified

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,019
On SlideShare
0
From Embeds
0
Number of Embeds
448
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Secure Multiparty Computation or: How I learned to stop worrying and love the cloud

  1. 1. 1<br />
  2. 2. Secure Multiparty Computation or: How I learned to stop worrying and love the cloud<br />Jakob I. Pagter<br />Alexandra Instituttet A/S<br />
  3. 3. Alexandra Instituttet A/S<br />Applied Research in ICT<br />Focus areas<br /><ul><li>GTS – Advanced Technology Institute
  4. 4. Non-profit
  5. 5. Owned by members
  6. 6. Apx. 50 companies and public institutions
  7. 7. Apx. 100 employees and growing fast
  8. 8. www.alexandra.dk</li></ul>Business development<br />Interactive Spaces<br />Security<br />New Ways of Working<br />Software<br />Pervasive Positioning<br />Computer Graphics<br />Pervasive Healthcare<br />
  9. 9. What is…<br />Secure Multiparty Computation (SMC)<br />Cloud Computing<br />Cheap (economies of scale/pay-by-the-drink)<br />Elastic<br />Innovation catalyst<br />Maybe more secure…?<br />Working on encrypted data<br />30 years old news<br />Not science fiction<br />Slow<br />Simplifying security policies<br />
  10. 10. (Some) attack vectors in the cloud<br />Outsiders<br />Platform/provider<br />Insiders<br />Neighbours<br />
  11. 11. Rasing the confidentiality bar<br />
  12. 12. Shallow Cloud Confidentiality<br />Loss of strong confidentiality<br />Loss of cloud benefits<br />web server..<br />Computation: decrypted!<br />?!<br />Storage: encrypted<br />Local computation<br />
  13. 13. Deep Cloud Confidentiality<br />web server..<br />Computation: encrypted!<br />Storage: encrypted<br />
  14. 14. SMC and Deep Confidentiality<br />Pros<br />Cons<br />Strong confidentiality – all the way<br />Secure<br />Simple<br />Efficient<br />Performance<br />Special purpose computations only<br />Introduces overhead (cost)<br />Find setups where these are properly balanced!<br />(not necessarily easy…)<br />
  15. 15. Case: SMC+Cloud-based auction system<br />Electricity market<br /><ul><li>Very non-transparent for buyers
  16. 16. Hard to find customers outside own region for sellers</li></ul>Security concerns<br /><ul><li>Bid rigging
  17. 17. Collusion
  18. 18. Fake bids to find customers</li></li></ul><li>Case: energiauktion.dk (through partisia.com)<br />2. Submit bids<br />1. Define auction<br />3. Find winner<br />4. Make the deal<br />
  19. 19. Case: SMC+Cloud benefits<br /><ul><li> low startup cost (uncertainty regarding #customers) "only pay when there is a customer" :)
  20. 20. daily peak in heavy computations (due to SMC)
  21. 21. elasticity ensures
  22. 22. that induced cost overhead is minimal
  23. 23. We can handle performance requirements
  24. 24. deep confidentiality => secure, simple, efficient</li></ul>The right balance!<br />
  25. 25. SMC Example: private DB “joins”<br />Insurance company<br />National health register<br />Desirable outcome<br />
  26. 26. SMC Example: private information retrieval <br />Blood sample<br />Result encrypted and shared<br />Analysis<br />Query<br />result<br />QUERY<br />Only the patient knows query and result<br />RESULT<br />Anonymous computation<br />
  27. 27. SMC Example: storage (not really SMC, but hey…)<br />http://allmydata.org/source/tahoe/trunk/docs/about.html<br />
  28. 28. SMC: Work-in-progress<br />Ongoing research<br />CACE<br />COBE<br />CFEM<br />www.cfem.dk<br />Public kick-off October 13-15<br />
  29. 29.
  30. 30. Eksempel: auktionpåfølsomme data<br />CSP-2<br />web-server (CSP-1)<br />DB<br />DB<br />SMC<br />DB<br />CSP-3<br />Java-applet<br />Krypteret bud<br />DB<br />CSP-4<br />byder<br />budafgivning<br />beregning på krypterede data!<br />
  31. 31. Virtualiseringog multi-tennancy<br />Outsourced<br />Lokalt<br /><ul><li>Andre brugerekørerpåsamme hardware (ellersoftwareinstans)</li></ul>Cloud<br />
  32. 32. Eksemplerpåtrusler<br />Oktober 2007/salesforce.com<br />Spearphishing mod ansat<br />Kundedata udleveret <br />Adgang til kundedata, bla. fra en række banker<br />http://voices.washingtonpost.com/securityfix/2007/11/salesforcecom_acknowledges_dat.html<br />November 2009/ACM CCS: <br />Angreb på Amazon AWS<br />Placere deres system på udvalgt hardware<br />Aflure fortrolige data via hypervisor.<br />Amazon har rettet det problem<br />

×