James Wernicke, profile picture
Uploaded byJames Wernicke
PPTX, PDF549 views

Access Control & Encryption In Cloud Environments

The document discusses access control and encryption challenges in cloud environments, emphasizing the need for improved methods as organizations move away from controlling their own infrastructure. It highlights homomorphic encryption as a promising solution to enable operations on encrypted data while maintaining security, although current implementations face significant limitations. Additionally, it introduces ciphertext-policy attribute-based encryption as a method for managing access control more effectively in distributed and potentially compromised server environments.

Embed presentation

Downloaded 48 times
Access Control and Encryption in Cloud EnvironmentsJames WernickeNew Mexico TechDepartment of Computer Science & EngineeringA Designated Center of Academic Excellence in Information Assurance by the National Security Agency
TerminologyAccess control:A system which enables an authority to control access to areas and resources in a given physical facility or computer-based information systemEncryption:The process of transforming information (“plaintext”) using an algorithm (“cipher”) to make it unreadable to anyone except those possessing special knowledge (“key”).Cloud:Computing system where shared resources, software, and information are provided to computers and other devices on demand like the electricity grid.A Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 2 -
MotivationOrganizations no longer need to control the computing infrastructure that supports them. They just need a place to store, access, and manipulate their data.The usual cryptographic methods are limiting, inflexible, and don’t scale well.Access management has always been done internally.Research related to this semester’s projectsA Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 3 -
ScenariosOutsourcing computations on sensitive dataQuerying large sets of encrypted dataElectronic votingSearch engine privacyTrend analysis on personal informationA Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 4 -
Boolean CircuitsA series of additions and multiplicationsAny computation can be expressed as a series of Boolean circuits.Sooo…Computations are just series of additions and multiplications.A Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 5 -
HomomorphismAddition and multiplication operations can be performed before or after a function is applied with the same results.f(a+b) = f(a) + f(b)f(ab) = f(a) * f(b)What does this mean for encryption?Operations on ciphertext produce a result which, when deciphered, produces the same result as the same operations on the plaintextA Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 6 -
DES/AES EncryptionNot homomorphic at allEncrypt P to get C, multiply C by 2, decrypt 2C, get some gibberishA Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 7 -
RSA EncryptionMultiplicatively homomorphicEncrypt P to get C, multiply C by 2, decrypt 2C, get 2PThis isn’t really helpful unless we just want to do a bunch of multiplicationsA Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 8 -
Gentry’s Homomorphic EncryptionFully homomorphicEncrypt P to get C, do an arbitrary number of additions and multiplications on C to get C′, decrypt C′, get P′Awesome… in theoryA Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 9 -
LimitationsEncrypted Google search takes one trillion times longerNumber of multiplications needs to be fixed when public key is generatedNeed to know what to compute before encryptingA Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 10 -
Access ControlAttribute-based managementTraditionally, server authenticates userData now distributed across many serversMore servers
More chance of compromiseA Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 11 -
Ciphertext-Policy Attribute-Based Encryption (CP-ABE)Access policy associated with ciphertextPrivate keys associated with attributesSo why is this good?Encryptor enforces access policy, not server
Data can be decrypted by more than one userCollusion resistanceA Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 12 -
ConclusionsMore research into fully homomorphic encryption could revolutionize the way cloud services are utilized for sensitive data.CP-ABE can provide a new approach to managing access control on untrusted servers.A Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 13 -

More Related Content

PDF
SECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTION
byacijjournal
 
PDF
ENABLING CLOUD STORAGE AUDITING WITH VERIFIABLE OUTSOURCING OF KEY UPDATES
byNexgen Technology
 
PDF
Searchable Encryption Systems
byChristopher Frenz
 
PDF
IRJET- An Approach for Implemented Secure Proxy Server for Multi-User Searcha...
byIRJET Journal
 
PDF
Efficient Similarity Search over Encrypted Data
byIRJET Journal
 
PDF
IJARCCE 20
byNahan Rahman
 
DOC
Lightweight secure scheme for detecting provenance forgery and packet drop at...
byPvrtechnologies Nellore
 
PDF
A lightweight secure scheme for detecting provenance forgery and packet drop ...
byLeMeniz Infotech
 
SECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTION
byacijjournal
 
ENABLING CLOUD STORAGE AUDITING WITH VERIFIABLE OUTSOURCING OF KEY UPDATES
byNexgen Technology
 
Searchable Encryption Systems
byChristopher Frenz
 
IRJET- An Approach for Implemented Secure Proxy Server for Multi-User Searcha...
byIRJET Journal
 
Efficient Similarity Search over Encrypted Data
byIRJET Journal
 
IJARCCE 20
byNahan Rahman
 
Lightweight secure scheme for detecting provenance forgery and packet drop at...
byPvrtechnologies Nellore
 
A lightweight secure scheme for detecting provenance forgery and packet drop ...
byLeMeniz Infotech
 

What's hot

PDF
A Survey on Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encryp...
byIRJET Journal
 
PPTX
Tees an efficient search scheme over
byKumar Dlk
 
DOCX
IEEE 2014 DOTNET CLOUD COMPUTING PROJECTS Fuzzy keyword search over
byIEEEMEMTECHSTUDENTPROJECTS
 
PDF
A lightweight secure scheme for detecting provenance forgery and packet drop ...
byPvrtechnologies Nellore
 
PDF
Hybrid Security Network for Cloud Information Centre (HSNIC)
byPeace Asukwo
 
PDF
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
byijcisjournal
 
PDF
Towards Secure Data Distribution Systems in Mobile Cloud Computing: A Survey
byIRJET Journal
 
PDF
Search on encrypted data
bySELASI OCANSEY
 
PDF
AN EFFICIENT FILE HIERARCHY ATTRIBUTE-BASED ENCRYPTION SCHEME IN CLOUD COMPUT...
byNexgen Technology
 
PDF
A SURVEY ON RECENT APPROACHES COMBINING CRYPTOGRAPHY AND STEGANOGRAPHY
bycsandit
 
DOCX
DOTNET 2013 IEEE CLOUDCOMPUTING PROJECT A privacy leakage upper bound constra...
byIEEEGLOBALSOFTTECHNOLOGIES
 
PDF
IRJET- Study and Performance Evaluation of Different Symmetric Key Crypto...
byIRJET Journal
 
DOCX
privacy preserving multi keyword ranked search over encrypted cloud data
byswathi78
 
PPTX
Privacy preserving multi-keyword ranked search over encrypted cloud data
byIGEEKS TECHNOLOGIES
 
PDF
IRJET- Secure File Storage on Cloud using Cryptography
byIRJET Journal
 
PDF
Enabling efficient multi keyword ranked
bySakthi Sundaram
 
PDF
Improving Data Storage Security in Cloud using Hadoop
byIJERA Editor
 
PPTX
Fog computing
bySaikiranK15
 
PDF
Enhanced Efficient & Secure Steganography Algorithm with Low Distortion
byIRJET Journal
 
A Survey on Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encryp...
byIRJET Journal
 
Tees an efficient search scheme over
byKumar Dlk
 
IEEE 2014 DOTNET CLOUD COMPUTING PROJECTS Fuzzy keyword search over
byIEEEMEMTECHSTUDENTPROJECTS
 
A lightweight secure scheme for detecting provenance forgery and packet drop ...
byPvrtechnologies Nellore
 
Hybrid Security Network for Cloud Information Centre (HSNIC)
byPeace Asukwo
 
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
byijcisjournal
 
Towards Secure Data Distribution Systems in Mobile Cloud Computing: A Survey
byIRJET Journal
 
Search on encrypted data
bySELASI OCANSEY
 
AN EFFICIENT FILE HIERARCHY ATTRIBUTE-BASED ENCRYPTION SCHEME IN CLOUD COMPUT...
byNexgen Technology
 
A SURVEY ON RECENT APPROACHES COMBINING CRYPTOGRAPHY AND STEGANOGRAPHY
bycsandit
 
DOTNET 2013 IEEE CLOUDCOMPUTING PROJECT A privacy leakage upper bound constra...
byIEEEGLOBALSOFTTECHNOLOGIES
 
IRJET- Study and Performance Evaluation of Different Symmetric Key Crypto...
byIRJET Journal
 
privacy preserving multi keyword ranked search over encrypted cloud data
byswathi78
 
Privacy preserving multi-keyword ranked search over encrypted cloud data
byIGEEKS TECHNOLOGIES
 
IRJET- Secure File Storage on Cloud using Cryptography
byIRJET Journal
 
Enabling efficient multi keyword ranked
bySakthi Sundaram
 
Improving Data Storage Security in Cloud using Hadoop
byIJERA Editor
 
Fog computing
bySaikiranK15
 
Enhanced Efficient & Secure Steganography Algorithm with Low Distortion
byIRJET Journal
 

Similar to Access Control & Encryption In Cloud Environments

PPTX
Cyber security workshop talk.pptx
bykamalakantas
 
PDF
CNIT 141: 1. Encryption
bySam Bowne
 
PDF
Homomorphic encryption algorithms and schemes for secure computations in the ...
byMajedahAlkharji
 
PDF
CNIT 141: 1. Encryption
bySam Bowne
 
PDF
CNIT 141: 1. Encryption
bySam Bowne
 
PDF
CNIT 141: 1. Encryption
bySam Bowne
 
PPTX
Homomorphic Encryption: Unveiling secrets without exposing them
byMuhammedYaseen39
 
DOCX
Key aggregate searchable encryption (kase) for group data sharing via cloud s...
byCloudTechnologies
 
PDF
Attribute-Based Encryption for Access of Secured Data in Cloud Storage
byIJSRD
 
PDF
3.0 UNIT-3_Summary about total detail description.pdf
bymishrarajimsec
 
PDF
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
byijcisjournal2
 
PDF
262 265
byEditor IJARCET
 
PDF
A Survey of the Homomorphic Encryption Approach for Data Security in Cloud Co...
byPatel Dasharathbhai
 
PDF
KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING IN CLOUD
byNaseem nisar
 
PDF
Cyber Threats Are Rising—Is Your Data Safe Without Encryption.pdf
byEnterprise world
 
PPTX
Computer Introduction (Data Encryption)-Lecture05
byDr. Mazin Mohamed alkathiri
 
PDF
Ieeepro techno solutions 2014 ieee java project -key-aggregate cryptosystem...
byhemanthbbc
 
PDF
Ieeepro techno solutions 2014 ieee dotnet project -key-aggregate cryptosyst...
byASAITHAMBIRAJAA
 
DOCX
Cryptography- "A Black Art"
byAditya Raina
 
PPTX
How to write secure code
byFlaskdata.io
 
Cyber security workshop talk.pptx
bykamalakantas
 
CNIT 141: 1. Encryption
bySam Bowne
 
Homomorphic encryption algorithms and schemes for secure computations in the ...
byMajedahAlkharji
 
CNIT 141: 1. Encryption
bySam Bowne
 
CNIT 141: 1. Encryption
bySam Bowne
 
CNIT 141: 1. Encryption
bySam Bowne
 
Homomorphic Encryption: Unveiling secrets without exposing them
byMuhammedYaseen39
 
Key aggregate searchable encryption (kase) for group data sharing via cloud s...
byCloudTechnologies
 
Attribute-Based Encryption for Access of Secured Data in Cloud Storage
byIJSRD
 
3.0 UNIT-3_Summary about total detail description.pdf
bymishrarajimsec
 
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
byijcisjournal2
 
262 265
byEditor IJARCET
 
A Survey of the Homomorphic Encryption Approach for Data Security in Cloud Co...
byPatel Dasharathbhai
 
KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING IN CLOUD
byNaseem nisar
 
Cyber Threats Are Rising—Is Your Data Safe Without Encryption.pdf
byEnterprise world
 
Computer Introduction (Data Encryption)-Lecture05
byDr. Mazin Mohamed alkathiri
 
Ieeepro techno solutions 2014 ieee java project -key-aggregate cryptosystem...
byhemanthbbc
 
Ieeepro techno solutions 2014 ieee dotnet project -key-aggregate cryptosyst...
byASAITHAMBIRAJAA
 
Cryptography- "A Black Art"
byAditya Raina
 
How to write secure code
byFlaskdata.io
 

Access Control & Encryption In Cloud Environments

  • 1.
    Access Control andEncryption in Cloud EnvironmentsJames WernickeNew Mexico TechDepartment of Computer Science & EngineeringA Designated Center of Academic Excellence in Information Assurance by the National Security Agency
  • 2.
    TerminologyAccess control:A systemwhich enables an authority to control access to areas and resources in a given physical facility or computer-based information systemEncryption:The process of transforming information (“plaintext”) using an algorithm (“cipher”) to make it unreadable to anyone except those possessing special knowledge (“key”).Cloud:Computing system where shared resources, software, and information are provided to computers and other devices on demand like the electricity grid.A Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 2 -
  • 3.
    MotivationOrganizations no longerneed to control the computing infrastructure that supports them. They just need a place to store, access, and manipulate their data.The usual cryptographic methods are limiting, inflexible, and don’t scale well.Access management has always been done internally.Research related to this semester’s projectsA Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 3 -
  • 4.
    ScenariosOutsourcing computations onsensitive dataQuerying large sets of encrypted dataElectronic votingSearch engine privacyTrend analysis on personal informationA Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 4 -
  • 5.
    Boolean CircuitsA seriesof additions and multiplicationsAny computation can be expressed as a series of Boolean circuits.Sooo…Computations are just series of additions and multiplications.A Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 5 -
  • 6.
    HomomorphismAddition and multiplicationoperations can be performed before or after a function is applied with the same results.f(a+b) = f(a) + f(b)f(ab) = f(a) * f(b)What does this mean for encryption?Operations on ciphertext produce a result which, when deciphered, produces the same result as the same operations on the plaintextA Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 6 -
  • 7.
    DES/AES EncryptionNot homomorphicat allEncrypt P to get C, multiply C by 2, decrypt 2C, get some gibberishA Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 7 -
  • 8.
    RSA EncryptionMultiplicatively homomorphicEncryptP to get C, multiply C by 2, decrypt 2C, get 2PThis isn’t really helpful unless we just want to do a bunch of multiplicationsA Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 8 -
  • 9.
    Gentry’s Homomorphic EncryptionFullyhomomorphicEncrypt P to get C, do an arbitrary number of additions and multiplications on C to get C′, decrypt C′, get P′Awesome… in theoryA Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 9 -
  • 10.
    LimitationsEncrypted Google searchtakes one trillion times longerNumber of multiplications needs to be fixed when public key is generatedNeed to know what to compute before encryptingA Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 10 -
  • 11.
    Access ControlAttribute-based managementTraditionally,server authenticates userData now distributed across many serversMore servers
  • 12.
    More chance ofcompromiseA Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 11 -
  • 13.
    Ciphertext-Policy Attribute-Based Encryption(CP-ABE)Access policy associated with ciphertextPrivate keys associated with attributesSo why is this good?Encryptor enforces access policy, not server
  • 14.
    Data can bedecrypted by more than one userCollusion resistanceA Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 12 -
  • 15.
    ConclusionsMore research intofully homomorphic encryption could revolutionize the way cloud services are utilized for sensitive data.CP-ABE can provide a new approach to managing access control on untrusted servers.A Designated Center of Academic Excellence in Information Assurance by the National Security Agency- 13 -

Editor's Notes

  • #2 Good morning, everyone. Thanks for coming. My name is James Wernicke, and as part of my application for SFS, I’ll be giving a presentation today on access control and encryption in cloud environments.
  • #3 There are a few terms that we should be familiar with. When I talk about access control, I’m speaking about systems that control access specifically to data, networked resources, and physical locations. Encryption refers to the process of making information private between the sender and those authorized to view it. A cloud is a network of computers which, to the user, appear as one functional unit which is highly scalable for providing a number of services to many users simultaneously.
  • #4 There is a clear trend that organizations are shifting their IT resources to the cloud. We trust banks to keep our money secure while their customers come and go through their doors all day long. When we want our money, it’s available 24/7 through an ATM, debit card, or banking website. Likewise, datacenters are equipped to keep our data secure and make it available to us when we need it. However, there is still some room for improvement.Traditional cryptography doesn’t work that well in clouds. Sure, we can encrypt our data and store it on a public server, but as soon as we want to compute on that data, we have to download it to our local machine and decrypt it before we can do anything with it. This doesn’t work so well for large amounts of data.Traditional access management relies on firewalls, homogenous network environments, and system administrators to manage access control policies. In a cloud, firewalls are turned into swisscheese as users access their enterprise applications through the Internet from anywhere in the world on any device on any platform. Cloud users need a way to control access to their data that doesn’t require an in-house system administrator.
  • #5 Let’s say you have a bunch of classified data that needs to be processed. You want to use an unclassified compute cloud to do that processing without giving away the information within the encrypted data.You could also have a large encrypted database stored on a public server. Normally, you’d have to download the entire database and decrypt it to do any type of query on it. Instead, what if there was a way to do the query on the database server without revealing the information?It could also be used to collect and tally votes using encrypted data without knowing which votes are for who. Or imagine being able to do a search engine query without the search engine even knowing what you were searching for?
  • #6 All computing is based on boolean circuits. These are basically the mathematical building blocks for programs. So when we want to computer or manipulate data, we are basically just performing some set of additive and multiplicative operations, or boolean circuits.
  • #7 Homorphisms are a special type of function that has some interesting applications in cryptography. The unique property of homomorphisms is that the function can be applied before or after the additive or multiplicative operations are performed on the algebraic structures. What this means is that we can take ciphertext, perform some arbitrary number of operations on it, then decrypt the ciphertext and it would be the same as if we operated on the plaintext.
  • #8 With symmetric key encryption, there are no homomorphisms. If you could get 2P from 2C, there would certainly be some questions about the randomness, and the security, of your symmetric key encryption.
  • #9 RSA encryption is a partially homomorphic scheme, but only multiplicatively. Too bad we can’t really do anything interesting with this, though.
  • #10 In 2009, Craig Gentry announced a fully homomorphic encryption scheme using ideal lattices. This breakthrough allows complexcomputations to finally be performed on encrypted data and have the resulting ciphertext decrypted into something useful. But…
  • #11 Gentry’s scheme is not quite ready for primetime, though. For one, a program becomes exponentially more complex when converted into a series of additions and subtractions. Gentry himself said that the time to do a simple Google search is increased by a factor of one trillion. Another major issue is that his scheme requires that operations that will be done have to be known before encrypting the data. But still, his approach is still certainly an important breakthrough in cryptography.
  • #12 The other part of cloud security I want to talk about is access control. Encryption is great for keeping our data confidential, but we certainly don’t want anyone to get their hands on our data to decrypt at their leisure. We don’t always know the exact identities of everyone who should access data so it is desirable to be able to describe them in terms of descriptive attributes or credentials. This type of access control is typically enforced by a server that checks that a user present proper credentials before accessing data. The problem now is that our data is on the cloud, and we don’t necessarily have that much trust in the servers where our data is being stored. We would definitely sleep easier if we didn’t have to worry about them being compromised.
  • #13 CP-ABE addresses these issues. When a party encrypts a message, they specify an associated access structure. Each user’s private key is associated with a set of attributes. So what makes this so great? A message will only be able to be decrypted if the decryptor’s attributes satisfy the ciphertext’s access structure. This allows a user to not only maintain an access policy on an untrusted server, but also allow groups of users to access the data. Another important feature of this scheme is that two parties can’t combine their attributes, or collude, to access data that one couldn’t access on their own.
  • #14 So to recap, fully homomorphic encryption has the potential to change how cloud services are used. It just needs some more research. CP-ABE also can also improve cloud security by providing a more flexible way to manage access control in clouds.
  • #15 Here’s my references.
  • #16 Any questions?