[DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage

•Download as PPTX, PDF•

1 like•2,295 views

With the continuous increase of cloud storage adopters, data deduplication has become a necessity for cloud providers. By storing a unique copy of duplicate data, cloud providers greatly reduce their storage and data transfer costs. Unfortunately, deduplication introduces a number of new security challenges. We propose PerfectDedup, a novel scheme for secure data deduplication, which takes into account the popularity of the data segments and leverages the properties of Perfect Hashing in order to assure block-level deduplication and data condentiality at the same time. We show that the client-side overhead is minimal and the main computational load is outsourced to the cloud storage provider.

Technology

PerfectDedup
Secure Data Deduplication
Pasquale PUZIO
pasquale@secludit.com
SecludIT & EURECOM
Refik Molva (EURECOM)
Melek Önen (EURECOM)
Sergio Loureiro (SecludIT)
10th DPM International Workshop on Data Privacy Management
Vienna, Austria, September 21st 2015

Agenda
• Problem Statement
– Data Deduplication for Cloud Storage
– Convergent Encryption
• Our solution
– Data Popularity
– Perfect Hashing
– PerfectDedup: Secure Popularity Detection
– Security
– Performance Evaluation
2

Deduplication
• Storing duplicate data only once
• Cross-user + Client-side + Block-level
3

Deduplication vs Encryption
… but it does not work on encrypted data!
D = Hello
World
D = Hello
World
ENCRYPTION with K1 ENCRYPTION with K2
owhfgr0wgr[w
hfrw0[h0[ergh
e0[gh0[eg
dfjl;dbfrwbfirbf
roepthwobgfr
ugtwertgrtwu
4

Convergent Encryption
• Data Encryption key derived from Data
K = hash(Data)
• Deterministic & Symmetric Encryption
D = Hello
World
D = Hello
World
ENCRYPTION with H(D) ENCRYPTION with H(D)
klfgwilegfiorw
egtriegtiergiei
ergriegrigfifiw
klfgwilegfiorw
egtriegtiergiei
ergriegrigfifiw
5
Douceur, John R., et al. "Reclaiming space from duplicate files in a serverless distributed file system." Distributed Computing Systems, 2002.
Proceedings. 22nd International Conference on. IEEE, 2002.

Convergent Encryption
MISSING
INFORMATION
How to achieve safe
Convergent Encryption
in the Cloud ?
6
Drew Perttula, Brian Warner, and Zooko Wilcox-O'Hearn, 2008-03-20
https://tahoe-lafs.org/hacktahoelafs/drew_perttula.html

Data Popularity
• Different protection based on data-segment
popularity
• Popular data  Not confidential  To be
deduplicated  Convergent Encryption
• Unpopular data  Confidential  To be
protected  Semantically-Secure Encryption
7
Stanek, Jan, et al. "A secure data deduplication scheme for cloud storage." Financial Cryptography and Data Security. Springer Berlin Heidelberg,
2014. 99-118.

How to securely detect popularity ?
CSP
.
.
.
B
.
.
.
Is block B popular ?
YES / NO
• Block B must not be disclosed if it is unpopular (sensitive)
CLIENT
8

PHF-based Lookup
9
ID
Belazzougui, Djamal, Fabiano C. Botelho, and Martin Dietzfelbinger. "Hash, displace, and compress." Algorithms-ESA 2009. Springer Berlin
Heidelberg, 2009. 682-693.

PerfectDedup
• Based on «Secure» Perfect Hashing
– One-wayness
• Popular block IDs  Collision-free hash
function (PHF)
• BENEFITS:
– Efficient (linear) generation of a new PHF
(outsourced to the Cloud)
– Compact representation of PHF
– Very efficient (constant) evaluation on a block ID
10

Security
UNPOPULAR
P
POPULAR
P
CSP
.
.
.
.
.
.
PHF(ID) = i
i ID
Block is popular
1-to-1 mapping
No confidentiality issue
11

Security
UNPOPULAR
P
POPULAR
P
CSP
.
.
.
.
.
.
PHF(ID) = i
i ID’
Block is unpopular
Collisions are well-distributed
One-wayness property
12

PerfectDedup
CSP
.
.
.
B
.
.
.
Is block B popular ?
YES / NO
INDEX
SERVICE
If NO
POPULARITY
TRANSITION ? YES / NO
CLIENT
13

Prototype Implementation
CSP
INDEX SERVICE
CMPH
CMPH
CLIENT
14

Performance Evaluation
0
1
2
3
4
5
6
7
8
9
10
UNPOPULAR FILE POPULARITY TRANSITION POPULAR FILE
Time(inseconds)
Scenario
Client File Split Client Convergent Encryption
Client Popularity Check Client Symmetric Encryption
Idx Service Update Cloud Generate PHF
Cloud Store Hash Table Cloud Popularity Check
Cloud Upload Processing
15

Conclusions
• Popularity-based Deduplication
• Secure Perfect Hashing
• Secure & Lightweight for the client
• Costly tasks outsourced to the Cloud
• Low overhead
16

Future Work
• Optimization of PHF generation
• Deployment in real production environments
17

THANK YOU
Questions ?
Don’t be shy !
pasquale@secludit.com

http://www.secludit.com We integrated Elastic Detector, which is SecludIT's product, with OSSIM in order to detect side-channel attacks occurring in cloud infrastructures. Elastic Detector takes care of solving the cloud elasticity issue, collecting security-relevant logs and forwarding (rsyslog) them to OSSIM where the correlation takes place (thanks to our plugin). DEMO showed at the RaSIEM workshop (ARES conference) in Regensburg, Germany.

Open Source Data Deduplication

RedWireServices

Data deduplication is a hot topic in storage and saves significant disk space for many environments, with some trade offs. We’ll discuss what deduplication is and where the Open Source solutions are versus commercial offerings. Presentation will lean towards the practical – where attendees can use it in their real world projects (what works, what doesn’t, should you use in production, etcetera).

Netapp Deduplication concepts

Saroj Sahu

Design & Development of a Trustworthy and Secure Billing System for Cloud Com...

iosrjce

Cloud computing is an important transition that makes change in service oriented computing technology. Cloud service provider follows pay-as-you-go pricing approach which means consumer uses as many resources as he need and billed by the provider based on the resource consumed. CSP give a quality of service in the form of a service level agreement. For transparent billing, each billing transaction should be protected against forgery and false modifications. Although CSPs provide service billing records, they cannot provide trustworthiness. It is due to user or CSP can modify the billing records. In this case even a third party cannot confirm that the user’s record is correct or CSPs record is correct. To overcome these limitations we introduced a secure billing system called THEMIS. For secure billing system THEMIS introduces a concept of cloud notary authority (CNA). CNA generates mutually verifiable binding information that can be used to resolve future disputes between user and CSP. This project will produce the secure billing through monitoring the service level agreement (SLA) by using the SMon module. CNA can get a service logs from SMon and stored it in a local repository for further reference. Even administrator of a cloud system cannot modify or falsify the data.

Avamar presales 1.0maestriausma2012

Presentation deduplication backup software and system

xKinAnx

Nexgen Technology Address: Nexgen Technology No :66,4th cross,Venkata nagar, Near SBI ATM, Puducherry. Email Id: praveen@nexgenproject.com. www.nexgenproject.com Mobile: 9751442511,9791938249 Telephone: 0413-2211159. NEXGEN TECHNOLOGY as an efficient Software Training Center located at Pondicherry with IT Training on IEEE Projects in Android,IEEE IT B.Tech Student Projects, Android Projects Training with Placements Pondicherry, IEEE projects in pondicherry, final IEEE Projects in Pondicherry , MCA, BTech, BCA Projects in Pondicherry, Bulk IEEE PROJECTS IN Pondicherry.So far we have reached almost all engineering colleges located in Pondicherry and around 90km

Deduplication

Lars Marius Garshol

A Hybrid Cloud Approach for Secure Authorized Deduplication

SWAMI06

Data deduplication is one of important data compression techniques for eliminating duplicate copies of repeating data, and has been widely used in cloud storage to reduce the amount of storage space and save bandwidth. To protect the confidentiality of sensitive data while supporting deduplication, the convergent encryption technique has been proposed to encrypt the data before outsourcing. To better protect data security, this paper makes the first attempt to formally address the problem of authorized data deduplication. Different from traditional deduplication systems, the differential privileges of users are further considered in duplicate check besides the data itself.We also present several new deduplication constructions supporting authorized duplicate check in a hybrid cloud architecture. Security analysis demonstrates that our scheme is secure in terms of the definitions specified in the proposed security model. As a proof of concept, we implement a prototype of our proposed authorized duplicate check scheme and conduct testbed experiments using our prototype. We show that our proposed authorized duplicate check scheme incurs minimal overhead compared to normal operations.

Deduplication in Open Spurce CloudMangali Praveen Kumar

EMC Deduplication Fundamentals

emcbaltics

Deduplication reduces the amount of disk storage needed to retain and protect data by ratios of 10-30x and greater, making a disk a cost-effective alternative to tape. Data on disk is available online and onsite for longer retention periods, and restores become fast and reliable. Storing only unique data on disk also means that data can be cost-effectively replicated over existing networks to remote sites for disaster recovery and consolidated tape operations.

Internet of Things and its applications

Pasquale Puzio

Internet-of-things- (IOT) - a-seminar - ppt - by- mohan-kumar-g

Mohan Kumar G

Internet of ThingsVala Afshar

Zero-Knowledge Proofs: Identity Proofing and Authentication

Clare Nelson, CISSP, CIPP-E

FRONTIERS IN CRYPTOGRAPHY

LINE Corporation

Access Control & Encryption In Cloud Environments

James Wernicke

Improving privacy in blockchain using homomorphic encryption

Razi Rais

Ryan_Holt_MS_Thesis_Project_PresentationRyan Holt

Splunk September 2023 User Group PDX.pdf

Amanda Richardson

Forecast 2012 Panel: Cloud Security Christofer Hoff

Open Data Center Alliance

Moderator: Christofer Hoff Chief Security Architect, Juniper Networks Security is an amazingly polarizing topic; it is considered either salvation or superfluous depending on experience and expectation The operational, organizational and technical impacts due to the massively disruptive nature of Cloud computing are equally polarizing Combine the two topics and you’ve got fantastic fodder for lively discourse, debate and perspective Our spectacular panel of notable architects, technologists, specialist practitioners and entrepreneurs from industry and the enterprise will lead us through a lively interactive discussion around this exciting topic

doc1.pdf

sheet1.pdf

lecture7.pdf

paper1.pdf

paper8.pdf

Emerging Data Privacy and Security for Cloud

Ulf Mattsson

Title "Emerging Data Privacy and Security for Cloud" Abstract: Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Gartner includes data ethics and privacy on their list of the top 10 strategic technology trends of 2019, placing it on the same level as AI-driven development, blockchain, and edge computing. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data. The good news is that these data privacy regulations compel businesses to get a handle on personal data — how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers. Companies continue to transition to more costefficient cloud-based solutions, their email and other valuable data migrate along with them. The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value. Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation are often discussed in the context of identifying individuals whose information may be in a database. Secure multi-party computation (also known as secure computation, multi-party computation (MPC), or privacy-preserving computation) is a subfield of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private. We will discuss how these emerging data privacy technologies can limit the privacy impact on individuals whose information is in a database. Let’s break down the differences and see where these techniques fit best in an organization’s security and privacy strategy and align with privacy law requirements. You will learn - The latest trends and strategies for securing sensitive data in cloud and the enterprise - How to discover and capture your data inventory - What’s needed to prevent a data breach by securing your critical data and protect your reputation

20170406 Genomics@Google - KeyGene - Wageningen

Allen Day, PhD

Viewers also liked

Secure auditing and deduplicating data in cloud

nexgentech15

Deduplication

Lars Marius Garshol

A Hybrid Cloud Approach for Secure Authorized Deduplication

SWAMI06

Deduplication in Open Spurce CloudMangali Praveen Kumar

EMC Deduplication Fundamentals

emcbaltics

Internet of Things and its applications

Pasquale Puzio

Internet-of-things- (IOT) - a-seminar - ppt - by- mohan-kumar-g

Mohan Kumar G

Internet of ThingsVala Afshar

Viewers also liked (8)

Secure auditing and deduplicating data in cloud

Deduplication

A Hybrid Cloud Approach for Secure Authorized Deduplication

Deduplication in Open Spurce Cloud

EMC Deduplication Fundamentals

Internet of Things and its applications

Internet-of-things- (IOT) - a-seminar - ppt - by- mohan-kumar-g

Internet of Things

Similar to [DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage

Zero-Knowledge Proofs: Identity Proofing and Authentication

Clare Nelson, CISSP, CIPP-E

FRONTIERS IN CRYPTOGRAPHY

LINE Corporation

Access Control & Encryption In Cloud Environments

James Wernicke

Improving privacy in blockchain using homomorphic encryption

Razi Rais

Ryan_Holt_MS_Thesis_Project_PresentationRyan Holt

Splunk September 2023 User Group PDX.pdf

Amanda Richardson

Forecast 2012 Panel: Cloud Security Christofer Hoff

Open Data Center Alliance

doc1.pdf

sheet1.pdf

lecture7.pdf

paper1.pdf

paper8.pdf

Emerging Data Privacy and Security for Cloud

Ulf Mattsson

20170406 Genomics@Google - KeyGene - Wageningen

Allen Day, PhD

Puzzle LockSenad Aruc

Berlin 6 Open Access Conference: Christian Zier

Cornelius Puschmann

DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014

Andris Soroka

Zero-Knowledge Proofs in Light of Digital Identity

Clare Nelson, CISSP, CIPP-E

This talk will introduce Zero-Knowledge Proofs (ZKPs) and explain why they are a key element in a growing number of privacy-preserving, digital-identity platforms. Clare will provide basic illustrations of ZKPs and leave the necessary mathematics foundations to the readers. After this talk you will understand that there is a variety of ZKPs, it’s still early days, and why ZKP is such a perfect tool for digital identity platforms. This talk includes significant updates from the newly-organized ZKProof Standardization organization plus a signal of maturity: one of the first known ZKP vulnerabilities. Clare will explain why ZKPs are so powerful, and why they are building blocks for a range of applications including privacy-preserving cryptocurrency such as Zcash, Ethereum, Artificial Intelligence, and older versions of Trusted Platform Modules (TPMs). The presentation includes many backup slides for future learning and researching, including four slides of references.

A Multilingual, Scientific Poem on Model-Driven Security in a Vietnamese Kara...

Phu H. Nguyen

Reproducible Research and the Cloud

Microsoft Azure for Research

Research results in peer-reviewed publications are reproducible, right? If only it was so clear cut. With high profile paper retractions and pushes for better data sharing by funders, publishers and the community, the spotlight is now focussing on the whole way research is conducted around the world. This talk from the Software Sustainability Institute's Collaborations Workshop 2014 describes how cloud computing, with Microsoft Azure, is helping researchers realize the goals of scientific reproducibility. Find out more at www.azure4research.com

Similar to [DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage (20)

Zero-Knowledge Proofs: Identity Proofing and Authentication

FRONTIERS IN CRYPTOGRAPHY

Access Control & Encryption In Cloud Environments

Improving privacy in blockchain using homomorphic encryption

Ryan_Holt_MS_Thesis_Project_Presentation

Splunk September 2023 User Group PDX.pdf

Forecast 2012 Panel: Cloud Security Christofer Hoff

doc1.pdf

sheet1.pdf

lecture7.pdf

paper1.pdf

paper8.pdf

Emerging Data Privacy and Security for Cloud

20170406 Genomics@Google - KeyGene - Wageningen

Puzzle Lock

Berlin 6 Open Access Conference: Christian Zier

DSS ITSEC 2013 Conference 07.11.2013 - HeadTechnology - IT security trends 2014

Zero-Knowledge Proofs in Light of Digital Identity

A Multilingual, Scientific Poem on Model-Driven Security in a Vietnamese Kara...

Reproducible Research and the Cloud

Recently uploaded

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

Essentials of Automations: The Art of Triggers and Actions in FME

Safe Software

In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation. We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios. Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

Alex Pruden

This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second). Paper: https://eprint.iacr.org/2023/1886

Elevating Tactical DDD Patterns Through Object Calisthenics

Dorra BARTAGUIZ

After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

Quantum Computing: Current Landscape and the Future Role of APIs

Vlad Stirbu

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

Free Complete Python - A step towards Data Science

RinaMondal9

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

SOFTTECHHUB

The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing. One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.

A tale of scale & speed: How the US Navy is enabling software delivery from l...

sonjaschweigert1

Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved: - Reduction in onboarding time from 5 weeks to 1 day - Improved developer experience and productivity through actionable findings and reduction of false positives - Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO) Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production. We will cover: - How to remove silos in DevSecOps - How to build efficient development pipeline roles and component templates - How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence) - How to streamline operations with automated policy checks on container images

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

By Design, not by Accident - Agile Venture Bolzano 2024

Pierluigi Pugliese

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Assure Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

Recently uploaded (20)

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

Accelerate your Kubernetes clusters with Varnish Caching

Securing your Kubernetes cluster_ a step-by-step guide to success !

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

Essentials of Automations: The Art of Triggers and Actions in FME

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

Elevating Tactical DDD Patterns Through Object Calisthenics

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

Quantum Computing: Current Landscape and the Future Role of APIs

The Art of the Pitch: WordPress Relationships and Sales

Free Complete Python - A step towards Data Science

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Monitoring Java Application Security with JDK Tools and JFR Events

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

A tale of scale & speed: How the US Navy is enabling software delivery from l...

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

By Design, not by Accident - Agile Venture Bolzano 2024

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

Assure Contact Center Experiences for Your Customers With ThousandEyes

Pushing the limits of ePRTC: 100ns holdover for 100 days

[DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage

1. PerfectDedup Secure Data Deduplication Pasquale PUZIO pasquale@secludit.com SecludIT & EURECOM Refik Molva (EURECOM) Melek Önen (EURECOM) Sergio Loureiro (SecludIT) 10th DPM International Workshop on Data Privacy Management Vienna, Austria, September 21st 2015

2. Agenda • Problem Statement – Data Deduplication for Cloud Storage – Convergent Encryption • Our solution – Data Popularity – Perfect Hashing – PerfectDedup: Secure Popularity Detection – Security – Performance Evaluation 2

3. Deduplication • Storing duplicate data only once • Cross-user + Client-side + Block-level 3

4. Deduplication vs Encryption … but it does not work on encrypted data! D = Hello World D = Hello World ENCRYPTION with K1 ENCRYPTION with K2 owhfgr0wgr[w hfrw0[h0[ergh e0[gh0[eg dfjl;dbfrwbfirbf roepthwobgfr ugtwertgrtwu 4

5. Convergent Encryption • Data Encryption key derived from Data K = hash(Data) • Deterministic & Symmetric Encryption D = Hello World D = Hello World ENCRYPTION with H(D) ENCRYPTION with H(D) klfgwilegfiorw egtriegtiergiei ergriegrigfifiw klfgwilegfiorw egtriegtiergiei ergriegrigfifiw 5 Douceur, John R., et al. "Reclaiming space from duplicate files in a serverless distributed file system." Distributed Computing Systems, 2002. Proceedings. 22nd International Conference on. IEEE, 2002.

6. Convergent Encryption MISSING INFORMATION How to achieve safe Convergent Encryption in the Cloud ? 6 Drew Perttula, Brian Warner, and Zooko Wilcox-O'Hearn, 2008-03-20 https://tahoe-lafs.org/hacktahoelafs/drew_perttula.html

7. Data Popularity • Different protection based on data-segment popularity • Popular data  Not confidential  To be deduplicated  Convergent Encryption • Unpopular data  Confidential  To be protected  Semantically-Secure Encryption 7 Stanek, Jan, et al. "A secure data deduplication scheme for cloud storage." Financial Cryptography and Data Security. Springer Berlin Heidelberg, 2014. 99-118.

8. How to securely detect popularity ? CSP . . . B . . . Is block B popular ? YES / NO • Block B must not be disclosed if it is unpopular (sensitive) CLIENT 8

9. PHF-based Lookup 9 ID Belazzougui, Djamal, Fabiano C. Botelho, and Martin Dietzfelbinger. "Hash, displace, and compress." Algorithms-ESA 2009. Springer Berlin Heidelberg, 2009. 682-693.

10. PerfectDedup • Based on «Secure» Perfect Hashing – One-wayness • Popular block IDs  Collision-free hash function (PHF) • BENEFITS: – Efficient (linear) generation of a new PHF (outsourced to the Cloud) – Compact representation of PHF – Very efficient (constant) evaluation on a block ID 10

11. Security UNPOPULAR P POPULAR P CSP . . . . . . PHF(ID) = i i ID Block is popular 1-to-1 mapping No confidentiality issue 11

12. Security UNPOPULAR P POPULAR P CSP . . . . . . PHF(ID) = i i ID’ Block is unpopular Collisions are well-distributed One-wayness property 12

13. PerfectDedup CSP . . . B . . . Is block B popular ? YES / NO INDEX SERVICE If NO POPULARITY TRANSITION ? YES / NO CLIENT 13

14. Prototype Implementation CSP INDEX SERVICE CMPH CMPH CLIENT 14

15. Performance Evaluation 0 1 2 3 4 5 6 7 8 9 10 UNPOPULAR FILE POPULARITY TRANSITION POPULAR FILE Time(inseconds) Scenario Client File Split Client Convergent Encryption Client Popularity Check Client Symmetric Encryption Idx Service Update Cloud Generate PHF Cloud Store Hash Table Cloud Popularity Check Cloud Upload Processing 15

16. Conclusions • Popularity-based Deduplication • Secure Perfect Hashing • Secure & Lightweight for the client • Costly tasks outsourced to the Cloud • Low overhead 16

17. Future Work • Optimization of PHF generation • Deployment in real production environments 17

18. THANK YOU Questions ? Don’t be shy ! pasquale@secludit.com

Editor's Notes

Hello everyone, my name’s Pasquale Puzio. I’m a PhD student at EURECOM & SecludIT under the supervision of Refik MOLVA and Sergio LOUREIRO. Today I’m gonna talk about PerfectDedup, which is our last work on secure data deduplication Data Deduplication + Confidentiality
Let’s talk quickly about the agenda. Today I’ll first explain what data deduplication is and why it became interesting for researchers. Then I’ll explain how deduplication can be combined with encryption, in particular convergent encryption. This will bring me to the vulnerabilities of CE. Finally I’ll present our solution based on data popularity and perfect hashing.
Basic idea: store duplicated data only once Explain Mention experiments
Key and encryption are deterministic
Researchers noticed that data may need different levels of protection depending on its popularity This assumption works pretty well in all common scenarios, except for a few extreme cases However in our scheme the user can skip the protocol and just encrypt his file Explain when a block becomes popular -> popularity threshold is reached Mention an example
The problem is shifted to secure popularity detection: if popular do this, if unpopular do that PIR would not be efficient in the case of block-level deduplication Explain that different encryption requires the user to know if data is popular Simple solution -> look for convergent encrypted block -> not secure
Let’s go into more detail Index does not reveal anything on the block because of collisions Lookup protocols use hash tables, databases use perfect hashing based indices, we need a secure lookup protocol
We decided to design a new protocol based on perfect hashing Secure because we added the one-wayness property which is foundamental for the security of the protocol
No confidentiality issue because block is popular
On the other hand, collisions protect unpopular data Several pre-images corresponding to the same image
Now let’s have a closer look at the architecture We need a trusted index service in order to handle the popularity transition, that is that phase in which a block that was unpopular becomes popular after reaching a popularity threshold Explain protocol
Focus on CMPH Mention that we modified CMPH in order to make it secure (one-way)
Upload of a 10MB file in three different scenarios: file was unpopular, triggered a popularity transition, was popular The take-away from this slide is that all client operations are really lightweight Example: popularity check -> outperforms PIR by far Costly operations are outsourced to the cloud Fix colors
Outperforms the previous existing solutions

[DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (8)

Similar to [DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage

Similar to [DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage (20)

Recently uploaded

Recently uploaded (20)

[DPM 2015] PerfectDedup - Secure Data Deduplication for Cloud Storage

Editor's Notes