An Efficient and Secure Data Sharing Framework using Homomorphic - - PowerPoint PPT Presentation

an efficient and secure data sharing framework using
SMART_READER_LITE
LIVE PREVIEW

An Efficient and Secure Data Sharing Framework using Homomorphic - - PowerPoint PPT Presentation

Jun 27, 2023 330 likes •639 views

An Efficient and Secure Data Sharing Framework using Homomorphic Encryption in the Cloud Sanjay anjay Madr adria ia Prof ofes essor or and and Sit ite e Dir irect ector or for or NS NSF F I/UC UCRC Cent enter er on on Net

slide-1
SLIDE 1

Sanjay anjay Madr adria ia Prof

  • fes

essor

  • r and

and Sit ite e Dir irect ector

  • r for
  • r NS

NSF F I/UC UCRC Cent enter er on

  • n Net

Net-C

  • Cent

entric ic Sof

  • ftwar

are e and and Systems ems Mis issour

  • uri

i Univ Univer ersit ity of

  • f Science

cience & Tec echnolog hnology, , Rolla,

  • lla, MO

O 65401, 65401, US USA madr madrias ias@ms mst.edu .edu Joint

  • int wor
  • rk

k wit ith h Bhar harath K.

  • K. Samant

amanthula hula, , Ger Gerry Ho Howser er, , Yous

  • usef

ef Elmehd lmehdwi Mis issour

  • uri

i Univ Univer ersit ity of

  • f Science

cience & Tec echnolog hnology, , Rolla,

  • lla, MO

O 65401, 65401, US USA

An Efficient and Secure Data Sharing Framework using Homomorphic Encryption in the Cloud

slide-2
SLIDE 2

Outli line ne

— Motivation — Problem Statement — Related work — Main Contribution — Preliminaries — Proposed Solutions — SDS Framework

— Correctness proof — Example

— Modified-SDS Framework — Conclusion / Future Work

slide-3
SLIDE 3

SYSTEM M MODE DEL

slide-4
SLIDE 4

PROBLEM S STATEMENT

— Data owner Alice outsources data to the cloud after

encryption

— Goal: To provide a fine-grained access control to

various users authorized by Alice

slide-5
SLIDE 5

MOTIV IVATIO ION

— Data is outsourced to the cloud

— Cost-efficiency and flexibility

— For privacy issues – encrypting the data seems to be a

better choice

— Access Control on Encrypted Data in the Cloud

— Relies heavily upon encrypted data in the cloud — One of the reasons in using encrypted data in the cloud is

protecting the data from the cloud itself

— However, encrypted data on the cloud places limitations

upon data searches and queries

slide-6
SLIDE 6

Cont..

— Some important issues to be addressed in Access

Control

— Fine-grained access control with efficient user revocation — Rejoin of revoked users — Collusion between users — Collusion between a user and the cloud — Efficient modification of user access privileges

slide-7
SLIDE 7

RELATED W D WORK

— Yang et al. [1] proposed a new fine-grained access control

protocol using Symmetric encryption and Proxy Re- encryption schemes.

— Disadvantages:

— Symmetric encryption provides weaker security guarantees — Possibility of Information leakage:

— Rejoin of revoked user — Collusion of revoked user with authorized user Bob — Collusion between Bob and the cloud

slide-8
SLIDE 8

OUR UR C CONTRIB IBUT UTIO ION

— Developed a new Secure Data Sharing (SDS) framework

to achieve fine-grained data sharing/access control over data outsourced to the cloud that provides following features:

— Efficient user revocation — Efficient and secure re-join of a previously revoked user — Prevention of collusion between a user and the CSP — Prevention of collusion between a revoked user and an

authorized user.

— Generic Approach

slide-9
SLIDE 9

Preli limi mina naries

— SDS uses two specific encryption techniques: additive

homomorphic encryption + proxy re-encryption

— Additive homomorphic (Probabilistic) encryption:

— Epk(x + y) = Epk(x) · Epk(y) mod N2 — Epk(c·x) = Epk (x)c mod N2 — The encryption scheme is semantically secure

where N is the RSA modulus which is also a part of the public key pk.

slide-10
SLIDE 10

CONTD… D…

— Proxy Re-encryption: — Allows a “semi-trusted” proxy T to convert

ciphertext under Alice’s public key into one encrypting the same plaintext under Bob’s public key: PRE(Epka(x), rkpkaàpkb) à Epkb(x) where pka and pkb are the public keys of Alice and Bob respectively.

— Proxy only knows the re-encryption key rkpkaàpkb — Nothing is revealed about the plaintext x to T.

slide-11
SLIDE 11

Proposed S SDS DS F Frame mework k

— Utilizes additive homomorphic encryption and proxy

re-encryption schemes as underlying sub-routines

— Our Secure Data Sharing (SDS) framework consists of

five stages:

1) Key Generation and Distribution 2) Data Outsourcing 3) Data Access 4) User Revocation 5) User Rejoin

slide-12
SLIDE 12

Proposed SDS Framework

slide-13
SLIDE 13

Key Ge y Gene neration a n and nd Di Distribution n

— Acts as an initialization step — The data owner (Alice) generates two kinds of key pairs

— Master key pair – (pka , pra). Where, pka and pra are the

public and private keys of Alice.

— For each authorized user, say Bob, Alice creates a public/

private key pair (pkb, prb) and sends it to Bob.

slide-14
SLIDE 14

Da Data O Outsourcing ng

— For each data record d, Alice proceeds as follows:

— Let d1,…, dn denote the attribute values of d — Picks n+m number of random numbers - r1,…., rn+m — d’ = < d1 + rn+1 ,…, dn + rn, rn+1,.., rn+m >

= < d’1,…, d’n+m> where ri is a random number chosen from ZN

— Assume Epka (d’) = < Epka (d’1),…,Epka(d’n+m)> — For a particular user, say Bob, we have the following two

cases:

— Case 1: Bob has access to a set of attributes (S) in d — Case 2: Bob is not authorized to access d

slide-15
SLIDE 15

Da Data O Outsourcing ng ( (cont ntd…)

— For each authorized user Bob on d, Alice creates

authorization token Td

b

— Case 1:

— Td

b = {Bob, rkpka-> pkb, <Epkb(α1),…,Epkb(αn+m)>}

— For, 1 ≤ i ≤ n+m:

— If 1≤ i ≤ n and di ∈S, αi = - ri — Otherwise, αi = - d’i

— Case 2:

— Alice sets Td

b = null

slide-16
SLIDE 16

Da Data O Outsourcing ng ( (cont ntd…)

— Similarly, Alice generates the authorization list for all

authorized users – Td

— Note that if Td

b is null, it is not included in Td

— Now Alice exports the new data (Td, Epka (d’)) to the

cloud

slide-17
SLIDE 17

Da Data A Access

— Upon a request from Bob, for each data record d, the

cloud checks whether there is a token for Bob

— If there is no entry – the cloud simply aborts the request — If there exists an entry (Td

b) for Bob, the cloud proceeds

as follows:

— Epkb (d’) ← {Epkb (d’1),…, Epkb (d’n+m)} using rkpka-> pkb — For all i, computes Epkb (d’i + αi) ← Epkb (d’i) + Epkb (αi) — Sends < Epkb (d’1 + α1),……., Epkb (d’n+m + αn+m) > to Bob

slide-18
SLIDE 18

Da Data A Access

— Bob decrypts each entry and gets d’i + αi (1 ≤ i ≤ n+m) — Note that Bob will successfully decrypt to only those

attribute values he is authorized to access

— That is, d’i + αi = di only if Bob is authorized to access

attribute i.

— Other attribute values will yield a value of zero upon

decryption.

slide-19
SLIDE 19

Us User R Revocation & n & R Rejo join n

— User Revocation: Whenever Alice wish to revoke user

Bob for a data record d, Alice simply asks the cloud to remove Td

b from Td

— User Rejoin: Bob can have following two scenarios

for d.

— Scenario 1: Authorized to the same set (S) of attributes — Scenario 2: Authorized to different set of attributes (U) — In any case, Alice uses corresponding set (either S or U)

and creates Td

b and sends it to the cloud. Then the cloud

adds Td

b to Td

slide-20
SLIDE 20

Correctne ness ( (proof)

— Theorem: For any data record d, Bob can only retrieve the

set of attributes (S) he is authorized to access. On the other hand, if Bob is not an authorized user then he does not get access to d on the cloud (assuming no collusion).

— Proof: If Bob is an authorized user, then

— The final values retrieved by Bob after decryption are < d’1 +

α1,…., d’n+m+ αn+m >.

— For n+1 ≤ i ≤ n+m, d’i + αi = -ri + ri = 0 — For 1 ≤ i ≤ n:

— If di ∈ S, then d’i + αi = di + ri - ri = di — Otherwise, d’i + αi = 0

slide-21
SLIDE 21

Example le

  • Alice: Data Owner
  • Consider Cherry data record as d
  • Suppose Bob (Supervisor) is authorized to access <NAME, AGE,

ROOM, DISEASE> attribute values of d

  • Whereas Charles (Friend) is authorized to access only <NAME,

ROOM> attribute values of d

slide-22
SLIDE 22

Example le ( (Da Data O Outsource)

— First, Alice masks the data record d and proceeds as follows: — Let d’ = <Cherry + r1, 27+ r2, 163+ r3, 65+ r4, Diabetes+ r5, r6>, here

m=1

— Epka (d’) = < Epka(Cherry + r1), Epka(27+ r2), Epka(163+ r3), Epka(65+ r4),

Epka(Diabetes+ r5), Epka(r6)>

— Td

b = {Bob, rkpka-> pkb, <Epkb(-r1), Epkb(-r2), Epkb(-r3-163), Epkb(-r4), Epkb(-

r5), Epkb(-r6)>}

— Td

c = {Charles, rkpka-> pkc, <Epkc(-r1), Epkc(-r2-27), Epkc(-r3-163), Epkc(-r4),

Epkc(-r5-Diabetes), Epkc(-r6)>}

— Td = < Td

b , Td c >

— Sends (Td, Epka (d’)) to the cloud

slide-23
SLIDE 23

Example le ( (Da Data A Access b by B y Bob)

— The cloud computes < Epkb(Cherry + r1), Epkb(27+ r2), Epkb(163+ r3), Epkb(65+ r4), Epkb

(Diabetes+ r5), Epkb(r6)> Epkb(Cherry ) Epkb(27) Epkb(0) Epkb(65 ) Epkb(Diabetes ) Epkb(0) Cloud Cherry 27 65 Diabetes Bob decrypts using prb

slide-24
SLIDE 24

Example le ( (Da Data A Access b by C y Cha harle les)

— The cloud computes < Epkc(Cherry + r1), Epkc(27+ r2), Epkc(163+ r3), Epkc(65+ r4), Epkc

(Diabetes+ r5), Epkc(r6)> Epkc(Cherry ) Epkc(0) Epkc(0) Epkc(65) Epkc(0) Epkc(0) Cloud Cherry 65 Charles decrypts using prc

slide-25
SLIDE 25

Modified S SDS DS F Frame mework k

— Collusion between a user and the cloud might keep the

  • wner’s data at risk

— To address this issue, we modify the proposed

protocol: Data Distribution

— Instead of storing the data (Td, Epka (d’)) on one cloud, we

distribute it to two clouds (Federated cloud).

— Alice will outsource (ID_list, Epka (d’)) to the primary

cloud and (ID_list, Td) to the secondary cloud

— A collusion between a user and one of the clouds will not

provide any meaning full information to either of the parties.

slide-26
SLIDE 26

Preli limi mina nary E y Experime ment ntal R l Result lts

— Platform Description: Linux machine with an Intel

3.0GHz CORE 2 DUO with 3GB memory.

— Randomly generated the number of attributes for a data

record d (i.e., n).

— Tested the computational time for Alice for generating

a token and encrypting d’ based on varying number of attributes for key sizes 512 and 1024 bits.

slide-27
SLIDE 27

Ali lice c computationa nal t l time me ( (m= m=10)

slide-28
SLIDE 28

Conc nclu lusion/ n/ F Future W Work k

— Proposed an efficient and secure data sharing (SDS)

framework that prevents information leakage when user rejoins the system

— In addition, modified the SDS framework, to prevent

the information leakage in the case of collusion between a user and the cloud by distributing the data among two clouds.

— Alternative approach: To distribute private key of user

Bob among multiple clouds and Bob.

— Hybrid approach – Key + Data Distribution — Currently, implementing the SDS framework in a

cloud environment

slide-29
SLIDE 29

Referenc nce

[1]Y. Yang and Y. Zhang. A generic scheme for secure data sharing in

  • cloud. In Parallel Processing Workshops (ICPPW), 2011 40th

International Conference on, pages 145 –153, sept. 2011.

slide-30
SLIDE 30

Questions J J