cryptography for cloud security
play

Cryptography for Cloud Security Mohsen Toorani Department of - PowerPoint PPT Presentation

Nov 05, 2022 •547 likes •1.39k views

Cryptography for Cloud Security Mohsen Toorani Department of Informatics, University of Bergen Simula@UiB Coins Winter School Finse, Norway May 12, 2017 Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 1 / 58 Our

  1. Cryptography for Cloud Security Mohsen Toorani Department of Informatics, University of Bergen Simula@UiB Coins Winter School Finse, Norway May 12, 2017 Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 1 / 58

  2. Our project Title Cryptographic Tools for Cloud Security Funded by the Norwegian Research Council (IKTPLUSS) Partners NTNU (Department of Information Security and Communication Technology & Department of Mathematics) Simula@UiB ntnu.edu/iik/cloudcrypto Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 2 / 58

  3. Outline Computing on encrypted data 1 (Fully) Homomorphic Encryption Functional Encryption Obfuscation Secure Deduplication 2 Deduplication schemes Side channels in deduplication Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 3 / 58

  4. Computing on encrypted data Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 4 / 58

  5. Computing on encrypted data Privacy? Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 4 / 58

  6. Homomorphic Encryption A way to delegate processing of data without giving access to it Encryption schemes that allow computations on the ciphertexts E k [ m 1 ] • E k [ m 2 ] = E k [ m 1 ◦ m 2 ] Applications: E-voting: Votes are encrypted as 1 or 0. Ciphertexts are aggregated before decryption. No individual vote is revealed. Requires additive homomorphic encryption: ◦ is + Secure cloud computing: Requires fully homomorphic encryption (homomorphic properties for both + and × ) Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 5 / 58

  7. Homomorphic Encryption Multiplicative homomorphic encryption - Unpadded RSA: m e 1 × m e 2 = ( m 1 × m 2 ) e - ElGamal: Given public key ( g , h = g a ), ciphertexts ( g r 1 , h r 1 m 1 ) and ( g r 2 , h r 2 m 2 ), multiple both components ( g r 1 + r 2 , h r 1 + r 2 m 1 m 2 ) Additive homomorphic encryption Paillier cryptosystem [Eurocrypt’99]: Additive on Z n Public key: ( n , g ) where p and q : two large prime, n = pq , g ∈ R Z ∗ n 2 Private key: ( λ, µ ) where λ = lcm ( p − 1 , q − 1), and µ = ( g λ modn 2 − 1 ) − 1 modn n For encrypting m ∈ Z n : Select random r ∈ R Z ∗ n Compute c = g m r n mod n 2 For decryption: compute m = µ c λ modn 2 − 1 mod n n Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 6 / 58

  8. Homomorphic Encryption Continued Examples of schemes with limited functionality RSA works for MULT (mod N) Paillier works for ADD (XOR) BGN05 works for quadratic formulas MGH08 works for low-degree polynomials (size of c ← Eval ( pk , f , c 1 , ..., c t ) grows exponentially with degree of f ) Somewhat Homomorphic Encryption (SHE) Eval only works for some functions f Fully Homomorphic Encryption (FHE) Fully means that it works for any arbitrary function f Supports both addition and multiplication Before Gentry’s work (2009), no FHE scheme Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 7 / 58

  9. Why both addition and multiplication? Because { XOR, AND } is Turing-complete: any function can be written as a combination of XOR and AND gates. If you can compute XOR and AND on encrypted bits, you can compute ANY function on encrypted inputs. Example: Searching a database Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 8 / 58

  10. Homomorphic Public-key Encryption Procedures: (KeyGen, Enc, Dec, Eval) ( sk , pk ) ← KeyGen ( λ ) Correctness: For any function f in supported family F , c 1 ← Enc pk ( m 1 ), ... , c t ← Enc pk ( m t ) c ∗ ← Eval pk ( f , c 1 , ..., c t ) Dec sk ( c ∗ ) = f ( m 1 , ..., m t ) No information about m 1 , ..., m t , and f ( m 1 , ..., m t ) is leaked. Compactness: complexity of decrypting c ∗ does not depend on complexity of f . Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 9 / 58

  11. SHE + Bootstrappability → FHE 1 Construct a useful “Somewhat Homomorphic Encryption” scheme 2 Modify your SHE scheme and make it bootstrappable if it is not 3 Bootstrappable SHE − − − − − − − − − → FHE Recryption (Note: It is also possible to construct FHE schemes without bootstrapping). Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 10 / 58

  12. Bootstrapping Problem: Ciphertexts contain random ’noise’ that grows after homomorphic evaluation (Add and Mult increase noise). Once the noise exceeds a certain level, the ciphertext can no longer be decrypted. Without a noise-reduction, number of homomorphic operations that can be performed is limited. The best noise-reduction that kills all noise: Decryption! Decryption should be done without releasing the secret key → We can release Enc ( sk ): Circular Encryption (For a cycle of public/secret key-pairs ( pk i , sk i ) for i = 1 , ..., n , encrypt each sk i under pk ( i mod n )+1 .) Whenever noise level increases beyond a limit, use bootstrapping to reset it to a fixed level. Bootstrapping = “Valve” at a fixed height Gentry’s “bootstrapping” theorem: If an encryption scheme can evaluate its own decryption circuit, then it can evaluate everything [Gentry’09]. Bootstrapping requires homomorphically evaluating the decryption circuit. Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 11 / 58

  13. Bootstrapping Problem: Ciphertexts contain random ’noise’ that grows after homomorphic evaluation (Add and Mult increase noise). Once the noise exceeds a certain level, the ciphertext can no longer be decrypted. Without a noise-reduction, number of homomorphic operations that can be performed is limited. The best noise-reduction that kills all noise: Decryption! Decryption should be done without releasing the secret key → We can release Enc ( sk ): Circular Encryption (For a cycle of public/secret key-pairs ( pk i , sk i ) for i = 1 , ..., n , encrypt each sk i under pk ( i mod n )+1 .) Whenever noise level increases beyond a limit, use bootstrapping to reset it to a fixed level. Bootstrapping = “Valve” at a fixed height Gentry’s “bootstrapping” theorem: If an encryption scheme can evaluate its own decryption circuit, then it can evaluate everything [Gentry’09]. Bootstrapping requires homomorphically evaluating the decryption circuit. Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 11 / 58

  14. Bootstrapping Problem: Ciphertexts contain random ’noise’ that grows after homomorphic evaluation (Add and Mult increase noise). Once the noise exceeds a certain level, the ciphertext can no longer be decrypted. Without a noise-reduction, number of homomorphic operations that can be performed is limited. The best noise-reduction that kills all noise: Decryption! Decryption should be done without releasing the secret key → We can release Enc ( sk ): Circular Encryption (For a cycle of public/secret key-pairs ( pk i , sk i ) for i = 1 , ..., n , encrypt each sk i under pk ( i mod n )+1 .) Whenever noise level increases beyond a limit, use bootstrapping to reset it to a fixed level. Bootstrapping = “Valve” at a fixed height Gentry’s “bootstrapping” theorem: If an encryption scheme can evaluate its own decryption circuit, then it can evaluate everything [Gentry’09]. Bootstrapping requires homomorphically evaluating the decryption circuit. Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 11 / 58

  15. Bootstrapping Problem: Ciphertexts contain random ’noise’ that grows after homomorphic evaluation (Add and Mult increase noise). Once the noise exceeds a certain level, the ciphertext can no longer be decrypted. Without a noise-reduction, number of homomorphic operations that can be performed is limited. The best noise-reduction that kills all noise: Decryption! Decryption should be done without releasing the secret key → We can release Enc ( sk ): Circular Encryption (For a cycle of public/secret key-pairs ( pk i , sk i ) for i = 1 , ..., n , encrypt each sk i under pk ( i mod n )+1 .) Whenever noise level increases beyond a limit, use bootstrapping to reset it to a fixed level. Bootstrapping = “Valve” at a fixed height Gentry’s “bootstrapping” theorem: If an encryption scheme can evaluate its own decryption circuit, then it can evaluate everything [Gentry’09]. Bootstrapping requires homomorphically evaluating the decryption circuit. Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 11 / 58

  16. Recryption A central aspect in Gentry’s FHE (and subsequent schemes). It allows to refresh a ciphertext: given a ciphertext C , compute a new ciphertext C ′ with a decreased noise. By periodically refreshing the ciphertext (e.g., after computing some gates in f ), one can evaluate arbitrarily large circuits f . Recryption is implemented by evaluating the decryption circuit of the encryption scheme homomorphically. Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 12 / 58

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cryptography Seny Kamara Cryptography Group Microsoft Research Outline Cloud Architecture

Cryptography Seny Kamara Cryptography Group Microsoft Research Outline Cloud Architecture

Cloud Cryptography Seny Kamara Cryptography Group Microsoft Research Outline Cloud Architecture What is cloud computing? o Cloud Ecosystem Who provides and who consumes cloud services? o Cloud Cryptography What are the security

637 views • 34 slides
Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security risks. Attacks in a cloud environment, top threats. Security, a major concern for cloud users. Privacy. Trust. Operating systems

661 views • 38 slides
Microarchitectural Attacks in the Cloud Thomas Eisenbarth 07.11.2017 Workshop on Cryptography

Microarchitectural Attacks in the Cloud Thomas Eisenbarth 07.11.2017 Workshop on Cryptography

Microarchitectural Attacks in the Cloud Thomas Eisenbarth 07.11.2017 Workshop on Cryptography for the Internet of Things and Cloud Ruhr-Universitt Bochum Outline Cloud and Cryptography Co-Location in the Cloud Cache Attacks in the

2.23k views • 37 slides
Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the Cloud? How the Cloud is delivered: Iaas, PaaS and SaaS Cloud security challenges and risk Current Cloud security report Cloud security technology

302 views • 27 slides
Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is cryptography? Related fields: Cryptography ("secret writing"): Making secret messages Turning plaintext (an ordinary readable message)

1.2k views • 57 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

758 views • 72 slides
Python Cryptography & Security Jos Manuel Ortega | @jmortegac

Python Cryptography & Security Jos Manuel Ortega | @jmortegac

Python Cryptography & Security Jos Manuel Ortega | @jmortegac https://speakerdeck.com/jmortega Security Conferences INDEX 1 Introduction to cryptography 2 PyCrypto and other libraries 3 Django Security 4 OWASP & Best Practices 5

881 views • 61 slides
Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange

Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange

Cryptography Provable Security Encryption Assumptions Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange information securely Que peut nous garantir la cryptographie ? With the all-digital world, security

190 views • 4 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 CCA Security SIM-CCA Security (PKE) Recv Send PK/Enc SK/Dec Replay Filter Secure (and correct) if: s.t. output of is distributed

1.26k views • 101 slides
Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined) Administrative discussions Stephen McCamant University of Minnesota Multi-Cloud Oblivious Storage Old and new topics in security Cloud threats, old and new

645 views • 8 slides
Objectives Goals of Cryptography Security Services Security Mechanisms Relationship

Objectives Goals of Cryptography Security Services Security Mechanisms Relationship

Overview on Modern Cryptography Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Goals of Cryptography Security Services

658 views • 16 slides
1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

Agenda Related Polices to Cloud Computing I. Guidelines for Information Security of Cloud II. Computing Cloud Security Certification Scheme in KOREA Cloud Security Certification Program in Korea III. April. 11, 2017 Jungduk (JD) KIM, Ph.

403 views • 5 slides
Security and Cryptography at NXP Ventzislav Nikov NXP Semiconductors Research Laboratory Leuven

Security and Cryptography at NXP Ventzislav Nikov NXP Semiconductors Research Laboratory Leuven

Security and Cryptography at NXP Ventzislav Nikov NXP Semiconductors Research Laboratory Leuven Center of Competence System Security and DRM 29.05.2008 Outline Products Domains, Telematics, Product Security Cryptography

432 views • 29 slides
Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1 Special Thanks: to our friends at the Australian Defense Force Academy for providing the basis for these slides Fall 2014 CS 334: Computer Security 2

730 views • 47 slides
Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1 Special Thanks: to our friends at the Australian Defense Force Academy for providing the basis for these slides Fall 2010 CS 334: Computer Security 2

626 views • 43 slides
iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Cryptography 14ss 1 Outline Cryptography

780 views • 54 slides
Sample or Random Security A Security Model for Segment-Based Visual Cryptography Sebastian

Sample or Random Security A Security Model for Segment-Based Visual Cryptography Sebastian

Sample or Random Security A Security Model for Segment-Based Visual Cryptography Sebastian Pape Dortmund Technical University March 5th, 2014 Financial Cryptography and Data Security 2014 Sebastian Pape Sample or Random Security March

541 views • 25 slides
Distributed Identity Based Short Linkable Ring Signature Kasra EdalatNejad Prof. Bryan Ford

Distributed Identity Based Short Linkable Ring Signature Kasra EdalatNejad Prof. Bryan Ford

Distributed Identity Based Short Linkable Ring Signature Kasra EdalatNejad Prof. Bryan Ford DEcentralized and DIstributed Systems Goal Anonymity Accountability Usability 2 Ring Signature Anonymous Spontaneous 3 Linkable Ring

372 views • 24 slides
OpenStack Security Group (OSSG) An Update On Our Progress And Plans Bryan D. Payne Robert Clark

OpenStack Security Group (OSSG) An Update On Our Progress And Plans Bryan D. Payne Robert Clark

OpenStack Security Group (OSSG) An Update On Our Progress And Plans Bryan D. Payne Robert Clark Nathan Kinder Agenda What is OSSG? What have we been doing? What are OSSGs plans? How you can help! Introduction OSSG

495 views • 31 slides
Painless Applica,on Security Les Hazlewood Apache Shiro Project

Painless Applica,on Security Les Hazlewood Apache Shiro Project

Painless Applica,on Security Les Hazlewood Apache Shiro Project Chair CTO, Kataso5 Inc / CloudDirectory What is Apache Shiro? Applica>on security

628 views • 43 slides
ENCRYPTION WITHOUT MAGIC, RISK MANAGEMENT WITHOUT PAIN #qconlondon @vixentael @vixentael

ENCRYPTION WITHOUT MAGIC, RISK MANAGEMENT WITHOUT PAIN #qconlondon @vixentael @vixentael

ENCRYPTION WITHOUT MAGIC, RISK MANAGEMENT WITHOUT PAIN #qconlondon @vixentael @vixentael Product Engineer Feel free to reach me with security questions. I do check my inbox :) CRYPTOGRAPHY? Blowfish Twofish Rabbit Salsa20 AES OFB

1.03k views • 69 slides
Fitness Comparison by Statistical Testing in Construction of SAT-Based Guess-and-Determine

Fitness Comparison by Statistical Testing in Construction of SAT-Based Guess-and-Determine

Fitness Comparison by Statistical Testing in Construction of SAT-Based Guess-and-Determine Cryptographic Attacks Artem Pavlenko, Maxim Buzdalov, Vladimir Ulyantsev GECCO 2019, July 16 Symmetric cryptography Alice wants to send a secret

715 views • 44 slides
Coconut: Threshold Issuance Selective Disclosure Credentials with Applications to Distributed

Coconut: Threshold Issuance Selective Disclosure Credentials with Applications to Distributed

Coconut: Threshold Issuance Selective Disclosure Credentials with Applications to Distributed Ledgers Authors Alberto Sonnino* Mustafa Al-Bassam* Shehar Bano* Sarah Meiklejohn* George Danezis* * University College London February 2019 The

553 views • 52 slides
Analysis of cryptographic hash functions Christina Boura SECRET Project-Team, INRIA

Analysis of cryptographic hash functions Christina Boura SECRET Project-Team, INRIA

Analysis of cryptographic hash functions Christina Boura SECRET Project-Team, INRIA Paris-Rocquencourt Gemalto, France Ph.D. Defense December 7, 2012 1 / 43 Symmetric key cryptography Alice and Bob share the same secret key . Key Ciphertext

1.17k views • 59 slides

More recommend