Distributed Key Management For Sensitive Data Joni Hahkala (HIP), - - PowerPoint PPT Presentation

distributed key management for sensitive data
SMART_READER_LITE
LIVE PREVIEW

Distributed Key Management For Sensitive Data Joni Hahkala (HIP), - - PowerPoint PPT Presentation

Nov 23, 2022 431 likes •582 views

Enabling Grids for E-sciencE Distributed Key Management For Sensitive Data Joni Hahkala (HIP), John White (HIP), kos Frohner (CERN) and Kalle Happonen (HIP) ISGC'10, Taipei, Taiwan www.eu-egee.org EGEE-III INFSO- EGEE and gLite are

slide-1
SLIDE 1

EGEE-III INFSO- RI-222667

Enabling Grids for E-sciencE

www.eu-egee.org

EGEE and gLite are registered trademarks

Distributed Key Management For Sensitive Data

Joni Hahkala (HIP), John White (HIP), Ákos Frohner (CERN) and Kalle Happonen (HIP)

ISGC'10, Taipei, Taiwan

slide-2
SLIDE 2

Enabling Grids for E-sciencE

EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 2

Outline

  • Background
  • Hydra
  • Hydra in medical data management
  • Status
slide-3
SLIDE 3

Enabling Grids for E-sciencE

EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 3

Background

  • In some fields data security is imperative

– Medical data – Financial data – Personal data

  • For example in Medical field the patient data should be

– Anonymized – Encrypted

  • In storage and during transfer

– And access to both the files and metadata should be tightly controlled

slide-4
SLIDE 4

Enabling Grids for E-sciencE

EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 4

Encryption

  • Encryption gives more freedom

– Unauthorized access to the file is not catastrophic

  • Provided there is strong encryption
  • But how to encrypt?
  • Decryption should be possible

– by only the owner – by a group defined by file level granularity

  • Authentication certificates are not good

– Renewed each year → files lost – Revoked or pass-phrase lost → files lost – No group access

  • Symmetric keys are hard to manage

– Big number of keys to manage if high granularity needed – User managed keys would easily lead to lost keys and thus files

slide-5
SLIDE 5

Enabling Grids for E-sciencE

EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 5

Key management

  • Central key storage is not so good

– All eggs in one basket – Rogue sysadmin could access every file

  • Distributed key storage is better

– Secret is shared, not enough to hack one server – Many sysadmins would have to cooperate to access the keys

slide-6
SLIDE 6

Enabling Grids for E-sciencE

EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 6

Hydra

slide-7
SLIDE 7

Enabling Grids for E-sciencE

EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 7

Hydra

  • Distributed key storage
  • Based on Shamir's Secret Sharing Scheme

– (k,n) threshold scheme

  • Have to know k parts out of n to reconstruct the key
  • k-1 parts don't reveal any information of the secret

– k-1 degree polynomial with n points calculated

  • Need k points to reconstruct the polynomial

– Mathematically proven that k-1 parts don't help in finding the key

  • Information theoretic security
  • Fault tolerant

– Only k out of n servers need to be up and running – For example (3, 5) configuration

  • 2 servers may be down
  • Need to crack 3 servers to get the key
slide-8
SLIDE 8

Enabling Grids for E-sciencE

EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 8

Hydra (2)

  • A key per file
  • Distributed to n preferably geographically and

managerially separated servers

  • Access to each key controlled with access control list

– Access for only owner or list of users – Access to list of groups (VOMS)

  • Not solution to everything

– Vulnerable to credential compromise

  • Proxies in many places
  • Secure token service could help

– Files need to be used

  • WN will have access when computing, thus compromise there

reveals the contents

slide-9
SLIDE 9

Enabling Grids for E-sciencE

EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 9

Storing file with Hydra

  • 1. Generate key
  • 2. Encrypt
  • 3. Split key
  • 4. Store parts to Hydra servers
  • 5. Store file
  • 6. (Store key ID to metadata

catalog)

slide-10
SLIDE 10

Enabling Grids for E-sciencE

EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 10

Hydra in mediacal data mgmt

  • In EGEE the Hydra is integrated with the data

management tools to produce Medical Data Manager (MDM)

  • Medical data comes from DICOM servers

– Digital Imaging and Communications in Medicine (DICOM) – Standard for medical image and metadata format – Designed for hospital internal use – Should not be exposed to outside

  • DICOM to DPM trigger

– Automatic encryption on the fly – Registration of metadata to metadata catalog and file info to LFC – Storage of key pieces into hydra using LFC GUID – Files registered to DPM as “nearline” need to be staged – Once fetched from DICOM DPM serves them normally

  • Anonymized and encrypted during fetch
slide-11
SLIDE 11

Enabling Grids for E-sciencE

EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 11

Register DICOM files to Grid

slide-12
SLIDE 12

Enabling Grids for E-sciencE

EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 12

Access DICOM file

slide-13
SLIDE 13

Enabling Grids for E-sciencE

EGEE-III INFSO-RI-222667 ISGC'10, Taipei, March 9th, 2010 13

Status

  • EGEE provides support

– Mainly bug fixing and implementing feature requests

  • Service and clients implemented

– Integrated clients for users – Trigger to register DICOM files – Recall daemon to access DICOM files

  • In use or being evaluated in medical research projects
  • Current version has some deployment bugs
  • New version entering certification

– To get it into official gLite distribution

  • Future work depends on feature requests from users!

https://twiki.cern.ch/twiki/bin/view/EGEE/DMEDS