how alice can protect her data a cryptographic approach
play

how Alice can protect her data a cryptographic approach Sbastien - PowerPoint PPT Presentation

Jul 03, 2023 •281 likes •496 views

1 Orange public how Alice can protect her data a cryptographic approach Sbastien Canard 30 juin 2015 SEC2 2015 2 Orange public let me introduce you Alice she has a smartphone she works for a small company she likes using new

  1. 1 Orange public how Alice can protect her data a cryptographic approach Sébastien Canard 30 juin 2015 SEC2 2015

  2. 2 Orange public let me introduce you Alice… she has a smartphone she works for a small company she likes using new technologies… but not at any price cloud computing in France (**) 29% of companies use cloud computing 5000 M€ in 2014 (+100% in 2 years) IaaS, PaaS, SaaS services storage and/or compute can Alice make use these services in trust? ( ** ) source http://www.cloudindex.fr/

  3. 3 Orange public confidentiality of her companies’ data to protect and preserve the confidentiality of information means to ensure that it is not made cloud services need to manipulate sensitive data administrative documents sensitive data related to competitiveness what a cloud service provider can do to give confidence? do they have access to the data… …while ensuring a good and appropriate service? available or disclosed to unauthorized entities

  4. 4 Orange public protection of her privacy in France, cloud services should work in accordance to the “loi informatique et liberté” transparency of the data gathering use of the data should be clear relevant data gathering data precision right to oblivion what a cloud service provider can do to give confidence? provide solutions to protect the privacy of customers how to protect the privacy of customers… … while offering them the best possible service? what about privacy w.r.t. these providers?

  5. 5 Orange public can cryptography be useful? historical objectives confidentiality (data) authentication integrity non repudiation new objectives provide tools to obtain conflicting properties including data protection computations on encrypted data?

  6. 6 Orange public cloud storage authentication tokens health data safe it stores the data « in blind » the host server CANNOT obtain the data in clear personal data, … sensitive documents, administrative documents data storage the concept of blind storage confidentiality of data ⇒ encryption of the data my devices others host server

  7. 7 Orange public but what if Alice needs services on her data? share of data, between devices, people/collaborators with the administration in a hierarchical structure inside a group word indexation, to make a search on documents related to a keyword or more complicated computations spam filtering, targeted advertising and pricing, medical applications, private “Google” search, code compiling, … we need encryption schemes with new features

  8. 8 operations on encrypted data conventional encryption what if the treatment could not be performed by the same entity? the latter obtains the information in clear (fully) homomorphic encryption allows to perform computations on plaintexts while manipulating only the corresponding ciphertexts Orange public encryption decryption ciphertext result plaintext plaintext treatment process process homomorphic encryption encryption m 1 Enc(m 1 ) Enc(m 2 ) m 2 treatment process process (addition) Enc(m 1 +m 2 ) example: addition of encrypted data without ever decrypting them!

  9. 9 Orange public any kind of treatment current homomorphic encryption schemes support either addition or multiplication but not both! fully homomorphic encryption schemes can handle both operations on encrypted data and thus addition ⇒ secret ballot elections means / statistics ⇒ medical applications word search ⇒ spam filtering , private Google search greater than ⇒ sealed-bid auctions comparison ⇒ private database queries code compiling ⇒ cloud computing perform arbitrary computations.

  10. 10 Orange public can (fully) homomorphic encryption be practical? partially homomorphic encryption (in comparison) supports only addition (Paillier) or multiplication (ElGamal) size of the public key: less than 1 kb time for a treatment : some ms in practice, do we really need fully homomorphism? ( * ) source Coron et al., Eurocrypt 2012 security public key size multiplication bootstrapping parameter 52 bits 1692 KB 0.59 sec 100 sec 62 bits 7.9 MB 9.1 sec 30 min 72 bits 18 MB 41 sec 2 h 30 min 128 bits of security

  11. 11 Orange public how to improve the efficiency parameters of the scheme can depend on the evaluated circuit's depth notion of leveled FHE no more need to use a bootstrapping best implementations necessitates nearly 1 sec for a 128 bits security level ( * ) but loss of generality need to know a priori an upper bound of the circuit depth ( * ) source HELib

  12. 12 Orange public can we do even better? identity based proxy re- encryption broadcast encryption encryption attribute based encryption distributed decryption functional encryption searchable encryption …

  13. 13 possible solutions to share data Orange public S HARE OF THE K EY � security hole if key compromising � such compromising necessitates a key update for all authorized devices D UPLICATION OF F ILES � good security, less flexibility � a lot of keys to manage 1 2 2 1 � additional work when withdrawing an access right vs. PROXY RE-ENCRYPTION + lost of a device � best alliance of security and flexibility � + fine-grained rights �

  14. 14 Orange public concept of proxy re-encryption based on a public key encryption system a public key to encrypt data a private key to decrypt data additional role (a blind storage back-end) transform a message encrypted for Alice into a message encrypted for Bob if Alice agrees without obtaining any knowledge on Alice and Bob’s keys without obtaining any knowledge of the encrypted message for this purpose, manage a particular cryptographic re-encryption key we encrypt an data specific secret key to manage big files

  15. 15 Orange public main steps upload/encrypt share download/re-encrypt download/decrypt

  16. 16 Orange public expected security the decryption key is not shared between several devices the data is not duplicated on servers the owner is contacted only once for the creation of the re-encryption keys the cloud storage provider is not trust no need to know a priori the persons with which you will share data each device owns a key pair the private key never goes outside the device the data is never sent outside a device in a non-encrypted form

  17. 17 Orange public some possible additional features multi-device setting share with a group of devices share with other users fine grain management of the rights to manage files and folders possibility to share a document with a group what about a practical implementation? performances: 10% loss w.r.t. no encryption about 10 ms for encryption/decryption in a modern smartphone

  18. 18 Orange public legal aspects the case of a digital safe from the CNIL point of view the service provide should not have access to the data obligation to give the data if requested by legal authorities it seems contradictory but cryptography can help possibility to share a “file opening” with authorities no unique actor can obtain the data in clear

  19. 19 Orange public conclusion the way to efficiently protect the sensitive and personal data of Alice in cloud computing is cryptography can help adaptive solutions efficient implementations big companies are working (IBM, Microsoft, Orange, …) the professional world seems more ready but they do not want to lose their useful services we need to show how powerful cryptography is… now a reality

  20. 20 Orange public thank you

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Can cryptographic software Bobs laptop screen: be fixed? From: Alice D. J. Bernstein Thank

Can cryptographic software Bobs laptop screen: be fixed? From: Alice D. J. Bernstein Thank

1 2 Can cryptographic software Bobs laptop screen: be fixed? From: Alice D. J. Bernstein Thank you for your submission. We received many interesting papers, and unfortunately your Bob assumes this message is something Alice actually

1.47k views • 145 slides
White-Box Cryptography Matthieu Rivain CARDIS 2017 How to protect a cryptographic key? How to

White-Box Cryptography Matthieu Rivain CARDIS 2017 How to protect a cryptographic key? How to

White-Box Cryptography Matthieu Rivain CARDIS 2017 How to protect a cryptographic key? How to protect a cryptographic key? Well, put it in a smartcard of course! ... or any piece of secure hardware But... Secure hardware is expensive

1.6k views • 98 slides
Differential Privacy (Part IV) Alice Eve Bob Cryptographic protocols Tons of attacksnever

Differential Privacy (Part IV) Alice Eve Bob Cryptographic protocols Tons of attacksnever

Differential Privacy (Part IV) Alice Eve Bob Cryptographic protocols Tons of attacksnever ending list! essential in distributed systems Needham-Schroeder (1996) e-banking Microsoft Passport (2001) e-commerce Kerberos (2004) e-mail

571 views • 22 slides
Cryptographic Protocols Bank executes (valid) transactions. What is a Valid Transaction

Cryptographic Protocols Bank executes (valid) transactions. What is a Valid Transaction

Repetition: A Virtual Bank (1/4) 2 Alice $7535 Specification Bob $73227 Clara $8317 Bank keeps track of all balances. . . . Users send transactions to bank. transfer(Alice,Clara,$200) Cryptographic Protocols Bank

278 views • 5 slides
we protect it. We have your data. We protect it. But you hold the key. COMPANY CONSUMER PORTAL

we protect it. We have your data. We protect it. But you hold the key. COMPANY CONSUMER PORTAL

We have your data, and we protect it. We have your data. We protect it. But you hold the key. COMPANY CONSUMER PORTAL DATA SOURCES DATA SUBJECT TOUCH POINTS INGEST SHOW ME MULTI-POS ALL DATA MY DATA CENTRALIZED DATA ECOMMERCE CHANGE

719 views • 45 slides
Alice and Bob in Love: Cryptographic Communication Using Natural Entropy Joseph Bonneau

Alice and Bob in Love: Cryptographic Communication Using Natural Entropy Joseph Bonneau

Natural Entropy Protocol Experimental Results Discussion Questions Alice and Bob in Love: Cryptographic Communication Using Natural Entropy Joseph Bonneau University of Cambridge Computer Laboratory 17 th International Workshop on Security

1.2k views • 40 slides
Cryptographic Protocols bank executes (valid) transactions What is a Valid Transaction Spring

Cryptographic Protocols bank executes (valid) transactions What is a Valid Transaction Spring

A Virtual Bank 2 Alice $7535 Specification Bob $73227 Clara $8317 bank keeps track of all balances . . . users send transactions to bank transfer(Alice,Clara,$200) Cryptographic Protocols bank executes (valid)

65 views • 3 slides
New cryptographic goals Data privacy is not the only important cryptographic goal CS 4803

New cryptographic goals Data privacy is not the only important cryptographic goal CS 4803

New cryptographic goals Data privacy is not the only important cryptographic goal CS 4803 It is also important that a receiver is assured Computer and Network Security that the data it receives has come from the sender and has not been

617 views • 5 slides
= = = f f BOB BOB not does like not like = Alice Bob Alice Bob not Bob Coecke

= = = f f BOB BOB not does like not like = Alice Bob Alice Bob not Bob Coecke

picture logic for info-flow in language and physics (incl. the Lambek vs. Lambek battle) That flowin phyling October 2010 ALICE ALICE f f f f = = = f f BOB BOB not does like not like = Alice Bob Alice Bob not Bob

1.06k views • 94 slides
Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy. College Bescherming Persoonsgegevens (CBP) What is privacy? Users must be able to determine for themselves when, how, to what extent and

798 views • 45 slides
Cryptographic directions in Tor Nick Mathewson nickm@torproject.org 6 Jan 2016 Outline W h

Cryptographic directions in Tor Nick Mathewson nickm@torproject.org 6 Jan 2016 Outline W h

Cryptographic directions in Tor Nick Mathewson nickm@torproject.org 6 Jan 2016 Outline W h e r e w e s t a r t e d Where we are Where we're going maybe. Let's oversimplify Tor, in 1 slide. L2 L3 Alice Alice K2 R2 L1 L1

191 views • 17 slides
The Coinductive Approach to Verifying Cryptographic Protocols Jesse Hughes joint work with

The Coinductive Approach to Verifying Cryptographic Protocols Jesse Hughes joint work with

The Coinductive Approach to Verifying Cryptographic Protocols Jesse Hughes joint work with Martijn Warnier jesseh@cs.kun.nl University of Nijmegen The Coinductive Approach to Verifying Cryptographic Protocols p.1/27 Outline I.

1.95k views • 184 slides
01 Meet ALICE ALICE A sset L imited I ncome C onstrained E mployed ALICE How we learned

01 Meet ALICE ALICE A sset L imited I ncome C onstrained E mployed ALICE How we learned

01 Meet ALICE ALICE A sset L imited I ncome C onstrained E mployed ALICE How we learned about ALICE How we got organized ALICE Steering Committee ALICE Research Advisory Committee ALICE Marketing Workgroup 28 United Ways

366 views • 21 slides
= = = f f BOB BOB meaning vectors of words not does like not like = Alice Bob Alice

= = = f f BOB BOB meaning vectors of words not does like not like = Alice Bob Alice

The logic of quantum mechanics - take II Bob Coecke arXiv:1204.3458 ALICE ALICE f f f f = = = f f BOB BOB meaning vectors of words not does like not like = Alice Bob Alice Bob not pregroup grammar An alternative

1.29k views • 118 slides
Introduction to Alice Alice is named in honor of Lewis Carroll s Alice in Wonderland Slides

Introduction to Alice Alice is named in honor of Lewis Carroll s Alice in Wonderland Slides

3/18/13 CS101 Lecture 20 Introduction to Alice Alice is named in honor of Lewis Carroll s Alice in Wonderland Slides Credit: Joel Adams, Alice in Action With thanks to John Magee for his guidance about these materials Alice A modern

447 views • 26 slides
CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools Cryptographic Tools Cryptographic algorithms important element in security services Review various types of elements symmetric encryption secure

1.27k views • 23 slides
ALICE WEST FLEET ELEMENTARY SCHOOL AT THOMAS JEFFERSON MIDDLE SCHOOL School Board Action Item

ALICE WEST FLEET ELEMENTARY SCHOOL AT THOMAS JEFFERSON MIDDLE SCHOOL School Board Action Item

FINAL DESIGN AND CONSTRUCTION CONTRACT AWARD-FULL GMP ALICE WEST FLEET ELEMENTARY SCHOOL AT THOMAS JEFFERSON MIDDLE SCHOOL School Board Action Item Presentation 18 January 18 1 School Board Proposed Final Design and GMP Staff presented

493 views • 15 slides
Opportunistic SMTP Security Wes Hardaker Parsons <wes.hardaker@parsons.com> Overview

Opportunistic SMTP Security Wes Hardaker Parsons <wes.hardaker@parsons.com> Overview

Opportunistic SMTP Security Wes Hardaker Parsons <wes.hardaker@parsons.com> Overview E-Mail Overview Where E-Mail Can Go Wrong Securing E-Mail Requires DNSSEC Securing SMTP Using DNSSEC and DANE 2 wes.hardaker@parsons.com

678 views • 31 slides
Palantir & Project Welcome Home Alice Yu What does a data-driven program look like? 1 Us

Palantir & Project Welcome Home Alice Yu What does a data-driven program look like? 1 Us

Palantir & Project Welcome Home Alice Yu What does a data-driven program look like? 1 Us Use da data to imp implement the he pr program 2 Tar arget high igh-risk und underserved po population 3 Enr Enroll target po population

235 views • 4 slides
FY2020 Community Operating Grants Agenda 9:30 9:45 Welcome Franklyn Baker 9:45 10:25

FY2020 Community Operating Grants Agenda 9:30 9:45 Welcome Franklyn Baker 9:45 10:25

FY2020 Community Operating Grants Agenda 9:30 9:45 Welcome Franklyn Baker 9:45 10:25 COG Application Overview Rob Clark & Lillie Hughes 10:25 10:30 Turn In Question Notecards 10:30 10:50 ALICE Report Overview Angie

449 views • 31 slides
THE STORIES WE CONSTRUCT ALICE MULONGO ARCH 402 PROF. WILLIAMS CONCEPT SITE PLAN LOBBY

THE STORIES WE CONSTRUCT ALICE MULONGO ARCH 402 PROF. WILLIAMS CONCEPT SITE PLAN LOBBY

THE STORIES WE CONSTRUCT ALICE MULONGO ARCH 402 PROF. WILLIAMS CONCEPT SITE PLAN LOBBY FACADE/ PREFUNCTION SPACE CONTEXT PROGRAM PROMENADE ELEVATION TRANSVERSE SECTION EVENT SPACE COMPRESSION/ EXPANSION STASIS AND MOTION STRUCTURE

705 views • 4 slides
Scientists(ECR) Network How does the WDS support ECRs? Data Curation and Management: Current

Scientists(ECR) Network How does the WDS support ECRs? Data Curation and Management: Current

Early Career Researchers and Scientists Netw twor ork WDS Early Career Researchers and Scientists(ECR) Network How does the WDS support ECRs? Data Curation and Management: Current Achievements and Future Challenges Hosted by

320 views • 11 slides
Designing'a'Curriculum' Alignment'Program' The'Bridge'Method'''

Designing'a'Curriculum' Alignment'Program' The'Bridge'Method'''

Designing'a'Curriculum' Alignment'Program' The'Bridge'Method''' Suppor;ng'successful'educa;on'transi;ons.' ! DESIGNING!A!CURRICULUM!ALIGNMENT!PROGRAM!! !

430 views • 8 slides
Common Core State Standards GOALS Understand the shift in what proficiency means

Common Core State Standards GOALS Understand the shift in what proficiency means

Regional Educators Advancing College, Career, and Citizen Readiness Higher Toolkit 2: Aligning Curriculum with Common Core State Standards GOALS Understand the shift in what proficiency means Understand alignment between

638 views • 32 slides

More recommend