security for cloud big data
play

Security for Cloud & Big Data CS 161: Computer Security Prof. - PowerPoint PPT Presentation

Apr 01, 2024 •657 likes •955 views

Security for Cloud & Big Data CS 161: Computer Security Prof. David Wagner April 25, 2016 Awesome Project 2 Solutions Honorable mention: Vincent Wang and John Choi super-efficient updates (6-9x better than our target!) using a log of

  1. Security for Cloud & Big Data CS 161: Computer Security Prof. David Wagner April 25, 2016

  2. Awesome Project 2 Solutions • Honorable mention: Vincent Wang and John Choi – super-efficient updates (6-9x better than our target!) using a log of changes, in just 300 lines of code • Honorable mention: Emily Scharff and Sherdil Niyaz – elegant scheme for revocation: Alice creates a separate “telescope” (symmetric key) for each user she shares with, and keeps track of them • Grand prize: Roger Chen – beautiful log-based scheme, coalesces updates in download(); only submission to pass all tests!

  3. Awesome Project 2 Solutions • Honorable mention: Vincent Wang and John Choi – super-efficient updates (6-9x better than our target!) using a log of changes, in just 300 lines of code • Honorable mention: Emily Scharff and Sherdil Niyaz – elegant scheme for revocation: Alice creates a separate “telescope” (symmetric key) for each user she shares with, and keeps track of them • Grand prize: Roger Chen – beautiful log-based scheme, coalesces updates in download(); only submission to pass all tests!

  4. Big Data in the Cloud Trends in computing: • “Big data”: Easy to collect lots and lots of data about us • “Cloud computing”: Cheaper to store data in the cloud, and do computation there What are the security and privacy implications of these trends?

  5. Big Data in the Cloud Trends in computing: • “Big data”: Easy to collect lots and lots of data about us • “Cloud computing”: Cheaper to store data in the cloud, and do computation there What are the security and privacy implications of these trends? • Privacy – companies know a lot about us • Data security – a security breach exposes all our data

  6. Potential Solutions Some possible ways to mitigate the threat: • Policy: Minimize data collection or retention, limit who can access stored data or for what purposes • Technology: Encrypt data while it is stored on cloud servers

  7. Potential Solutions Some possible ways to mitigate the threat: • Policy: Minimize data collection or retention, limit who can access stored data or for what purposes • Technology: Encrypt data while it is stored on cloud servers – but then how can they do any useful computation on our data?

  8. Example: Project 2 + Search • My document is stored in the cloud on a server, encrypted, as per Project 2, so I don’t have to trust the server. • But I also want to be able to do keyword search over all my documents to look for matches, without having to download and decrypt all my documents.

  9. Example: Project 2 + Search • My document is stored in the cloud on a server, encrypted, as per Project 2, so I don’t have to trust the server. • But I also want to be able to do keyword search over all my documents to look for matches, without having to download and decrypt all my documents. • How can I search in encrypted documents?

  10. Solution #1: Deterministic Enc. • One solution: Each word w is encrypted separately and deterministically: DetEnc k ( w ) = AES-CBC k ( w ) with IV = SHA256( w ) • Advantage: Keyword searches just work, as long as I encrypt the keyword I’m searching on. • Security?

  11. Solution #1: Deterministic Enc. • One solution: Each word w is encrypted separately and deterministically: DetEnc k ( w ) = AES-CBC k ( w ) with IV = SHA256( w ) • Advantage: Keyword searches just work, as long as I encrypt the keyword I’m searching on. • Security? This leaks a lot of data about my docs.

  12. Solution #2: Verifiable Enc. • For each word w , store r , SHA256( r || DetEnc k ( w )) where r is random and different each time, and DetEnc k ( w ) is deterministic encryption as before. • To search for word w , send x = DetEnc k ( w ) to server. For each r , y on the server, server can test whether SHA256( r || x ) = y . • Security?

  13. Solution #2: Verifiable Enc. • For each word w , store r , SHA256( r || DetEnc k ( w )) where r is random and different each time, and DetEnc k ( w ) is deterministic encryption as before. • To search for word w , send x = DetEnc k ( w ) to server. For each r , y on the server, server can test whether SHA256( r || x ) = y . • Security? Leaks data about the keywords I search for, but not other words.

  14. Solution #3: Encrypted Indices • Standard search index: a dict that maps word w to list of names of documents that contain w . { 'giraffe': [1, 3, 17], 'egotistical': [5, 17, 20], ... } • Encrypted index: encrypt each entry separately. { H( k , 'giraffe'): E k ([1,3,17]), H( k , 'egotistical'): E k ([5,17,20]) } • To search for 'giraffe', send x = H( k , 'giraffe') to server, get back encrypted list, and decrypt it.

  15. Security overview • Talk to a partner, fill in the following chart: Scheme Time for Secure for Secure for rare one query common words? words? Deterministic encrypt O(1) Verifiable encryption O(n) ✔� (except searched) Encrypted index

  16. Security overview • Talk to a partner, fill in the following chart: Scheme Time for Secure for Secure for rare one query common words? words? Deterministic encrypt O(1) ✗ ✔ Verifiable encryption O(n) ✔ ✔� (except searched) Encrypted index O(1) ✔ ✔

  17. Case Study: Encrypted Email • My email is stored in the cloud on a server. • For security reasons, I want it to be stored in encrypted form, so I don’t have to trust the server. • But I also want to be able to do keyword search on all my email.

  18. Case Study: Encrypted Email • My email is stored in the cloud on a server. • For security reasons, I want it to be stored in encrypted form, so I don’t have to trust the server. • But I also want to be able to do keyword search on all my email. • How can I search on encrypted email?

  19. Case Study: Encrypted Email • My email is stored in the cloud on a server. • For security reasons, I want it to be stored in encrypted form, so I don’t have to trust the server. • But I also want to be able to do keyword search on all my email. • How can I search on encrypted email? • Answer: Any of the above techniques. (But can’t do regexp/wildcard searches, e.g., searching for “giraf*”.)

  20. Solution for Encrypted Email • One solution: Each word w is encrypted separately and deterministically: E k ( w ) = AES-CBC k ( w ) where IV = SHA256( w ) • Advantage: Keyword searches just work, as long as I encrypt the keyword I’m searching on. Problem: This leaks a lot of data about my email.

  21. Solution for Encrypted Email • One solution: Each word w is encrypted separately and deterministically: E k ( w ) = AES-CBC k ( w ) where IV = SHA256( w ) • Advantage: Keyword searches just work, as long as I encrypt the keyword I’m searching on. Problem: This leaks a lot of data about my email. • More secure solution: For each word w , store r , SHA256( r , E k ( w )) where r is random and different each time, and E k ( w ) is deterministic encryption as above. • To search for word w , send x = E k ( w ) to server. For each r , y on the server, server can test whether SHA256( r , x )= y .

  22. Case Study: CryptDB • Databases often get hacked. CryptDB encrypts all data in database, so you don’t have to trust your database (as much). • How can I do SQL queries on encrypted database?

  23. Solution: Crypto • Some queries can be handled with above techniques. E.g., SELECT * WHERE name=‘David’ → SELECT * WHERE name=0xF6C..18 • Can handle SELECT with equality match; JOIN. For SUM, use homomorphic crypto (next).

  24. Homomorphic encryption • RSA encryption is homomorphic: E( a × b ) = a 3 × b 3 = E( a ) × E( b ) (mod n ) This lets you compute products of encrypted data. • For sums, Paillier encryption (not taught in this class) has a similar homomorphic property: E( a + b ) = … = E( a ) ⊞ E( b )

  25. Solution: Crypto • Some queries can be handled with above techniques. E.g., SELECT * WHERE name=‘David’ → SELECT * WHERE name=0xF6C..18 • Can handle SELECT with equality match; JOIN. For SUM, use homomorphic crypto (next). • For all other SQL operations, download data to client and decrypt in client. • Works surprisingly well: ~ 15% performance overhead, almost all sensitive data can be encrypted.

  26. Integrity • That provides confidentiality; what about integrity? • Want to verify that any records returned by server are actually part of database (and isn’t spoofed).

  27. Merkle Tree

  28. Takeaways • Crypto provides a powerful way to protect data in the cloud – and allows servers to do some useful work on your data, without seeing the data.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security risks. Attacks in a cloud environment, top threats. Security, a major concern for cloud users. Privacy. Trust. Operating systems

661 views • 38 slides
CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns

CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns

CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns Hopkins University What is Cloud Computing ? Lets hear from the experts 2 What is Cloud Computing ? The infinite wisdom of the crowds (via

709 views • 38 slides
Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the Cloud? How the Cloud is delivered: Iaas, PaaS and SaaS Cloud security challenges and risk Current Cloud security report Cloud security technology

302 views • 27 slides
Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Motivation Two-Cloud Setting PP k NN Classification Conclusion and Future Research Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security Yousef M. Elmehdwi Department of Mathematics and Computer

919 views • 19 slides
Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined) Administrative discussions Stephen McCamant University of Minnesota Multi-Cloud Oblivious Storage Old and new topics in security Cloud threats, old and new

645 views • 8 slides
1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

Agenda Related Polices to Cloud Computing I. Guidelines for Information Security of Cloud II. Computing Cloud Security Certification Scheme in KOREA Cloud Security Certification Program in Korea III. April. 11, 2017 Jungduk (JD) KIM, Ph.

403 views • 5 slides
Come Together, Right Now Convergence and Collaboration in Cloud Computing, Data Security &

Come Together, Right Now Convergence and Collaboration in Cloud Computing, Data Security &

bu.edu/hic Boston University Slideshow Title Goes Here Come Together, Right Now Convergence and Collaboration in Cloud Computing, Data Security & Artificial Intelligence September 30, 2020 Eric Kolaczyk | Orran Krieger | Kate Saenko |

821 views • 48 slides
Data Security and Privacy in the Cloud Sara Foresti Dipartimento di Informatica Universit

Data Security and Privacy in the Cloud Sara Foresti Dipartimento di Informatica Universit

Data Security and Privacy in the Cloud Sara Foresti Dipartimento di Informatica Universit degli Studi di Milano sara.foresti@unimi.it Secure Cloud Services and Storage Workshop 2017 September 10, 2017 Oslo, Norway SPDP Lab c 1/32

761 views • 48 slides
Security for Cloud & Big Data CS 161: Computer Security Prof. David Wagner April 18, 2013

Security for Cloud & Big Data CS 161: Computer Security Prof. David Wagner April 18, 2013

Bitcoin, Security for Cloud & Big Data CS 161: Computer Security Prof. David Wagner April 18, 2013 Bitcoin Public, distributed, peer-to-peer, hash-chained audit log of all transactions (block chain). Mining: Each entry in block

499 views • 24 slides
Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing Storage Computation High availability No maintenance Decreased Costs Elasticity & Flexibility Security and Privacy for Cloud

529 views • 36 slides
The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud

The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud

The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud Engineering Immunet, Inc. Monday, August 22, 2011 The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Chief Architect, Cloud

848 views • 68 slides
Q2/16 Opportunity Day Aug 29 th 2016 Marketing Overview Cloud Services Internet Security Big

Q2/16 Opportunity Day Aug 29 th 2016 Marketing Overview Cloud Services Internet Security Big

Q2/16 Opportunity Day Aug 29 th 2016 Marketing Overview Cloud Services Internet Security Big Data Lots of data Worldwide Devices Shipments by Device Type, 2015-2018 (Millions of Units) Global Smartphone Sales to Grow 7 % in 2016 Ultra

942 views • 54 slides
Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud

Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud

Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud Computing Services for Educational Institutions Presented by: Cristina Blanton Erin Fonte Associate Systemwide Compliance and Member, Privacy

310 views • 28 slides
Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud

Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud

Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud Computing model. Presented By: Marissa Hollingsworth Overview What is Cloud Computing? Unique Security Concerns in the Cloud

556 views • 34 slides
Securing the connected world Security acceleration for cloud computing/data centers Company

Securing the connected world Security acceleration for cloud computing/data centers Company

Securing the connected world Security acceleration for cloud computing/data centers Company history 1991: Founded as ASIC design house in Louvain-la-Neuve, Belgium 1995: Becomes part of the Barco group. 1999: 1st SoC development for

189 views • 14 slides
Discovery of Challenging Sources: SharePoint, Unstructured Data, the Cloud and Beyond Panelist:

Discovery of Challenging Sources: SharePoint, Unstructured Data, the Cloud and Beyond Panelist:

Discovery of Challenging Sources: SharePoint, Unstructured Data, the Cloud and Beyond Panelist: Larry Briggi Leigh Isaacs Karin Roberts Moderator: Mary Pat Poteet Security issues of the Cloud: What to avoid and how to batten down the

418 views • 15 slides
Phishing Junxiao Shi, Sara Saleem University of Arizona Apr 23, 2012 1 Introduction 2 Email

Phishing Junxiao Shi, Sara Saleem University of Arizona Apr 23, 2012 1 Introduction 2 Email

Phishing Junxiao Shi, Sara Saleem University of Arizona Apr 23, 2012 1 Introduction 2 Email Spoofing 3 Web Spoofing 4 Pharming 5 Malware 6 Phishing through PDF 7 References What is Phishing a form of social engineering to fraudulently retrieve

640 views • 38 slides
TRUSTED FRIEND ATTACK: GUARDIAN ANGELS STRIKE A talk by Ashar Javed @ DeepSec (21-22 November

TRUSTED FRIEND ATTACK: GUARDIAN ANGELS STRIKE A talk by Ashar Javed @ DeepSec (21-22 November

TRUSTED FRIEND ATTACK: GUARDIAN ANGELS STRIKE A talk by Ashar Javed @ DeepSec (21-22 November 2013), Vienna Austria WHAT Survey of " Fallback Authentication Methods " of fifty (50) popular social networking websites GRAPH IS BIG

1.77k views • 172 slides
GDPR FOR AUTHORS EVERYTHING YOU NEED TO KNOW YOURE IN THE RIGHT PLACE IF Youre an

GDPR FOR AUTHORS EVERYTHING YOU NEED TO KNOW YOURE IN THE RIGHT PLACE IF Youre an

GDPR FOR AUTHORS EVERYTHING YOU NEED TO KNOW YOURE IN THE RIGHT PLACE IF Youre an author, or aspiring author Youre marketing online to people in the EU You want to understand how data privacy laws affect what youre

605 views • 23 slides
Contact Information The Write Way: How HR Professionals Can Get Results Presented by

Contact Information The Write Way: How HR Professionals Can Get Results Presented by

Contact Information The Write Way: How HR Professionals Can Get Results Presented by Latonia Page Federal HR Institute Center for Leadership Development Developing Visionary Leaders to Transform Government LEADERSHIP.OPM.GOV |

609 views • 41 slides
!"#$%&'()*+!,-,#")-".+/-%0("1+2.$3+4##"11+-$+

!"#$%&'()*+!,-,#")-".+/-%0("1+2.$3+4##"11+-$+

!"#$%&'()*+!,-,#")-".+/-%0("1+2.$3+4##"11+-$+ 5,.*"6/#,'"+4&&'(#,7$)18++ 4+9$0"'()*+4&&.$,#:+2$.+/-$.,*"+;$.<'$,01+ !!"#$%&'()*+,*-&. /0 &1233&&

472 views • 30 slides
Be an Email Creative Top Chef Lisa Harmon Director, Creati tive Services Smith

Be an Email Creative Top Chef Lisa Harmon Director, Creati tive Services Smith

Be an Email Creative Top Chef Lisa Harmon Director, Creati tive Services Smith th-Harmon, rmon, A Responsys Company Shannon Dorton Marketing Manager Orbitz Shinn Chen Marketing Manager Salesforce.com January 21, 2010 Janua uary

389 views • 27 slides
Beginning slide (use landing page image) Play! Answering Polls There will be a series of

Beginning slide (use landing page image) Play! Answering Polls There will be a series of

Beginning slide (use landing page image) Play! Answering Polls There will be a series of questions throughout the webinar. Brandify will share any interesting results post-webinar! Let's go! Webinar Agenda Industry Insights: 2017 Local

821 views • 48 slides
SY306 Web and Databases for Cyber Operations SlideSet #7: Regular expressions (JavaScript and

SY306 Web and Databases for Cyber Operations SlideSet #7: Regular expressions (JavaScript and

SY306 Web and Databases for Cyber Operations SlideSet #7: Regular expressions (JavaScript and Python) http://www.w3schools.com/jsref/jsref_obj_regexp.asp Regular Expressions Describe a pattern of characters JS: /pattern/modifiers Is

389 views • 5 slides

More recommend