Voc confiaria a sua vida nuvem ? Tcnicas para a computao - - PowerPoint PPT Presentation

voc confiaria a sua vida nuvem
SMART_READER_LITE
LIVE PREVIEW

Voc confiaria a sua vida nuvem ? Tcnicas para a computao - - PowerPoint PPT Presentation

Feb 21, 2023 193 likes •374 views

Voc confiaria a sua vida nuvem ? Tcnicas para a computao terceirizada com privacidade e segurana Hamish Hunt Flavio Bergamaschi Emerging Technologies, IBM Emerging Technologies,IBM Cloud Computing and Security Security

slide-1
SLIDE 1

Você confiaria a sua vida à nuvem ?

Técnicas para a computação terceirizada com privacidade e segurança

Flavio Bergamaschi Emerging Technologies, IBM Hamish Hunt Emerging Technologies,IBM

slide-2
SLIDE 2

Cloud Computing and Security

Security challenges in outsourced computation

▪ Landscape is now asymmetric ▪ Large number of mobile devices ▪ Large compute power in the cloud ▪ No control over the cloud servers ▪ No control over the communication channels ▪ Powerful servers …. untrusted …. or honest but curious

slide-3
SLIDE 3

Cloud Computing and Security

Security challenges in outsourced computation

Alice Input Data Result Perform the correct computation, sends result to Alice Snoops the Comms Channel See Alice’s data Bob Honest but curious Looks at Alice’s data Eve

slide-4
SLIDE 4

Cloud Computing and Security

Securing the Communications Channel

Alice Input Data Result Decrypts, performs the correct computation, encrypts the result before sending. Snoops the Comms Channel Can’t see the data Bob Honest but curious Looks at Alice’s data Encrypts/Decrypts Eve

slide-5
SLIDE 5

▪Verifiable delegation How to ensure the encrypted result we get back is the result of the intended computation “F”? Enc(F(x)) vs Enc(F’(x)) ▪Functional privacy How to protect the computation “F” ▪ Server Privacy The computation being evaluated leaks nothing about the inputs. ▪ Functional encryption Reveals the result of the computation but nothing else. e.g. Spam filter for encrypted email

Cloud Computing and Security

Some Cryptographic Notions - 1

slide-6
SLIDE 6

▪Encrypted Searches Tokenization: **very little security Property preserving encryption Deterministic encryption Everytime Enc(x) generates same cyphertext **very little security Order preserving encryption Takes an ordered universe of plaintext and produces cyphertexts that can be compared/sorted ▪Searchable Symetric Encryption Encrypts the data in a way that in a way that it can be privately queried Encrypts the search structure Protects the data with standard AES

Cloud Computing and Security

Some Cryptographic Notions - 2

slide-7
SLIDE 7

▪Secure Multi-party computation Multiple participants compute a public function on their private data without revealing the input data and only share the result. e.g. Millionaires problem. ▪Fully Homomorphic encryption Allows for the computation to be preformed on encrypted data without ever decrypting it Enc(x) + Enc(y) = Enc(x+y) Enc(x) * Exc(y) = Enc(x*y)

Cloud Computing and Security

Some Cryptographic Notions - 3

slide-8
SLIDE 8

▪Access Pattern Leakage ▪Data Leakage ▪Control Flow Leakage ▪Size Leakage

Cloud Computing and Security

Information Leakages

slide-9
SLIDE 9

Cloud Computing and Security

Struggle between usefulness <-> security

Useful Computation Security Secure Multi-party Computation Homomorphic Encryption Encrypted Searches .

How to secure the data in the cloud in a way that we can perform computations

  • n encrypted data ?
slide-10
SLIDE 10

Computing on Encrypted Data

Fully Homomorphic Encryption

Alice Input Data Result Performs the correct computation, without decrypting the input

  • r output(result)

Snoops the Comms Channel Can’t see the data Bob Can’t see Alice’s data Doesn’t learn anything. Encrypts/Decrypts Eve

slide-11
SLIDE 11

Fully Homomorphic Encryption - History

Theoretical Solution first proposed by Craig Gentry (IBM) in 2009

  • Prompted quotes like “Not in my lifetime”
  • Original scheme was inefficient and difficult to implement

Thought about since the 1970s. Can we perform operations on encrypted data without having to first decrypt it?

Rapid improvements to the theory have led to algorithmic efficiencies making practical implementations possible.

slide-12
SLIDE 12

What can you do that is new?

Real Oblivious Transfer Can the bank provide information to the police without knowing the query or the information returned?

slide-13
SLIDE 13

Oblivious Genome Sequence Comparison

Encrypted Edit Distance Encrypted Genomes IDASH PRIVACY & SECURITY WORKSHOP 2015

Current Version.

  • Using Commodity Intel-based hardware.
  • 100k entries ~5 mins on multi-threaded 4 core machine.
  • Ciphertexts for a security level of 80-100 bits (AES

equivalence) are 1000 times larger than the plaintext.

slide-14
SLIDE 14

Av Aw Bv Bw

Expected Edit

V1 V2 Vn V5 V1 V3 V4 V6 1 5 3 7 .

COMP

1 1 1 1 .

Mult

1 5 3 7 1 1 5 3 7 . Max weight 1 1 3 4 1 1 5 7

Compute the Edit Distance

slide-15
SLIDE 15

Vetor Criptografado Resultado Criptografado FHE Match Engine Descriptografado FHE Base de Dados

Vector Comparison

slide-16
SLIDE 16

16

Desempenho em relação à configurações de segurança de dados da NSA para 'Secret' e 'Top Secret'

Secret Top Secret

Oblivious Image Query

slide-17
SLIDE 17

Referencias

▪HELIB - Biblioteca de Codigo Aberto para computacao Homomorfica https://github.com/shaih/HElib ▪Fullu Homomorphic Encryption without Bootstrapping https://eprint.iacr.org/2011/277 ▪Future Directions in Computing on Encrypted Data https://www.cs.bris.ac.uk/~nigel/ECRYPT-MPC/ ▪Seminario: Computing on Encrypted Data http://people.csail.mit.edu/vinodv/6892-Fall2013/

slide-18
SLIDE 18

DEMO