Transcript A PASS Scheme in Clouding Computing

Jyh-haw Yeh
Dept. of Computer Science
Boise State University
Cloud provides services – software,, platform,
Infrastructure.
 Clients are charged by per-use basis.
 Capital Expenditure (CapExp) -> Operational
Expenditure (OpExp)
 Multi-tenancy: better resource utilization
 Reliability: redundant sites
 Security: better protection from outside
attacks.
 Security: big ? from malicious cloud
employees.




Protecting clients’ data privacy from cloud
employee.
Perfect solution: fully homomophic
encryption algorithm (FHEA). No practical
algorithm available.
Without FHEA, 100% data privacy may not be
possible.



Protect data Privacy by Authentication and
Secret Sharing (PASS).
Objective: minimize the risk of leaking private
data.
Approach:
◦ Encrypt data by a key shared with the client.
◦ Do not store the key anywhere in the cloud.
◦ Use secret sharing to authenticate users and
recover the shared key.

5 security components:
◦ Public key cryptosystem (PKC): published by cloud.
◦ Key agreement (KA): agree on a shared key and two
secret shares at registration.
◦ Key management (KM): keep a profile for each
client.
◦ Authentication(AUTH):
 client’s counter <-> server’s counter;
 Computed hashed key from client’s request <->
stored hashed key
◦ Access control (ACL): second defense for a time
frame that the secret key is in use for processing a
query.

Design guideline:
◦ Ensure secret isolation (secret compartment).
◦ Security with a higher priority than efficiency.
◦ Choose a design choice that would benefit multiple
security components.




PASS chooses ECC over RSA.
2
3
ECC: a curve y  x  ax  b
is chosen over a
prime p. A base point G with an order n.
Cloud provider publishes the ECC domain
parameter <p, a, b, G, n>.
Each cloud entity (server, clients) sets up his
own public-private key pair.
◦ Server: public Ds , private d s , where Ds  d sG
◦ Client i: public Di , private di , where Di  di G


Each client i and the cloud server s agree on a
data encryption key k i and two secret
shares SSi (known to the client) and CS i
(known to the server).
The secret shares are used to recover the
encryption key.
Encryption key agreement:

◦
◦
◦
◦
Client i chooses a random number ri and then
sends Ri  ri G to the server s
Server s chooses a random number rs and then
sends Rs  rs G to the client i
Both compute a point Qi  ri Rs  rs Ri
Agree on an encryption key k i : the x-coordinate
of Qi

Secret shares agreement:
◦ Both computes a point Qi  Di and let
a
be the
x-coordinate of the point
◦ Both construct a same poly f ( x)  ki  ax
◦ SSi  ( x1 , f ( x1 ))
◦ CSi  ( x2 , f ( x2 ))
◦ With both secret shares, the poly and then the
secret key can be recovered




The cloud keeps a profile for each client i
Client
ID
h( k i )
SSi
Di
SRCi
Securit
y Label
Hashed key and server request counter SRCi
for authentication
Security label for access control




Client keeps his own request counter CRCi
Client  Server: ENCD (CRCi || CSi )
Server decrypt and get both CRCi and CS i
Client authentication succeeds if both
s
◦ the stored hashed key matches the hashed key
derived from secret shares
◦ The server and client request counters are matched





Security label: (security level, {categories})
Security level: secret, non-secret
Each client i is a category
Ci are in category
All query servers/processes
“query-system”  {all Ci }
Security label to client i’s profile: (secret, { Ci })




Step1 - 4 for initial client registration: key
agreement and data encryption
Step 5-12 for a query processing
Diagram in the following link shows these
steps.
http://cs.boisestate.edu/~jhyeh/presentation
/pass_diagram.pdf