Cryptographic Cloud Storagex - csie.org

sunflowerplateΤεχνίτη Νοημοσύνη και Ρομποτική

21 Νοε 2013 (πριν από 3 χρόνια και 11 μήνες)

79 εμφανίσεις

Seny

Kamara

& Kristin
Lauter

senyk@microsoft

.com

klauter@microsoft.com

Micorsoft

Reaserch

B99705013

廖以圻

B99705025
陳育旋


Introduction of the cloud storage service


The basic concept of cryptography


Architecture of a cryptographic storage
service


Benefit of a cryptographic storage service


The core component of a cryptographic
storage service


Summary


Introduction of the cloud storage service


The basic concept of cryptography


Architecture
of a cryptographic storage
service


Benefit of a cryptographic storage service


The core component of a cryptographic
storage service


Summary


Cloud infrastructure can be categorized as


private or public


Benefit of public storage service :


availability


reliability


efficient retrieval


data sharing







Main concern for a public storage service :


1. confidentiality



2. integrity






we argue for designing a virtual private
storage service based on recently
cryptographic techniques.


Introduction of the cloud storage service


The basic concept of cryptography


Architecture
of a cryptographic storage
service


Benefit of a cryptographic storage service


The core component of a cryptographic
storage service


Summary

symmetric & asymmetric encryption

Symmetric encryption


Asymmetric encryption


Asymmetric encryption


Introduction of the cloud storage service


The basic concept of cryptography


Architecture
of a cryptographic storage
service


Benefit of a cryptographic storage service


The core component of a cryptographic
storage service


Summary


Data processor
(aka. DP): process data before
it is sent to cloud.


Data verifier
(aka. DV):

checks whether the
data in the cloud has been tempered with.


Token generator
(aka. TG): generate tokens
that enable

the cloud storage to retrieve
segments of customer data.


credential generator
(CG): implements

an
access control policy by issuing credentials
(
憑據
)

to the various parties in the system


A CUMSTOMER ARCHITECTURE



AN ENTERPRISE ARCHITECTURE



A story begin with three party: Alice, Bob and
storage provider.


Alice wants to share data with Bob.


HOW TO DO THAT??


First, Alice and Bob using the same
DP, DV,
TG
.


Alice generate a cryptography key (master
key), which is kept in local.



When Alice wants to upload files.


Using DP:

`
Attaches metadata and encrypt and encode.


Using DV:

`
Verifying the integrity of data.


Using TG:


Wants to retrieve data.


Send token to the cloud storage to search the
appropriate encrypted file.


When Bob wants to retrieve some file.


Alice uses
TG

to make a token to Bob, and
also uses a
CG

to make a credential to Bob.


After Bob receive token and credential, he
uses the token to retrieve data, and decrypt it
with credential.



A CUMSTOMER ARCHITECTURE



AN ENTERPRISE ARCHITECTURE






MegaCorp

wants to share data with
PartnerCorp
,
MegaCorp

store data in cloud
storage provider.


Depending on the particular scenario,
dedicated machines will run various core
components.


each
MegaCorp

and
PartnerCorp

employee
receives a credential from the credential
generator.


所有人的
credential
都不同,依職位劃分。


Whenever a
MegaCorp

employee generates
data that needs to be stored in the cloud, it
sends the data together with an associated
decryption policy to the dedicated machine
for processing.


To retrieve data from the cloud, an employee
requests an appropriate token from the
dedicated machine.


Different TOKENS
can access different
information.


Usage of
DV

is the same as before.



A
PartnerCorp

employee needs access to
MegaCorp's

data, he authenticates itself to
MegaCorp's

dedicated machine and sends it a
keyword.


T
he dedicated machine returns an
appropriate token which the employee uses
to recover the appropriate files.



In the case that
MegaCorp

is a very large
organization,
Data processor may have great
loading.

v


Another case the dedicated machines only
run data verifiers, token generators and
credential generators while the data
processing is distributed to each employee.



Introduction of the cloud storage service


The basic concept of cryptography


Architecture
of a cryptographic storage
service


Benefit of a cryptographic storage service


The core component of a cryptographic
storage service


Summary


C
ontrol of the data is maintained by the
customer.


the security properties are derived from
cryptography.


Regulatory compliance


Geographic restrictions


Subpoenas


Security breaches


Electronic discovery


Data retention and destruction


Regulatory compliance (
保護資料
)


Laws for protecting data.



Sol: Data processor and encryption may help.



Geographic restrictions

`
It can be difficult to ascertain exactly where
one's data is being stored once it is sent to
the cloud. some customers may be reluctant
to use a public cloud for fear of increasing
their legal exposure.


Sol: All data are stored in encrypted form.



Subpoenas

`
If the data is stored in a public cloud, the request
may be made

to the cloud provider and the latter
could even be prevented from notifying the
customer.


Sol: data is stored in encrypted form and since
the customer retains possession of all the keys.



Security breaches(
漏洞
)


There is always the possibility of a security
breach.


Sol: data integrity can be verified at any time.


Electronic discovery

`
organizations are required to preserve and produce
records for litigation. Organizations with high levels
of litigation may need to keep a copy of large
amounts of data.


Sol: a customer can verify the integrity of its data at
any point in time.



Data retention and destruction(
資料保留或刪除
)


It

can be difficult for a customer to ascertain the
integrity of the data or to verify whether it was
properly discarded.


Sol: Secure data erasure can be electively achieved by
just erasing the master key



Anyway, it’s all about the point:



Encrypted data and Data Verifier.


Introduction of the cloud storage service


The basic concept of cryptography


Architecture
of a cryptographic storage
service


Benefit of a cryptographic storage service


The core component of a cryptographic
storage service


Summary


The drawback of the cryptographic storage
service :


We have to download all the data , decrypt it
and search locally.



The organization have to retrieve all the data
to verify the integrity





Improvement

:


1.DP index the data and encrypt it under a


unique key


2.Encrypt the index using
searchable


encryption


3.encrypt the unique key with
attribute
-


based encryption


4.data verifier can verify their integrity using a


proof of storage


A way to encrypt a search index


Given a token for a keyword , one can retrieve
pointers to the encrypted files


But sometimes the searching may
leak

some
information to service provider


SSE /ASE /ESE /
mSSE


Symmetric searchable encryption (SSE)


Single writer /single reader (SWSR)


based on symmetric primitives


Without any token the server learn nothing
about the data except its length


Given a token with keyword
w
, the provider
learn which document contain
w

without
learn
w

Disadvantage :


search time / update


Asymmetric searchable encryption (ASE)


Many writer /single reader (MWSR)


based on symmetric primitives


Without any token the server learn nothing
about the data except its length


Given a token with keyword
w
, the provider
learn which document contain
w


Disadvantage :


the token
w
can be learned


Efficient ASE (ESE)


Search time is more efficient than ASE

Disadvantage :


the token
w
can be learned


Multi
-
user SSE


Single writer /many reader (SWMR)


The owner can add and revoke users’ search
privilege over his data


Improvement

:


1.DP index the data and encrypt it under a


unique key


2.Encrypt the index using
searchable


encryption


3.encrypt the unique key with
attribute
-


based encryption


4.data verifier can verify their integrity using a


proof of storage


Each user in the system is provided with a
decryption key that has
a set of attribute
with
it
(credentials)


Decryption will only work if the attribute
associated with the decryption key match the
policy used to encrypt the massage


Improvement

:


1.DP index the data and encrypt it under a


unique key


2.Encrypt the index using
searchable


encryption


3.encrypt the unique key with
attribute
-


based encryption


4.data verifier can verify their integrity using a


proof of storage


Which the server can prove to the client that
it did not tamper with the data


The protocol can be executed an
arbitray

number of times


The amount of information exchanged is
independent of the size of the data


Private /public verifiable