HPCC 2015 August 24 26 New York USA

  • Slides: 23
Download presentation
HPCC 2015, August 24 - 26, New York, USA User-Controlled Security Mechanism in Data-Centric

HPCC 2015, August 24 - 26, New York, USA User-Controlled Security Mechanism in Data-Centric Clouds Wei Changc Joint work with Qin Liua, Guojun Wangb, and Jie Wuc a. Hunan University, P. R. China b. Central South University, P. R. China c. Temple University, USA Aug. 25, 2015

Outline Introduction to Cloud Computing Security Issues in Cloud Computing Data-Centric Security User-Controlled Security

Outline Introduction to Cloud Computing Security Issues in Cloud Computing Data-Centric Security User-Controlled Security Mechanism Conclusion

What Is Cloud Computing? Wikipedia Definition Cloud computing is a concept of using the

What Is Cloud Computing? Wikipedia Definition Cloud computing is a concept of using the Internet to allow people to access technology-enabled services It allows users to consume services without knowledge of control over the technology infrastructure that supports them NIST Definition 5 essential characteristics 3 cloud service models 4 cloud deployment models

The NIST Cloud Definition Framework Deployment Hybrid Clouds Models Service Models Essential Characteristics Private

The NIST Cloud Definition Framework Deployment Hybrid Clouds Models Service Models Essential Characteristics Private Cloud Community Cloud Software as a Service (Saa. S) Public Cloud Platform as a Service (Paa. S) Infrastructure as a Service (Iaa. S) On Demand Self-Service Broad Network Access Rapid Elasticity Resource Pooling Measured Service NIST Definition Framework

Typical Cloud System Model Cloud Service Providers (CSPs) Cloud providers Service providers End users

Typical Cloud System Model Cloud Service Providers (CSPs) Cloud providers Service providers End users Users and providers in cloud computing

Outline Introduction to Cloud Computing Security Issues in Cloud Computing Data-Centric Security User-Controlled Security

Outline Introduction to Cloud Computing Security Issues in Cloud Computing Data-Centric Security User-Controlled Security Mechanism Conclusion

Traditional Security Issues Network security Man-in-the-middle attacks, IP spoofing, ports scanning, packet sniffing Web

Traditional Security Issues Network security Man-in-the-middle attacks, IP spoofing, ports scanning, packet sniffing Web application vulnerabilities SQL injection, session riding and hijacking, cross-site scripting Distributed Denial of Services (DDo. S) attacks Virtualization vulnerabilities Potential software vulnerabilities Access control weakness Authentication and authorization security

New Security Challenges Multi-tenancy security Side-channel attacks, fate of sharing Data separation and VMs’

New Security Challenges Multi-tenancy security Side-channel attacks, fate of sharing Data separation and VMs’ isolation Accountability While a data breach happens, it is hard to determine which entities should be blamed for it Well-designed SLA, auditability Inner attacks The CSP has the highest privilege to access user data, Data encryption Heterogeneity Multi-trusted domains with different security policies Standards need to be established

Outline Introduction to Cloud Computing Security Issues in Cloud Computing Data-Centric Security User-Controlled Security

Outline Introduction to Cloud Computing Security Issues in Cloud Computing Data-Centric Security User-Controlled Security Mechanism Conclusion

System Model Data owner Uploads data to clouds maintained by the CSP Data user

System Model Data owner Uploads data to clouds maintained by the CSP Data user Requests data from the CSP after obtaining authorization from the data owner System model in data-centric clouds Data-centric security mainly refers to ensuring the CIA of data in cloud environments

CIA in Cloud computing Confidentiality The prevention of intentional or unintentional unauthorized disclosure of

CIA in Cloud computing Confidentiality The prevention of intentional or unintentional unauthorized disclosure of information (Encryption, Access control, Authorization, Authentication) Integrity Ensure that unauthorized modifications are not made to data (MAC, DS) Availability Ensure the reliable and timely access to data or resources (Multiple data copies)

Confidentiality in Clouds Confidentiality Data Encryption User Revocation Query Privacy

Confidentiality in Clouds Confidentiality Data Encryption User Revocation Query Privacy

Data dimension Object dimension Describes the data users who have rights to access such

Data dimension Object dimension Describes the data users who have rights to access such data Time dimension Denotes the length of the access right of the object Action dimension Describes the read right, write right, and search right of the object Data dimensions

Data Encryption Natural way Adopting cryptographic technique Current solutions Traditional symmetric/ asymmetric encryption Low

Data Encryption Natural way Adopting cryptographic technique Current solutions Traditional symmetric/ asymmetric encryption Low cost for encryption and decryption Hard to achieve fine-grained access control Attribute-Based encryption (ABE) Easy to achieve fine-grained access control

User Revocation Naïve solution The data owner re-encrypts data and distributes new keys to

User Revocation Naïve solution The data owner re-encrypts data and distributes new keys to the data user Frequent revocation will make the data owner become a performance bottleneck Proxy Re-encryption (PRE) The data owner to send re-encryption instruction to the cloud The cloud perform re-encryption based on PRE

Query Privacy Query privacy Search privacy: Protect what the users are searching for Access

Query Privacy Query privacy Search privacy: Protect what the users are searching for Access privacy: Protect what/which files are returned to the users Existing solutions Searchable encryption (SE) can protect search privacy while searching encrypted data

Outline Introduction to Cloud Computing Security Issues in Cloud Computing Data-Centric Security User-Controlled Security

Outline Introduction to Cloud Computing Security Issues in Cloud Computing Data-Centric Security User-Controlled Security Mechanism Conclusion

Onion Encryption Search onion Associate each piece of data with an index that includes

Onion Encryption Search onion Associate each piece of data with an index that includes several keywords describing the data content Index is encrypted with the search layer, which can be encapsulated with searchable encryption Onion encryption layers

Onion Encryption Write onion The content can be encrypted with homomorphic encryption , where

Onion Encryption Write onion The content can be encrypted with homomorphic encryption , where the computations can be performed directly on the ciphertexts without decryption Onion encryption layers

Onion Encryption Read onion Encrypts data content with a symmetric key, which is in

Onion Encryption Read onion Encrypts data content with a symmetric key, which is in turn encrypted with ABE over a specific access structure Applies proxy re-encryption (PRE) into ABE for ensuring dynamic access control on ciphertexts Onion encryption layers

The user-controlled security mechanism The users have the ability to customize their desired security

The user-controlled security mechanism The users have the ability to customize their desired security level and mechanism on demand

Conclusion We investigate the definition, features of cloud computing We discuss the security challenges

Conclusion We investigate the definition, features of cloud computing We discuss the security challenges in cloud computing We propose user-controlled security in mechanism to achieve data-centric security in clouds

ANY QUESTIONS?

ANY QUESTIONS?

USA USA USA USA USA USA USA USAUSA USA USA USA USA USA USA USA
HPCC MidMorning Break MPI on HPCC Dirk ColbryHPCC MidMorning Break MPI on HPCC Dirk Colbry
HPCC with Grids and Clouds HPCC 10 MelbourneHPCC with Grids and Clouds HPCC 10 Melbourne
New York Gl Krisztina New York New YorkNew York Gl Krisztina New York New York
Welcome to New York New York New YorkWelcome to New York New York New York
NEW YORK New York l New York oftenNEW YORK New York l New York often
August 25 2015 IEEE HPCC 2015 1 AGENTAugust 25 2015 IEEE HPCC 2015 1 AGENT
August 25 2015 IEEE HPCC 2015 1 AGENTAugust 25 2015 IEEE HPCC 2015 1 AGENT
August 23 28 2015 New York City USAAugust 23 28 2015 New York City USA
New York City New York City Location NewNew York City New York City Location New
n 24 August 1981 Buffalo New York USAn 24 August 1981 Buffalo New York USA
De forente stater USA USA USA p jordklodenDe forente stater USA USA USA p jordkloden
Najwiksze miasta USA NEW YORK New Jork najludniejszeNajwiksze miasta USA NEW YORK New Jork najludniejsze
HPCC MidMorning Break Introduction to the new GPUHPCC MidMorning Break Introduction to the new GPU
New York Blue Climate Science SUMMARY New YorkNew York Blue Climate Science SUMMARY New York
New York Manhattan the centre of New YorkNew York Manhattan the centre of New York
New York Big Apple New York l lNew York Big Apple New York l l
New York SCHOOLS NAME TRIP TO NEW YORKNew York SCHOOLS NAME TRIP TO NEW YORK
The New York State Education Department New YorkThe New York State Education Department New York
NEW YORK FOTOS DE EPOCA NEW YORK ANEW YORK FOTOS DE EPOCA NEW YORK A
NEW YORK UNIVERSITY Angely Lopez INTRODUCTION New YorkNEW YORK UNIVERSITY Angely Lopez INTRODUCTION New York
New York and Product Stewardship New York ProductNew York and Product Stewardship New York Product