View
17
Download
0
Category
Preview:
DESCRIPTION
PRIAM: PR ivate I nformation A ccess M anagement on Outsourced Storage Service Providers. Mark Shaneck Karthikeyan Mahadevan Jeff Yongdae Kim. Collection of Personal Information on the Internet *. - PowerPoint PPT Presentation
Citation preview
PRIAM: PRivate Information Access Management on Outsourced Storage Service Providers
Mark ShaneckKarthikeyan Mahadevan
JeffYongdae Kim
Collection of Personal Information on the Internet *
A survey by www.epic.org on the hot 100 websites (www.100hot.com) suggested that 49 of these collect private information
“For example America Online is matching its subscribers to demographic and psychographic data obtained from Donnelley Marketing”
*Source: http://www.epic.org/reports/surfer-beware.html
Privacy – do we have it on the Internet ? Privacy is a right that every individual
should possess Apparently this concept is not true in
the Internet "You have zero privacy now. Get over
it“ - Sun CEO Scott McNealy Conclusion: Protecting privacy will be
one the greatest challenges for the Internet
Outline
MotivationMotivation Existing Approaches Overview of PRIAM Challenge Details Conclusion and Future Work
Problem Setting Alice wants to have control over her
private information She wants to store it with a highly available
storage provider, which she could access from anywhere
Storage provider should not know what she is storing
Alice - Minimal computation Alice should be able to let the people she
like access some information for a limited period of time
Existing Approaches - ACL
Access Control List: Owner defines an ACL and gives it to the PIP
Problems PIP should be trusted. Else encrypt the data – implies more
key management issues
Existing Approaches - Kerberos
Kerberos : Owner has to play AS Problems
Owner has to online Also PIP should be trusted Else encrypt files – key management
problems (similar to ACL approach)
Existing Approaches - Lockbox
Idea – encrypt the file with symmetric key and encrypt the symmetric key with public key of users who will be granted access (used in Storage Security) Problem owner has to be online to
provide access to new user! Once the authorization expires – update
the lockbox, has to contact PIP!
PRIAM
PRIAM is a suite of protocols: Private Information Storage Protocol Private Information Evolution Protocol Private Information Authorization
Protocol Private Information Retrieval Protocol
Challenge How can the PIP do updation without
owner interference? There exists a function f such that:
)())(,(11 mEmEkf kk
Building Blocks Safe Prime: A prime p is called a
safe prime if it is of the form p = 2p’+1, where p’ is a prime
Odd hash function
Key Chain
1||
}1,0{}1,0{:'
*'
hh
h l
j
iij kk
0
'
Set up
Owner does the following Choose two safe primes p, q and
compute n=pq Pick random odd number r (blinding
factor) which is co prime to φ(n) Public value : n Private values: p, q, p’, q’, φ(n), r
Private Information Storage Alice wants to store t items {m(0),
m(1),…,m(t)} – after initial setup For each i, 1≤i≤t, generate an odd
random number such that Compute: To store the information with PIP,
Alice will send encrypted message, along with initial value of k, index i:
ik0 )(0 0 nk i
nmmirkii mod)( 0)()(
0
}),,,(),....,2,,(),1,,{(: )(0
)(0
)2(0
)2(0
)1(0
)1(0 ntkmkmkmPIPOwner tt
Private Information Evolution PIP updates the encryption key every
night (whenever appropriate) as follows:
Note, that for day j :
nmmcomputesPIPijki
jij mod)(:
)()(1
)(
nmmijrki
jij mod)(
)(')(1
)(
Private Information Authorization Bob wants to know some information
about Alice, he must get Alice’s consent.Alice -> Bob :
This message is sent over a secure channel, where r is a fixed odd random.
Alice could give Bob authorization for over a period of time
}),(mod){( 1)(' nnrk ij
Temporal Private Information Retrieval
ijmQuerierPIP
sidowneriquestPIPQuerier
:
',,Re:
Querier can now recover the message as
nmm irkij
ijrki
j mod)( )()()(1))('()('
Performance EvaluationCommunicati
onComputation Storage
Private Information
Storage
1 Owner: t PIP: t records, t
keysOwner: TJ
tokens
Private Information Evolution
0 N 0
Private Information
Authorization
2 0 Querier: T tokens
Temporal Private
Information Retrieval
2 Querier: 1 0
Security Analysis
Confidentiality Our scheme is secure against an
outside attack Our scheme is secure against an
inside attacker under the hardness of finding φ(n) from n
Integrity: RSA guarantees this property
Security Analysis – Cont’d
Collusion The advantage of any number of
collusion is not better that that of an inside attacker with several transcripts
Knowing the values of encryption keys without the knowledge of φ(n) does not help finding the inverse of a future key
Application – (1)
Private Information on the Internet We will be able to realize privacy on
the Internet using our approach. For example Alice purchasing
products from a website could provide authorization to some information, with which the website could contact a PIP
Application – (2)
Disclosure of Medical History Information Any doctor would be able to access
the required medical information about a patient with his/her authorization
Conclusions
We have proposed a scheme to achieve control over one’s private information
Provide dynamic authorization No necessity to contact the PIP for
key updates PIP is minimally trusted !
Future Work
Applying to Storage Area Networks Symmetric Key Version of this
scheme Supporting multiple owners Digital watermarking or traitor
tracing to prevent information dissemination from an authorized querier.
Recommended