Upload
cisco
View
19
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Protection of Identity Information in Cloud Computing without Trusted Third Party. 作者 : Rohit Ranchal , Bharat Bhargave , Lotfi Ben Othmane , Leszek Lilien , Anya Kim, Myong Kang, Mark Linderman IEEE International Symposium on Reliable Distributed System 報告 日期 :12.13 報告者 : 許睿中. - PowerPoint PPT Presentation
Citation preview
Protection of Identity Information in Cloud Computing without Trusted Third Party
作者 :Rohit Ranchal, Bharat Bhargave , Lotfi Ben Othmane, Leszek Lilien, Anya Kim, Myong Kang, Mark LindermanIEEE International Symposium on Reliable Distributed System報告日期 :12.13報告者 :許睿中
OutlineIntroductionRelate worksSelect research problemsProposed schemes
◦Multi-party computing◦Predicate encryption scheme◦Active Bundle Scheme
Conclusions
IntroductionsIn cloud computing, entities may have
multi accounts associate with a single or multi service provider(SP).
Share sensitive identity information(Personal identifiable information or PII) along with associated attributes of the same entity across services can be lead to mapping of the identity to the entity, tantamount to privacy loss.
IntroductionsIdentity management(IDM) is one of the
core components in cloud privacy and security and can help alleviate some of the problems associated with cloud computing.
To used a cloud service, a user need to authenticate herself to it.
The user has to give away some private information, which uniquely identifies the user to SP. That is user’s PII(Personal identifiable information).
IntroductionsObtaining the user’s PII gives some
assurance to SPs about the user’s identity, which helps SP to decide whether to permit to its service or not.
The propose of an IDM system is to decide upon the disclosure of this information in a secure manner.The main problem for Bob is
to decide which portion of his PII should he disclose, and how do disclose it in a secure way.
Relate worksDifferent solutions use different ways of
sending user’s PII for negotiation with the SPs. The common ways are:◦Use of a Trusted Third Party(TTP). The
major issue with such approach in cloud computing are: (a) TTP could be a cloud service, so SP could
be TTP ; therefore, TTP may not be an independent trusted entity anymore.
(b) Using a single TTP.
Relate worksDifferent solutions use different ways of
sending user’s PII for negotiation with the SPs. The common ways are:◦Prohibiting untrusted host. A client
application holding PII must be executed on trusted host to prevent malicious host from accessing PII.
Select Research ProblemsAuthenticating without disclosing PII
◦When a user sends PII to authenticate for a service, the user may encrypt it. However, PII is decrypted before an SP uses it. As soon as PII is decrypted, it becomes prone to attacks.
Using services on untrusted host◦The available IDM solutions require user to
execute IDM from a trusted host. They do not recommend using IDM on untrusted hosts, such as public host
Proposed schemeThe goal in the paper is to assure that
IDM does not use TTP for verifying credentials.
This implies that IDM could use TTPs for other purpose, such as the use of a TTP by IDM for management of decryption key.
Proposed schemeProposed an approach for IDM in cloud
computing that:◦Does not require TTPS
This is achieved through the use of multi-party computing, in which secret are split into shares distributed to different hosts.
Proposed schemeProposed an approach for IDM in cloud
computing that:◦Can be used for an untrusted or unknown
hosts This is achieved though the use of the active
bundle scheme. An active bundle has a self-integrity check mechanism, which triggers apoptosis(a complete self-destruction) or evaporation(a partial self-destruction) when the check fails.
Proposed schemeProposed an approach for IDM in cloud
computing that:◦Uses encrypted data when negotiating the
use of PII for authentication to services in cloud computing This is achieved by using predicate over
encrypted data.
Multi-party computingThreshold secret sharing
◦First, a secret data item D is divided into n shares D1, D2, …, Dn, then a threshold k is chosen, so that: To recover D, k or more of arbitrary Di’s are
required. Using any k-1 or fewer Di’s leaves D
completely undetermined.
A function f using secret input from all the party. Involves n party, which calculate only partial function output.
One of the player is selected as the dealer(DLR), and is provide the partial function outputs to find out the full results of function computation.
Let f be a linear function of degree n known to each of the n party, and t be an arbitrary threshold value, and Pi denote Party i, and xi denote the secret input of Pi for f.
Multi-party computing
Let a1, a2 , …,an be distinct non-zero elements in the domain of f. Player Pi is assigned the point ai.
DLR will receive from the n parties the partial outputs of f calculated by the n parties using their respective secret inputs x1, x2,…, xn.
Each party Pi generates a polynomial hi of degree t such that hi(0)=xi
Multi-party computing
Multi-party computingEach party Pi send to each Pj one si,j=hi(aj)
of Pj’s input.
Then, each Pi computes a portion of function f using share si,j of the input that it has or received from n-1 other parties.
Predicate encryption schemePredicate encryption scheme allows
evaluating predicate with encrypted data.◦For example, Alice can compute the
predicate using encrypted data.
◦Alice uses a Setup algorithm scheme that generate a public key PK and a secret key MSK.
1. Setup PK,MSK
2. Encrypt(PK,PII) CT3. KeyGen(PK,MSK,p) TKP
4. Query(PK,CT,TKp) p(PII)
Predicate encryption schemePredicate encryption scheme allows
evaluating predicate with encrypted data.◦For example, Alice can compute the
predicate using encrypted data.
◦Alice uses PK to encrypt her PII and gets ciphertext CT.
1. Setup PK,MSK
2. Encrypt(PK,PII) CT3. KeyGen(PK,MSK,p) TKP
4. Query(PK,CT,TKp) p(PII)
Predicate encryption schemePredicate encryption scheme allows
evaluating predicate with encrypted data.◦For example, Alice can compute the predicate
using encrypted data.
◦Alice has the function p representing a predicate that she wishes to evaluate for her CT.
◦She uses the KeyGen algorithm, PK ,MAK and p to output the token TKP.
1. Setup PK,MSK
2. Encrypt(PK,PII) CT3. KeyGen(PK,MSK,p) TKP
4. Query(PK,CT, TKP) p(PII)
Predicate encryption schemePredicate encryption scheme allows
evaluating predicate with encrypted data.◦For example, Alice can compute the
predicate using encrypted data.
◦She gives TKP to the host that evaluates the token for CT, and returns the result p(PII) to Alice.
1. Setup PK,MSK
2. Encrypt(PK,PII) CT3. KeyGen(PK,MSK,p) TKP
4. Query(PK,CT, TKP) p(PII)
Proposed schemesAn owner O encrypts PII using algorithm Encrypt
and O’s public key PK. Encrypt outputs CT-the encrypted PII.
The secret key MSK is spilt between n parties.
SP transform his request for PII to a predicate represented by function P.
SP send share of p to the n parties who hold the shares of MSK.
Proposed schemesThe n parties execute together KeyGen
using PK, MSK, and P and return TKP to SP.
SP call the algorithm Query that take as input PK, CT, TKP and produces p(PII) which is evaluation of the predicate.
The owner O is allow to use the service only when the predicate evaluate to “true”.
Include:◦Identity data:
Data used for authentication, getting service, using service
The data are encrypted◦Metadata : Describe active bundle and its
privacy policy (a) integrity check metadata (b) access control metadata (c) dissemination control metadata
Active Bundle Scheme
Active Bundle SchemeIncludes:
◦Virtual machine(VM):manages and controls the program code enclosed in a bundle. Enforcing bundle access control policies
through apoptosis, evaporation Enforcing bundle dissemination policies Validate bundle integrity
◦Disclosure policy: A set of rule for choosing which identity data
to disclose
Active Bundle SchemeActive bundle send from a source host to
the destination.
An active bundle ascertain the host’s trust level through a TTP.
Using its disclosure policy, it decides whether the host may be eligible to access all or part of bundle’s data, and which portion of sensitive data can be revealed to it.
Active Bundle SchemeThe remaining data may be evaporated
as specified in the access control polies, protecting the data.
An active bundle may realize its security is about to be compromised.◦It may discover that its self-integrity check
fail◦Or the trust level of its host is to low
The active bundle may choose to apoptosize , that is perform atomically a clean self-destruction.
Active Bundle Scheme
Active Bundle Scheme
ConclusionsIt is very likely that user end up having
multiple identities in multiple service providers security repositories, as well as multiple credential and multiple access permissions for different services provided by different SPs.
There is a strong need for an efficient and effective privacy-preserving system that is independent of TTPs, able to unambiguously identify users that can be trusted.