Embed Size (px)
Citation preview
Security of Applications Involving Multiple Organizations – Order Preserving Encryption in
Hybrid Cloud EnvironmentsMohammad Ahmadian, Ashkan Paya, Dan C. Marinescu
Quantum Computing Lab -School of EECSUniversity of Central Florida
Outline
•Introduction and Motivation
•Order Preserving Encryption
•OPE Algorithm
•Smart Power Grid
•Experimental results
•Conclusion and future works
3
Introduction
• Is it feasible to encrypt sensitive data then give it to public cloud for processing without decrypting?
• How it would be possible to different organization to
delegate different processing services on encrypted data to public service cloud without exposing the data to service provider?
4
Introduction
Reduce spending on technologyReduce capital costImprove accessibilityImprove flexibilityLess personal training is neededAchieve economic of scale …
Security and privacy in the Cloud
Standardizing Cloud Technology
…
Benefits Involved risks
5
Types of Cloud Computing
Public
Private
Hybrid
CommunityShared by several organization;Typically externallyhosted but may be internally hosted by one of the organizations
Used for a single organization; can be internally or externally hosted
Composition of the two or more clouds(private, community or public) that remain unique entities but are bound together, offering the benefits of multiple deployment models, is internally and externally hosted.
Provisioned for open use for the public by a particular organization who also hosts the service.
Motivation
With Order Preserving Encryption companies could use computational power (resources) of public cloud for processing private data. Hybrid cloud, also is best option for workload distribution between public and private cloud.
6
7
Order Preserving Encryption
• A symmetric encryption scheme σ with the plaintext space ρ and the ciphertext Ϛ:
• The key generation algorithm KeyGen• The encryption algorithm c = Enc(K, ρ, Ϛ,m)• The deterministic decryption algorithm Dec which given a
ciphertext c produces either the message m or a symbol ┴m = Dec(K, ρ, Ϛ, c)
Correctness condition:
8
Order Preserving Encryption
if (m1 < m2) then (c1 < c2)if (m1 < m2) then (c1 < c2)
OPE maps a range of integers [1,M] from plaintext space into a much larger range of integers [1;N]σ is an order preserving encryption scheme iff m1 ,m2 are two plaintext values, and c1 = Enc(m1)
c2 = Enc(m2)Then we have
9
Modeling the Distribution
Modeling the Distribution
The elements of the range are partitioned by f into the marked and unmarked subsets, as being balls in a bin. If we draw balls without replacement, the number x of marked balls we've drawn after y samples can be described by the Hyper Geometric Distribution(HGD).
Random order-preserving function can be constructed using a HGD for lazy sampling.
10
OPE-Encryption1. Start with the entire domain M=D and range
N=R2. Chose y= max(N)/2 as the pivot in range.3. Use a key k to produce a pseudo-random bit
sequence.4. Pass the pseudo-random bit sequence to the
HGD sampling routine along with y, M, and N.5. The sampling function HGD returns x such that
x ≤ y and we name x as a pivot of domain. This x describes the number of points of order-preserving function that are less than y.
6. The mth point of our OPF is the ciphertext of m, so we compare x and m
1. If m < x then repeat the process for the points of the domain less than or equal to x and less than or equal to y.
2. If m > x then repeat the process for the points of the domain greater than x and y.
7. The termination condition is to have one element in the domain; then we pick one of the points in range as a accompanying ciphertext.
OPE-Decryption
12
Used case for OPE(SMART Power Grid)
• Smart power grid (SmartPG) is an infrastructure for the production and distribution of electric power.
13
Power Generator
Power Generation Network (Links)
Power Distribution Center
Power Distribution Network
Sensor Data Network (Network of Users)
Coponents of SmartPG
SmartPG
14
Power Generator
Power Generation Network (Links)
1. Name2. ID3. Location4. Maximum Power5. Power Generation Profile6. Fuel Type7. Pollution Profile8. MTBF9. Maintenance
1. Name2. ID of Two Terminal Nodes3. Capacity4. Voltage5. Percentage of Utility Allocated6. Power Loss of The Line7. MTTR8. Failure Rate
SmartPG
15
Power Distribution Center
Power Distribution Network (Links)
Sensor Data Network (Network of Users)
1. Name2. ID3. Location4. Type or Layer of PDN5. Capacity of Center6. MTTR7. Number of Customers8. Price For Each KW/h
1. Name2. ID of Two Terminal Nodes3. Capacity4. Voltage5. Type of Link (PDNT1, 2 or 3)6. Power Loss of The Line7. MTTR8. Failure Rate
1. Location2. Type of Data Provides
SmartPG
16
Power Distribution Center
Power Distribution Network (Links)
Sensor Data Network (Network of Users)
1. Unique ID2. Identity of Terminal
Nodes3. Capacity4. Link Type5. MTTR
Experimental results
• To evaluate the performance of OPE we created a benchmark running on a public cloud. We wish to compare the response time of the OP-encrypted database with the one when the database contains plaintext records.
• Amazon Cloud and we use Amazon Web Services (AWS) An EC2 instance runs a MySQL database server which accesses two databases, one with plaintext data and one with OPE-encrypted data, both databases contain 5x105 records.
17
Experimental results
18
Experimental results
19
Experimental results
20
Conclusion
• Security and privacy are critical for cloud computing. Many important cloud applications in areas such as healthcare or different aspects of the critical infrastructure such as a smart power grid involve “big data.” The obvious approach to ensure security is to encrypt all data stored on the public cloud.
• These are applications requiring cooperation of multiple organizations; each organization shares some data with several other organizations, yet has strict security requirements for its own private data. Application in healthcare, transportation, finance, government, and other areas fit this profile.
21
References1. R. Agarwal, J. Kiernan, R. Srikant, Y.Xu. \Order-preserving encryption for numeric data." Proc. ACM SIGMOD Int. Conf. on
Management of Data, pp. 563{574, 2004.
2. Amazon. \Amazon Web Service." http://aws.amazon.com/. (Accessed on 08/20/13).
3. J. Baliga, R. W. A. Ayre, K. Hinton, and R.S. Tucker. \Green cloud computing: balancing energy in processing, storage, and transport." Proc. IEEE, 99(1):149{167, 2011.
4. A. Boldyreva, N. Chenette, Y. Lee, and A.O. Neill. \Order-preseving symmetric encryption." Lecture Notes in Computer Science, Vol.5479, pp. 224{241, 2009.
5. R.E. Brown, \Impacts of smart grid on distribution sytem design." IEEE Power and Energy Society General Meeting, Conversion and Delivery of Electrical Energy in the 21st Century,pp. 1{4, 2008.
6. F. Chang, J. Dean, S. Ghemawat, W. C. Hsieh, D. A. Wallach, M. Burrows, T. Chandra, A. Fikes, and R. E. Gruber. \Bigtable: a distributed storage system for structured data." Proc. Conf. OS Design and Implementation, (OSDI06), pp. 205{218, 2006.
7. R. DeBlasio, \Standards for the smart grid." In Proc. IEEE Energy 2030 Conf, pp. 1{7, Nov. 2008.
8. Department of Energy. \Smart grid."http://energy.gov/oe/technology-development/smart-grid. (Accessed on 08/20/13).
9. European Union. \Smart grids."http://ec.europa.eu/energy/gas electricity/smartgrids/smartgrids en.htm.(Accessed on 08/20/13, 2013).
10. C. Gentry. \A fully homomorphic encryption scheme." Ph. D Dissertation, Stanford University https://crypto.stanford.edu/craig/craigthesis.pdf, 2009.
11. X. Kai, L. Yongqi, Z. Zhizhong, and Y. Erkeng. \The vision of future smart grid." Electric power, 41(6):19{22, 2008.
12. D. C. Marinescu. Cloud Computing; Theory and Practice. Morgan Kaufmann, 2013.
13. D. Nurmi, R. Wolski, C. Grzegorczyk, G. Obertelli, S. Soman, L. Youse_, and D. Zagorodnov. \The Eucalyptus open source cloud-computing system." Proc 9th IEEE/ACM Int Symp. on Cluster Computing and the Grid, pp. 124{131, 2009.
14. R. A. Popa, C. M. S. Red_eld, N. Zeldovich, and H. Balakrishnam. \CryptDB: Protecting confidentiality with encrypted query processing." Proc. ACM Symp. on Operating Systems Principles (SOSP 2011), pp. 85{100, 2011.10
22
ReferencesM. Ahmadian, A. Paya, and D. C. Marinescu. Security of applications involving multiple organizations and order preserving encryption in hybrid cloud environments. In Parallel Distributed Processing Symposium Workshops (IPDPSW), 2014 IEEE International, pages 894–903, May 2014.
M. Ahmadian, F. Plochan, Z. Roessler, and D. C. Marinescu, “SecureNoSQL: An approach for secure search of encrypted nosql databases in the public cloud,” International Journal of Information Management, vol. 37, no. 2, pp. 63– 74, 2017. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S0268401216302262
23
Thank you
