cryptography for cloud security
play

Cryptography for Cloud Security Mohsen Toorani Department of - PowerPoint PPT Presentation

Nov 05, 2022 •547 likes •1.39k views

Cryptography for Cloud Security Mohsen Toorani Department of Informatics, University of Bergen Simula@UiB Coins Winter School Finse, Norway May 12, 2017 Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 1 / 58 Our

  1. Cryptography for Cloud Security Mohsen Toorani Department of Informatics, University of Bergen Simula@UiB Coins Winter School Finse, Norway May 12, 2017 Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 1 / 58

  2. Our project Title Cryptographic Tools for Cloud Security Funded by the Norwegian Research Council (IKTPLUSS) Partners NTNU (Department of Information Security and Communication Technology & Department of Mathematics) Simula@UiB ntnu.edu/iik/cloudcrypto Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 2 / 58

  3. Outline Computing on encrypted data 1 (Fully) Homomorphic Encryption Functional Encryption Obfuscation Secure Deduplication 2 Deduplication schemes Side channels in deduplication Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 3 / 58

  4. Computing on encrypted data Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 4 / 58

  5. Computing on encrypted data Privacy? Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 4 / 58

  6. Homomorphic Encryption A way to delegate processing of data without giving access to it Encryption schemes that allow computations on the ciphertexts E k [ m 1 ] • E k [ m 2 ] = E k [ m 1 ◦ m 2 ] Applications: E-voting: Votes are encrypted as 1 or 0. Ciphertexts are aggregated before decryption. No individual vote is revealed. Requires additive homomorphic encryption: ◦ is + Secure cloud computing: Requires fully homomorphic encryption (homomorphic properties for both + and × ) Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 5 / 58

  7. Homomorphic Encryption Multiplicative homomorphic encryption - Unpadded RSA: m e 1 × m e 2 = ( m 1 × m 2 ) e - ElGamal: Given public key ( g , h = g a ), ciphertexts ( g r 1 , h r 1 m 1 ) and ( g r 2 , h r 2 m 2 ), multiple both components ( g r 1 + r 2 , h r 1 + r 2 m 1 m 2 ) Additive homomorphic encryption Paillier cryptosystem [Eurocrypt’99]: Additive on Z n Public key: ( n , g ) where p and q : two large prime, n = pq , g ∈ R Z ∗ n 2 Private key: ( λ, µ ) where λ = lcm ( p − 1 , q − 1), and µ = ( g λ modn 2 − 1 ) − 1 modn n For encrypting m ∈ Z n : Select random r ∈ R Z ∗ n Compute c = g m r n mod n 2 For decryption: compute m = µ c λ modn 2 − 1 mod n n Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 6 / 58

  8. Homomorphic Encryption Continued Examples of schemes with limited functionality RSA works for MULT (mod N) Paillier works for ADD (XOR) BGN05 works for quadratic formulas MGH08 works for low-degree polynomials (size of c ← Eval ( pk , f , c 1 , ..., c t ) grows exponentially with degree of f ) Somewhat Homomorphic Encryption (SHE) Eval only works for some functions f Fully Homomorphic Encryption (FHE) Fully means that it works for any arbitrary function f Supports both addition and multiplication Before Gentry’s work (2009), no FHE scheme Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 7 / 58

  9. Why both addition and multiplication? Because { XOR, AND } is Turing-complete: any function can be written as a combination of XOR and AND gates. If you can compute XOR and AND on encrypted bits, you can compute ANY function on encrypted inputs. Example: Searching a database Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 8 / 58

  10. Homomorphic Public-key Encryption Procedures: (KeyGen, Enc, Dec, Eval) ( sk , pk ) ← KeyGen ( λ ) Correctness: For any function f in supported family F , c 1 ← Enc pk ( m 1 ), ... , c t ← Enc pk ( m t ) c ∗ ← Eval pk ( f , c 1 , ..., c t ) Dec sk ( c ∗ ) = f ( m 1 , ..., m t ) No information about m 1 , ..., m t , and f ( m 1 , ..., m t ) is leaked. Compactness: complexity of decrypting c ∗ does not depend on complexity of f . Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 9 / 58

  11. SHE + Bootstrappability → FHE 1 Construct a useful “Somewhat Homomorphic Encryption” scheme 2 Modify your SHE scheme and make it bootstrappable if it is not 3 Bootstrappable SHE − − − − − − − − − → FHE Recryption (Note: It is also possible to construct FHE schemes without bootstrapping). Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 10 / 58

  12. Bootstrapping Problem: Ciphertexts contain random ’noise’ that grows after homomorphic evaluation (Add and Mult increase noise). Once the noise exceeds a certain level, the ciphertext can no longer be decrypted. Without a noise-reduction, number of homomorphic operations that can be performed is limited. The best noise-reduction that kills all noise: Decryption! Decryption should be done without releasing the secret key → We can release Enc ( sk ): Circular Encryption (For a cycle of public/secret key-pairs ( pk i , sk i ) for i = 1 , ..., n , encrypt each sk i under pk ( i mod n )+1 .) Whenever noise level increases beyond a limit, use bootstrapping to reset it to a fixed level. Bootstrapping = “Valve” at a fixed height Gentry’s “bootstrapping” theorem: If an encryption scheme can evaluate its own decryption circuit, then it can evaluate everything [Gentry’09]. Bootstrapping requires homomorphically evaluating the decryption circuit. Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 11 / 58

  13. Bootstrapping Problem: Ciphertexts contain random ’noise’ that grows after homomorphic evaluation (Add and Mult increase noise). Once the noise exceeds a certain level, the ciphertext can no longer be decrypted. Without a noise-reduction, number of homomorphic operations that can be performed is limited. The best noise-reduction that kills all noise: Decryption! Decryption should be done without releasing the secret key → We can release Enc ( sk ): Circular Encryption (For a cycle of public/secret key-pairs ( pk i , sk i ) for i = 1 , ..., n , encrypt each sk i under pk ( i mod n )+1 .) Whenever noise level increases beyond a limit, use bootstrapping to reset it to a fixed level. Bootstrapping = “Valve” at a fixed height Gentry’s “bootstrapping” theorem: If an encryption scheme can evaluate its own decryption circuit, then it can evaluate everything [Gentry’09]. Bootstrapping requires homomorphically evaluating the decryption circuit. Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 11 / 58

  14. Bootstrapping Problem: Ciphertexts contain random ’noise’ that grows after homomorphic evaluation (Add and Mult increase noise). Once the noise exceeds a certain level, the ciphertext can no longer be decrypted. Without a noise-reduction, number of homomorphic operations that can be performed is limited. The best noise-reduction that kills all noise: Decryption! Decryption should be done without releasing the secret key → We can release Enc ( sk ): Circular Encryption (For a cycle of public/secret key-pairs ( pk i , sk i ) for i = 1 , ..., n , encrypt each sk i under pk ( i mod n )+1 .) Whenever noise level increases beyond a limit, use bootstrapping to reset it to a fixed level. Bootstrapping = “Valve” at a fixed height Gentry’s “bootstrapping” theorem: If an encryption scheme can evaluate its own decryption circuit, then it can evaluate everything [Gentry’09]. Bootstrapping requires homomorphically evaluating the decryption circuit. Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 11 / 58

  15. Bootstrapping Problem: Ciphertexts contain random ’noise’ that grows after homomorphic evaluation (Add and Mult increase noise). Once the noise exceeds a certain level, the ciphertext can no longer be decrypted. Without a noise-reduction, number of homomorphic operations that can be performed is limited. The best noise-reduction that kills all noise: Decryption! Decryption should be done without releasing the secret key → We can release Enc ( sk ): Circular Encryption (For a cycle of public/secret key-pairs ( pk i , sk i ) for i = 1 , ..., n , encrypt each sk i under pk ( i mod n )+1 .) Whenever noise level increases beyond a limit, use bootstrapping to reset it to a fixed level. Bootstrapping = “Valve” at a fixed height Gentry’s “bootstrapping” theorem: If an encryption scheme can evaluate its own decryption circuit, then it can evaluate everything [Gentry’09]. Bootstrapping requires homomorphically evaluating the decryption circuit. Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 11 / 58

  16. Recryption A central aspect in Gentry’s FHE (and subsequent schemes). It allows to refresh a ciphertext: given a ciphertext C , compute a new ciphertext C ′ with a decreased noise. By periodically refreshing the ciphertext (e.g., after computing some gates in f ), one can evaluate arbitrarily large circuits f . Recryption is implemented by evaluating the decryption circuit of the encryption scheme homomorphically. Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 12 / 58

Recommend

Cryptography Seny Kamara Cryptography Group Microsoft Research Outline Cloud Architecture

Cryptography Seny Kamara Cryptography Group Microsoft Research Outline Cloud Architecture

Cloud Cryptography Seny Kamara Cryptography Group Microsoft Research Outline Cloud Architecture What is cloud computing? o Cloud Ecosystem Who provides and who consumes cloud services? o Cloud Cryptography What are the security

637 views • 34 slides
Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security risks. Attacks in a cloud environment, top threats. Security, a major concern for cloud users. Privacy. Trust. Operating systems

661 views • 38 slides
Microarchitectural Attacks in the Cloud Thomas Eisenbarth 07.11.2017 Workshop on Cryptography

Microarchitectural Attacks in the Cloud Thomas Eisenbarth 07.11.2017 Workshop on Cryptography

Microarchitectural Attacks in the Cloud Thomas Eisenbarth 07.11.2017 Workshop on Cryptography for the Internet of Things and Cloud Ruhr-Universitt Bochum Outline Cloud and Cryptography Co-Location in the Cloud Cache Attacks in the

2.23k views • 37 slides
Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the Cloud? How the Cloud is delivered: Iaas, PaaS and SaaS Cloud security challenges and risk Current Cloud security report Cloud security technology

302 views • 27 slides
Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is cryptography? Related fields: Cryptography ("secret writing"): Making secret messages Turning plaintext (an ordinary readable message)

1.2k views • 57 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

758 views • 72 slides
Python Cryptography & Security Jos Manuel Ortega | @jmortegac

Python Cryptography & Security Jos Manuel Ortega | @jmortegac

Python Cryptography & Security Jos Manuel Ortega | @jmortegac https://speakerdeck.com/jmortega Security Conferences INDEX 1 Introduction to cryptography 2 PyCrypto and other libraries 3 Django Security 4 OWASP & Best Practices 5

881 views • 61 slides
Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange

Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange

Cryptography Provable Security Encryption Assumptions Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange information securely Que peut nous garantir la cryptographie ? With the all-digital world, security

190 views • 4 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 CCA Security SIM-CCA Security (PKE) Recv Send PK/Enc SK/Dec Replay Filter Secure (and correct) if: s.t. output of is distributed

1.26k views • 101 slides
Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined) Administrative discussions Stephen McCamant University of Minnesota Multi-Cloud Oblivious Storage Old and new topics in security Cloud threats, old and new

645 views • 8 slides
Objectives Goals of Cryptography Security Services Security Mechanisms Relationship

Objectives Goals of Cryptography Security Services Security Mechanisms Relationship

Overview on Modern Cryptography Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Goals of Cryptography Security Services

658 views • 16 slides
1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

Agenda Related Polices to Cloud Computing I. Guidelines for Information Security of Cloud II. Computing Cloud Security Certification Scheme in KOREA Cloud Security Certification Program in Korea III. April. 11, 2017 Jungduk (JD) KIM, Ph.

403 views • 5 slides
Security and Cryptography at NXP Ventzislav Nikov NXP Semiconductors Research Laboratory Leuven

Security and Cryptography at NXP Ventzislav Nikov NXP Semiconductors Research Laboratory Leuven

Security and Cryptography at NXP Ventzislav Nikov NXP Semiconductors Research Laboratory Leuven Center of Competence System Security and DRM 29.05.2008 Outline Products Domains, Telematics, Product Security Cryptography

432 views • 29 slides
Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1 Special Thanks: to our friends at the Australian Defense Force Academy for providing the basis for these slides Fall 2014 CS 334: Computer Security 2

730 views • 47 slides
Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1 Special Thanks: to our friends at the Australian Defense Force Academy for providing the basis for these slides Fall 2010 CS 334: Computer Security 2

626 views • 43 slides
iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Cryptography 14ss 1 Outline Cryptography

780 views • 54 slides
iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Cryptography 15ws 1 / 72 Outline Cryptography

903 views • 88 slides
Cryptography and Network Security Lecture 0 Manoj Prabhakaran IIT Bombay Security In this

Cryptography and Network Security Lecture 0 Manoj Prabhakaran IIT Bombay Security In this

Cryptography and Network Security Lecture 0 Manoj Prabhakaran IIT Bombay Security In this course: Cryptography as used in network security Network Devices People Cryptography & Security In this course: Cryptography

634 views • 22 slides
Cryptography Deian Stefan Adopted slides from Kirill Levchenko and Dan Boneh Cryptography

Cryptography Deian Stefan Adopted slides from Kirill Levchenko and Dan Boneh Cryptography

CSE 127: Computer Security Cryptography Deian Stefan Adopted slides from Kirill Levchenko and Dan Boneh Cryptography Is: A tremendous tool The basis for many security mechanisms Is not: The solution to all security problems

701 views • 53 slides
Security II: Cryptography Jonathan Katz, Yehuda Lindell: Introduction to Modern Cryptography

Security II: Cryptography Jonathan Katz, Yehuda Lindell: Introduction to Modern Cryptography

Related textbooks Main reference: Security II: Cryptography Jonathan Katz, Yehuda Lindell: Introduction to Modern Cryptography Chapman & Hall/CRC, 2nd ed., 2014 Further reading: Markus Kuhn Christof Paar, Jan Pelzl: Understanding

794 views • 27 slides
Public Key Cryptography Diffie-Hellman Others CSS441: Security and Cryptography Sirindhorn

Public Key Cryptography Diffie-Hellman Others CSS441: Security and Cryptography Sirindhorn

CSS441 Public Key Crypto Principles RSA Public Key Cryptography Diffie-Hellman Others CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015

461 views • 29 slides
Security CSC 249 April 10, 2018 Network Security Symmetric Key Cryptography Caesar cipher DES

Security CSC 249 April 10, 2018 Network Security Symmetric Key Cryptography Caesar cipher DES

Security CSC 249 April 10, 2018 Network Security Symmetric Key Cryptography Caesar cipher DES and AES Public Key Cryptography 2 1 Cryptographic Keys Alices Bobs K A encryption decryption K B key key ciphertext encryption

381 views • 12 slides
Related textbooks Jonathan Katz, Yehuda Lindell: Security II: Cryptography Introduction to

Related textbooks Jonathan Katz, Yehuda Lindell: Security II: Cryptography Introduction to

Related textbooks Jonathan Katz, Yehuda Lindell: Security II: Cryptography Introduction to Modern Cryptography Chapman & Hall/CRC, 2008 Christof Paar, Jan Pelzl: Markus Kuhn Understanding Cryptography Springer, 2010

470 views • 20 slides
Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing Storage Computation High availability No maintenance Decreased Costs Elasticity & Flexibility Security and Privacy for Cloud

529 views • 36 slides

More recommend