SAC-PA: Cloud Security Balaji Palanisamy School of Information Sciences University of Pittsburgh bpalan@pitt.edu 1
Cloud computing Benefits For clients: ◦ No upfront commitment in buying/leasing hardware ◦ Can scale usage according to demand ◦ Barriers to entry lowered for startups For providers: ◦ Increased utilization of datacenter resources minimizes cost 2
So, if cloud computing is so great, why aren’t everyone doing it? Clouds are still subject to traditional data confidentiality, integrity, availability, and privacy issues, plus some additional attacks 3
AWS Security Advice 7.2. Security. We strive to keep Your Content secure, but cannot guarantee that we will be successful at doing so, given the nature of the Internet. Accordingly, without limitation to Section 4.3 above and Section 11.5 below, you acknowledge that you bear sole responsibility for adequate security, protection and backup of Your Content. We strongly encourage you, where available and appropriate, to use encryption technology to protect Your Content from unauthorized access and to routinely archive Your Content. We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content. Source: http://aws-portal.amazon.com/gp/aws/developer/terms-and-conditions.html 4
Example: Online Course Database Stude nt Student Nam GP Addr CreditCard … Id e A Cours e Course Nam InstrId … Id e StudentCo urse Course Student Grad … Id Id e 5
Encryption and DbaaS: Functionality SELECT * FROM courses WHERE StudentId = 1234 Client App 6
Encryption and DbaaS: Functionality Encrypted SELECT * FROM courses WHERE StudentId = 1234 Client App [HIL+02] SIGMOD Test of Time Award 7
Deterministic Encryption Scheme Key: 000102030405060708090a0b0c0d0e0f Plaintext Ciphertext a7be1a6997ad739bd8c9ca451f618b61 The quick brown fox jumps Encr b6ff744ed2c2c9bf6c590cbf0469bf41 over the lazy dog 47f7f7bc95353e03f96c32bcfd8058df Ciphertext Plaintext a7be1a6997ad739bd8c9ca451f618b61 The quick brown fox jumps Decr b6ff744ed2c2c9bf6c590cbf0469bf41 over the lazy dog 47f7f7bc95353e03f96c32bcfd8058df Key: 000102030405060708090a0b0c0d0e0f Crypto Textbook: [KL 07] 8
Nondeterministic Encryption Scheme Key: 000102030405060708090a0b0c0d0e0f a7be1a6997ad739bd8c9ca451f618b61 The quick brown fox jumps Encr b6ff744ed2c2c9bf6c590cbf0469bf41 over the lazy dog 47f7f7bc95353e03f96c32bcfd8058df 000102030405060708090a0b0c0d0e0f fa636a2825b339c940668a3157244d17 The quick brown fox jumps Encr 247240236966b3fa6ed2753288425b6c over the lazy dog 69c4e0d86a7b0430d8cdb78070b4c55a Example: AES + CBC + variable IV 9
Deterministic Encryption select * from assignment where studentid = 1 StudentId St As AssignI Sc Scor d e 1 68 1 2 71 1 4 99 3 … … … 10
Deterministic Encryption select * from assignment where studentid_det = bd6e7c3df2b5779e0b61216e8b10b689 StudentId_D St _DET As AssignId Sc Score 1 68 bd6e7c3df2b5779e0b61216e8b10b 689 2 71 bd6e7c3df2b5779e0b61216e8b10b 689 4 99 7ad5fda789ef4e272bca100b3d9ff 59f … … … 11
Homomorphic Encryption 7ad5fda789ef4e272bca100 b3d9ff59f 7a9f102789d5f50b2beffd9f3dca4ea7 bd6e7c3df2b5779e0b61216 e8b10b689 Encryption key is not an input 12
Order Preserving Encryption Value Enc (Value) 1 0x0001102789d5f50b2beffd9f3dca4 ea7 2 0x0065fda789ef4e272bcf102787a93 903 3 0x009b5708e13665a7de14d3d824ca9 f15 4 0x04e062ff507458f9be50497656ed6 54c 5 0x08db34fb1f807678d3f833c2194a7 59e [BCN11, PLZ13] 13
Order-Preserving Encryption select * from assignment where score >= 90 St Studen As Assig Sc Score tI tId nI nId 1 1 68 2 1 71 4 3 99 … … … 14
Order-Preserving Encryption select * from assignment where score_OPE >= 0x04e062ff507458f9be50497656ed654c Studen St As Assig Sc Score_O _OPE tI tId nI nId 1 1 0x0065fda789ef4e272bcf1027 87a93903 2 1 0x009b5708e13665a7de14d3d8 24ca9f15 4 3 0x08db34fb1f807678d3f833c2 194a759e … … … 15
Homomorphic Encryption Schemes (Any function) Fully Homomorphic Encryption [G09, G10] Order-Preserving Encryption [BCN11, PLZ13] Paillier ElGamal Cryptosystem Cryptosystem [E84] [P99] Deterministic Encryption Non-Deterministic Encryption 16
Homomorphic Encryption Schemes (Any function) Fully Homomorphic Encryption [G09, G10] Partial Homomorphic Encryption Order-Preserving Encryption [BCN11, PLZ13] Paillier ElGamal Cryptosystem Cryptosystem [E84] [P99] Deterministic Encryption Non-Deterministic Encryption 17
Homomorphic Encryption Schemes (Any function) Fully Homomorphic Encryption [G09, G10] Partial Homomorphic Encryption Order-Preserving Encryption [BCN11, PLZ13] Paillier ElGamal Cryptosystem Cryptosystem [E84] [P99] Deterministic Encryption Non-Deterministic Encryption 18
Homomorphic Encryption Schemes: Performance Space for 1 Time for 1 Scheme integer (bits) operation Fully Cosmic time Homomorphic scales Encryption Paillier ms ElGamal Deterministic Order- s preserving 19
Trusted Client Architecture Client Query Server Query Fragment Fragment DBMS Shell DBMS Encrypted Data Key Plaintext Plaintext Results Query Client App Distributed query processing between untrusted DBMS and client-end DBMS shell
CryptDB Architecture Client App PlainText PlainText Query Results DBMS + Rewritten Web UDFs Query Proxy Key Encrypted Data Web proxy rewrites queries, decrypts result Leverage P.H.E techniques [PRZ+11]
Secure In-Cloud Compute Architecture Untrusted Query Fragment Query Translation DBMS Encrypted Data & Splitting Encrypted Data Plaintext Plaintext Results Query Trusted Client Compute App Key Trusted Query Fragment Distributed query processing between untrusted DBMS and trusted cloud compute Solutions differ in granularity of integration
Secure Processors TrustedDB ◦ Trusted compute is a full DBMS IBM Secure Co-processor Key Embedded Linux & SQL Lite Query Client Cloud Stora App DBMS ge Results [BS11]
TrustedDB Hybrid Example [BS11] 24
Partioned Computing Hybrid Clouds ◦ Public cloud for non-sensitive data ◦ Private cloud for sensitive data ◦ Data and compute shipped between them Example Hybrid Cloud architectures ◦ SEDIC (CCS 2011) ◦ SEMROD (SIGMOD 2015) ◦ VNCACHE (CCGrid 2014) 25
Loss of Control: Data Lives Forever Sensitive Ann Carla email ISP This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. Sensitive Sensitive Sensitive Sensitive Senstive Senstive Senstive Senstive Sensitive Sensitive Sensitive Sensitive How can Ann delete her sensitive email? She doesn ’ t know where all the copies are Services may retain data for long after user tries to delete 26
Archived Copies Can Resurface Years Later Ann Carla ISP Sensitive Sensitive Sensitive Sensitive Senstive Senstive Senstive Senstive This is sensitive stuff. Sensitive Sensitive Sensitive Sensitive This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. Some time later… Retroactive attack This is sensitive stuff. This is sensitive stuff. on archived data This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. 27
Vanish Peer-T o-Peer Protocol (OSDI’06) n A system composed of individually-owned computers that make a portion of their resources available directly to their peers without intermediary managed hosts or servers. [~wikipedia] Important P2P properties (for Vanish): n Huge scale – millions of nodes n Geographic distribution – hundreds of countries n Decentralization – individually-owned, no single point of trust n Constant evolution – nodes constantly join and leave 28
Timed-release of Self-emerging Data (ICDCS’17, CLOUD’17) Timed release of self emerging data: • securely hide the protected data from being accessed prior to the release time. • automatic appearance of the stored data at the predetermined release timer time. generated released Available Securely for receivers protected Use cases: non-releasable private data may become releasable due to the degradation of • time-varying data privacy. time-sensitive online events: secure voting mechanism, online examination. •
Recommend
More recommend