Jyh-haw YehDept. of Computer Science

Boise State University

Cloud provides services – software,, platform, Infrastructure.

Clients are charged by per-use basis. Capital Expenditure (CapExp) ->

Operational Expenditure (OpExp) Multi-tenancy: better resource utilization Reliability: redundant sites Security: better protection from outside

attacks. Security: big ? from malicious cloud

employees.

Protecting clients’ data privacy from cloud employee.

Perfect solution: fully homomophic encryption algorithm (FHEA). No practical algorithm available.

Without FHEA, 100% data privacy may not be possible.

Protect data Privacy by Authentication and Secret Sharing (PASS).

Objective: minimize the risk of leaking private data.

Approach: ◦ Encrypt data by a key shared with the client.◦ Do not store the key anywhere in the cloud.◦ Use secret sharing to authenticate users and

recover the shared key.

5 security components:◦ Public key cryptosystem (PKC): published by cloud.◦ Key agreement (KA): agree on a shared key and

two secret shares at registration.◦ Key management (KM): keep a profile for each

client.◦ Authentication(AUTH):

client’s counter <-> server’s counter; Computed hashed key from client’s request <->

stored hashed key◦ Access control (ACL): second defense for a time

frame that the secret key is in use for processing a query.

Design guideline:◦ Ensure secret isolation (secret compartment).◦ Security with a higher priority than efficiency.◦ Choose a design choice that would benefit

multiple security components.

PASS chooses ECC over RSA. ECC: a curve is chosen over

a prime p. A base point G with an order n. Cloud provider publishes the ECC domain

parameter <p, a, b, G, n>. Each cloud entity (server, clients) sets up

his own public-private key pair.◦ Server: public , private , where ◦ Client i: public , private , where

baxxy 32

sD sd GdD ss iD id GdD ii

Each client i and the cloud server s agree on a data encryption key and two secret shares (known to the client) and (known to the server).

The secret shares are used to recover the encryption key.

ik

iSS iCS

Encryption key agreement:◦ Client i chooses a random number and then

sends to the server s◦ Server s chooses a random number and

then sends to the client i ◦ Both compute a point ◦ Agree on an encryption key : the x-

coordinate of

irGrR ii

srGrR ss

issii RrRrQ

ikiQ

Secret shares agreement:◦ Both computes a point and let be the

x-coordinate of the point ◦ Both construct a same poly◦ ◦ ◦ With both secret shares, the poly and then the

secret key can be recovered

ii DQ

axkxf i )(

a

))(,( 11 xfxSSi ))(,( 22 xfxCSi

The cloud keeps a profile for each client i

Hashed key and server request counter for authentication

Security label for access control

Client ID

Security Label

)( ikh iSS iD iSRC

iSRC

Client keeps his own request counter Client Server: Server decrypt and get both and Client authentication succeeds if both

◦ the stored hashed key matches the hashed key derived from secret shares

◦ The server and client request counters are matched

iCRC

)||( iiD CSCRCENCs

iCRC iCS

Security label: (security level, {categories}) Security level: secret, non-secret Each client i is a category All query servers/processes are in category

“query-system” {all } Security label to client i’s profile: (secret, {

})

iC

iC

iC

Step1 - 4 for initial client registration: key agreement and data encryption

Step 5-12 for a query processing Diagram in the following link shows these

steps. http://cs.boisestate.edu/~jhyeh/presentatio

n/pass_diagram.pdf