5. Cloud Computing - Security Concerns
Security vs. Privacy
• Security – overall information protection
• Privacy – individual information governance
• Cloud Computing & Security – meet very well
• Cloud Computing & Privacy – contradictory
6. Cloud Computing - Security Concerns
(cont.)
• Business information
• Personal information
Privacy is the issue!
7. Cloud Computing - Security Concerns
(cont.)
Encryption is one of the most effective data
protection techniques.
• Security
Data at Rest Encryption, Data in Transit Encryption
• Privacy
Data in Use Encryption
8. Data Encryption & Privacy Preserving
Challenges:
• Data Storage/Sharing & Privacy preserving
• Cloud Computing technology integration
• Decentralized Identity Management
• Multi-trusted domain model
10. Proposed model (cont.)
• Identity-Based Encryption
- no passwords, no certificates, e-mail address
• Identity identifier
- e-mail address
• OAuth2
- open standard for authorization
• OpenID Connect
- decentralized and secure authentication system on top of OAuth2
12. Business model I.
Customer
User Agent
(Browser)
Identity/OAuth Provider +
Data/App Provider
Identity-Based SecaaS Provider
Google, Microsoft, Oracle, Dropbox
Cisco, Symantec
13. Business model II.
Patient, Physician, …
User Agent
(Browser)
Data/App Provider
Identity/OAuth Provider +
Identity-Based SecaaS Provider
Cloud Computing Health Service
Hospital, Clinic, …
15. Pros
• usability (no passwords, no certificates)
• no certificates management
(creation, storage, distribution, revocation)
• lost key prevention
• IBE like features, key escrow/fair encryption, no
need for receiver’s public key before encryption
• no IBE revocation problem (online service)
17. Opportunities
•
•
•
•
•
•
•
•
•
•
•
Data Storage / Sharing
Health Records / Medical Data Sharing
Big Data
Data Boxes
Databases
Reporting / Business Intelligence
Management Information System
e-mail
eForms / Workflow
Document Management / Workflow
Internet of Things