SlideShare a Scribd company logo

Confidentiality as a service –usable security for the cloud

Download as PPTX, PDF
M
Maha Saad
TechnologyEducation
1 of 21
Confidentiality as a Service –Usable Security for the Cloud 1
 Cloud computing provides numerous advantages.  But cloud computing is a security nightmare.  Don’t trust CSP (Cloud service provider) security.  Confidentiality and integrity vs. usability.  What about Confidentiality provider third party? 2
Combines data security with usability.    3 Trust splitting between CSP and CAAS. Hides all cryptographic artifacts from users.
Create CAAS Identity .   Register via user name and password.  Email-based identification and authentication (EBIA) is used.  The user must choose different passwords for his CaaS and cloud service accounts.  User downloads and installs small software plug-ins.  User enters the CaaS password once per session. 4
5
MAC and HMAC. KDF and HKDF. Stream cipher.    6
7
MAC based on hash functions . HMAC (K,m) = H ((K ⊕ opad) ∥ H ((K ⊕ ipad) ∥ m)) 8
Derives one or more secret keys from a secret value.  DK = KDF( Key, Salt, Iterations) Prevents attacker to know either the input secret value or any of the other derived keys.  9
 Extract Takes the input keying material(IKM) and extracts from it a fixed-length key (PRK). PRK = HMAC-Hash(salt, IKM)  Expand Expands the key PRK into several additional keys . 10
 It takes a short secret key and produces a long keystream.  Encryption is performed by bitwise XORing the keystream to the plain text.  Decryption is performed by regenerating the keystream and XORing it to the ciphertext.  Stream cipher with initialization vector:  11 Take both secret key and public IV to produce keystream.
 +cLayerLocalPre:  Choose a random initialization vector IVu1. Choose a random symmetric encryption key ku1. Calculate a keystream kstr = Sym (iv , k ). Encrypt clearu1 : encu1 = clearu1⊕ kstru1 .  Calculate the message digest digu1 = Hu(clearu1 ).  Send the tuple CredCaaS(u1), U, encu1 to the CaaS.    12 u1 ustr u1 u1
 +cLayerRemote :          13 Check if all u ∈ U are registered CaaS users. Add u1 to U. Sort the list of participating users. For all users compute hj = Hp(uj +hj−1) to obtain iterative hash hn of all participating users. Calculate the secret key kp = HKDFp(hn,Xp). Choose a random initialisation vector ivp Calculate a key stream kstrp = Symp str(ivp, kp) Add a remote cLayer to the input: encp = encu1⊕ kstrp. Send the tuple ivp, Encp back to the requesting client.
 -cLayerLocalPre:   14 Decrypt encp: rts = encp ⊕ kstru1. Send rts, iv , dig to the CSP p u
 +cLayerLocalPost:  Works as +cLayerLocalPre. 15
 +cLayerRemotePost:  Add u2 to U. Sort the list of participating users. For all users compute hj = Hp(uj +hj−1) to obtain iterative hash hn of all participating users. Calculate the secret key kp = HKDFp(hn,Xp). Recalculate a key stream kstrp = Symp str(ivp, kp)  Decrypt enc : dec = enc ⊕ kstr     16 u2 p u2 p
 -cLayerLocalPost:    17 Decrypt cipher text using ivu2 , ku2. Calculate the result’s digest using Hu. If the digest is equal to digu1 integrity isn’t violated.
 Sending a message:    18 Client-side Javascript checks if all recipients have CaaS accounts. If not they will be highlighted. Password needs to be entered once per session.
 Receiving a message:  When the user opens the Facebook page, the script recovers all encrypted message.  The clear text message is inserted into the Facebook message page and framed by a green border. 19
20
 S. Fahl, M. Harbach, T. Muders, and M. Smith.Condentiality as a Service - Usable Security for the Cloud. In Proceedings of the IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 2012.  P. Sarkar , On Authenticated Encryption Using Stream Ciphers Supporting an Initialisation Vector.  http://en.wikipedia.org/wiki/Stream_cipher  http://en.wikipedia.org/wiki/Message_authentication_code  http://en.wikipedia.org/wiki/HMAC  http://en.wikipedia.org/wiki/Key_derivation_function  http://tools.ietf.org/html/rfc5869 21

Recommended

R and cpp
R and cppR and cpp
R and cpp
Romain Francois
 
Barbara Nelson [InfluxData] | How Can I Put That Dashboard in My App? | Influ...
Barbara Nelson [InfluxData] | How Can I Put That Dashboard in My App? | Influ...Barbara Nelson [InfluxData] | How Can I Put That Dashboard in My App? | Influ...
Barbara Nelson [InfluxData] | How Can I Put That Dashboard in My App? | Influ...
InfluxData
 
R and C++
R and C++R and C++
R and C++
Romain Francois
 
k-means Clustering in Python
k-means Clustering in Pythonk-means Clustering in Python
k-means Clustering in Python
Dr. Volkan OBAN
 
Meet the Experts: Visualize Your Time-Stamped Data Using the React-Based Gira...
Meet the Experts: Visualize Your Time-Stamped Data Using the React-Based Gira...Meet the Experts: Visualize Your Time-Stamped Data Using the React-Based Gira...
Meet the Experts: Visualize Your Time-Stamped Data Using the React-Based Gira...
InfluxData
 
Big Data Day LA 2015 - Large Scale Distinct Count -- The HyperLogLog algorith...
Big Data Day LA 2015 - Large Scale Distinct Count -- The HyperLogLog algorith...Big Data Day LA 2015 - Large Scale Distinct Count -- The HyperLogLog algorith...
Big Data Day LA 2015 - Large Scale Distinct Count -- The HyperLogLog algorith...
Data Con LA
 
Taming the Tiger: Tips and Tricks for Using Telegraf
Taming the Tiger: Tips and Tricks for Using TelegrafTaming the Tiger: Tips and Tricks for Using Telegraf
Taming the Tiger: Tips and Tricks for Using Telegraf
InfluxData
 
Instrumenting and Scaling Databases with Envoy
Instrumenting and Scaling Databases with EnvoyInstrumenting and Scaling Databases with Envoy
Instrumenting and Scaling Databases with Envoy
Daniel Hochman
 

Recommended

R and cpp
R and cppR and cpp
R and cpp
Romain Francois
 
Barbara Nelson [InfluxData] | How Can I Put That Dashboard in My App? | Influ...
Barbara Nelson [InfluxData] | How Can I Put That Dashboard in My App? | Influ...Barbara Nelson [InfluxData] | How Can I Put That Dashboard in My App? | Influ...
Barbara Nelson [InfluxData] | How Can I Put That Dashboard in My App? | Influ...
InfluxData
 
R and C++
R and C++R and C++
R and C++
Romain Francois
 
k-means Clustering in Python
k-means Clustering in Pythonk-means Clustering in Python
k-means Clustering in Python
Dr. Volkan OBAN
 
Meet the Experts: Visualize Your Time-Stamped Data Using the React-Based Gira...
Meet the Experts: Visualize Your Time-Stamped Data Using the React-Based Gira...Meet the Experts: Visualize Your Time-Stamped Data Using the React-Based Gira...
Meet the Experts: Visualize Your Time-Stamped Data Using the React-Based Gira...
InfluxData
 
Big Data Day LA 2015 - Large Scale Distinct Count -- The HyperLogLog algorith...
Big Data Day LA 2015 - Large Scale Distinct Count -- The HyperLogLog algorith...Big Data Day LA 2015 - Large Scale Distinct Count -- The HyperLogLog algorith...
Big Data Day LA 2015 - Large Scale Distinct Count -- The HyperLogLog algorith...
Data Con LA
 
Taming the Tiger: Tips and Tricks for Using Telegraf
Taming the Tiger: Tips and Tricks for Using TelegrafTaming the Tiger: Tips and Tricks for Using Telegraf
Taming the Tiger: Tips and Tricks for Using Telegraf
InfluxData
 
Instrumenting and Scaling Databases with Envoy
Instrumenting and Scaling Databases with EnvoyInstrumenting and Scaling Databases with Envoy
Instrumenting and Scaling Databases with Envoy
Daniel Hochman
 
HyperLogLog in Hive - How to count sheep efficiently?
HyperLogLog in Hive - How to count sheep efficiently?HyperLogLog in Hive - How to count sheep efficiently?
HyperLogLog in Hive - How to count sheep efficiently?
bzamecnik
 
Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...
Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...
Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...
InfluxData
 
Anais Dotis-Georgiou & Faith Chikwekwe [InfluxData] | Top 10 Hurdles for Flux...
Anais Dotis-Georgiou & Faith Chikwekwe [InfluxData] | Top 10 Hurdles for Flux...Anais Dotis-Georgiou & Faith Chikwekwe [InfluxData] | Top 10 Hurdles for Flux...
Anais Dotis-Georgiou & Faith Chikwekwe [InfluxData] | Top 10 Hurdles for Flux...
InfluxData
 
Iron python
Iron pythonIron python
Iron python
GeorgeIshak
 
The Directions Pipeline at Mapbox - AWS Meetup Berlin June 2015
The Directions Pipeline at Mapbox - AWS Meetup Berlin June 2015The Directions Pipeline at Mapbox - AWS Meetup Berlin June 2015
The Directions Pipeline at Mapbox - AWS Meetup Berlin June 2015
Johan
 
Bigdata Presentation
Bigdata PresentationBigdata Presentation
Bigdata Presentation
Yonas Gidey
 
Bcn open stack meet up - july 2014
Bcn open stack meet up - july 2014Bcn open stack meet up - july 2014
Bcn open stack meet up - july 2014
Jaume Devesa Gomez
 
The Power of Both Choices: Practical Load Balancing for Distributed Stream Pr...
The Power of Both Choices: Practical Load Balancing for Distributed Stream Pr...The Power of Both Choices: Practical Load Balancing for Distributed Stream Pr...
The Power of Both Choices: Practical Load Balancing for Distributed Stream Pr...
Anis Nasir
 
Ns2 ns3 training in mohali
Ns2 ns3 training in mohaliNs2 ns3 training in mohali
Ns2 ns3 training in mohali
Arwinder paul singh
 
INFLUXQL & TICKSCRIPT
INFLUXQL & TICKSCRIPTINFLUXQL & TICKSCRIPT
INFLUXQL & TICKSCRIPT
InfluxData
 
Device status anomaly detection
Device status anomaly detectionDevice status anomaly detection
Device status anomaly detection
David Tung
 
Data correlation using PySpark and HDFS
Data correlation using PySpark and HDFSData correlation using PySpark and HDFS
Data correlation using PySpark and HDFS
John Conley
 
Anais Dotis-Georgiou [InfluxData] | Learn Flux by Example | InfluxDays NA 2021
Anais Dotis-Georgiou [InfluxData] | Learn Flux by Example | InfluxDays NA 2021Anais Dotis-Georgiou [InfluxData] | Learn Flux by Example | InfluxDays NA 2021
Anais Dotis-Georgiou [InfluxData] | Learn Flux by Example | InfluxDays NA 2021
InfluxData
 
Scaling up data science applications
Scaling up data science applicationsScaling up data science applications
Scaling up data science applications
Kexin Xie
 
Weather of the Century: Visualization
Weather of the Century: VisualizationWeather of the Century: Visualization
Weather of the Century: Visualization
MongoDB
 
Obtaining the Perfect Smoke By Monitoring Your BBQ with InfluxDB and Telegraf
Obtaining the Perfect Smoke By Monitoring Your BBQ with InfluxDB and TelegrafObtaining the Perfect Smoke By Monitoring Your BBQ with InfluxDB and Telegraf
Obtaining the Perfect Smoke By Monitoring Your BBQ with InfluxDB and Telegraf
InfluxData
 
Nika it consulting weekly update
Nika it consulting weekly update Nika it consulting weekly update
Nika it consulting weekly update
Rod Delwar
 
InfluxData Platform Future and Vision
InfluxData Platform Future and VisionInfluxData Platform Future and Vision
InfluxData Platform Future and Vision
InfluxData
 
Big Data Solutions for the Climate Community
Big Data Solutions for the Climate CommunityBig Data Solutions for the Climate Community
Big Data Solutions for the Climate Community
EUDAT
 
Time Series Data with InfluxDB
Time Series Data with InfluxDBTime Series Data with InfluxDB
Time Series Data with InfluxDB
Turi, Inc.
 
The Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDLThe Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDL
Ulisses Costa
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentation
degarden
 

More Related Content

What's hot

Bcn open stack meet up - july 2014
Bcn open stack meet up - july 2014Bcn open stack meet up - july 2014
Bcn open stack meet up - july 2014
Jaume Devesa Gomez
 

What's hot (20)

HyperLogLog in Hive - How to count sheep efficiently?
HyperLogLog in Hive - How to count sheep efficiently?HyperLogLog in Hive - How to count sheep efficiently?
HyperLogLog in Hive - How to count sheep efficiently?
 
Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...
Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...
Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...
 
Anais Dotis-Georgiou & Faith Chikwekwe [InfluxData] | Top 10 Hurdles for Flux...
Anais Dotis-Georgiou & Faith Chikwekwe [InfluxData] | Top 10 Hurdles for Flux...Anais Dotis-Georgiou & Faith Chikwekwe [InfluxData] | Top 10 Hurdles for Flux...
Anais Dotis-Georgiou & Faith Chikwekwe [InfluxData] | Top 10 Hurdles for Flux...
 
Iron python
Iron pythonIron python
Iron python
 
The Directions Pipeline at Mapbox - AWS Meetup Berlin June 2015
The Directions Pipeline at Mapbox - AWS Meetup Berlin June 2015The Directions Pipeline at Mapbox - AWS Meetup Berlin June 2015
The Directions Pipeline at Mapbox - AWS Meetup Berlin June 2015
 
Bigdata Presentation
Bigdata PresentationBigdata Presentation
Bigdata Presentation
 
Bcn open stack meet up - july 2014
Bcn open stack meet up - july 2014Bcn open stack meet up - july 2014
Bcn open stack meet up - july 2014
 
The Power of Both Choices: Practical Load Balancing for Distributed Stream Pr...
The Power of Both Choices: Practical Load Balancing for Distributed Stream Pr...The Power of Both Choices: Practical Load Balancing for Distributed Stream Pr...
The Power of Both Choices: Practical Load Balancing for Distributed Stream Pr...
 
Ns2 ns3 training in mohali
Ns2 ns3 training in mohaliNs2 ns3 training in mohali
Ns2 ns3 training in mohali
 
INFLUXQL & TICKSCRIPT
INFLUXQL & TICKSCRIPTINFLUXQL & TICKSCRIPT
INFLUXQL & TICKSCRIPT
 
Device status anomaly detection
Device status anomaly detectionDevice status anomaly detection
Device status anomaly detection
 
Data correlation using PySpark and HDFS
Data correlation using PySpark and HDFSData correlation using PySpark and HDFS
Data correlation using PySpark and HDFS
 
Anais Dotis-Georgiou [InfluxData] | Learn Flux by Example | InfluxDays NA 2021
Anais Dotis-Georgiou [InfluxData] | Learn Flux by Example | InfluxDays NA 2021Anais Dotis-Georgiou [InfluxData] | Learn Flux by Example | InfluxDays NA 2021
Anais Dotis-Georgiou [InfluxData] | Learn Flux by Example | InfluxDays NA 2021
 
Scaling up data science applications
Scaling up data science applicationsScaling up data science applications
Scaling up data science applications
 
Weather of the Century: Visualization
Weather of the Century: VisualizationWeather of the Century: Visualization
Weather of the Century: Visualization
 
Obtaining the Perfect Smoke By Monitoring Your BBQ with InfluxDB and Telegraf
Obtaining the Perfect Smoke By Monitoring Your BBQ with InfluxDB and TelegrafObtaining the Perfect Smoke By Monitoring Your BBQ with InfluxDB and Telegraf
Obtaining the Perfect Smoke By Monitoring Your BBQ with InfluxDB and Telegraf
 
Nika it consulting weekly update
Nika it consulting weekly update Nika it consulting weekly update
Nika it consulting weekly update
 
InfluxData Platform Future and Vision
InfluxData Platform Future and VisionInfluxData Platform Future and Vision
InfluxData Platform Future and Vision
 
Big Data Solutions for the Climate Community
Big Data Solutions for the Climate CommunityBig Data Solutions for the Climate Community
Big Data Solutions for the Climate Community
 
Time Series Data with InfluxDB
Time Series Data with InfluxDBTime Series Data with InfluxDB
Time Series Data with InfluxDB
 

Similar to Confidentiality as a service –usable security for the cloud

Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentation
degarden
 
Network simulator 2
Network simulator 2Network simulator 2
Network simulator 2
AAKASH S
 
Containerizing Distributed Pipes
Containerizing Distributed PipesContainerizing Distributed Pipes
Containerizing Distributed Pipes
inside-BigData.com
 
ReactiveSummeriserAkka-ScalaByBay2016
ReactiveSummeriserAkka-ScalaByBay2016ReactiveSummeriserAkka-ScalaByBay2016
ReactiveSummeriserAkka-ScalaByBay2016
Ho Tien VU
 

Similar to Confidentiality as a service –usable security for the cloud (20)

The Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDLThe Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDL
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentation
 
Integrating Consul and Puppet
Integrating Consul and PuppetIntegrating Consul and Puppet
Integrating Consul and Puppet
 
Integrating Consul and Puppet
Integrating Consul and PuppetIntegrating Consul and Puppet
Integrating Consul and Puppet
 
Chapter 15 - Security
Chapter 15 - SecurityChapter 15 - Security
Chapter 15 - Security
 
k-means algorithm implementation on Hadoop
k-means algorithm implementation on Hadoopk-means algorithm implementation on Hadoop
k-means algorithm implementation on Hadoop
 
Virtual training Intro to Kapacitor
Virtual training Intro to Kapacitor Virtual training Intro to Kapacitor
Virtual training Intro to Kapacitor
 
Network simulator 2
Network simulator 2Network simulator 2
Network simulator 2
 
Network simulator 2
Network simulator 2Network simulator 2
Network simulator 2
 
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverter
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverterKernel Recipes 2014 - NDIV: a low overhead network traffic diverter
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverter
 
Implementation of k means algorithm on Hadoop
Implementation of k means algorithm on HadoopImplementation of k means algorithm on Hadoop
Implementation of k means algorithm on Hadoop
 
Containerizing Distributed Pipes
Containerizing Distributed PipesContainerizing Distributed Pipes
Containerizing Distributed Pipes
 
Building a Real-time Streaming ETL Framework Using ksqlDB and NoSQL
Building a Real-time Streaming ETL Framework Using ksqlDB and NoSQLBuilding a Real-time Streaming ETL Framework Using ksqlDB and NoSQL
Building a Real-time Streaming ETL Framework Using ksqlDB and NoSQL
 
ReactiveSummeriserAkka-ScalaByBay2016
ReactiveSummeriserAkka-ScalaByBay2016ReactiveSummeriserAkka-ScalaByBay2016
ReactiveSummeriserAkka-ScalaByBay2016
 
[ScalaByTheBay2016] Implement a scalable statistical aggregation system using...
[ScalaByTheBay2016] Implement a scalable statistical aggregation system using...[ScalaByTheBay2016] Implement a scalable statistical aggregation system using...
[ScalaByTheBay2016] Implement a scalable statistical aggregation system using...
 
Network simulator 2
Network simulator 2Network simulator 2
Network simulator 2
 
Blazing Fast Windows 8 Apps using Visual C++
Blazing Fast Windows 8 Apps using Visual C++Blazing Fast Windows 8 Apps using Visual C++
Blazing Fast Windows 8 Apps using Visual C++
 
Advanced kapacitor
Advanced kapacitorAdvanced kapacitor
Advanced kapacitor
 
Redis - for duplicate detection on real time stream
Redis - for duplicate detection on real time streamRedis - for duplicate detection on real time stream
Redis - for duplicate detection on real time stream
 
Redis for duplicate detection on real time stream
Redis for duplicate detection on real time streamRedis for duplicate detection on real time stream
Redis for duplicate detection on real time stream
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Confidentiality as a service –usable security for the cloud

  • 1. Confidentiality as a Service –Usable Security for the Cloud 1
  • 2.  Cloud computing provides numerous advantages.  But cloud computing is a security nightmare.  Don’t trust CSP (Cloud service provider) security.  Confidentiality and integrity vs. usability.  What about Confidentiality provider third party? 2
  • 3. Combines data security with usability.    3 Trust splitting between CSP and CAAS. Hides all cryptographic artifacts from users.
  • 4. Create CAAS Identity .   Register via user name and password.  Email-based identification and authentication (EBIA) is used.  The user must choose different passwords for his CaaS and cloud service accounts.  User downloads and installs small software plug-ins.  User enters the CaaS password once per session. 4
  • 5. 5
  • 6. MAC and HMAC. KDF and HKDF. Stream cipher.    6
  • 7. 7
  • 8. MAC based on hash functions . HMAC (K,m) = H ((K ⊕ opad) ∥ H ((K ⊕ ipad) ∥ m)) 8
  • 9. Derives one or more secret keys from a secret value.  DK = KDF( Key, Salt, Iterations) Prevents attacker to know either the input secret value or any of the other derived keys.  9
  • 10.  Extract Takes the input keying material(IKM) and extracts from it a fixed-length key (PRK). PRK = HMAC-Hash(salt, IKM)  Expand Expands the key PRK into several additional keys . 10
  • 11.  It takes a short secret key and produces a long keystream.  Encryption is performed by bitwise XORing the keystream to the plain text.  Decryption is performed by regenerating the keystream and XORing it to the ciphertext.  Stream cipher with initialization vector:  11 Take both secret key and public IV to produce keystream.
  • 12.  +cLayerLocalPre:  Choose a random initialization vector IVu1. Choose a random symmetric encryption key ku1. Calculate a keystream kstr = Sym (iv , k ). Encrypt clearu1 : encu1 = clearu1⊕ kstru1 .  Calculate the message digest digu1 = Hu(clearu1 ).  Send the tuple CredCaaS(u1), U, encu1 to the CaaS.    12 u1 ustr u1 u1
  • 13.  +cLayerRemote :          13 Check if all u ∈ U are registered CaaS users. Add u1 to U. Sort the list of participating users. For all users compute hj = Hp(uj +hj−1) to obtain iterative hash hn of all participating users. Calculate the secret key kp = HKDFp(hn,Xp). Choose a random initialisation vector ivp Calculate a key stream kstrp = Symp str(ivp, kp) Add a remote cLayer to the input: encp = encu1⊕ kstrp. Send the tuple ivp, Encp back to the requesting client.
  • 14.  -cLayerLocalPre:   14 Decrypt encp: rts = encp ⊕ kstru1. Send rts, iv , dig to the CSP p u
  • 15.  +cLayerLocalPost:  Works as +cLayerLocalPre. 15
  • 16.  +cLayerRemotePost:  Add u2 to U. Sort the list of participating users. For all users compute hj = Hp(uj +hj−1) to obtain iterative hash hn of all participating users. Calculate the secret key kp = HKDFp(hn,Xp). Recalculate a key stream kstrp = Symp str(ivp, kp)  Decrypt enc : dec = enc ⊕ kstr     16 u2 p u2 p
  • 17.  -cLayerLocalPost:    17 Decrypt cipher text using ivu2 , ku2. Calculate the result’s digest using Hu. If the digest is equal to digu1 integrity isn’t violated.
  • 18.  Sending a message:    18 Client-side Javascript checks if all recipients have CaaS accounts. If not they will be highlighted. Password needs to be entered once per session.
  • 19.  Receiving a message:  When the user opens the Facebook page, the script recovers all encrypted message.  The clear text message is inserted into the Facebook message page and framed by a green border. 19
  • 20. 20
  • 21.  S. Fahl, M. Harbach, T. Muders, and M. Smith.Condentiality as a Service - Usable Security for the Cloud. In Proceedings of the IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 2012.  P. Sarkar , On Authenticated Encryption Using Stream Ciphers Supporting an Initialisation Vector.  http://en.wikipedia.org/wiki/Stream_cipher  http://en.wikipedia.org/wiki/Message_authentication_code  http://en.wikipedia.org/wiki/HMAC  http://en.wikipedia.org/wiki/Key_derivation_function  http://tools.ietf.org/html/rfc5869 21

Editor's Notes

  1. (1) -No upfront commitment in buying/leasing hardware–On demand “just-in-time” provisioning–No upfront cost … pay-per-use.Use only when you want, and pay only what you use. (2)- Facebook, for example, leaked all their users’ private information to third-party applications over a time span of multipleyears4. In April 2011, it was reported that the design of theDropbox authentication system was insecure and users could access files of others without authorisation5.(3)-CSPs privacy efforts are usually limited to access control (AC) mechanisms that aim to exclude unauthorized users from accessing the protected data. -Time after time, careless staff members or technical complexity cause accidental sharing of user data that actually should havebeen private. - Furthermore there are situations where CSPs themselves invade the privacy of their users.
  2. (EBIA) email-based identification and authenticationIt identifies and authenticates a user by sending a validation secret to the given email address.If the user is able to read the secret, a new CaaS credential set CredCaaS = email, ids =[], password is created.
  3. http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdfhttp://en.wikipedia.org/wiki/HMACH is a cryptographic hash function,K is a secret key padded to the right with extra zeros to the input block size of the hash function, or the hash of the original key if it's longer than that block size,m is the message to be authenticated,∥ denotes concatenation,⊕ denotes exclusive or (XOR),opad is the outer padding (0x5c5c5c…5c5c, one-block-long hexadecimal constant),and ipad is the inner padding (0x363636…3636, one-block-long hexadecimal constant).
  4. http://en.wikipedia.org/wiki/Key_derivation_function kdf is the key derivationfunction,KEYis the original key or password,Saltis a random number which acts as cryptographic salt, and Iteration refers to the number ofiterations of a sub-function. The derived key is used instead of the original key or password as the key to the system.
  5. http://tools.ietf.org/html/rfc5869ExtractTakes the input keying material(IKM) and "extracts" from it a fixed-length pseudorandom key (PRK). PRK = HMAC-Hash(salt, IKM ” Message here is key”)Expand"expands" the key PRK into several additional pseudorandom keys (the output of the KDF).T(0) = empty string (zero length) T(1) = HMAC-Hash(PRK, T(0) | info | 0x01) T(2) = HMAC-Hash(PRK, T(1) | info | 0x02) T(3) = HMAC-Hash(PRK, T(2) | info | 0x03)
  6. http://en.wikipedia.org/wiki/Stream_cipherOn Authenticated Encryption Using Stream Ciphers Supportingan Initialisation VectorFlexibility in usage arises from the fact that the same key can now be usedwith dierent messages; the IV only needs to be changed. Since there is no secrecy requirement onthe IV, this is a much more easier task to manage.
  7. Run on client sideCredCaaS(u1)  user credentials.U list of users.
  8. Run on server side