SlideShare uma empresa Scribd logo

600.412.Lecture07

R
ragibhasan

CS 600.412 Security and Privacy in Cloud Computing

1 de 18
Security and Privacy in Cloud Computing Ragib HasanJohns Hopkins Universityen.600.412 Spring 2010 Lecture 7 03/29/2010
Provenance Provenance: from Latin provenire ‘come from’, defined as “(i) the fact of coming from some particular source or quarter; origin, derivation. (ii) the history or pedigree of a work of art, manuscript, rare book, etc.; a record of the ultimate derivation and passage of an item through its various owners” (Oxford English Dictionary) In other words,Who owned it, what was done to it, how was it transferred … Widely used in arts, archives, and archeology, called the Fundamental Principle of Archival 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 2 http://moma.org/collection/provenance/items/644.67.html L'artiste et son modèle (1928), at Museum of Modern Art
Data Provenance 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 3 Definition* Description of the origins of data and the process by which it arrived at the database. [Buneman et al.] Information describing materials and transformations applied to derive the data. [Lanter] Metadata recording the process of experiment workflows, annotations, and notes about experiments. [Greenwood] Information that helps determine the derivation history of a data product, starting from its original sources. [Simmhan et al.] *Simmhan et al. A Survey of Provenance in E-Science. SIGMOD Record, 2005.
Forensics and Provenance in Clouds Cloud provenance can be Data provenance: Who created, modified, deleted data stored in a cloud (external entities change data) Process provenance: What happened to data once it was inside the cloud (internal entities change data) Cloud provenance should give a record of who accessed the data at different times Auditors should be able to trace an entry (and associated modification) back to the creator 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 4
Privacy questions Should the cloud provider know the identity of cloud users? Should cloud users know the identity of other users in the same group? 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 5
The “Bread and Butter” paper Problem To preserve user privacy and allow anonymous authentication/accessin a cloud To determine authorship of data, i.e., to bind data versions to user identities in a cloud 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 6 Lu et al., Secure Provenance: The Essential Bread and Butter of Data Forensics in Cloud Computing, AsiaCCS2010
Threat Model Who are the key players? Users SM SP Who trusts who? Users: trust the SM, but not the SP SP: Trust SM SM: ? What attacks can happen? 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 7
System Model SM: Manages the whole system(?), registers cloud users and providers, issues keys SP: Cloud service provider, manages access to cloud resources Users: A user is part of a group of authorized principals who can access group resources 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 8
Secure provenance (according to the paper) By secure provenance, the authors imply Users can anonymously authenticate themselves as part of authorized users/groups to the cloud provider Users can anonymously access and modify resources Encrypted data stored by a user can be decrypted by other users from the same group If necessary, the SM can trace a data item to the user who created it 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 9
Setup Inputs: Security parameter k Output: Master key, public parameters 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 10 Master Key K Param (Public Parameters) SM
User/provider registration Inputs: Master key, public parameters, user identity Outputs: Private key, entry in tracking list 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 11 Master Key User identity Ui Private key ski Param (Public Parameters) Tracking list
User-cloud interaction (1) User anonymously authenticate herself to the cloud Cloud provider can check that the signature was made with a key issued by the SM 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 12 χ σA = signski(Yi||χ) σP / aski
User-cloud interaction (2) Provider stores Signatures and authentication information during each access 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 13 EncryptedData: C = encrypt(M) Sig = signaski(C) Store C and σA
Identifying authorship 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 14 σA User identity
Confidentiality preservation Each user gets a different authorized group user access key Any group user access key can be used to decrypt a ciphertext created by other users in the same group 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 15
Discussion Suppose Amazon S3 implements such a model. What will be the advantages, and what will be the disadvantages? 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 16
What about other provenance in computation clouds? If the data is being manipulated by processes running in the cloud, how will the problem change? 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 17
3/29/2010 18 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan Further Reading Ragib Hasan, Radu Sion, and Marianne Winslett, Protecting History Forgery with Secure Provenance, ACM Transactions on Storage, December 2009

Recomendados

600.412.Lecture05
600.412.Lecture05600.412.Lecture05
600.412.Lecture05
ragibhasan
 
600.412.Lecture02
600.412.Lecture02600.412.Lecture02
600.412.Lecture02
ragibhasan
 
Collaborative Science: Technologies & Examples
Collaborative Science: Technologies & ExamplesCollaborative Science: Technologies & Examples
Collaborative Science: Technologies & Examples
Cameron Kiddle
 
[MM2023] Ducho: A Unified Framework for the Extraction of Multimodal Features...
[MM2023] Ducho: A Unified Framework for the Extraction of Multimodal Features...[MM2023] Ducho: A Unified Framework for the Extraction of Multimodal Features...
[MM2023] Ducho: A Unified Framework for the Extraction of Multimodal Features...
Daniele Malitesta
 
Archaeological complete 2010
Archaeological complete 2010Archaeological complete 2010
Archaeological complete 2010
Jayatunga Amaraweera
 
Towards an effective digital archiving system for archaeological complete 2010
Towards an effective digital archiving system for archaeological complete 2010Towards an effective digital archiving system for archaeological complete 2010
Towards an effective digital archiving system for archaeological complete 2010
Nadeeka Rathnabahu
 
Developing New Data Types with Plone
Developing New Data Types with PloneDeveloping New Data Types with Plone
Developing New Data Types with Plone
brighteyes
 
NIS.docx
NIS.docxNIS.docx
NIS.docx
PremBorse1
 

Recomendados

600.412.Lecture05
600.412.Lecture05600.412.Lecture05
600.412.Lecture05
ragibhasan
 
600.412.Lecture02
600.412.Lecture02600.412.Lecture02
600.412.Lecture02
ragibhasan
 
Collaborative Science: Technologies & Examples
Collaborative Science: Technologies & ExamplesCollaborative Science: Technologies & Examples
Collaborative Science: Technologies & Examples
Cameron Kiddle
 
[MM2023] Ducho: A Unified Framework for the Extraction of Multimodal Features...
[MM2023] Ducho: A Unified Framework for the Extraction of Multimodal Features...[MM2023] Ducho: A Unified Framework for the Extraction of Multimodal Features...
[MM2023] Ducho: A Unified Framework for the Extraction of Multimodal Features...
Daniele Malitesta
 
Archaeological complete 2010
Archaeological complete 2010Archaeological complete 2010
Archaeological complete 2010
Jayatunga Amaraweera
 
Towards an effective digital archiving system for archaeological complete 2010
Towards an effective digital archiving system for archaeological complete 2010Towards an effective digital archiving system for archaeological complete 2010
Towards an effective digital archiving system for archaeological complete 2010
Nadeeka Rathnabahu
 
Developing New Data Types with Plone
Developing New Data Types with PloneDeveloping New Data Types with Plone
Developing New Data Types with Plone
brighteyes
 
NIS.docx
NIS.docxNIS.docx
NIS.docx
PremBorse1
 
IRJET - Virtual Data Auditing at Overcast Environment
IRJET - Virtual Data Auditing at Overcast EnvironmentIRJET - Virtual Data Auditing at Overcast Environment
IRJET - Virtual Data Auditing at Overcast Environment
IRJET Journal
 
Catania Science Gateway Framework
Catania Science Gateway Framework Catania Science Gateway Framework
Catania Science Gateway Framework
riround
 
Collaborative Science: Technologies & Examples - Cameron Kiddle, Grid Researc...
Collaborative Science: Technologies & Examples - Cameron Kiddle, Grid Researc...Collaborative Science: Technologies & Examples - Cameron Kiddle, Grid Researc...
Collaborative Science: Technologies & Examples - Cameron Kiddle, Grid Researc...
Cybera Inc.
 
OpenAIRE at the 8th e-Infrastructure Concetration Meeting Nov 5, 2010 CERN -...
OpenAIRE at the 8th e-Infrastructure Concetration Meeting Nov 5, 2010 CERN -...OpenAIRE at the 8th e-Infrastructure Concetration Meeting Nov 5, 2010 CERN -...
OpenAIRE at the 8th e-Infrastructure Concetration Meeting Nov 5, 2010 CERN -...
OpenAIRE
 
Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...
Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...
Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...
Ian Foster
 
Lecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud ComputingLecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud Computing
ragibhasan
 
LifeSocial - A P2P-Platform for Secure Online Social Networks
LifeSocial - A P2P-Platform for Secure Online Social NetworksLifeSocial - A P2P-Platform for Secure Online Social Networks
LifeSocial - A P2P-Platform for Secure Online Social Networks
Kalman Graffi
 
Enhancing Security in Dynamic Public Cloud Data Using Encryption
Enhancing Security in Dynamic Public Cloud Data Using EncryptionEnhancing Security in Dynamic Public Cloud Data Using Encryption
Enhancing Security in Dynamic Public Cloud Data Using Encryption
Association of Scientists, Developers and Faculties
 
Names project update
Names project updateNames project update
Names project update
Amanda Hill
 
Repositories Update (UK)
Repositories Update (UK) Repositories Update (UK)
Repositories Update (UK)
EDINA, University of Edinburgh
 
Cloud as a GIFT: Exploiting Personal Cloud Free Accounts via Rest APIs
Cloud as a GIFT: Exploiting Personal Cloud Free Accounts via Rest APIsCloud as a GIFT: Exploiting Personal Cloud Free Accounts via Rest APIs
Cloud as a GIFT: Exploiting Personal Cloud Free Accounts via Rest APIs
Nishant Kumar
 
IUI 2010: An Informal Summary of the International Conference on Intelligent ...
IUI 2010: An Informal Summary of the International Conference on Intelligent ...IUI 2010: An Informal Summary of the International Conference on Intelligent ...
IUI 2010: An Informal Summary of the International Conference on Intelligent ...
J S
 
Data management plans archeology class 10 18 2012
Data management plans archeology class 10 18 2012Data management plans archeology class 10 18 2012
Data management plans archeology class 10 18 2012
Elizabeth Brown
 
SocialCom 2009 - Social Synchrony
SocialCom 2009 - Social SynchronySocialCom 2009 - Social Synchrony
SocialCom 2009 - Social Synchrony
Munmun De Choudhury
 
Professor Hendrik Speck - Social Conduct. Privacy and Social Networks.
Professor Hendrik Speck - Social Conduct. Privacy and Social Networks.Professor Hendrik Speck - Social Conduct. Privacy and Social Networks.
Professor Hendrik Speck - Social Conduct. Privacy and Social Networks.
Hendrik Speck
 
CyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario HoffmannCyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario Hoffmann
segughana
 
Security in Cloud-based Cyber-physical Systems
Security in Cloud-based Cyber-physical SystemsSecurity in Cloud-based Cyber-physical Systems
Security in Cloud-based Cyber-physical Systems
FAST-Lab. Factory Automation Systems and Technologies Laboratory, Tampere University of Technology
 
myExperiment @ Nettab
myExperiment @ NettabmyExperiment @ Nettab
myExperiment @ Nettab
Duncan Hull
 
Selected Cloud Security Patterns For Improving End User Security and Privacy ...
Selected Cloud Security Patterns For Improving End User Security and Privacy ...Selected Cloud Security Patterns For Improving End User Security and Privacy ...
Selected Cloud Security Patterns For Improving End User Security and Privacy ...
PRISMACLOUD Project
 
Transforming repositories: from repository managers to institutional data man...
Transforming repositories: from repository managers to institutional data man...Transforming repositories: from repository managers to institutional data man...
Transforming repositories: from repository managers to institutional data man...
JISC KeepIt project
 
Dw bobs-shikkhok
Dw bobs-shikkhokDw bobs-shikkhok
Dw bobs-shikkhok
ragibhasan
 
Security and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewSecurity and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level view
ragibhasan
 

Mais conteúdo relacionado

Semelhante a 600.412.Lecture07

Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...
Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...
Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...
Ian Foster
 
Enhancing Security in Dynamic Public Cloud Data Using Encryption
Enhancing Security in Dynamic Public Cloud Data Using EncryptionEnhancing Security in Dynamic Public Cloud Data Using Encryption
Enhancing Security in Dynamic Public Cloud Data Using Encryption
Association of Scientists, Developers and Faculties
 
Data management plans archeology class 10 18 2012
Data management plans archeology class 10 18 2012Data management plans archeology class 10 18 2012
Data management plans archeology class 10 18 2012
Elizabeth Brown
 
SocialCom 2009 - Social Synchrony
SocialCom 2009 - Social SynchronySocialCom 2009 - Social Synchrony
SocialCom 2009 - Social Synchrony
Munmun De Choudhury
 
CyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario HoffmannCyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario Hoffmann
segughana
 
myExperiment @ Nettab
myExperiment @ NettabmyExperiment @ Nettab
myExperiment @ Nettab
Duncan Hull
 
Transforming repositories: from repository managers to institutional data man...
Transforming repositories: from repository managers to institutional data man...Transforming repositories: from repository managers to institutional data man...
Transforming repositories: from repository managers to institutional data man...
JISC KeepIt project
 

Semelhante a 600.412.Lecture07 (20)

IRJET - Virtual Data Auditing at Overcast Environment
IRJET - Virtual Data Auditing at Overcast EnvironmentIRJET - Virtual Data Auditing at Overcast Environment
IRJET - Virtual Data Auditing at Overcast Environment
 
Catania Science Gateway Framework
Catania Science Gateway Framework Catania Science Gateway Framework
Catania Science Gateway Framework
 
Collaborative Science: Technologies & Examples - Cameron Kiddle, Grid Researc...
Collaborative Science: Technologies & Examples - Cameron Kiddle, Grid Researc...Collaborative Science: Technologies & Examples - Cameron Kiddle, Grid Researc...
Collaborative Science: Technologies & Examples - Cameron Kiddle, Grid Researc...
 
OpenAIRE at the 8th e-Infrastructure Concetration Meeting Nov 5, 2010 CERN -...
OpenAIRE at the 8th e-Infrastructure Concetration Meeting Nov 5, 2010 CERN -...OpenAIRE at the 8th e-Infrastructure Concetration Meeting Nov 5, 2010 CERN -...
OpenAIRE at the 8th e-Infrastructure Concetration Meeting Nov 5, 2010 CERN -...
 
Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...
Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...
Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...
 
Lecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud ComputingLecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud Computing
 
LifeSocial - A P2P-Platform for Secure Online Social Networks
LifeSocial - A P2P-Platform for Secure Online Social NetworksLifeSocial - A P2P-Platform for Secure Online Social Networks
LifeSocial - A P2P-Platform for Secure Online Social Networks
 
Enhancing Security in Dynamic Public Cloud Data Using Encryption
Enhancing Security in Dynamic Public Cloud Data Using EncryptionEnhancing Security in Dynamic Public Cloud Data Using Encryption
Enhancing Security in Dynamic Public Cloud Data Using Encryption
 
Names project update
Names project updateNames project update
Names project update
 
Repositories Update (UK)
Repositories Update (UK) Repositories Update (UK)
Repositories Update (UK)
 
Cloud as a GIFT: Exploiting Personal Cloud Free Accounts via Rest APIs
Cloud as a GIFT: Exploiting Personal Cloud Free Accounts via Rest APIsCloud as a GIFT: Exploiting Personal Cloud Free Accounts via Rest APIs
Cloud as a GIFT: Exploiting Personal Cloud Free Accounts via Rest APIs
 
IUI 2010: An Informal Summary of the International Conference on Intelligent ...
IUI 2010: An Informal Summary of the International Conference on Intelligent ...IUI 2010: An Informal Summary of the International Conference on Intelligent ...
IUI 2010: An Informal Summary of the International Conference on Intelligent ...
 
Data management plans archeology class 10 18 2012
Data management plans archeology class 10 18 2012Data management plans archeology class 10 18 2012
Data management plans archeology class 10 18 2012
 
SocialCom 2009 - Social Synchrony
SocialCom 2009 - Social SynchronySocialCom 2009 - Social Synchrony
SocialCom 2009 - Social Synchrony
 
Professor Hendrik Speck - Social Conduct. Privacy and Social Networks.
Professor Hendrik Speck - Social Conduct. Privacy and Social Networks.Professor Hendrik Speck - Social Conduct. Privacy and Social Networks.
Professor Hendrik Speck - Social Conduct. Privacy and Social Networks.
 
CyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario HoffmannCyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario Hoffmann
 
Security in Cloud-based Cyber-physical Systems
Security in Cloud-based Cyber-physical SystemsSecurity in Cloud-based Cyber-physical Systems
Security in Cloud-based Cyber-physical Systems
 
myExperiment @ Nettab
myExperiment @ NettabmyExperiment @ Nettab
myExperiment @ Nettab
 
Selected Cloud Security Patterns For Improving End User Security and Privacy ...
Selected Cloud Security Patterns For Improving End User Security and Privacy ...Selected Cloud Security Patterns For Improving End User Security and Privacy ...
Selected Cloud Security Patterns For Improving End User Security and Privacy ...
 
Transforming repositories: from repository managers to institutional data man...
Transforming repositories: from repository managers to institutional data man...Transforming repositories: from repository managers to institutional data man...
Transforming repositories: from repository managers to institutional data man...
 

Mais de ragibhasan

Dw bobs-shikkhok
Dw bobs-shikkhokDw bobs-shikkhok
Dw bobs-shikkhok
ragibhasan
 

Mais de ragibhasan (6)

Dw bobs-shikkhok
Dw bobs-shikkhokDw bobs-shikkhok
Dw bobs-shikkhok
 
Security and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewSecurity and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level view
 
600.412.Lecture03
600.412.Lecture03600.412.Lecture03
600.412.Lecture03
 
600.412.Lecture06
600.412.Lecture06600.412.Lecture06
600.412.Lecture06
 
600.412.Lecture08
600.412.Lecture08600.412.Lecture08
600.412.Lecture08
 
Fake Picassos, Tampered History, and Digital Forgery: Protecting the Genealog...
Fake Picassos, Tampered History, and Digital Forgery: Protecting the Genealog...Fake Picassos, Tampered History, and Digital Forgery: Protecting the Genealog...
Fake Picassos, Tampered History, and Digital Forgery: Protecting the Genealog...
 

600.412.Lecture07

  • 1. Security and Privacy in Cloud Computing Ragib HasanJohns Hopkins Universityen.600.412 Spring 2010 Lecture 7 03/29/2010
  • 2. Provenance Provenance: from Latin provenire ‘come from’, defined as “(i) the fact of coming from some particular source or quarter; origin, derivation. (ii) the history or pedigree of a work of art, manuscript, rare book, etc.; a record of the ultimate derivation and passage of an item through its various owners” (Oxford English Dictionary) In other words,Who owned it, what was done to it, how was it transferred … Widely used in arts, archives, and archeology, called the Fundamental Principle of Archival 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 2 http://moma.org/collection/provenance/items/644.67.html L'artiste et son modèle (1928), at Museum of Modern Art
  • 3. Data Provenance 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 3 Definition* Description of the origins of data and the process by which it arrived at the database. [Buneman et al.] Information describing materials and transformations applied to derive the data. [Lanter] Metadata recording the process of experiment workflows, annotations, and notes about experiments. [Greenwood] Information that helps determine the derivation history of a data product, starting from its original sources. [Simmhan et al.] *Simmhan et al. A Survey of Provenance in E-Science. SIGMOD Record, 2005.
  • 4. Forensics and Provenance in Clouds Cloud provenance can be Data provenance: Who created, modified, deleted data stored in a cloud (external entities change data) Process provenance: What happened to data once it was inside the cloud (internal entities change data) Cloud provenance should give a record of who accessed the data at different times Auditors should be able to trace an entry (and associated modification) back to the creator 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 4
  • 5. Privacy questions Should the cloud provider know the identity of cloud users? Should cloud users know the identity of other users in the same group? 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 5
  • 6. The “Bread and Butter” paper Problem To preserve user privacy and allow anonymous authentication/accessin a cloud To determine authorship of data, i.e., to bind data versions to user identities in a cloud 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 6 Lu et al., Secure Provenance: The Essential Bread and Butter of Data Forensics in Cloud Computing, AsiaCCS2010
  • 7. Threat Model Who are the key players? Users SM SP Who trusts who? Users: trust the SM, but not the SP SP: Trust SM SM: ? What attacks can happen? 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 7
  • 8. System Model SM: Manages the whole system(?), registers cloud users and providers, issues keys SP: Cloud service provider, manages access to cloud resources Users: A user is part of a group of authorized principals who can access group resources 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 8
  • 9. Secure provenance (according to the paper) By secure provenance, the authors imply Users can anonymously authenticate themselves as part of authorized users/groups to the cloud provider Users can anonymously access and modify resources Encrypted data stored by a user can be decrypted by other users from the same group If necessary, the SM can trace a data item to the user who created it 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 9
  • 10. Setup Inputs: Security parameter k Output: Master key, public parameters 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 10 Master Key K Param (Public Parameters) SM
  • 11. User/provider registration Inputs: Master key, public parameters, user identity Outputs: Private key, entry in tracking list 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 11 Master Key User identity Ui Private key ski Param (Public Parameters) Tracking list
  • 12. User-cloud interaction (1) User anonymously authenticate herself to the cloud Cloud provider can check that the signature was made with a key issued by the SM 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 12 χ σA = signski(Yi||χ) σP / aski
  • 13. User-cloud interaction (2) Provider stores Signatures and authentication information during each access 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 13 EncryptedData: C = encrypt(M) Sig = signaski(C) Store C and σA
  • 14. Identifying authorship 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 14 σA User identity
  • 15. Confidentiality preservation Each user gets a different authorized group user access key Any group user access key can be used to decrypt a ciphertext created by other users in the same group 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 15
  • 16. Discussion Suppose Amazon S3 implements such a model. What will be the advantages, and what will be the disadvantages? 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 16
  • 17. What about other provenance in computation clouds? If the data is being manipulated by processes running in the cloud, how will the problem change? 3/29/2010 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan 17
  • 18. 3/29/2010 18 en.600.412 Spring 2010 Lecture 7 | JHU | Ragib Hasan Further Reading Ragib Hasan, Radu Sion, and Marianne Winslett, Protecting History Forgery with Secure Provenance, ACM Transactions on Storage, December 2009