9. What is… Secure Multiparty Computation (SMC) Cloud Computing Cheap (economies of scale/pay-by-the-drink) Elastic Innovation catalyst Maybe more secure…? Working on encrypted data 30 years old news Not science fiction Slow Simplifying security policies
12. Shallow Cloud Confidentiality Loss of strong confidentiality Loss of cloud benefits web server.. Computation: decrypted! ?! Storage: encrypted Local computation
14. SMC and Deep Confidentiality Pros Cons Strong confidentiality – all the way Secure Simple Efficient Performance Special purpose computations only Introduces overhead (cost) Find setups where these are properly balanced! (not necessarily easy…)
25. SMC Example: private DB “joins” Insurance company National health register Desirable outcome
26. SMC Example: private information retrieval Blood sample Result encrypted and shared Analysis Query result QUERY Only the patient knows query and result RESULT Anonymous computation
27. SMC Example: storage (not really SMC, but hey…) http://allmydata.org/source/tahoe/trunk/docs/about.html
30. Eksempel: auktionpåfølsomme data CSP-2 web-server (CSP-1) DB DB SMC DB CSP-3 Java-applet Krypteret bud DB CSP-4 byder budafgivning beregning på krypterede data!
31.
32. Eksemplerpåtrusler Oktober 2007/salesforce.com Spearphishing mod ansat Kundedata udleveret Adgang til kundedata, bla. fra en række banker http://voices.washingtonpost.com/securityfix/2007/11/salesforcecom_acknowledges_dat.html November 2009/ACM CCS: Angreb på Amazon AWS Placere deres system på udvalgt hardware Aflure fortrolige data via hypervisor. Amazon har rettet det problem