Big Data Security Issues in Cloud Management. BDWG Big Data Working Group Researchers 1: Data analytics for security 2: Privacy preserving 3: Big data-scale.

Slides:

Advertisements

Similar presentations

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.

Advertisements

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

NIST Big Data Public Working Group Security and Privacy Subgroup Presentation September 30, 2013 Arnab Roy, Fujitsu Akhil Manchanda, GE Nancy Landreville,

Computer and Network Security Mini Lecture by Milica Barjaktarovic.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Chapter 1 – Introduction

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Applied Cryptography for Network Security

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Introduction (Pendahuluan)  Information Security.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cloud Computing Cloud Security– an overview Keke Chen.

ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

Cryptography and Network Security

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

Overview of Privacy Preserving Techniques.  This is a high-level summary of the state-of-the-art privacy preserving techniques and research areas  Focus.

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships.

Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.

Cryptography, Authentication and Digital Signatures

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

Privacy Communication Privacy Confidentiality Access Policies Systems Crypto Enforced Computing on Encrypted Data Searching and Reporting Fully Homomorphic.

Secure Sensor Data/Information Management and Mining Bhavani Thuraisingham The University of Texas at Dallas October 2005.

NIST Big Data Public Working Group Security and Privacy Subgroup Presentation September 30, 2013 Arnab Roy, Fujitsu Akhil Manchanda, GE Nancy Landreville,

Data Warehousing Data Mining Privacy. Reading Bhavani Thuraisingham, Murat Kantarcioglu, and Srinivasan Iyer Extended RBAC-design and implementation.

Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.

Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.

Cryptography and Network Security (CS435) Part One (Introduction)

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

DIGITAL SIGNATURE.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

© Cloud Security Alliance, 2015 Wilco van Ginkel, Co-Chair BDWG.

1 X.509-style PKI Revolves around the distribution and management of digital identity certificates Invented in 1978 to facilitate message encryption In.

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.

Jump to first page Internet Security in Perspective Yong Cao December 2000.

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.

IS3220 Information Technology Infrastructure Security

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.

CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.

Threat Modeling for Cloud Computing

Security Outline Encryption Algorithms Authentication Protocols

Cloud Security– an overview Keke Chen

ONLINE SECURE DATA SERVICE

Data Warehousing Data Mining Privacy

PLANNING A SECURE BASELINE INSTALLATION

Security in SDR & cognitive radio

Presentation transcript:

Big Data Security Issues in Cloud Management

BDWG Big Data Working Group Researchers 1: Data analytics for security 2: Privacy preserving 3: Big data-scale crypto 4: Top 10

Big Data Security/Analytics (now) Variety of Data, Security Intelligence Security Information and Event Management (SIEM) (mid-2000) Alarm Correlation Intrusion Detection Systems (1990) Network flows, Host Intrusion Detection logs, etc. The Road to Better Situational Awareness

What is new in Big Data Analytics? Traditional Systems  More rigid, predefined schemas  Data gets deleted  Complex analyst queries take long to complete Big Data Promise  Structured and unstructured data treated seamlessly  Keep data for historical correlation (e.g., 10 years)  Faster query response times Hadoop is de facto open standard for big data at rest

Security Intelligence Big Data Cyber-Data Logs, events, network flows, user id. & activity, etc Analytics Models, Baselining Feature extraction Anomaly detection Context (external sources of information) Dashboard Security analyst (human) looks at indicators Correlates with external sources of info to detect attacks

 In 2014 >60% of respondents installed tools to gain a better view of what is on their network  Examples:  Database Activity Monitoring (DAM)  Monitors administrator activity, unusual database reads/updates, event aggregation, correlation and reporting  Identity Access Management  Risk-Management control room  Security Information and Event Management (SIEM) Industry is Interested in Security Intelligence

1.Communication protocols 2.Data-centric security 3.Big data privacy 4.Key management 5.Data integrity and poisoning concerns 6.Searching / filtering encrypted data 7.Secure data collection/aggregation 8.Secure collaboration 9.Proof of data storage 10.Secure outsourcing of computation Initial Set of Topics in Crypto

Searching and Filtering Encrypted Data subset, and range queries on encrypted data” EncrypterDecrypter SKPK Filtering Token

Secure data collection  How to make collection of data private as well as authenticated? Can verify signature came from a group member Cannot infer which member In case of dispute, a trusted third party can trace the signature to an individual

Secure data filtration Blogs Net Traffic News Feed Cloud Secret Criteria Obfuscate Garbled Filter Encrypted Filtered Data Decrypt Filtered Data Garbled Filter

 Computing on Authenticated Data  A signature scheme such that it is possible to derive signatures on “related” data from a signature on the original document  For example, deriving signatures on a redacted version of a document, without knowing the signing key Data Integrity and Poisoning Concerns

Proof of Data Storage  “PORs: Proofs of Retrievability for Large Files” by Juels and Kaliski  “Compact Proofs of Retrievability” by Shacham and Waters File F; N N = pq f = F mod φ(N) random g g F mod N Check if g f = g F mod N F

Top 10 Challenges Identified by BDWG Copyright 2013 FUJITSU LIMITED 13 1)Secure computations in distributed programming frameworks 2)Security best practices for non-relational datastores 3)Secure data storage and transactions logs 4)End-point input validation/filtering 5)Real time security monitoring 6)Scalable and composable privacy-preserving data mining and analytics 7)Cryptographically enforced access control and secure communication 8)Granular access control 9)Granular audits 10)Data provenance

Secure Computation in Distributed Programming Frameworks Threats/Challenges: Malfunctioning compute worker nodes Access to sensitive dataPrivacy of output information Current Mitigations: Trust establishment: initiation, periodic trust update Mandatory access control Privacy preserving transformations Copyright 2013 FUJITSU LIMITED 14

Security Best Practices for Non Relational Data Stores Threats/Challenges: Lack of stringent authentication and authorization mechanisms Lack of secure communication between compute nodes Current Mitigations: Enforcement through middleware layer Passwords should never be held in clear Encrypted data at rest Protect communication using SSL/TLS Copyright 2013 FUJITSU LIMITED 15

Secure data storage and transaction logs Threats/Challenges: Data Confidentiality and Integrity AvailabilityConsistencyCollusion Current Mitigations: Encryption and SignaturesProof of data possessionPeriodic audit and hash chainsPolicy based encryption Copyright 2013 FUJITSU LIMITED 16 How do we secure infrastructure for big data storage management?

End-point Input Validation / Filtering Threats/Challenges: Adversary may tamper with device or software Adversary may clone fake devices Adversary may directly control source of data Adversary may compromise data in transmission Current Mitigations: Tamper-proof Software Trust Certificate and Trusted Devices Analytics to detect outliersCryptographic Protocols Copyright 2013 FUJITSU LIMITED 17

Cryptographically Enforced Data Centric Security Threats/Challenges: Enforcing access controlSearch and filterOutsourcing of computation Integrity of data and preservation of anonymity Current Mitigations: Identity and Attribute-based encryptions Encryption techniques supporting search and filter Fully Homomorphic Encryption Group signatures with trusted third parties Copyright 2013 FUJITSU LIMITED 18

Data Provenance Threats/Challenges: Secure collection of data Consistency of data and metadata Insider threats Current Mitigations: Authentication techniquesMessage digests Access Control through systems and cryptography Copyright 2013 FUJITSU LIMITED 19 How do we keep track of complex metadata?