Sushil Jajodia, George Mason U Witold Litwin, U Paris Dauphine Thomas Schwarz, S.J., U Católica Uruguay.

Slides:



Advertisements
Similar presentations
Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
Advertisements

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
B+-Trees and Hashing Techniques for Storage and Index Structures
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
©Silberschatz, Korth and Sudarshan12.1Database System Concepts Chapter 12: Part C Part A:  Index Definition in SQL  Ordered Indices  Index Sequential.
File Processing : Hash 2015, Spring Pusan National University Ki-Joune Li.
©Silberschatz, Korth and Sudarshan12.1Database System Concepts Chapter 12: Indexing and Hashing Basic Concepts Ordered Indices B+-Tree Index Files B-Tree.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
CPSC 335 Computer Science University of Calgary Canada.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Signature Based Concurrency Control Thomas Schwarz, S.J. JoAnne Holliday Santa Clara University Santa Clara, CA 95053
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Domain Name System Security Extensions (DNSSEC) Hackers 2.
LH* RE : A Scalable Distributed Data Structure with Recoverable Encryption Keys 1 ( Work in Progress, Jan 09) ( Provisional Patent Appl.) Sushil JajodiaWitold.
Using Algebraic Signatures in Storage Applications Thomas Schwarz, S.J. Associate Professor, Santa Clara University Associate, SSRC UCSC Storage Systems.
Research on cloud computing application in the peer-to-peer based video-on-demand systems Speaker : 吳靖緯 MA0G rd International Workshop.
Cryptography and Network Security
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Storage & Revoking.
CIS 450 – Network Security Chapter 8 – Password Security.
Security Architecture
Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science Cryptographic Security Secret Sharing, Vanishing Data.
Introduction to Hadoop and HDFS
Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
CSC8320. Outline Content from the book Recent Work Future Work.
SEC835 Practical aspects of security implementation Part 1.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.
Chapter 11 Indexing & Hashing. 2 n Sophisticated database access methods n Basic concerns: access/insertion/deletion time, space overhead n Indexing 
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
1 Index Structures. 2 Chapter : Objectives Types of Single-level Ordered Indexes Primary Indexes Clustering Indexes Secondary Indexes Multilevel Indexes.
Disclosure risk when responding to queries with deterministic guarantees Krish Muralidhar University of Kentucky Rathindra Sarathy Oklahoma State University.
Cryptographic Security Secret Sharing, Vanishing Data 1Dennis Kafura – CS5204 – Operating Systems.
Intro – Part 2 Introduction to Database Management: Ch 1 & 2.
Recoverable Encryption through Noised Secret over Large Cloud Sushil Jajodia 1, W. Litwin 2 & Th. Schwarz 3 1 George Mason University, Fairfax, VA
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Presented By Amarjit Datta
Private key
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
A Security Framework for ROLL draft-tsao-roll-security-framework-00.txt T. Tsao R. Alexander M. Dohler V. Daza A. Lozano.
IDS And Tripwire Rayhan Mir COSC 356. What is IDS IDS - Intrusion detection system Primary function – To monitor network or host resources to detect intrusions.
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos
Threat Modeling for Cloud Computing
Cryptography and Network Security
COP Introduction to Database Structures
Cryptographic Hash Function
Chapter 5: The Art of Ensuring Integrity
Instructor Materials Chapter 5: The Art of Ensuring Integrity
B+-Trees and Static Hashing
Hash-Based Indexes Chapter 10
B+Trees The slides for this text are organized into chapters. This lecture covers Chapter 9. Chapter 1: Introduction to Database Systems Chapter 2: The.
Instructor Materials Chapter 5: The Art of Ensuring Integrity
Advance Database System
Database Systems (資料庫系統)
Indexing 4/11/2019.
Tree-Structured Indexes
MULTIFAN-CL implementation of deterministic and stochastic projections
Presentation transcript:

Sushil Jajodia, George Mason U Witold Litwin, U Paris Dauphine Thomas Schwarz, S.J., U Católica Uruguay

 Scalable Distributed Data Structures store data in the potentially hostile environment of distributed systems, clouds, P2P  Standard protection for confidentiality, integrity, and authentication is encryption ◦ Client-Side Encryption  Challenge: Key management  Clients loose keys, keys need to be revoked, …  Could use Key Escrow  Not widely used ◦ Server-Side Encryption  Challenge: Key management  Client has no control over her/his data

 Build on top of LH*, distributed version of linear hashing ◦ Data distributed into buckets, each at a different server ◦ Gracefully adjusts to growth of file ◦ Very efficient access via record identifiers  Uses client-side encryption  All key are copied in LH* itself: ◦ Each key broken into k + 1 shares through secret sharing  Generate k random strings of same size as key C  These form first k random shares  C k = C 0  C 1  C 2 ...  C k-1  C is the last share. ◦ Key shares stored in Share Records

 LH* data stored in records consisting of RID and non-key field (payload)  LH* RE adds three fields: ◦ I-field:Identifies application, … ◦ F-field: Flag that distinguishes between data records and key share records ◦ T-field:Identifies key being used

 Client records are LH* records  Data records translated in LH* RE format

 Key Management ◦ Clients maintain their key chain in a table T ◦ Each key broken up into key share ◦ Each key share stored as a share record  Key Recovery: ◦ Use LH* scan operation to find all key shares belonging to a certain application  Key Revocation: ◦ Find all key shares ◦ Find all records ◦ Delete, re-encrypt and reinsert records

 LH* RE is k-safe ◦ Attack into up to k servers is not successful

 Threat model ◦ Servers are autonomous, no common vulnerabilities:  Physical access  Administrative access  Common configuration  Assurance ◦ Probability that x intrusions did not yield records to the attacker  Disclosure ◦ Expected proportion of records obtained by an intrusion into x servers

Assurance in an LH* file with K = 4, 8, and 16 key shares (top to bottom) extending over 16, 32, 64, 128, 256, 512, and 1024 servers. The x-axis is chosen to show the % (five nines) assurance level.

Ratio r of assurances with random placement over assurance with the LH* RE placement scheme for N = 256 sites, K = 4, 8, and 16.

Assurance in an LH* file with K = 4 and r = 10 and r = 100 keys. We vary N from 16 to The x- axis shows the two nines assurance level

 Expected Disclosure ◦ N number of sites, K number of key shares, x number of intruded sites ◦ Independent of number of keys used!

 Conditional Disclosure ◦ Expected proportion of records assuming that a successful intrusion has occurred  is the probability of a successful attack into one bucket  r number of keys

Contour Graph for the conditional disclosure. We vary N, the number of sites, and r, the number of keys. We set K, the number of shares to 8, and show figures for x = 8, 9, 16 and 32 intrusions. The upper right corner of each picture has close to zero conditional disclosure.

 Refined Disclosure Costs ◦ Costs of a disclosure of data depends on  The fact of disclosure  Negative publicity, Costs of filing with authorities and penalties, Costs of incident analysis …  The number of records disclosed ◦ Model costs of disclosure by assuming that α of maximum disclosure is fixed

Refined Disclosure Proportion for N = 100, K = 8, α = 0, 0.1, 0.5, 1, and x (x- axis) varying between 0 and 50. Notice the different scales on the y-axis

 On Balance: ◦ While maintaining # of nines of safety, can introduce more keys as file extends over more sites ◦ Number of keys has no impact on expected disclosure ◦ Number of keys has positive impact on conditional disclosure ◦ Number of keys has negative impact on refined disclosure costs

 Up till now, we assumed an attacker without knowledge of the LH* layout ◦ With knowledge where buckets are (e.g. from observing traffic flow), a “savvy attacker” has an advantage

 Assume initial number of buckets is 3, but now grown to 6: ◦ One key share in Buckets 0 and 4 ◦ One key share in Buckets 1, 3, and 5 ◦ One key share in Bucket 2  Optimal attack uses key share distribution and size ◦ Optimal 3 attack plan:  Attack either 0 or 4  Attack 3  It has half the records descending from original Bucket 1  Attack 2 ◦ Success rate is ½ * ½ * 1=0.25

 Savvy attacker needs to optimize bucket intrusions  Advantage higher if: ◦ There are buckets of different size ◦ The initial number of buckets is not a power of 2

 Management of number of keys  High availability

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.