Fine-Grained Access Control (FGAC) in the Cloud Robert Barton.

Slides:



Advertisements
Similar presentations
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Advertisements

Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
A Folder Tree Structure for Cryptographic File Systems Dominik Grolimund, Luzius Meisser, Stefan Schmid, Roger Wattenhofer Computer Engineering and Networks.
Data Integrity Proofs in Cloud Storage Sravan Kumar R, Ashutosh Saxena Communication Systems and Networks (COMSNETS), 2011 Third International Conference.
Interlock Protocol - Akanksha Srivastava 2002A7PS589.
Caleb Stepanian, Cindy Rogers, Nilesh Patel
E-science grid facility for Europe and Latin America A Data Access Policy based on VOMS attributes in the Secure Storage Service Diego Scardaci.
RIKE Using Revocable Identities to Support Key Escrow in PKIs Nan Zhang, Jingqiang Lin, Jiwu Jing, Neng Gao State Key Laboratory of Information Security,
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Interoperation Between a Conventional PKI and an ID-Based Infrastructure Geraint Price Royal Holloway University of London joint work with Chris Mitchell.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Inter-Domain Identity-Based Authenticated Key Agreement Protocols from Weil Pairing Authors: Hong-bin Tasi, Yun-Peng Chiu and Chin-Laung Lei From:ISC2006.
Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Sinaia, Romania August, TH Workshop “Software Engineering Education and Reverse Engineering” Dhuratë Hyseni, Betim Çiço South East European University.
Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.
A Survey on Secure Cloud Data Storage ZENG, Xi CAI, Peng
DATA DYNAMICS AND PUBLIC VERIFIABILITY CHECKING WITHOUT THIRD PARTY AUDITOR GUIDED BY PROJECT MEMBERS: Ms. V.JAYANTHI M.E Assistant Professor V.KARTHIKEYAN.
PROVIDING SECURITY BY AES AMONG MULTI-USERS IN CLOUD Presentation By : Mohammed Abdul Sarfaraz Registration No.: 12311D2518. Specialization : Software.
HPCC 2015, August , New York, USA Wei Chang c Joint work with Qin Liu a, Guojun Wang b, and Jie Wu c a. Hunan University, P. R. China b. Central.
Copyright Protection Allowing for Fair Use Team 9 David Dobbs William Greenwell Jennifer Kahng Virginia Volk.
Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Certification asynchrone à grande échelle avec des arbres de vérification de certificats Josep Domingo-Ferrer Universitat Rovira i Virgili
Lecture 11: Strong Passwords
1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.
Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
Identity-Based Secure Distributed Data Storage Schemes.
Enabling Dynamic Data and Indirect Mutual Trust for Cloud Computing Storage Systems.
Attribute-Based Encryption with Non-Monotonic Access Structures
Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.
Privacy Preserving Delegated Access Control in Public Clouds.
ASYNCHRONOUS LARGE-SCALE CERTIFICATION BASED ON CERTIFICATE VERIFICATION TREES Josep Domingo-Ferrer, Marc Alba and Francesc Sebé Dept. of Computer Engineering.
1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz
Transferring data.  Most commercial computer users need to allow their employees to share data.  It also needs more than one employee to access the.
National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.
Current Security Threats and Prevention Measures Relating to Cloud Services, Hadoop Concurrent Processing, and Big Data ATHER SHARIF, SARAH COONEY, SHENGQI.
Under The Guidance of Smt. Ch.Ratna Kumari Asst.Professor Submitted by M Ravi Kumar Roll No:10021F0006 M.C.A.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Secure Sharding.
Yet another Pop Quiz COSC 6360 Fall The rules On any sheet of paper, please write  You full name, first name first  Today's date  Your answers.
Attribute-Based Encryption With Verifiable Outsourced Decryption.
Lecture 5 Page 1 CS 236 Online Key Management Choosing long, random keys doesn’t do you any good if your clerk is selling them for $10 a pop at the back.
Computer Security By Duncan Hall.
LOGO Cloud Storage Oriented Cipher-text Search Protocol.
Securely assessing encrypted cloud storage from multiple devices Nguyen Hoang Long Supervisor : Prof. N. Asokan Advisor : Sandeep.
2011 IEEE TrustCom-11 Sushmita Ruj Amiya Nayak and Ivan Stojmenovic Regular Seminar Tae Hoon Kim.
STORAGE LOCAL OR ONLINE. DATA STORAGE: DATA YOU STORE ONLINE FILES SUCH AS IMAGES, SPREADSHEETS, VIDEO OR MUSIC. ONLINE DATA STORAGE: WHEN FILES ARE STORES.
Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud.
SDSM IN MOBILE CLOUD COMPUTING By- ID NO-1069 K.C. SHARMILAADEVI Sethu Institute Of Tech IV year-ECE Department CEC Batch: AUG 2012.
INSTITUTE FOR CYBER SECURITY 1 Enforcement Architecture and Implementation Model for Group-Centric Information Sharing © Ravi Sandhu Ram Krishnan (George.
M2 Encryption techniques Gladys Nzita-Mak. What is encryption? Encryption is the method of having information such as text being converted into a format.
Information Security and Privacy By: Joshua Waibel.
1 SFS: Secure File Sharing For Dynamic Groups In Cloud Shruthi Suresh M-tech CSE RCET.
Shucheng Yu, Cong Wang, Kui Ren,
Set up your own Cloud The search for a secure and acceptable means of gaining access to your files stored at the office from a remote location.
NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.
pVault Sharing Architecture
Advanced Security Architecture System Engineer Cisco: practice-questions.html.
Server Side Wrap Operations
Encryption and Hacking
Online software and backups
Marco Casassa Mont Keith Harrison Martin Sadler
Emerging Security Mechanisms for Medical Cyber Physical Systems
Presentation transcript:

Fine-Grained Access Control (FGAC) in the Cloud Robert Barton

Access Control Quick Review  Fine-grained  Why should I care?  Why is access control necessary?

Clouds  Shift to corporate data storage by third parties  More cost effective  Poses problems with data security

Issues with Cloud Storage  Data Security  User Revocation  Scalability

Data Security  It is necessary to keep the data private from the third party  There is no clear solution to scalable FGAC but there are many good systems to start from

Data Security: Key Policy Attribute-Based Encryption  Users given secret keys based on sets of attributes  Includes one dummy attribute that every file is encrypted with and every user has but cloud does not know about  Files encrypted using the keys of the attributes such that a user that has all the attributes will be able to decrypt the file  Easy to deal with user revocation  Easy for the cloud server to learn about users

Data Security: Hierarchical Identity-Based Encryption  Each user has a public key and secret key  Secret key is made to decrypt any file encrypted using its paired public key along with all the public keys of the user’s ancestors  Easy for third parties to learn about file security levels

Cloud Knowledge  It’s safe to assume that the cloud will try to get as much knowledge about the data it’s storing  One proposed solution: chunks  Each data owner has their own chunk that contains all their files on the cloud  Cloud doesn’t know individual file access policies  If a user satisfies one of the access policies of the chunk he downloads the whole chunk

Data Chunks  Each data owner has their own chunk that contains all their files on the cloud  Cloud doesn’t know individual file access policies  If a user satisfies one of the access policies of the chunk he downloads the whole chunk

User Revocation  Each file the user had access to needs to be re-encrypted  Severe computational overhead on the data owner  Two good solutions:  Two-Layered Encryption  Proxy Re-Encryption  These systems have the larger resources of the cloud server do all the work  The only work done by the data owner is the updated key delegation

User Revocation: Two-Layered Encryption  Data owner encrypts data then has the cloud encrypt a second time  When a user is removed the data owner has the cloud server decrypt the second layer then re-encrypt with a different encryption

User Revocation: Proxy Re-Encryption  This method has the third party re-encrypt the already encrypted data to create a new encryption  The third party doesn’t get to see that data decrypted so it never learns anything

Lazy Re-Encryption  Files are not re-encrypted until a user wants access  Spreads out the re-encryption over time to speed up access with the third party

Conclusion  There is no perfect or correct solution to these problems  It is a continuing academic and industry research area

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.