Hierarchical Key Applications for Assured Destruction of Deleted Material.

Slides:

Advertisements

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Advertisements

Attribute-based Encryption

Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

A Folder Tree Structure for Cryptographic File Systems Dominik Grolimund, Luzius Meisser, Stefan Schmid, Roger Wattenhofer Computer Engineering and Networks.

Encryption Public-Key, Identity-Based, Attribute-Based.

Full-Datapath Secure Deletion Sarah Diesburg 1. Overview Problem  Current secure deletion methods do not work State of the art  Optimistic system-wide.

1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.

Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.

Backup as a Service and Disaster Recovery as a Service Providing backup and disaster recovery for virtual servers.

Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu Yoshi Kohno Amit Levy Hank Levy University of Washington.

S EMINAR A SELF DESTRUCTING DATA SYSTEM BASED ON ACTIVE STORAGE FRAMEWORK ONON P RESENTED BY S HANKAR G ADHVE G UIDED BY P ROF.P RAFUL P ARDHI.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.

Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.

Improving Lookup Performance over a Widely-Deployed DHT Daniel Stutzbach Reza Rejaie The ION P2P Project University of.

Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.

Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.

Information Assurance Policy: Course Summary. 2 A Multifaceted Activity Policy needs, goals, construction, enforcement, evolution Governance, legislation,

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

Practical Techniques for Searches on Encrypted Data Author:Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀汶承.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

Efficient Proactive Security for Sensitive Data Storage Arun Subbiah Douglas M. Blough School of ECE, Georgia Tech {arun,

Ciphertext-Policy, Attribute-Based Encryption Brent Waters SRI International John Bethencourt CMU Amit Sahai UCLA.

Bring it all together via Automation What is Automation? What is Automation? Why should we Automate? Why should we Automate? How do we enable Automation?

Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.

CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.

Sun NFS Distributed File System Presentation by Jeff Graham and David Larsen.

Fine-Grained Access Control (FGAC) in the Cloud Robert Barton.

Window NT File System JianJing Cao (#98284).

1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Full-Datapath Secure Data Deletion Sarah Diesburg 5/4/

Lecture 14 ISAKMP / IKE Internet Security Association and Key Management Protocol / Internet Key Exchange CIS CIS 5357 Network Security.

Attribute-Based Encryption with Non-Monotonic Access Structures

Rijndael Advanced Encryption Standard. Overview Definitions Definitions Who created Rijndael and the reason behind it Who created Rijndael and the reason.

Chapter 10: File-System Interface Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Jan 1, 2005 Chapter 10: File-System.

SSL with New Client Authentication Takuya Yahagi, S University of Aizu Performance Evaluation Lab.

Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu Tadayoshi Kohno Amit A. Levy Henry M. Levy University of Washington.

15.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Key Management.

Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu | Tadayoshi Kohno | Amit A. Levy | Henry M. Levy Presented by: Libert Tapia.

Peer-to-Peer Network Tzu-Wei Kuo. Outline What is Peer-to-Peer(P2P)? P2P Architecture Applications Advantages and Weaknesses Security Controversy.

Digital Signatures, Message Digest and Authentication Week-9.

Module 4.0: File Systems File is a contiguous logical address space.

WEP – Wireless Encryption Protocol A. Gabriel W. Daleson CS 610 – Advanced Security Portland State University.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Attribute-Based Encryption

Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.

Attribute-Based Encryption With Verifiable Outsourced Decryption.

Access Control: Policies and Mechanisms Vinod Ganapathy.

File Systems 2. 2 File 1 File 2 Disk Blocks File-Allocation Table (FAT)

1 Authenticated Key Exchange Rocky K. C. Chang 20 March 2007.

Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.

Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

HCBE: Achieving Fine-Grained Access Control in Cloud-based PHR Systems Xuhui Liu [1], Qin Liu [1], Tao Peng [2], and Jie Wu [3] [1] Hunan University, China.

Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.

Unified Identity for Access Control Carl Ellison 7 April 2011 IDtrust.

Public Key Cryptography

How Do Users Share Computer Files?

Searchable Encryption in Cloud

Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé

Fuzzy Identity Based Encryption

doc.: IEEE /xxxx February 2004 September 2004

doc.: IEEE /xxxx February 2004 September 2004

Presentation transcript:

Hierarchical Key Applications for Assured Destruction of Deleted Material

The Big Issue Alice has a remotely backed-up filesystem Files are encrypted on the remote server One day, Alice decides she wants to delete /var/secrets /var /var/www /var/secrets 2

The Big Issue However, Alice may not be able to guarantee deletion from the remote server The backup service may queue deletions for later… /var /var/www /var/.secrets 3

The Big Issue …and/or incremental backups of the deleted directory may still exist It may be important that no copy of the data exists at all. 2011/var 2011/var/www 2011/var/secrets 2010/var 2010/var/www 2010/var/secrets 4

A Similar Issue ‘Vanish’ [Geambasu – Security 2009] proposed Self-Destructing Data Bits of keys are distributed over public or semi- public DHTs via Shamir’s Secret Sharing Eventually enough parts of the key are lost due to churn and node self-cleansing that the data is not recoverable 5

A Similar Issue Vanish destroys data with some probability, increasing over time Sometimes “high probability” is not good enough 6

Goals Confidentiality Assurance of Irrecoverability High, consistent granularity Simplicity of deletion of sub-grain blocks of data Low overhead 7

Attribute Based Encryption Sahai and Waters’ 2004 paper “Fuzzy Identity- Based Encryption” introduced Attribute-Based Encryption In an ABE system, each ciphertext is accompanied by a list of attributes Keys can be constructed such that they will only decipher data with certain accompanying attributes 8

Attribute Based Encryption {Billing Dept., Security Clearance, Company Health Plan} {Security Clearance, Billing Dept., Human Resources} 9

Attribute Based Encryption {Billing Dept., Security Clearance, Company Health Plan} {Security Clearance, Billing Dept., Human Resources} 10

Project Proposal {/var, */foo, *.txt} {/var, */www, */foo *.txt} 11 {/var, */www */secrets, *.mkv, *.nzb} {/bin, */zap, */rows, *.dower,}

Project Proposal {/var, */secrets, *.nzb} {/var, */www, */foo *.txt} 12 {/var, */www */secrets, *.mkv, *.nzb} {/bin, */zap, */rows, *.dower,}

Our Solution {/var, */secrets, *.nzb} {/var, */www, */foo *.txt} 13 {/var, */www */secrets, *.mkv, *.nzb} {/bin, */zap, */rows, *.dower,}

Issues to Explore Granularity ▫The higher the granularity (i.e. the more precise deletions that are made possible) the larger the keyset must be Hierarchical structure ▫There's probably some clever trickery where we can shape the keys to be hierarchical - i.e., as is the filesystem ▫We believe the aforementioned adaptation of ABE can accomplish this efficiently 14

Proposal Summary Project Objectives: ▫Hierarchy-based, adjustable granularity adaptation of attribute-based encryption ▫Ability to efficiently delete sub-block-size chunks of data Requirements: ▫4 months ▫$33,000 15