Presentation is loading. Please wait.

Presentation is loading. Please wait.

pVault Sharing Architecture

Published byAugusta Young Modified over 6 years ago

Similar presentations

Presentation on theme: "pVault Sharing Architecture"— Presentation transcript:

1 pVault Sharing Architecture
Ravi Chandra Jammalamadaka

2 pVault: Secure Personal Data Manager
Users use the same passwords across different sites including secure and insecure sites which cannot be trusted . As a result same password attacks become common. Only solution is to remember a strong password for every website that requires password authentication. How many strong passwords can we remember ??

3 pVault features Stores passwords securely in a remote location.
Generates strong passwords during registration. Provides mobile access of passwords. Autofills the required password on the website visited. Prevents Pharming and Phishing attacks

4 Download pVault pVault websites: http://www.itr-rescue.org/pVault

5 pVault Entry Based on XML
All pvault entries are XML documents which follow a particular schema. Stores personal data (secrets) that belongs to more than one URL.

6 pVault Entry schema * pVault_Entry Secret Metadata Actualdata
Individual_Secret url Name id Keywords

7 Design Criteria Store pvault entries in a relational database at the server (i.e. No changes at the server). Minimal Client side software and data storage. Allow both group sharing and sharing with individuals. PKI based

8 Security Consideration
Data confidentiality: Protecting data from being accessed from unauthorized users. Data Integrity: Prevent tampering of the data at the server side.

9 Privacy Policy Rule Syntax:
<object> < subject> <Access Modes> Group id/User Id Leaf node in the pvault entry Read/Write Example: \\pvault_entry Ravi read

10 XML subtree encryption
pVault_Entry * Secret Metadata Actualdata url Keywords Encrypted_Node id Name Individual_Secret

11 Structure Preserving encryption
pVault_Entry * * Secret url * E(Id) Metadata E(Name) E(Actualdata) Individual_Secret * E(keywords) E(Metadata) E(Actualdata)

12 Issues There is no requirement to hide the structure of the pvault entry from the server. ( public knowledge) Just Encrypt the content of the leaf nodes, structure preserving. Allows queries to be run at the server side.

13 Creating a Pvault Entry
E (PE) E ( K ) K P A E ( K ) P E ( PE) A K Server PE K User A

14 Reading a Pvault Entry E (PE) K E (PE) K E (K) P A E (K) P A User A

15 Writing a pVault Entry Execute the read protocol Update the PE
Replace the previous PE.

16 Sharing Protocol E (PE) K E ( PE) E (PE) K K E ( K) E ( K) E ( K) P
B E ( K) E ( K) E ( K) P E ( K) P P B P A A B E ( K) Server P B PE K K PE User A User B

17 Data Integrity Since the Data is Stored at an Untrusted
site, the service provider can 1. Modify data objects 2. Delete data objects 3. Not send the correct query results How do we prevent the Service Provider from doing above ??

18 XML Integrity 1 2 3 4 5 6 7 h( h(1.tag) || h(2) || h(5))
h(3.value + 3.tag) h(h(2.tag)|| h(3) || h(4)) h( h(1.tag) || h(2) || h(5)) h(4.value + 4.tag) h(6.value + 6.tag) h(7.value + 7.tag) h(h(5.tag)|| h(6) || h(7))

19 Another Method * * * pVault_Entry urlcount secretcount Secret
id Metadata Name Actualdata Individual_Secret * metadatacount Keywords Metadata Actualdata

20 Drawbacks How is access to a pvault entry revoked ?
Re-encrypt the pvault and update the key entries for other users. Similar deal when a user leaves a group. Re-encryption Inevitable. Burden for the client.

21 Using Server as a Certificate Authority
Since the server is untrusted, the server can lie about the public key. When Alice wants to share a file with Bob, Alice requests the public key from the server. The server can generate a new public key/private key pair and return the public key as Bob’s public key. The sever now has access to all the files that Alice shares with Bob.

22 Secure Coprocessor SC is a general purpose computer that can be trusted faithfully to perform a computation. SC are resistant against forseeable physical and logical attacks, except DOS attacks. Trusted Third Party IBM 4758 SC is equipped with 99Mhz and 2 MB onboard memory.

23 Secure Coprocessor Duties
Provide access to private keys of pvault users. During revocation, re-encrypt pvault entries.

24 Lost Update Problem Client/User requests an update on pvault entry o to change its content from c to c . The server ignores the update. The next time the pvault entry o is queried the server return c as the pvault entry’s content. How can the client be sure about the freshness of the pvault entry’s content?? - Maintain Version numbers.

Download ppt "pVault Sharing Architecture"

Similar presentations

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Operating System Security

Operating System Security
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
6/1/2001 Supplementing Aleph Reports Using The Crystal Reports Web Component Server Presented by Bob Gerrity Head.

6/1/2001 Supplementing Aleph Reports Using The Crystal Reports Web Component Server Presented by Bob Gerrity Head.
Hsu-Chen Cheng, *Wen-Wei Liao, Tian-Yow Chi, Siao-Yun Wei

Hsu-Chen Cheng, *Wen-Wei Liao, Tian-Yow Chi, Siao-Yun Wei
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
JavaScript, Fourth Edition

JavaScript, Fourth Edition

Similar presentations

Ads by Google