Presentation is loading. Please wait.

Presentation is loading. Please wait.

Autonomous Aggregate Data Analytics in Untrusted Cloud

Published byVerity Loreen Jackson Modified over 6 years ago

Similar presentations

Presentation on theme: "Autonomous Aggregate Data Analytics in Untrusted Cloud"— Presentation transcript:

1 Autonomous Aggregate Data Analytics in Untrusted Cloud
Ganapathy Mani, Denis Ulybyshev, Bharat Bhargava Jason Kobes*, Puneet Goyal^ CS & CERIAS, Purdue University *Northrop Grumman Corporation ^Department of CSE, IIT Ropar, India AIKE 2018 1

2 Intelligent Autonomous Systems
Autonomous Systems should be Able to perform complex tasks without or with limited ongoing connection to humans. Cognitive enough to act without a human’s judgment lapses or execution inadequacies. Intelligent Autonomous Systems (IAS) are characterized as highly Cognitive, effective in Knowledge Discovery, Reflexive, and Trusted. The focus of this research will be on the smart cyber systems. 2

3 Comprehensive IAS Architecture
Adaptive action Anomaly Detection 3

4 Motivation Autonomous systems operating in distributed environment have to collectively learn from one another. It is important to maintain the privacy of individual entities generating data and humans interacting with them. Autonomous systems should be able to Learn from restricted information Preserve privacy while collectively learning about the distributed environment. 4

5 Privacy Preserving Autonomous Data Aggregation
Using Active Bundle (AB), a distributed self-protecting entity with policy enforcement engine, we implement One-time access certificate used to query other ABs Privacy preserving aggregation analytics on numerical data Instead of checking AB’s authentication protocol every time, an AB can obtain a one-time pass to access other ABs data per aggregate query. Numerical data is perturbed for the analytics and at the end the perturbation is removed. 5

6 Active Bundle (AB) Active Bundle (AB) is a distributed self-protecting entity with policy enforcement engine. Sensitive data is stored in a non relational database in the form of key-value pair. E.g. {PatientID = “ENC(123456)”}. Authentication of client services is based on digital certificates. The services present their X.509 certificates signed by a trusted Certificate Authority (CA). After authentication, policy enforcement engine enforces policies of data access depending upon the service’s access level. 6

7 Active Bundle (AB) 7

8 AB Authentication Protocol - Problem
Every time a service requests a particular data from active bundle, it has to go through authentication and enforcement policies. For each Active Bundle, based on number of policies, the data access time increases. Around 500 msec for 16 policies For each Active Bundle, based on security protocols of authentication, the authentication time increases. Around 550 msec for two-way encryption So the system is not scalable for large databases and data analytics will become enormously time consuming. 8

9 One-time AB Authentication Protocol - Solution
We propose a solution: one-time authentication per aggregated query. Here, each autonomous entity such as active bundle can be given a one-time certificate to perform a specific task without going through policies and authentication for each AB. One trusted Certificate Authority (CA) can provide the autonomous entity a one-time access pass and restrict the pass to the requested data. With this one time authentication, AB can surpass other ABs’ policies and authentication, making it faster. 9

10 One-time AB Authentication Protocol
Here, a trusted ABi provides access certificate to another ABj. ABj uses the certificate to access other ABs without having to go through policies again. 10

11 One-time AB Authentication Protocol
11

12 Privacy Preserving Data Aggregation
After passing the authentication and policies enforced by AB’s policy enforcement engine, aggregate data analytics can be performed. AB’s provenance data is used for aggregated analytics such as Count, Average, etc. on qualified attributes. These aggregate analytics guarantee privacy of individual ABs. Consider an aggregation, AB1’s age attribute is perturbed: “Age (a) ” + “Random Perturbation (R)”  2AB1(a + r = an) + 2AB2(a + an = an1) + … Final average = (ann – R) / count(2AB) 12

13 Evaluation We measure the latency of data request sent to AB, which is hosted by a local server, located in the same network with the client. As a latency parameter, we record Round-Trip Time (RTT) for the data request processing at the server side (Note: we do not consider network delays in this experiment). ApacheBench v2.3 is used to calculate RTT measurements. We run 50 requests in a row and compute RTT average. 13

14 Evaluation Our initial work shows that the policies enforced for each AB access raise the access time exponentially where as a simple python simulation of file access (one time authentication example) stays almost constant for multiple entities. 14

15 Future Work Changing policies on-the-fly is a non-trivial problem in autonomous cyber systems. Autonomous policy changes based on the data analytics can be achieved by introducing an adaptive block with probabilistic rules. We plant to implement deep learning methodologies for adapting to new and unknown scenarios, learn from the data, and make probabilistic reasoning to enforce policies. 15

16 Future Work Autonomous policy changes based on the data analytics. 16

17 References 17

18 Thank you!!! 18

Download ppt "Autonomous Aggregate Data Analytics in Untrusted Cloud"

Similar presentations

An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.

An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Secure Data Storage in Cloud Computing Submitted by A.Senthil Kumar(96608205043) C.Karthik(96608205022) H.Sheik mohideen(96608205046) S.Lakshmi rajan(96608205023)

Secure Data Storage in Cloud Computing Submitted by A.Senthil Kumar( ) C.Karthik( ) H.Sheik mohideen( ) S.Lakshmi rajan( )
1 CS 6910: Advanced Computer and Information Security Lecture on 11/2/06 Trust in P2P Systems Ahmet Burak Can and Bharat Bhargava Center for Education.

1 CS 6910: Advanced Computer and Information Security Lecture on 11/2/06 Trust in P2P Systems Ahmet Burak Can and Bharat Bhargava Center for Education.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Design, Implementation, and Experimentation on Mobile Agent Security for Electronic Commerce Applications Anthony H. W. Chan, Caris K. M. Wong, T. Y. Wong,

Design, Implementation, and Experimentation on Mobile Agent Security for Electronic Commerce Applications Anthony H. W. Chan, Caris K. M. Wong, T. Y. Wong,
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.

Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.

Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
MagicNET: Security Architecture for Discovery and Adoption of Mobile Agents Presented By Mr. Muhammad Awais Shibli.

MagicNET: Security Architecture for Discovery and Adoption of Mobile Agents Presented By Mr. Muhammad Awais Shibli.
CSC8320. Outline Content from the book Recent Work Future Work.

CSC8320. Outline Content from the book Recent Work Future Work.
 Protocols used by network systems are not effective to distributed system  Special requirements are needed here.  They are in cases of: Transparency.

 Protocols used by network systems are not effective to distributed system  Special requirements are needed here.  They are in cases of: Transparency.
A semi autonomic infrastructure to manage non functional properties of a service Pierre de Leusse Panos Periorellis Paul Watson Theo Dimitrakos UK e-Science.

A semi autonomic infrastructure to manage non functional properties of a service Pierre de Leusse Panos Periorellis Paul Watson Theo Dimitrakos UK e-Science.

Similar presentations

Ads by Google