1. Seny Kamara & Kristin Lauter senyk@microsoft.com klauter@microsoft.com Micorsoft Reaserch B99705013 廖以圻 B99705025 陳育旋

2.  Introduction of the cloud storage service  The basic concept of cryptography  Architecture of a cryptographic storage service  Benefit of a cryptographic storage service  The core component of a cryptographic storage service  Summary

3.  Introduction of the cloud storage service  The basic concept of cryptography  Architecture of a cryptographic storage service  Benefit of a cryptographic storage service  The core component of a cryptographic storage service  Summary

4.  Cloud infrastructure can be categorized as private or public  Benefit of public storage service : availability reliability efficient retrieval data sharing

5.  Main concern for a public storage service : 1. confidentiality 2. integrity we argue for designing a virtual private storage service based on recently cryptographic techniques.

6.  Introduction of the cloud storage service  The basic concept of cryptography  Architecture of a cryptographic storage service  Benefit of a cryptographic storage service  The core component of a cryptographic storage service  Summary

7. symmetric & asymmetric encryption Symmetric encryption

8. Asymmetric encryption

10.  Introduction of the cloud storage service  The basic concept of cryptography  Architecture of a cryptographic storage service  Benefit of a cryptographic storage service  The core component of a cryptographic storage service  Summary

12.  Data processor (aka. DP): process data before it is sent to cloud.  Data verifier(aka. DV): checks whether the data in the cloud has been tempered with.  Token generator(aka. TG): generate tokens that enable the cloud storage to retrieve segments of customer data.  credential generator(CG): implements an access control policy by issuing credentials ( 憑據 ) to the various parties in the system

13.  A CUMSTOMER ARCHITECTURE  AN ENTERPRISE ARCHITECTURE

15.  A story begin with three party: Alice, Bob and storage provider.  Alice wants to share data with Bob.  HOW TO DO THAT??

16.  First, Alice and Bob using the same DP, DV, TG.  Alice generate a cryptography key (master key), which is kept in local.

17.  When Alice wants to upload files.  Using DP:  Attaches metadata and encrypt and encode.  Using DV:  Verifying the integrity of data.  Using TG:  Wants to retrieve data.  Send token to the cloud storage to search the appropriate encrypted file.

18.  When Bob wants to retrieve some file.  Alice uses TG to make a token to Bob, and also uses a CG to make a credential to Bob.  After Bob receive token and credential, he uses the token to retrieve data, and decrypt it with credential.

20.  A CUMSTOMER ARCHITECTURE  AN ENTERPRISE ARCHITECTURE

23.  MegaCorp wants to share data with PartnerCorp, MegaCorp store data in cloud storage provider.  Depending on the particular scenario, dedicated machines will run various core components.

24.  each MegaCorp and PartnerCorp employee receives a credential from the credential generator.  所有人的 credential 都不同，依職位劃分。  Whenever a MegaCorp employee generates data that needs to be stored in the cloud, it sends the data together with an associated decryption policy to the dedicated machine for processing.

25.  To retrieve data from the cloud, an employee requests an appropriate token from the dedicated machine.  Different TOKENS can access different information.  Usage of DV is the same as before.

26.  A PartnerCorp employee needs access to MegaCorp's data, he authenticates itself to MegaCorp's dedicated machine and sends it a keyword.  The dedicated machine returns an appropriate token which the employee uses to recover the appropriate files.

27.  In the case that MegaCorp is a very large organization, Data processor may have great loading. v

28.  Another case the dedicated machines only run data verifiers, token generators and credential generators while the data processing is distributed to each employee.

30.  Introduction of the cloud storage service  The basic concept of cryptography  Architecture of a cryptographic storage service  Benefit of a cryptographic storage service  The core component of a cryptographic storage service  Summary

32.  Control of the data is maintained by the customer.  the security properties are derived from cryptography.

33.  Regulatory compliance  Geographic restrictions  Subpoenas  Security breaches  Electronic discovery  Data retention and destruction

34.  Regulatory compliance ( 保護資料 )  Laws for protecting data.  Sol: Data processor and encryption may help.  Geographic restrictions  It can be difficult to ascertain exactly where one's data is being stored once it is sent to the cloud. some customers may be reluctant to use a public cloud for fear of increasing their legal exposure.  Sol: All data are stored in encrypted form.

35.  Subpoenas  If the data is stored in a public cloud, the request may be made to the cloud provider and the latter could even be prevented from notifying the customer.  Sol: data is stored in encrypted form and since the customer retains possession of all the keys.  Security breaches( 漏洞 )  There is always the possibility of a security breach.  Sol: data integrity can be verified at any time.

36.  Electronic discovery  organizations are required to preserve and produce records for litigation. Organizations with high levels of litigation may need to keep a copy of large amounts of data.  Sol: a customer can verify the integrity of its data at any point in time.  Data retention and destruction( 資料保留或刪除 )  It can be difficult for a customer to ascertain the integrity of the data or to verify whether it was properly discarded.  Sol: Secure data erasure can be electively achieved by just erasing the master key

37.  Anyway, it’s all about the point:  Encrypted data and Data Verifier.

38.  Introduction of the cloud storage service  The basic concept of cryptography  Architecture of a cryptographic storage service  Benefit of a cryptographic storage service  The core component of a cryptographic storage service  Summary

39.  The drawback of the cryptographic storage service : We have to download all the data, decrypt it and search locally. The organization have to retrieve all the data to verify the integrity

40.  Improvement : 1.DP index the data and encrypt it under a unique key 2.Encrypt the index using searchable encryption 3.encrypt the unique key with attribute- based encryption 4.data verifier can verify their integrity using a proof of storage

41.  A way to encrypt a search index  Given a token for a keyword, one can retrieve pointers to the encrypted files  But sometimes the searching may leak some information to service provider  SSE /ASE /ESE /mSSE

42.  Symmetric searchable encryption (SSE)  Single writer /single reader (SWSR)  based on symmetric primitives  Without any token the server learn nothing about the data except its length  Given a token with keyword w, the provider learn which document contain w without learn w Disadvantage : search time / update Disadvantage : search time / update

43.  Asymmetric searchable encryption (ASE)  Many writer /single reader (MWSR)  based on symmetric primitives  Without any token the server learn nothing about the data except its length  Given a token with keyword w, the provider learn which document contain w Disadvantage : the token w can be learned Disadvantage : the token w can be learned

44.  Efficient ASE (ESE)  Search time is more efficient than ASE Disadvantage : the token w can be learned Disadvantage : the token w can be learned

45.  Multi-user SSE  Single writer /many reader (SWMR)  The owner can add and revoke users’ search privilege over his data

46.  Improvement : 1.DP index the data and encrypt it under a unique key 2.Encrypt the index using searchable encryption 3.encrypt the unique key with attribute- based encryption 4.data verifier can verify their integrity using a proof of storage

47.  Each user in the system is provided with a decryption key that has a set of attribute with it (credentials)  Decryption will only work if the attribute associated with the decryption key match the policy used to encrypt the massage

48.  Improvement : 1.DP index the data and encrypt it under a unique key 2.Encrypt the index using searchable encryption 3.encrypt the unique key with attribute- based encryption 4.data verifier can verify their integrity using a proof of storage

49.  Which the server can prove to the client that it did not tamper with the data  The protocol can be executed an arbitray number of times  The amount of information exchanged is independent of the size of the data  Private /public verifiable