Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sushil Jajodia, George Mason U Witold Litwin, U Paris Dauphine Thomas Schwarz, S.J., U Católica Uruguay.

Published byGrant Minge Modified over 9 years ago

Similar presentations

Presentation on theme: "Sushil Jajodia, George Mason U Witold Litwin, U Paris Dauphine Thomas Schwarz, S.J., U Católica Uruguay."— Presentation transcript:

1 Sushil Jajodia, George Mason U Witold Litwin, U Paris Dauphine Thomas Schwarz, S.J., U Católica Uruguay

2  Scalable Distributed Data Structures store data in the potentially hostile environment of distributed systems, clouds, P2P  Standard protection for confidentiality, integrity, and authentication is encryption ◦ Client-Side Encryption  Challenge: Key management  Clients loose keys, keys need to be revoked, …  Could use Key Escrow  Not widely used ◦ Server-Side Encryption  Challenge: Key management  Client has no control over her/his data

3  Build on top of LH*, distributed version of linear hashing ◦ Data distributed into buckets, each at a different server ◦ Gracefully adjusts to growth of file ◦ Very efficient access via record identifiers  Uses client-side encryption  All key are copied in LH* itself: ◦ Each key broken into k + 1 shares through secret sharing  Generate k random strings of same size as key C  These form first k random shares  C k = C 0  C 1  C 2 ...  C k-1  C is the last share. ◦ Key shares stored in Share Records

4  LH* data stored in records consisting of RID and non-key field (payload)  LH* RE adds three fields: ◦ I-field:Identifies application, … ◦ F-field: Flag that distinguishes between data records and key share records ◦ T-field:Identifies key being used

5  Client records are LH* records  Data records translated in LH* RE format

6  Key Management ◦ Clients maintain their key chain in a table T ◦ Each key broken up into key share ◦ Each key share stored as a share record  Key Recovery: ◦ Use LH* scan operation to find all key shares belonging to a certain application  Key Revocation: ◦ Find all key shares ◦ Find all records ◦ Delete, re-encrypt and reinsert records

7  LH* RE is k-safe ◦ Attack into up to k servers is not successful

8  Threat model ◦ Servers are autonomous, no common vulnerabilities:  Physical access  Administrative access  Common configuration  Assurance ◦ Probability that x intrusions did not yield records to the attacker  Disclosure ◦ Expected proportion of records obtained by an intrusion into x servers

9

10 Assurance in an LH* file with K = 4, 8, and 16 key shares (top to bottom) extending over 16, 32, 64, 128, 256, 512, and 1024 servers. The x-axis is chosen to show the 99.999% (five nines) assurance level.

11 Ratio r of assurances with random placement over assurance with the LH* RE placement scheme for N = 256 sites, K = 4, 8, and 16.

12 Assurance in an LH* file with K = 4 and r = 10 and r = 100 keys. We vary N from 16 to 1024. The x- axis shows the two nines assurance level

13  Expected Disclosure ◦ N number of sites, K number of key shares, x number of intruded sites ◦ Independent of number of keys used!

14  Conditional Disclosure ◦ Expected proportion of records assuming that a successful intrusion has occurred  is the probability of a successful attack into one bucket  r number of keys

15 Contour Graph for the conditional disclosure. We vary N, the number of sites, and r, the number of keys. We set K, the number of shares to 8, and show figures for x = 8, 9, 16 and 32 intrusions. The upper right corner of each picture has close to zero conditional disclosure.

16  Refined Disclosure Costs ◦ Costs of a disclosure of data depends on  The fact of disclosure  Negative publicity, Costs of filing with authorities and penalties, Costs of incident analysis …  The number of records disclosed ◦ Model costs of disclosure by assuming that α of maximum disclosure is fixed

17 Refined Disclosure Proportion for N = 100, K = 8, α = 0, 0.1, 0.5, 1, and x (x- axis) varying between 0 and 50. Notice the different scales on the y-axis

18  On Balance: ◦ While maintaining # of nines of safety, can introduce more keys as file extends over more sites ◦ Number of keys has no impact on expected disclosure ◦ Number of keys has positive impact on conditional disclosure ◦ Number of keys has negative impact on refined disclosure costs

19  Up till now, we assumed an attacker without knowledge of the LH* layout ◦ With knowledge where buckets are (e.g. from observing traffic flow), a “savvy attacker” has an advantage

20  Assume initial number of buckets is 3, but now grown to 6: ◦ One key share in Buckets 0 and 4 ◦ One key share in Buckets 1, 3, and 5 ◦ One key share in Bucket 2  Optimal attack uses key share distribution and size ◦ Optimal 3 attack plan:  Attack either 0 or 4  Attack 3  It has half the records descending from original Bucket 1  Attack 2 ◦ Success rate is ½ * ½ * 1=0.25

21  Savvy attacker needs to optimize bucket intrusions  Advantage higher if: ◦ There are buckets of different size ◦ The initial number of buckets is not a power of 2

22

23  Management of number of keys  High availability

Download ppt "Sushil Jajodia, George Mason U Witold Litwin, U Paris Dauphine Thomas Schwarz, S.J., U Católica Uruguay."

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
B+-Trees and Hashing Techniques for Storage and Index Structures

B+-Trees and Hashing Techniques for Storage and Index Structures
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
©Silberschatz, Korth and Sudarshan12.1Database System Concepts Chapter 12: Part C Part A:  Index Definition in SQL  Ordered Indices  Index Sequential.

©Silberschatz, Korth and Sudarshan12.1Database System Concepts Chapter 12: Part C Part A:  Index Definition in SQL  Ordered Indices  Index Sequential.
File Processing : Hash 2015, Spring Pusan National University Ki-Joune Li.

File Processing : Hash 2015, Spring Pusan National University Ki-Joune Li.
©Silberschatz, Korth and Sudarshan12.1Database System Concepts Chapter 12: Indexing and Hashing Basic Concepts Ordered Indices B+-Tree Index Files B-Tree.

©Silberschatz, Korth and Sudarshan12.1Database System Concepts Chapter 12: Indexing and Hashing Basic Concepts Ordered Indices B+-Tree Index Files B-Tree.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
CPSC 335 Computer Science University of Calgary Canada.

CPSC 335 Computer Science University of Calgary Canada.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Signature Based Concurrency Control Thomas Schwarz, S.J. JoAnne Holliday Santa Clara University Santa Clara, CA 95053

Signature Based Concurrency Control Thomas Schwarz, S.J. JoAnne Holliday Santa Clara University Santa Clara, CA 95053
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Domain Name System Security Extensions (DNSSEC) Hackers 2.

Domain Name System Security Extensions (DNSSEC) Hackers 2.

Similar presentations

Ads by Google