Presentation is loading. Please wait.

Presentation is loading. Please wait.

Zentrum für sichere Informationstechnologie - Austria Bojan Suzic Open Identity Summit 2013 September 10th, Kloster Banz Secure Hardware-Based Public Cloud.

Published byLizbeth Walters Modified over 9 years ago

Similar presentations

Presentation on theme: "Zentrum für sichere Informationstechnologie - Austria Bojan Suzic Open Identity Summit 2013 September 10th, Kloster Banz Secure Hardware-Based Public Cloud."— Presentation transcript:

1 Zentrum für sichere Informationstechnologie - Austria Bojan Suzic Open Identity Summit 2013 September 10th, Kloster Banz Secure Hardware-Based Public Cloud Storage Secure Information Technology Center - Austria

2 Agenda □Motivation □Related Work □Citizen Card and CCE-Software □Implementation □Comparison with existing Solutions □Conclusion and Future Work OID 20132

3 Agenda □Motivation □Related Work □Citizen Card and CCE-Software □Implementation □Comparison with existing Solutions □Conclusion and Future Work OID 20133

4 Motivation □Storage in the public cloud OID 20134

5 Motivation □Secure storage in the public cloud using a smart-card OID 20135

6 Agenda □Motivation □Related Work □Citizen Card and CCE-Software □Implementation □Comparison with existing Solutions □Conclusion and Future Work OID 20136

7 Related Work □Cloud Storage Services  DropBox  Google Drive  Microsoft SkyDrive  etc. □Cloud Storage Services (client based encryption)  TeamDrive  Wuala OID 20137

8 Related Work □Encryption Middleware  Middleware Layer performs encryption between Client and Cloud Storage Service  Support for diverse Cloud Storage Service Providers  BoxCryptor  Cloud Fogger  Viivo  etc. OID 20138

9 Agenda □Motivation □Related Work □Citizen Card and CCE-Software □Implementation □Comparison with existing Solutions □Conclusion and Future Work OID 20139

10 The Concept of Citizen Card □Citizen Card* technology-neutral  Smart-Card or Handy-Signatur □Citizen Card unifies…  eIdentification  Qualified eSignature  Data encryption Central LDAP-Server  eMandates (Mandates/Powers)  eDelivery OID 201310 * Locally known as Bürgerkarte

11 The Software CCE (Citizen Card Encrypted) □Platform-independent Open Source-Tool □Encryption and decryption based on Software and Hardware keys □Supports Austrian Citizen Card □S/MIME as Container-Format □Uses local file-system as a data storage OID 201311

12 CCE Properties □Secure decryption unit  Decryption using Smart Card  Hybrid approach □Group based encryption  Encryption for several users and groups  Backup-key □Austrian PKI Infrastructure  LDAP Directory OID 201312

13 Agenda □Motivation □Related Work □Citizen Card and CCE-Software □Implementation □Comparison with existing Solutions □Conclusion and Future Work OID 201313

14 Implementation OID 201314 LDAP directory Austrian Citizens

15 Implementation □Inclusion of Cloud Storage Services  DropBox  Google Drive □Mapping between Cloud-Credentials and Smart Card  Logging in automatically □Connecting with File System  Synchronization of local folder with remote Service OID 201315

16 Screenshot - Configuration OID 201316

17 Screenshots - Encryption OID 201317

18 Screenshots - Decryption OID 201318

19 Agenda □Motivation □Related Work □Citizen Card and CCE-Software □Implementation □Comparison with existing Solutions □Conclusion and Future Work OID 201319

20 Evaluation - Advantages □Usage of external PKI Infrastructure  LDAP Directory enables encryption for arbitrary Austrian citizen  User-Management separated from Cloud Provider □Vendor Lock-In Prevention  Keys are managed by trusted external party, not CCE  Changing cloud provider easier OID 201320

21 Evaluation - Advantages □Secure Hardware-based decryption  Private Key cannot be read  2-Factor Authentication □Open Source Implementation  Easy to extend  Cloud Provider, Container-Format, PKI, etc. OID 201321

22 Evaluation - Disadvantages □Web Interface and Mobile version missing  Usage of Smart Cards on mobile phones  Storing private key securely □Two way sync with Cloud Storage  First encrypted locally, then uploaded □Smart card reader necessary  Reducing the systems to be used OID 201322

23 Agenda □Motivation □Related Work □Citizen Card and CCE-Software □Implementation □Comparison with existing Solutions □Conclusion and Future Work OID 201323

24 Conclusion and Future Work □Secure storage in the Public Cloud using Smart Cards □Supports DropBox and Google Drive □Uses Austrian PKI Infrastructure □Development of mobile versions for iOS and Android □Evaluation of Browser-Version OID 201324

25 Conclusion and Future Work □Available on Joinup.EU Platform □EUPL Open-Source License □Collaboration OID 201325

26 OID 201326 Thanks for your attention! Questions? ○ Bojan Suzic bojan.suzic@iaik.tugraz.at https://joinup.ec.europa.eu/software/cce/home

Download ppt "Zentrum für sichere Informationstechnologie - Austria Bojan Suzic Open Identity Summit 2013 September 10th, Kloster Banz Secure Hardware-Based Public Cloud."

Similar presentations

Voice and Data Encryption over mobile networks July 2012 IN-NOVA TECNOLOGIC IN-ARG SA www.in-arg.com MESH VOIP.

Voice and Data Encryption over mobile networks July 2012 IN-NOVA TECNOLOGIC IN-ARG SA MESH VOIP.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Cloud Computing EDT 7860. Cloud Computing Overview Cloud Computing can be defined as a network of applications, services, and infrastructure that are.

Cloud Computing EDT Cloud Computing Overview Cloud Computing can be defined as a network of applications, services, and infrastructure that are.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Cloud Computing for E-Learning Group Name: Bright Line Author: Abid, Muhammad Co-member: Majed, Ahlem, Qasim.

Cloud Computing for E-Learning Group Name: Bright Line Author: Abid, Muhammad Co-member: Majed, Ahlem, Qasim.
Page 1 of 29 Net-Scale Technologies, Inc. Network Based Personal Information and Messaging Services Urs Muller Beat Flepp

Page 1 of 29 Net-Scale Technologies, Inc. Network Based Personal Information and Messaging Services Urs Muller Beat Flepp
Microsoft Certification and IT Professional Tracks Anthony Khan Director of Federal Learning NetCom Learning.

Microsoft Certification and IT Professional Tracks Anthony Khan Director of Federal Learning NetCom Learning.
Identity and Access IDGo Secure Email (ISE) for Android Didier Bonnet April 2015.

Identity and Access IDGo Secure (ISE) for Android Didier Bonnet April 2015.
About PKI Key Stores Dartmouth College PKI Lab. Key Store Defined Protected “vault” to hold user’s private key with their copy of their x.509 certificate.

About PKI Key Stores Dartmouth College PKI Lab. Key Store Defined Protected “vault” to hold user’s private key with their copy of their x.509 certificate.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
What is it? CLOUD COMPUTING.  Connects to the cloud via the Internet  Does computing tasks, or  Runs applications, or  Stores Data THE AVERAGE CLOUD.

What is it? CLOUD COMPUTING.  Connects to the cloud via the Internet  Does computing tasks, or  Runs applications, or  Stores Data THE AVERAGE CLOUD.
Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.

Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.
Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.

Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.
PKI-Enabled Applications That work! Linda Pruss Office of Campus Information Security

PKI-Enabled Applications That work! Linda Pruss Office of Campus Information Security
Public Key Infrastructure Ammar Hasayen 2013. ….

Public Key Infrastructure Ammar Hasayen ….
General Presentation August 2013 1. Based out of the Netherlands 8 years of development Launched in May Sales offices in Los Angeles, Amsterdam, Hong.

General Presentation August Based out of the Netherlands 8 years of development Launched in May Sales offices in Los Angeles, Amsterdam, Hong.
Plan Introduction What is Cloud Computing?

Plan Introduction What is Cloud Computing?
Identity and Access IDGo Secure Email (ISE) for Android Didier Bonnet November 2014.

Identity and Access IDGo Secure (ISE) for Android Didier Bonnet November 2014.
Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.

Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.

Similar presentations

Ads by Google