1. Protection of Identity Information in Cloud Computing without Trusted Third Party Authors: Rohit Ranchal, Bharat Bhargave , Lotfi Ben Othmane, Leszek Lilien, Anya Kim, Myong Kang, Mark Linderman IEEE International Symposium on Reliable Distributed System Presented by Mithil S. Parab Roll No:122113013 Seat No: 11 Guide: Prof. Nitesh Naik 06-03-20141

2. Outline Introduction Relate works Select research problems Proposed schemes Multi-party computing Predicate encryption scheme Active Bundle Scheme Conclusions06-03-20142 3. Definition of cloud computing - (NIST) Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction06-03-20143 4. Larry Ellison- CEO, Oracle The computer industry is the only industry that is more fashion-driven than women's fashion06-03-20144 5. Tely HD Pro integration Blue Jeans Network Mobical cloud provider used to sync mobile phone data over the air. 06-03-20145 6. Cloud Architecture06-03-20146 7. Type of Cloud Computing06-03-20147 8. Cloud Service Layers - CharacteristicsSoftware as a Service (SaaS) Sometimes free; easy to use; good consumer adoption; proven business models You can only use the application as far as what it is designed forPlatform as a Service (PaaS) Developers can upload a configured applications and it runs within the platforms framework; Restricted to the platforms ability only; sometimes dependant on Cloud Infrastructure providerInfrastructure as a Service (IaaS) Offers full control of a companys infrastructure; not confined to applications or restrictive instances Sometimes comes with a price premium; can be complex to build, manage and maintain06-03-20148 9. Cloud Service Layers - Containing Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS)Business Processes Industry ApplicationsCRM/ERP/HRMiddleware Development ToolingServersNetworking06-03-2014DatabaseStorageJava RuntimeData Center Fabric9 10. Cloud Service Layers - Example Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) 06-03-201410 11. DEPLOYMENT MODELS Public CloudPrivate CloudHybrid CloudPublic Cloud Computing infrastructure is hosted by cloud vendor at the vendors premises. and can be shared by various organizations. E.g. : Amazon, Google, Microsoft, Sales force 06-03-201411 12. DEPLOYMENT MODELS Public CloudPrivate CloudHybrid CloudPrivate Cloud The computing infrastructure is dedicated to a particular organization and not shared with other organizations. more expensive and more secure when compare to public cloud. E.g. : HP data center, IBM, Sun, Oracle, 3tera 06-03-201412 13. DEPLOYMENT MODELS Public CloudPrivate CloudHybrid CloudHybrid Cloud Organizations may host critical applications on private clouds. where as relatively less security concerns on public cloud. usage of both public and private together is called hybrid 06-03-2014 cloud.13 14. Advantages of Cloud Computing Lower computer costs. Improved performance. Reduced software costs. Instant software updates. Improved document format compatibility. Unlimited storage capacity. Increased data reliability. Universal document access Easier group collaboration Device independence 06-03-201414 15. Disadvantages of Cloud Computing Requires a constant Internet connection:Cloud computing is impossible if you cannot connect to the Internet.Since you use the Internet to connect to both your applications and documents, if you do not have an Internet connection you cannot access anything, even your own documents.A dead Internet connection means no work and in areas where Internet connections are few or inherently unreliable, this could be a deal-breaker.When you are offline, cloud computing simply does not work. 06-03-201415 16. IDaaS06-03-201416 17. Multiple passwords are recipes for disaster, Agree ?SSO Single Sign On06-03-201417 18. 06-03-201418 19. 06-03-201419 20. Introductions In cloud computing, entities may have multi accounts associate with a single or multi service provider(SP).Share sensitive identity information(Personal identifiable information or PII) along with associated attributes of the same entity across services can be lead to mapping of the identity to the entity, tantamount to privacy loss.06-03-201420 21. IDM06-03-201421 22. Introductions Identity management(IDM) is one of the core components in cloud privacy and security and can help alleviate some of the problems associated with cloud computing.To use a cloud service, a user need to authenticate herself/himself to it.The user has to give away some private information, which uniquely identifies the user to SP. That is users PII(Personal identifiable information). 06-03-201422 23. 06-03-201423 24. Identity Management Architecture Enterprise Service Bus (ESB)- 20+ IDM services are exposed. Authentication, Authorization, Password Management, Provisioning, and Policy. (scalable and extensible) Process Engine- request approval, removal of access, audit events, etc. Ex-CRM system may publish data to a predefined email address. Scripting -Groovy Script, integrates well with the framework. 06-03-201424 25. Identity Management Architecture Audit and Compliance- capturing audit events and publish them to the ESB. Reporting- tools to create reports and graphs. Identity manager removes the users from the systems that they no longer need and adds the users to systems that do need access to. Similarly, if a user leaves the company, all access would be promptly terminated. 06-03-201425 26. Introductions Obtaining the users PII gives some assurance to SPs about the users identity, which helps SP to decide whether to permit to its service or not.The propose of an IDM system is to decide upon the disclosure of this information in a secure manner.(ex-Flash) The main problem for Bob is to decide which portion of his PII should he disclose, and how do disclose it in a secure way. 06-03-201426 27. Related work Different solutions use different ways of sending users PII for negotiation with the SPs. The common ways are: Use of a Trusted Third Party(TTP). The major issue with such approach in cloud computing are: (a) TTP could be a cloud service, so SP could be TTP ; therefore, TTP may not be an independent trusted entity anymore. (b) Using a single TTP.06-03-201427 28. Related work Different solutions use different ways of sending users PII for negotiation with the SPs. The common ways are: Prohibiting untrusted host. A client application holding PII must be executed on trusted host to prevent malicious host from accessing PII.06-03-201428 29. Relate works PRIME- using TTP IdP Windows CardSpace OpenID 06-03-201429 30. Windows CardSpace06-03-201430 31. Select Research Problems Authenticating without disclosing PII When a user sends PII to authenticate for a service, the user may encrypt it. However, PII is decrypted before an SP uses it. As soon as PII is decrypted, it becomes prone to attacks.Using services on untrusted host The available IDM solutions require user to execute IDM from a trusted host. They do not recommend using IDM on untrusted hosts, such as public host06-03-201431 32. Proposed scheme The goal in the paper is to assure that IDM does not use TTP for verifying credentials.This implies that IDM could use TTPs for other purpose, such as the use of a TTP by IDM for management of decryption key.06-03-201432 33. Proposed scheme Proposed an approach for IDM in cloud computing that: Does not require TTPS This is achieved through the use of multi-party computing, in which secret are split into shares distributed to different hosts.06-03-201433 34. Proposed scheme Proposed an approach for IDM in cloud computing that: Can be used for an untrusted or unknown hosts This is achieved though the use of the active bundle scheme. An active bundle has a self-integrity check mechanism, which triggers apoptosis(a complete selfdestruction) or evaporation(a partial self-destruction) when the check fails.06-03-201434 35. Proposed scheme Proposed an approach for IDM in cloud computing that: Uses encrypted data when negotiating the use of PII for authentication to services in cloud computing This is achieved by using predicate over encrypted data.06-03-201435 36. Multi-party computing Threshold secret sharing First, a secret data item D is divided into n shares D1, D2, , Dn, then a threshold k is chosen, so that: To recover D, k or more of arbitrary Dis are required. Using any k-1 or fewer Dis leaves D completely undetermined.06-03-201436 37. Multi-party computing A function f using secret input from all the party. Involves n party, which calculate only partial function output.One of the player is selected as the dealer(DLR), and is provide the partial function outputs to find out the full results of function computation.Let f be a linear function of degree n known to each of the n party, and t be an arbitrary threshold value, and Pi denote Party i, and xi denote the secret input of Pi for f. 06-03-201437 38. Multi-party computing Let a1, a2 , ,an be distinct non-zero elements in the domain of f. Player Pi is assigned the point ai.DLR will receive from the n parties the partial outputs of f calculated by the n parties using their respective secret inputs x1, x2,, xn.Each party Pi generates a polynomial hi of degree t such that hi(0)=xi06-03-201438 39. Multi-party computing Each party Pi send to each Pj one si,j=hi(aj) of Pjs input.Then, each Pi computes a portion of function f using share si,j of the input that it has or received from n-1 other parties.06-03-201439 40. Predicate encryption scheme Predicate encryption scheme allows evaluating predicate with encrypted data. For example, Alice can compute the predicate using encrypted data. 1. 2. 3. 4.Setup Encrypt(PK,PII) KeyGen(PK,MSK,p) Query(PK,CT,TKp)PK,MSK CT TKP p(PII) Alice uses a Setup algorithm scheme that generate a public key PK and a secret key MSK.06-03-201440 41. Predicate encryption scheme Predicate encryption scheme allows evaluating predicate with encrypted data. For example, Alice can compute the predicate using encrypted data. 1. 2. 3. 4.Setup Encrypt(PK,PII) KeyGen(PK,MSK,p) Query(PK,CT,TKp)PK,MSK CT TKP p(PII) Alice uses PK to encrypt her PII and gets ciphertext CT.06-03-201441 42. Predicate encryption scheme Predicate encryption scheme allows evaluating predicate with encrypted data. For example, Alice can compute the predicate using encrypted data. 1. 2. 3. 4.Setup Encrypt(PK,PII) KeyGen(PK,MSK,p) Query(PK,CT,TKP)PK,MSK CT TKP p(PII) Alice has the function p representing a predicate that she wishes to evaluate for her CT. She uses the KeyGen algorithm, PK ,MSK and p to output the token TKP. 06-03-201442 43. Predicate encryption scheme Predicate encryption scheme allows evaluating predicate with encrypted data. For example, Alice can compute the predicate using encrypted data. 1. 2. 3. 4.Setup Encrypt(PK,PII) KeyGen(PK,MSK,p) Query(PK,CT, TKP)PK,MSK CT TKP p(PII) She gives TKP to the host that evaluates the token for CT, and returns the result p(PII) to Alice.06-03-201443 44. Proposed schemes An owner O encrypts PII using algorithm Encrypt and Os public key PK. Encrypt outputs CT-the encrypted PII.The secret key MSK is spilt between n parties.SP transform his request for PII to a predicate represented by function P.SP send share of p to the n parties who hold the shares of MSK.06-03-201444 45. Proposed schemes The n parties execute together KeyGen using PK, MSK, and P and return TKP to SP.SP call the algorithm Query that take as input PK, CT, TKP and produces p(PII) which is evaluation of the predicate.The owner O is allow to use the service only when the predicate evaluate to true.06-03-201445 46. Active Bundle Scheme Include: Identity data: Data used for authentication, getting service, using service The data are encrypted Metadata : Describe active bundle and its privacy policy (a) integrity check metadata (b) access control metadata (c) dissemination control metadata06-03-201446 47. Active Bundle Scheme Includes: Virtual machine(VM):manages and controls the program code enclosed in a bundle. Enforcing bundle access control policies through apoptosis, evaporation Enforcing bundle dissemination policies Validate bundle integrity Disclosure policy: A set of rule for choosing which identity data to disclose06-03-201447 48. Active Bundle Scheme Active bundle send from a source host to the destination.An active bundle ascertain the hosts trust level through a TTP.Using its disclosure policy, it decides whether the host may be eligible to access all or part of bundles data, and which portion of sensitive data can be revealed to it. 06-03-201448 49. Active Bundle Scheme The remaining data may be evaporated as specified in the access control polies, protecting the data.An active bundle may realize its security is about to be compromised. It may discover that its self-integrity check fail Or the trust level of its host is to lowThe active bundle may choose to apoptosize , that is perform atomically a clean self-destruction. 06-03-201449 50. Active Bundle SchemeFigure : Enabling an active bundle on destination host 06-03-201450 51. Advantages No need for TTPs - data exchange between a bundle and its host is local to the host, it protects PII from man-in-the-middle, side channel and collaborative attacks.Authentication without disclosing unencrypted data.Protection of identity data from untrusted hosts-data reach unintended destination or are tampered with, they apoptosize or evaporate. 06-03-201451 52. Resilience to Attacks Correlation attacks on IDM - acquires a set of PIIs and is able to correlate it to the physical identity. Amazon cloud is prone to side-channel attacks and it would be possible to steal data, once the malicious VM is placed on the same server as its target. Approaches that do not use a TTP reduce the risk of such attacks. 06-03-201452 53. Conclusions It is very likely that user end up having multiple identities in multiple service providers security repositories, as well as multiple credential and multiple access permissions for different services provided by different SPs.There is a strong need for an efficient and effective privacy-preserving system that is independent of TTPs, able to unambiguously identify users that can be trusted. 06-03-201453 54. References [1] R. Gellman (2009), Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing, In the Proceedings of World Privacy Forum. [2] Karunanithi. D, Shiyamala Devi V. P, Sambath. M (January 2013), UserCentricAccessControlinCloudUsingIdentityManagement International Journal of Engineering and Innovative Technology (IJEIT) Volume 2, Issue 7. [3] E. Shi (Oct. 2008), Evaluating Predicates over Encrypted Data, Ph.D.Thesis. Carnegie Mellon University, Pittsburgh, PA. [4] A. Shamir (Nov. 1979), How to Share a Secret, Communications of the ACM, vol. 22(11), pp. 612n613. 06-03-201454 55. References [5] L. Ben Othmane, and L. Lilien (Aug 2009), Protecting Privacy in Sensitive DataDissemination with Active Bundles, Proc. 7th Annual Conference on Privacy, Security & Trust (PST 2009), Saint John, New Brunswick, Canada. [6] Ranchal, R., Bhargava, B. ; Othmane, L.B. ; Lilien, L. ; Anya Kim ; Myong Kang ; Linderman, M. (2010), Protection of Identity Information in Cloud Computing without Trusted Third Party, In the Proceedings of Reliable Distributed Systems,29thIEEESymposium.[7] S. Fischer-Hubner, and H. Hebdom, XPRIME - Privacy and Identity Management for Europe.Onlineat: ttps://www.primeproject.eu/prime_products/reports/fmwk/ub_del D14.1.c_ec_wp14.1 _v1_final.pdf.06-03-201455 56. Thank YouQueries?..06-03-201456