Advanced Cryptography for Cloud Security

Advanced Cryptographic Techniques for Secured Cloud Computing

By—

Nilotpal Chakraborty*

Dr. G K Patra#

*SPARK Student, CSIR 4PI, Bangalore/ M.Tech Student, Devi Ahilya University, Indore#Principal Scientist, CSIR 4PI, Council of Scientific & Industrial Research, Bangalore

Outline

• Cloud Computing

• Cloud Security essentials

• Cloud Cryptography

• Fully Homomorphic Encryption

• Functional Encryption

• Conclusion

2ICCTAC'14 || Nilotpal Chakraborty & G K Patra || Advanced Cryptographic Techniques for Secured Cloud Computing

Cloud Computing

• NIST definition—“It is a model for enabling ubiquitous, convenient, on-demand, network access to a shared pool ofconfigurable computing resources that can berapidly provisioned and released with minimalmanagement effort or service providerinteraction”.

• Service Models—– Software-as-a-service– Platform-as-a-service– Infrastructure-as-a-service


Security Attacks on Cloud Infrastructure

• “..Syrian Electronic Army hacks TrueCaller. 1million India’s data at risk”— July, 2013. (Source: TOI)

• “..Adobe gets hacked. Over 2.9 millions of userdata stolen..” – October, 2013. (Source: TOI)

• “..Syrian Electronic Army hacks Twitter..”—October, 2013 (Source: TOI)

• “..2 million usernames and passwords fromFacebook, Gmail, Twitter, Yahoo and other arestolen..”—November, 2013. (Source: NDTV)

• “..Syrian Electronic Army hacks Skype..”—January, 2014. (Source: BBC)

• “..TurkGuvenligi hacked Syrian Electronic Army’shomepage..”—January, 2014. (Source: ITProPortal)


Security Issues and Challenges

– “..Will my data stored in the cloud besecure?”

– “..Will cloud not manipulate my data?”

– “..Is the cloud is secure itself?”

– “..Can I trust what CSP says?”

– “..Will my data not be disowned?”


Security Issues and Challenges

• Data Leakage

• Insecure Virtual Systems

• Multitenant infrastructure

• Lack in Security Assurance

• Lack in Trust among the users

• Inadequacy of the Security Compliances


Cloud Cryptography

• A probable solution—“Cryptography”

• A technique to convert a plain text to a form,known as cipher text, that is meaningless to anyunknown third party.

• Most secured way of Data Communication. But—– No meaning of the cipher text without decryption.

– No Computation/ manipulation on the cipher text

– Encrypt either all or nothing.


Advanced Cryptographic Techniques

• Fully Homomorphic Encryption

• Functional Encryption


Fully Homomorphic Encryption

“Fully Homomorphic Encryption (FHE) isa cryptographic scheme that enables toperform certain operations to be performedon cipher texts and obtain an encryptedresult, which is when decrypted matchesthe result as if the operations wereperformed on the plain texts.”



f

m f(m)



f

m f(m)

Enc(m)

Encrypt Decrypt



f

m f(m)

f

Enc(m) Enc(f(m))

Encrypt Decrypt



f

m f(m)

f

Enc(m) Enc(f(m))

Encrypt Decrypt Encrypt Decrypt



• Privacy homomorphism— Rivest, Adleman,Dertouzos (1978)

• Partial Homomorphic Encryption– RSA Cryptosystem (1977)

– El-Gamal Cryptosystem (1984)

– Paillier Cryptosystem (1999)

– Boneh-Goh-Nissim Cryptosystem (2005)

• Fully Homomorphic Encryption– Gentry’s Lattice Based Cryptographic scheme

(2009)


Gentry’s FHE Construction

• KeyGen: Select a large prime integer p and obtain xi=pq+r. p is the secret key and xi is the public key.q and r are random integers, with r being essentially

significantly small

• Enc (xi, m): C = (m+2r+2 Σxi ) mod x0

• Dec (p, c): m= (c mod p) mod 2

• Bootstrap to make it fully homomorphic encryption scheme– Decrypt the cipher text with the encryption of the secret

key.

The above scheme is Somewhat Homomorphic


Construction of an Efficient FHE

• Our motivation—– FHE scheme to work directly on decimal inputs.

– Efficient and faster encryption/ decryption.

– Comparatively reduced cipher text size.

– Reduced complexity in computing on encrypteddata.

– Supporting field operations (Addition,Multiplication, Subtraction, Division).

• FHE based on Learning with errors (LWE) /Ring LWE


Functional Encryption

• A public key encryption scheme allows thesecret key to decrypt only some specificfunctions of the original texts, withoutrevealing any other information.

• Devised in 2010.

• Provides fine grained access control.

• Existing Specific cases—

– Identity based encryption (2001)

– Attribute based encryption (2005)





• Setup: Creates a public key and a mastersecret key.

• KeyGen: Use the master secret key togenerate new user specific keys.

• Encrypt: Use the public key to encrypt anymessage.

• Decrypt: use the user secret key tocalculate specific function on the ciphertexts.


Implementation Details

• Programming Language: C

• Operating System: Linux (Ubuntu/ Mint/Fedora)

• Compiler: GCC

• Library: GMP Library, Openssl Library,PBC library


Conclusion

• Cloud Computing, though very attractive with its variousbenefits, has security issues and is vulnerable to threats.

• Solution is to encrypt the data and computation onencrypted data over the cloud.

• Fully Homomorphic Encryption is a scheme that providesthe best secured computing environment for the cloud.

• FHE allows computations on encrypted data, by whichusers can carry out operations on encrypted data andobtain an encrypted result, which is decrypted to get theresult in plain text format.

• Existing schemes are inefficient. There’s a need to developefficient FHE scheme keeping the security intact.


Thank You


Engineering

Advanced Cryptography for Cloud Security