SlideShare a Scribd company logo

Confidentiality as a service –usable security for the cloud

Download as PPTX, PDF
M
Maha Saad
TechnologyEducation
1 of 21
Confidentiality as a Service –Usable Security for the Cloud 1
 Cloud computing provides numerous advantages.  But cloud computing is a security nightmare.  Don’t trust CSP (Cloud service provider) security.  Confidentiality and integrity vs. usability.  What about Confidentiality provider third party? 2
Combines data security with usability.    3 Trust splitting between CSP and CAAS. Hides all cryptographic artifacts from users.
Create CAAS Identity .   Register via user name and password.  Email-based identification and authentication (EBIA) is used.  The user must choose different passwords for his CaaS and cloud service accounts.  User downloads and installs small software plug-ins.  User enters the CaaS password once per session. 4
5
MAC and HMAC. KDF and HKDF. Stream cipher.    6
7
MAC based on hash functions . HMAC (K,m) = H ((K ⊕ opad) ∥ H ((K ⊕ ipad) ∥ m)) 8
Derives one or more secret keys from a secret value.  DK = KDF( Key, Salt, Iterations) Prevents attacker to know either the input secret value or any of the other derived keys.  9
 Extract Takes the input keying material(IKM) and extracts from it a fixed-length key (PRK). PRK = HMAC-Hash(salt, IKM)  Expand Expands the key PRK into several additional keys . 10
 It takes a short secret key and produces a long keystream.  Encryption is performed by bitwise XORing the keystream to the plain text.  Decryption is performed by regenerating the keystream and XORing it to the ciphertext.  Stream cipher with initialization vector:  11 Take both secret key and public IV to produce keystream.
 +cLayerLocalPre:  Choose a random initialization vector IVu1. Choose a random symmetric encryption key ku1. Calculate a keystream kstr = Sym (iv , k ). Encrypt clearu1 : encu1 = clearu1⊕ kstru1 .  Calculate the message digest digu1 = Hu(clearu1 ).  Send the tuple CredCaaS(u1), U, encu1 to the CaaS.    12 u1 ustr u1 u1
 +cLayerRemote :          13 Check if all u ∈ U are registered CaaS users. Add u1 to U. Sort the list of participating users. For all users compute hj = Hp(uj +hj−1) to obtain iterative hash hn of all participating users. Calculate the secret key kp = HKDFp(hn,Xp). Choose a random initialisation vector ivp Calculate a key stream kstrp = Symp str(ivp, kp) Add a remote cLayer to the input: encp = encu1⊕ kstrp. Send the tuple ivp, Encp back to the requesting client.
 -cLayerLocalPre:   14 Decrypt encp: rts = encp ⊕ kstru1. Send rts, iv , dig to the CSP p u
 +cLayerLocalPost:  Works as +cLayerLocalPre. 15
 +cLayerRemotePost:  Add u2 to U. Sort the list of participating users. For all users compute hj = Hp(uj +hj−1) to obtain iterative hash hn of all participating users. Calculate the secret key kp = HKDFp(hn,Xp). Recalculate a key stream kstrp = Symp str(ivp, kp)  Decrypt enc : dec = enc ⊕ kstr     16 u2 p u2 p
 -cLayerLocalPost:    17 Decrypt cipher text using ivu2 , ku2. Calculate the result’s digest using Hu. If the digest is equal to digu1 integrity isn’t violated.
 Sending a message:    18 Client-side Javascript checks if all recipients have CaaS accounts. If not they will be highlighted. Password needs to be entered once per session.
 Receiving a message:  When the user opens the Facebook page, the script recovers all encrypted message.  The clear text message is inserted into the Facebook message page and framed by a green border. 19
20
 S. Fahl, M. Harbach, T. Muders, and M. Smith.Condentiality as a Service - Usable Security for the Cloud. In Proceedings of the IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 2012.  P. Sarkar , On Authenticated Encryption Using Stream Ciphers Supporting an Initialisation Vector.  http://en.wikipedia.org/wiki/Stream_cipher  http://en.wikipedia.org/wiki/Message_authentication_code  http://en.wikipedia.org/wiki/HMAC  http://en.wikipedia.org/wiki/Key_derivation_function  http://tools.ietf.org/html/rfc5869 21

Recommended

R and cpp
R and cppR and cpp
R and cppRomain Francois
 
Barbara Nelson [InfluxData] | How Can I Put That Dashboard in My App? | Influ...
Barbara Nelson [InfluxData] | How Can I Put That Dashboard in My App? | Influ...Barbara Nelson [InfluxData] | How Can I Put That Dashboard in My App? | Influ...
Barbara Nelson [InfluxData] | How Can I Put That Dashboard in My App? | Influ...InfluxData
 
R and C++
R and C++R and C++
R and C++Romain Francois
 
k-means Clustering in Python
k-means Clustering in Pythonk-means Clustering in Python
k-means Clustering in PythonDr. Volkan OBAN
 
Meet the Experts: Visualize Your Time-Stamped Data Using the React-Based Gira...
Meet the Experts: Visualize Your Time-Stamped Data Using the React-Based Gira...Meet the Experts: Visualize Your Time-Stamped Data Using the React-Based Gira...
Meet the Experts: Visualize Your Time-Stamped Data Using the React-Based Gira...InfluxData
 
Big Data Day LA 2015 - Large Scale Distinct Count -- The HyperLogLog algorith...
Big Data Day LA 2015 - Large Scale Distinct Count -- The HyperLogLog algorith...Big Data Day LA 2015 - Large Scale Distinct Count -- The HyperLogLog algorith...
Big Data Day LA 2015 - Large Scale Distinct Count -- The HyperLogLog algorith...Data Con LA
 
Taming the Tiger: Tips and Tricks for Using Telegraf
Taming the Tiger: Tips and Tricks for Using TelegrafTaming the Tiger: Tips and Tricks for Using Telegraf
Taming the Tiger: Tips and Tricks for Using TelegrafInfluxData
 
Instrumenting and Scaling Databases with Envoy
Instrumenting and Scaling Databases with EnvoyInstrumenting and Scaling Databases with Envoy
Instrumenting and Scaling Databases with EnvoyDaniel Hochman
 

Recommended

R and cpp
R and cppR and cpp
R and cppRomain Francois
 
Barbara Nelson [InfluxData] | How Can I Put That Dashboard in My App? | Influ...
Barbara Nelson [InfluxData] | How Can I Put That Dashboard in My App? | Influ...Barbara Nelson [InfluxData] | How Can I Put That Dashboard in My App? | Influ...
Barbara Nelson [InfluxData] | How Can I Put That Dashboard in My App? | Influ...InfluxData
 
R and C++
R and C++R and C++
R and C++Romain Francois
 
k-means Clustering in Python
k-means Clustering in Pythonk-means Clustering in Python
k-means Clustering in PythonDr. Volkan OBAN
 
Meet the Experts: Visualize Your Time-Stamped Data Using the React-Based Gira...
Meet the Experts: Visualize Your Time-Stamped Data Using the React-Based Gira...Meet the Experts: Visualize Your Time-Stamped Data Using the React-Based Gira...
Meet the Experts: Visualize Your Time-Stamped Data Using the React-Based Gira...InfluxData
 
Big Data Day LA 2015 - Large Scale Distinct Count -- The HyperLogLog algorith...
Big Data Day LA 2015 - Large Scale Distinct Count -- The HyperLogLog algorith...Big Data Day LA 2015 - Large Scale Distinct Count -- The HyperLogLog algorith...
Big Data Day LA 2015 - Large Scale Distinct Count -- The HyperLogLog algorith...Data Con LA
 
Taming the Tiger: Tips and Tricks for Using Telegraf
Taming the Tiger: Tips and Tricks for Using TelegrafTaming the Tiger: Tips and Tricks for Using Telegraf
Taming the Tiger: Tips and Tricks for Using TelegrafInfluxData
 
Instrumenting and Scaling Databases with Envoy
Instrumenting and Scaling Databases with EnvoyInstrumenting and Scaling Databases with Envoy
Instrumenting and Scaling Databases with EnvoyDaniel Hochman
 
HyperLogLog in Hive - How to count sheep efficiently?
HyperLogLog in Hive - How to count sheep efficiently?HyperLogLog in Hive - How to count sheep efficiently?
HyperLogLog in Hive - How to count sheep efficiently?bzamecnik
 
Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...
Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...
Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...InfluxData
 
Anais Dotis-Georgiou & Faith Chikwekwe [InfluxData] | Top 10 Hurdles for Flux...
Anais Dotis-Georgiou & Faith Chikwekwe [InfluxData] | Top 10 Hurdles for Flux...Anais Dotis-Georgiou & Faith Chikwekwe [InfluxData] | Top 10 Hurdles for Flux...
Anais Dotis-Georgiou & Faith Chikwekwe [InfluxData] | Top 10 Hurdles for Flux...InfluxData
 
Iron python
Iron pythonIron python
Iron pythonGeorgeIshak
 
The Directions Pipeline at Mapbox - AWS Meetup Berlin June 2015
The Directions Pipeline at Mapbox - AWS Meetup Berlin June 2015The Directions Pipeline at Mapbox - AWS Meetup Berlin June 2015
The Directions Pipeline at Mapbox - AWS Meetup Berlin June 2015Johan
 
Bigdata Presentation
Bigdata PresentationBigdata Presentation
Bigdata PresentationYonas Gidey
 
Bcn open stack meet up - july 2014
Bcn open stack meet up - july 2014Bcn open stack meet up - july 2014
Bcn open stack meet up - july 2014Jaume Devesa Gomez
 
The Power of Both Choices: Practical Load Balancing for Distributed Stream Pr...
The Power of Both Choices: Practical Load Balancing for Distributed Stream Pr...The Power of Both Choices: Practical Load Balancing for Distributed Stream Pr...
The Power of Both Choices: Practical Load Balancing for Distributed Stream Pr...Anis Nasir
 
Ns2 ns3 training in mohali
Ns2 ns3 training in mohaliNs2 ns3 training in mohali
Ns2 ns3 training in mohaliArwinder paul singh
 
INFLUXQL & TICKSCRIPT
INFLUXQL & TICKSCRIPTINFLUXQL & TICKSCRIPT
INFLUXQL & TICKSCRIPTInfluxData
 
Device status anomaly detection
Device status anomaly detectionDevice status anomaly detection
Device status anomaly detectionDavid Tung
 
Data correlation using PySpark and HDFS
Data correlation using PySpark and HDFSData correlation using PySpark and HDFS
Data correlation using PySpark and HDFSJohn Conley
 
Anais Dotis-Georgiou [InfluxData] | Learn Flux by Example | InfluxDays NA 2021
Anais Dotis-Georgiou [InfluxData] | Learn Flux by Example | InfluxDays NA 2021Anais Dotis-Georgiou [InfluxData] | Learn Flux by Example | InfluxDays NA 2021
Anais Dotis-Georgiou [InfluxData] | Learn Flux by Example | InfluxDays NA 2021InfluxData
 
Scaling up data science applications
Scaling up data science applicationsScaling up data science applications
Scaling up data science applicationsKexin Xie
 
Weather of the Century: Visualization
Weather of the Century: VisualizationWeather of the Century: Visualization
Weather of the Century: VisualizationMongoDB
 
Obtaining the Perfect Smoke By Monitoring Your BBQ with InfluxDB and Telegraf
Obtaining the Perfect Smoke By Monitoring Your BBQ with InfluxDB and TelegrafObtaining the Perfect Smoke By Monitoring Your BBQ with InfluxDB and Telegraf
Obtaining the Perfect Smoke By Monitoring Your BBQ with InfluxDB and TelegrafInfluxData
 
Nika it consulting weekly update
Nika it consulting weekly update Nika it consulting weekly update
Nika it consulting weekly update Rod Delwar
 
InfluxData Platform Future and Vision
InfluxData Platform Future and VisionInfluxData Platform Future and Vision
InfluxData Platform Future and VisionInfluxData
 
Big Data Solutions for the Climate Community
Big Data Solutions for the Climate CommunityBig Data Solutions for the Climate Community
Big Data Solutions for the Climate CommunityEUDAT
 
Time Series Data with InfluxDB
Time Series Data with InfluxDBTime Series Data with InfluxDB
Time Series Data with InfluxDBTuri, Inc.
 
The Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDLThe Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDLUlisses Costa
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentationdegarden
 

More Related Content

What's hot

HyperLogLog in Hive - How to count sheep efficiently?
HyperLogLog in Hive - How to count sheep efficiently?HyperLogLog in Hive - How to count sheep efficiently?
HyperLogLog in Hive - How to count sheep efficiently?bzamecnik
 
Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...
Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...
Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...InfluxData
 
Anais Dotis-Georgiou & Faith Chikwekwe [InfluxData] | Top 10 Hurdles for Flux...
Anais Dotis-Georgiou & Faith Chikwekwe [InfluxData] | Top 10 Hurdles for Flux...Anais Dotis-Georgiou & Faith Chikwekwe [InfluxData] | Top 10 Hurdles for Flux...
Anais Dotis-Georgiou & Faith Chikwekwe [InfluxData] | Top 10 Hurdles for Flux...InfluxData
 
The Directions Pipeline at Mapbox - AWS Meetup Berlin June 2015
The Directions Pipeline at Mapbox - AWS Meetup Berlin June 2015The Directions Pipeline at Mapbox - AWS Meetup Berlin June 2015
The Directions Pipeline at Mapbox - AWS Meetup Berlin June 2015Johan
 
Bigdata Presentation
Bigdata PresentationBigdata Presentation
Bigdata PresentationYonas Gidey
 
Bcn open stack meet up - july 2014
Bcn open stack meet up - july 2014Bcn open stack meet up - july 2014
Bcn open stack meet up - july 2014Jaume Devesa Gomez
 
The Power of Both Choices: Practical Load Balancing for Distributed Stream Pr...
The Power of Both Choices: Practical Load Balancing for Distributed Stream Pr...The Power of Both Choices: Practical Load Balancing for Distributed Stream Pr...
The Power of Both Choices: Practical Load Balancing for Distributed Stream Pr...Anis Nasir
 
INFLUXQL & TICKSCRIPT
INFLUXQL & TICKSCRIPTINFLUXQL & TICKSCRIPT
INFLUXQL & TICKSCRIPTInfluxData
 
Device status anomaly detection
Device status anomaly detectionDevice status anomaly detection
Device status anomaly detectionDavid Tung
 
Data correlation using PySpark and HDFS
Data correlation using PySpark and HDFSData correlation using PySpark and HDFS
Data correlation using PySpark and HDFSJohn Conley
 
Anais Dotis-Georgiou [InfluxData] | Learn Flux by Example | InfluxDays NA 2021
Anais Dotis-Georgiou [InfluxData] | Learn Flux by Example | InfluxDays NA 2021Anais Dotis-Georgiou [InfluxData] | Learn Flux by Example | InfluxDays NA 2021
Anais Dotis-Georgiou [InfluxData] | Learn Flux by Example | InfluxDays NA 2021InfluxData
 
Scaling up data science applications
Scaling up data science applicationsScaling up data science applications
Scaling up data science applicationsKexin Xie
 
Weather of the Century: Visualization
Weather of the Century: VisualizationWeather of the Century: Visualization
Weather of the Century: VisualizationMongoDB
 
Obtaining the Perfect Smoke By Monitoring Your BBQ with InfluxDB and Telegraf
Obtaining the Perfect Smoke By Monitoring Your BBQ with InfluxDB and TelegrafObtaining the Perfect Smoke By Monitoring Your BBQ with InfluxDB and Telegraf
Obtaining the Perfect Smoke By Monitoring Your BBQ with InfluxDB and TelegrafInfluxData
 
Nika it consulting weekly update
Nika it consulting weekly update Nika it consulting weekly update
Nika it consulting weekly update Rod Delwar
 
InfluxData Platform Future and Vision
InfluxData Platform Future and VisionInfluxData Platform Future and Vision
InfluxData Platform Future and VisionInfluxData
 
Big Data Solutions for the Climate Community
Big Data Solutions for the Climate CommunityBig Data Solutions for the Climate Community
Big Data Solutions for the Climate CommunityEUDAT
 
Time Series Data with InfluxDB
Time Series Data with InfluxDBTime Series Data with InfluxDB
Time Series Data with InfluxDBTuri, Inc.
 

What's hot (20)

HyperLogLog in Hive - How to count sheep efficiently?
HyperLogLog in Hive - How to count sheep efficiently?HyperLogLog in Hive - How to count sheep efficiently?
HyperLogLog in Hive - How to count sheep efficiently?
 
Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...
Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...
Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...
 
Anais Dotis-Georgiou & Faith Chikwekwe [InfluxData] | Top 10 Hurdles for Flux...
Anais Dotis-Georgiou & Faith Chikwekwe [InfluxData] | Top 10 Hurdles for Flux...Anais Dotis-Georgiou & Faith Chikwekwe [InfluxData] | Top 10 Hurdles for Flux...
Anais Dotis-Georgiou & Faith Chikwekwe [InfluxData] | Top 10 Hurdles for Flux...
 
Iron python
Iron pythonIron python
Iron python
 
The Directions Pipeline at Mapbox - AWS Meetup Berlin June 2015
The Directions Pipeline at Mapbox - AWS Meetup Berlin June 2015The Directions Pipeline at Mapbox - AWS Meetup Berlin June 2015
The Directions Pipeline at Mapbox - AWS Meetup Berlin June 2015
 
Bigdata Presentation
Bigdata PresentationBigdata Presentation
Bigdata Presentation
 
Bcn open stack meet up - july 2014
Bcn open stack meet up - july 2014Bcn open stack meet up - july 2014
Bcn open stack meet up - july 2014
 
The Power of Both Choices: Practical Load Balancing for Distributed Stream Pr...
The Power of Both Choices: Practical Load Balancing for Distributed Stream Pr...The Power of Both Choices: Practical Load Balancing for Distributed Stream Pr...
The Power of Both Choices: Practical Load Balancing for Distributed Stream Pr...
 
Ns2 ns3 training in mohali
Ns2 ns3 training in mohaliNs2 ns3 training in mohali
Ns2 ns3 training in mohali
 
INFLUXQL & TICKSCRIPT
INFLUXQL & TICKSCRIPTINFLUXQL & TICKSCRIPT
INFLUXQL & TICKSCRIPT
 
Device status anomaly detection
Device status anomaly detectionDevice status anomaly detection
Device status anomaly detection
 
Data correlation using PySpark and HDFS
Data correlation using PySpark and HDFSData correlation using PySpark and HDFS
Data correlation using PySpark and HDFS
 
Anais Dotis-Georgiou [InfluxData] | Learn Flux by Example | InfluxDays NA 2021
Anais Dotis-Georgiou [InfluxData] | Learn Flux by Example | InfluxDays NA 2021Anais Dotis-Georgiou [InfluxData] | Learn Flux by Example | InfluxDays NA 2021
Anais Dotis-Georgiou [InfluxData] | Learn Flux by Example | InfluxDays NA 2021
 
Scaling up data science applications
Scaling up data science applicationsScaling up data science applications
Scaling up data science applications
 
Weather of the Century: Visualization
Weather of the Century: VisualizationWeather of the Century: Visualization
Weather of the Century: Visualization
 
Obtaining the Perfect Smoke By Monitoring Your BBQ with InfluxDB and Telegraf
Obtaining the Perfect Smoke By Monitoring Your BBQ with InfluxDB and TelegrafObtaining the Perfect Smoke By Monitoring Your BBQ with InfluxDB and Telegraf
Obtaining the Perfect Smoke By Monitoring Your BBQ with InfluxDB and Telegraf
 
Nika it consulting weekly update
Nika it consulting weekly update Nika it consulting weekly update
Nika it consulting weekly update
 
InfluxData Platform Future and Vision
InfluxData Platform Future and VisionInfluxData Platform Future and Vision
InfluxData Platform Future and Vision
 
Big Data Solutions for the Climate Community
Big Data Solutions for the Climate CommunityBig Data Solutions for the Climate Community
Big Data Solutions for the Climate Community
 
Time Series Data with InfluxDB
Time Series Data with InfluxDBTime Series Data with InfluxDB
Time Series Data with InfluxDB
 

Similar to Confidentiality as a service –usable security for the cloud

The Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDLThe Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDLUlisses Costa
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentationdegarden
 
Integrating Consul and Puppet
Integrating Consul and PuppetIntegrating Consul and Puppet
Integrating Consul and PuppetOnyxPoint Inc
 
Integrating Consul and Puppet
Integrating Consul and PuppetIntegrating Consul and Puppet
Integrating Consul and PuppetDylan Cochran
 
k-means algorithm implementation on Hadoop
k-means algorithm implementation on Hadoopk-means algorithm implementation on Hadoop
k-means algorithm implementation on HadoopStratos Gounidellis
 
Virtual training Intro to Kapacitor
Virtual training Intro to Kapacitor Virtual training Intro to Kapacitor
Virtual training Intro to Kapacitor InfluxData
 
Network simulator 2
Network simulator 2Network simulator 2
Network simulator 2AAKASH S
 
Network simulator 2
Network simulator 2Network simulator 2
Network simulator 2AAKASH S
 
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverter
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverterKernel Recipes 2014 - NDIV: a low overhead network traffic diverter
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverterAnne Nicolas
 
Implementation of k means algorithm on Hadoop
Implementation of k means algorithm on HadoopImplementation of k means algorithm on Hadoop
Implementation of k means algorithm on HadoopLamprini Koutsokera
 
Containerizing Distributed Pipes
Containerizing Distributed PipesContainerizing Distributed Pipes
Containerizing Distributed Pipesinside-BigData.com
 
Building a Real-time Streaming ETL Framework Using ksqlDB and NoSQL
Building a Real-time Streaming ETL Framework Using ksqlDB and NoSQLBuilding a Real-time Streaming ETL Framework Using ksqlDB and NoSQL
Building a Real-time Streaming ETL Framework Using ksqlDB and NoSQLScyllaDB
 
ReactiveSummeriserAkka-ScalaByBay2016
ReactiveSummeriserAkka-ScalaByBay2016ReactiveSummeriserAkka-ScalaByBay2016
ReactiveSummeriserAkka-ScalaByBay2016Ho Tien VU
 
[ScalaByTheBay2016] Implement a scalable statistical aggregation system using...
[ScalaByTheBay2016] Implement a scalable statistical aggregation system using...[ScalaByTheBay2016] Implement a scalable statistical aggregation system using...
[ScalaByTheBay2016] Implement a scalable statistical aggregation system using...Stanley Nguyen Xuan Tuong
 
Network simulator 2
Network simulator 2Network simulator 2
Network simulator 2AAKASH S
 
Advanced kapacitor
Advanced kapacitorAdvanced kapacitor
Advanced kapacitorInfluxData
 
Redis - for duplicate detection on real time stream
Redis - for duplicate detection on real time streamRedis - for duplicate detection on real time stream
Redis - for duplicate detection on real time streamCodemotion
 
Redis for duplicate detection on real time stream
Redis for duplicate detection on real time streamRedis for duplicate detection on real time stream
Redis for duplicate detection on real time streamRoberto Franchini
 

Similar to Confidentiality as a service –usable security for the cloud (20)

The Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDLThe Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDL
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentation
 
Integrating Consul and Puppet
Integrating Consul and PuppetIntegrating Consul and Puppet
Integrating Consul and Puppet
 
Integrating Consul and Puppet
Integrating Consul and PuppetIntegrating Consul and Puppet
Integrating Consul and Puppet
 
Chapter 15 - Security
Chapter 15 - SecurityChapter 15 - Security
Chapter 15 - Security
 
k-means algorithm implementation on Hadoop
k-means algorithm implementation on Hadoopk-means algorithm implementation on Hadoop
k-means algorithm implementation on Hadoop
 
Virtual training Intro to Kapacitor
Virtual training Intro to Kapacitor Virtual training Intro to Kapacitor
Virtual training Intro to Kapacitor
 
Network simulator 2
Network simulator 2Network simulator 2
Network simulator 2
 
Network simulator 2
Network simulator 2Network simulator 2
Network simulator 2
 
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverter
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverterKernel Recipes 2014 - NDIV: a low overhead network traffic diverter
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverter
 
Implementation of k means algorithm on Hadoop
Implementation of k means algorithm on HadoopImplementation of k means algorithm on Hadoop
Implementation of k means algorithm on Hadoop
 
Containerizing Distributed Pipes
Containerizing Distributed PipesContainerizing Distributed Pipes
Containerizing Distributed Pipes
 
Building a Real-time Streaming ETL Framework Using ksqlDB and NoSQL
Building a Real-time Streaming ETL Framework Using ksqlDB and NoSQLBuilding a Real-time Streaming ETL Framework Using ksqlDB and NoSQL
Building a Real-time Streaming ETL Framework Using ksqlDB and NoSQL
 
ReactiveSummeriserAkka-ScalaByBay2016
ReactiveSummeriserAkka-ScalaByBay2016ReactiveSummeriserAkka-ScalaByBay2016
ReactiveSummeriserAkka-ScalaByBay2016
 
[ScalaByTheBay2016] Implement a scalable statistical aggregation system using...
[ScalaByTheBay2016] Implement a scalable statistical aggregation system using...[ScalaByTheBay2016] Implement a scalable statistical aggregation system using...
[ScalaByTheBay2016] Implement a scalable statistical aggregation system using...
 
Network simulator 2
Network simulator 2Network simulator 2
Network simulator 2
 
Blazing Fast Windows 8 Apps using Visual C++
Blazing Fast Windows 8 Apps using Visual C++Blazing Fast Windows 8 Apps using Visual C++
Blazing Fast Windows 8 Apps using Visual C++
 
Advanced kapacitor
Advanced kapacitorAdvanced kapacitor
Advanced kapacitor
 
Redis - for duplicate detection on real time stream
Redis - for duplicate detection on real time streamRedis - for duplicate detection on real time stream
Redis - for duplicate detection on real time stream
 
Redis for duplicate detection on real time stream
Redis for duplicate detection on real time streamRedis for duplicate detection on real time stream
Redis for duplicate detection on real time stream
 

Recently uploaded

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 

Recently uploaded (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 

Confidentiality as a service –usable security for the cloud

  • 1. Confidentiality as a Service –Usable Security for the Cloud 1
  • 2.  Cloud computing provides numerous advantages.  But cloud computing is a security nightmare.  Don’t trust CSP (Cloud service provider) security.  Confidentiality and integrity vs. usability.  What about Confidentiality provider third party? 2
  • 3. Combines data security with usability.    3 Trust splitting between CSP and CAAS. Hides all cryptographic artifacts from users.
  • 4. Create CAAS Identity .   Register via user name and password.  Email-based identification and authentication (EBIA) is used.  The user must choose different passwords for his CaaS and cloud service accounts.  User downloads and installs small software plug-ins.  User enters the CaaS password once per session. 4
  • 5. 5
  • 6. MAC and HMAC. KDF and HKDF. Stream cipher.    6
  • 7. 7
  • 8. MAC based on hash functions . HMAC (K,m) = H ((K ⊕ opad) ∥ H ((K ⊕ ipad) ∥ m)) 8
  • 9. Derives one or more secret keys from a secret value.  DK = KDF( Key, Salt, Iterations) Prevents attacker to know either the input secret value or any of the other derived keys.  9
  • 10.  Extract Takes the input keying material(IKM) and extracts from it a fixed-length key (PRK). PRK = HMAC-Hash(salt, IKM)  Expand Expands the key PRK into several additional keys . 10
  • 11.  It takes a short secret key and produces a long keystream.  Encryption is performed by bitwise XORing the keystream to the plain text.  Decryption is performed by regenerating the keystream and XORing it to the ciphertext.  Stream cipher with initialization vector:  11 Take both secret key and public IV to produce keystream.
  • 12.  +cLayerLocalPre:  Choose a random initialization vector IVu1. Choose a random symmetric encryption key ku1. Calculate a keystream kstr = Sym (iv , k ). Encrypt clearu1 : encu1 = clearu1⊕ kstru1 .  Calculate the message digest digu1 = Hu(clearu1 ).  Send the tuple CredCaaS(u1), U, encu1 to the CaaS.    12 u1 ustr u1 u1
  • 13.  +cLayerRemote :          13 Check if all u ∈ U are registered CaaS users. Add u1 to U. Sort the list of participating users. For all users compute hj = Hp(uj +hj−1) to obtain iterative hash hn of all participating users. Calculate the secret key kp = HKDFp(hn,Xp). Choose a random initialisation vector ivp Calculate a key stream kstrp = Symp str(ivp, kp) Add a remote cLayer to the input: encp = encu1⊕ kstrp. Send the tuple ivp, Encp back to the requesting client.
  • 14.  -cLayerLocalPre:   14 Decrypt encp: rts = encp ⊕ kstru1. Send rts, iv , dig to the CSP p u
  • 15.  +cLayerLocalPost:  Works as +cLayerLocalPre. 15
  • 16.  +cLayerRemotePost:  Add u2 to U. Sort the list of participating users. For all users compute hj = Hp(uj +hj−1) to obtain iterative hash hn of all participating users. Calculate the secret key kp = HKDFp(hn,Xp). Recalculate a key stream kstrp = Symp str(ivp, kp)  Decrypt enc : dec = enc ⊕ kstr     16 u2 p u2 p
  • 17.  -cLayerLocalPost:    17 Decrypt cipher text using ivu2 , ku2. Calculate the result’s digest using Hu. If the digest is equal to digu1 integrity isn’t violated.
  • 18.  Sending a message:    18 Client-side Javascript checks if all recipients have CaaS accounts. If not they will be highlighted. Password needs to be entered once per session.
  • 19.  Receiving a message:  When the user opens the Facebook page, the script recovers all encrypted message.  The clear text message is inserted into the Facebook message page and framed by a green border. 19
  • 20. 20
  • 21.  S. Fahl, M. Harbach, T. Muders, and M. Smith.Condentiality as a Service - Usable Security for the Cloud. In Proceedings of the IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 2012.  P. Sarkar , On Authenticated Encryption Using Stream Ciphers Supporting an Initialisation Vector.  http://en.wikipedia.org/wiki/Stream_cipher  http://en.wikipedia.org/wiki/Message_authentication_code  http://en.wikipedia.org/wiki/HMAC  http://en.wikipedia.org/wiki/Key_derivation_function  http://tools.ietf.org/html/rfc5869 21

Editor's Notes

  1. (1) -No upfront commitment in buying/leasing hardware–On demand “just-in-time” provisioning–No upfront cost … pay-per-use.Use only when you want, and pay only what you use. (2)- Facebook, for example, leaked all their users’ private information to third-party applications over a time span of multipleyears4. In April 2011, it was reported that the design of theDropbox authentication system was insecure and users could access files of others without authorisation5.(3)-CSPs privacy efforts are usually limited to access control (AC) mechanisms that aim to exclude unauthorized users from accessing the protected data. -Time after time, careless staff members or technical complexity cause accidental sharing of user data that actually should havebeen private. - Furthermore there are situations where CSPs themselves invade the privacy of their users.
  2. (EBIA) email-based identification and authenticationIt identifies and authenticates a user by sending a validation secret to the given email address.If the user is able to read the secret, a new CaaS credential set CredCaaS = email, ids =[], password is created.
  3. http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdfhttp://en.wikipedia.org/wiki/HMACH is a cryptographic hash function,K is a secret key padded to the right with extra zeros to the input block size of the hash function, or the hash of the original key if it's longer than that block size,m is the message to be authenticated,∥ denotes concatenation,⊕ denotes exclusive or (XOR),opad is the outer padding (0x5c5c5c…5c5c, one-block-long hexadecimal constant),and ipad is the inner padding (0x363636…3636, one-block-long hexadecimal constant).
  4. http://en.wikipedia.org/wiki/Key_derivation_function kdf is the key derivationfunction,KEYis the original key or password,Saltis a random number which acts as cryptographic salt, and Iteration refers to the number ofiterations of a sub-function. The derived key is used instead of the original key or password as the key to the system.
  5. http://tools.ietf.org/html/rfc5869ExtractTakes the input keying material(IKM) and "extracts" from it a fixed-length pseudorandom key (PRK). PRK = HMAC-Hash(salt, IKM ” Message here is key”)Expand"expands" the key PRK into several additional pseudorandom keys (the output of the KDF).T(0) = empty string (zero length) T(1) = HMAC-Hash(PRK, T(0) | info | 0x01) T(2) = HMAC-Hash(PRK, T(1) | info | 0x02) T(3) = HMAC-Hash(PRK, T(2) | info | 0x03)
  6. http://en.wikipedia.org/wiki/Stream_cipherOn Authenticated Encryption Using Stream Ciphers Supportingan Initialisation VectorFlexibility in usage arises from the fact that the same key can now be usedwith dierent messages; the IV only needs to be changed. Since there is no secrecy requirement onthe IV, this is a much more easier task to manage.
  7. Run on client sideCredCaaS(u1)  user credentials.U list of users.
  8. Run on server side