Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Confidentiality as a Service –Usable
Security for the Cloud

1


Cloud computing provides numerous advantages.



But cloud computing is a security nightmare.



Don’t trust CSP (Clo...
Combines data security with usability.






3

Trust splitting between CSP and CAAS.
Hides all cryptographic artifacts...
Create CAAS Identity .





Register via user name and password.



Email-based identification and authentication (EBIA...
5
MAC and HMAC.
KDF and HKDF.
Stream cipher.






6
7
MAC based on hash functions .

HMAC (K,m) = H ((K ⊕ opad)
∥ H ((K ⊕ ipad) ∥ m))

8
Derives one or more secret keys from a secret value.



DK = KDF( Key, Salt, Iterations)
Prevents attacker to know either...


Extract
Takes the input keying material(IKM) and extracts from it a
fixed-length key (PRK).

PRK = HMAC-Hash(salt, IKM)...


It takes a short secret key and produces a long
keystream.



Encryption is performed by bitwise XORing the
keystream ...


+cLayerLocalPre:



Choose a random initialization vector IVu1.
Choose a random symmetric encryption key ku1.
Calculat...


+cLayerRemote :











13

Check if all u ∈ U are registered CaaS users.
Add u1 to U.
Sort the list of par...


-cLayerLocalPre:



14

Decrypt encp: rts = encp ⊕ kstru1.
Send rts, iv , dig to the CSP
p

u


+cLayerLocalPost:
 Works as +cLayerLocalPre.

15


+cLayerRemotePost:



Add u2 to U.
Sort the list of participating users.
For all users compute hj = Hp(uj +hj−1)
to ob...


-cLayerLocalPost:





17

Decrypt cipher text using ivu2 , ku2.
Calculate the result’s digest using Hu.
If the dige...


Sending a message:





18

Client-side Javascript checks if all recipients have CaaS
accounts.
If not they will be ...


Receiving a message:
 When the user opens the Facebook page, the script
recovers all encrypted message.
 The clear te...
20


S. Fahl, M. Harbach, T. Muders, and M. Smith.Condentiality as a Service - Usable Security
for the Cloud. In Proceedings...
Upcoming SlideShare
Loading in …5
×

Confidentiality as a service –usable security for the cloud

  • Login to see the comments

  • Be the first to like this

Confidentiality as a service –usable security for the cloud

  1. 1. Confidentiality as a Service –Usable Security for the Cloud 1
  2. 2.  Cloud computing provides numerous advantages.  But cloud computing is a security nightmare.  Don’t trust CSP (Cloud service provider) security.  Confidentiality and integrity vs. usability.  What about Confidentiality provider third party? 2
  3. 3. Combines data security with usability.    3 Trust splitting between CSP and CAAS. Hides all cryptographic artifacts from users.
  4. 4. Create CAAS Identity .   Register via user name and password.  Email-based identification and authentication (EBIA) is used.  The user must choose different passwords for his CaaS and cloud service accounts.  User downloads and installs small software plug-ins.  User enters the CaaS password once per session. 4
  5. 5. 5
  6. 6. MAC and HMAC. KDF and HKDF. Stream cipher.    6
  7. 7. 7
  8. 8. MAC based on hash functions . HMAC (K,m) = H ((K ⊕ opad) ∥ H ((K ⊕ ipad) ∥ m)) 8
  9. 9. Derives one or more secret keys from a secret value.  DK = KDF( Key, Salt, Iterations) Prevents attacker to know either the input secret value or any of the other derived keys.  9
  10. 10.  Extract Takes the input keying material(IKM) and extracts from it a fixed-length key (PRK). PRK = HMAC-Hash(salt, IKM)  Expand Expands the key PRK into several additional keys . 10
  11. 11.  It takes a short secret key and produces a long keystream.  Encryption is performed by bitwise XORing the keystream to the plain text.  Decryption is performed by regenerating the keystream and XORing it to the ciphertext.  Stream cipher with initialization vector:  11 Take both secret key and public IV to produce keystream.
  12. 12.  +cLayerLocalPre:  Choose a random initialization vector IVu1. Choose a random symmetric encryption key ku1. Calculate a keystream kstr = Sym (iv , k ). Encrypt clearu1 : encu1 = clearu1⊕ kstru1 .  Calculate the message digest digu1 = Hu(clearu1 ).  Send the tuple CredCaaS(u1), U, encu1 to the CaaS.    12 u1 ustr u1 u1
  13. 13.  +cLayerRemote :          13 Check if all u ∈ U are registered CaaS users. Add u1 to U. Sort the list of participating users. For all users compute hj = Hp(uj +hj−1) to obtain iterative hash hn of all participating users. Calculate the secret key kp = HKDFp(hn,Xp). Choose a random initialisation vector ivp Calculate a key stream kstrp = Symp str(ivp, kp) Add a remote cLayer to the input: encp = encu1⊕ kstrp. Send the tuple ivp, Encp back to the requesting client.
  14. 14.  -cLayerLocalPre:   14 Decrypt encp: rts = encp ⊕ kstru1. Send rts, iv , dig to the CSP p u
  15. 15.  +cLayerLocalPost:  Works as +cLayerLocalPre. 15
  16. 16.  +cLayerRemotePost:  Add u2 to U. Sort the list of participating users. For all users compute hj = Hp(uj +hj−1) to obtain iterative hash hn of all participating users. Calculate the secret key kp = HKDFp(hn,Xp). Recalculate a key stream kstrp = Symp str(ivp, kp)  Decrypt enc : dec = enc ⊕ kstr     16 u2 p u2 p
  17. 17.  -cLayerLocalPost:    17 Decrypt cipher text using ivu2 , ku2. Calculate the result’s digest using Hu. If the digest is equal to digu1 integrity isn’t violated.
  18. 18.  Sending a message:    18 Client-side Javascript checks if all recipients have CaaS accounts. If not they will be highlighted. Password needs to be entered once per session.
  19. 19.  Receiving a message:  When the user opens the Facebook page, the script recovers all encrypted message.  The clear text message is inserted into the Facebook message page and framed by a green border. 19
  20. 20. 20
  21. 21.  S. Fahl, M. Harbach, T. Muders, and M. Smith.Condentiality as a Service - Usable Security for the Cloud. In Proceedings of the IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 2012.  P. Sarkar , On Authenticated Encryption Using Stream Ciphers Supporting an Initialisation Vector.  http://en.wikipedia.org/wiki/Stream_cipher  http://en.wikipedia.org/wiki/Message_authentication_code  http://en.wikipedia.org/wiki/HMAC  http://en.wikipedia.org/wiki/Key_derivation_function  http://tools.ietf.org/html/rfc5869 21

×