Cloud Security 李芮,蒋希坤,崔男 2018年4月 上浒文大孝 SHANGHAI JIAO TONG UNIVERSITY
Cloud Security 李芮,蒋希坤,崔男 2018年4月
Concerns Where's data? Who has access? Do you have the right to audit? anyone else can see it? Could the data be duplicated? 上海廴大字
Concerns Where’s data? Who has access? Do you have the right to audit? Anyone else can see it? Could the data be duplicated? ……
Data privacy Liang K, Su C, Chen J, et al. Efficient Multi-Function Data Sharing and Searching Mechanism for Cloud-Based Encrypted Data[c]/ACM on Asia Conference on Computer and Communications Security. ACM, 2016: 83-94 Cloud virtual networks Majumdar S, Wang Y, Madi T, et al. Tenant Guard: Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation[c]/The Network and Distributed System Security Symposium. 2017 Verification A Ahmad, K Kim, MI Sarfaraz, et al. OBLIVIATE: A Data Oblivious File System for Intel SGX [C]/Network and Distributed Systems Security (NDSS)Symposium 2018 上海廴大字
Liang K, Su C, Chen J, et al. Efficient Multi-Function Data Sharing and Searching Mechanism for Cloud-Based Encrypted Data[C]// ACM on Asia Conference on Computer and Communications Security. ACM, 2016:83-94. Majumdar S, Wang Y, Madi T, et al. TenantGuard: Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation[C]// The Network and Distributed System Security Symposium. 2017. Data privacy A Ahmad, K Kim, MI Sarfaraz, et al. OBLIVIATE: A Data Oblivious File System for Intel SGX [C]//Network and Distributed Systems Security (NDSS) Symposium 2018 Cloud virtual networks Verification
Contents 1 Cloud data Tenantguard 3> Data Obliviate File System for Intel SGX 上海廴大字
Contents 1 Cloud data 2 TenantGuard 3 A Data Obliviate File System for Intel SGX
For cloud data Homomorphic Homomorphic encryption ° For cloud computing Cloud-Based Encrypted Data Cloud data share Cloud data search
For cloud data • Homomorphic encryption • For cloud computing Homomorphic • Cloud data share • Cloud data search Cloud-Based Encrypted Data
Page 8 What’ s Homomorphic?(同态) a way to delegate processing of your data, without giving away access to it. [Gen09 Example??
Page . 8 A way to delegate processing of your data, without giving away access to it. [Gen09] What’s Homomorphic? (同态) Example??
Page EXample for Homomorphic
Page . 9 Example for Homomorphic
Page. 10 Application cloud computing Processing data Without access to get
Page . 10 Application cloud computing Processing data Without access to get
Page 11 Client Company Alice Bob /Gen(p, a) Encryption: Enc(m, pk) Input: p, q EP C=m' mod n Output: (pk, sk) (c c2)mod n=m, m2 C2=m2 modn Publickey- pk=(e, n) rekey: sk= Computation Cloud provider performs request: CxC2 calculations on encrypted data Ct C2
Page . 11
Page Comparison for he TABLE IV. COMPARISON OF PARTIAL AND FULLY HE[14] Parameter Partial HE Fully HE It allows either It allows both addition Type of operation addition or and multiplication supported multiplication scheme operations It allows a limited It allows an unlimited Computation number of number of computations computations Computational efforts It requires less effort Requires more efforts Performance It is faster and more It has slower compact performance Versatility It is low It has high Speed It is fast in speed Is slow In spee Ciphertext size It is small It is large Unpadded rsa Example Gentry Scheme ElGamal
Page . 12 Comparison for HE