A PASS Scheme in Clouding Computing
- Protecting Data Privacy by Authentication
and Secret Sharing
Jyh-haw Yeh
Dept. of Computer Science
Boise State University
Cloud Computing Introduction
 Cloud provides services – software,, platform,
Infrastructure.
 Clients are charged by per-use basis.
 Capital Expenditure (CapExp) -> Operational
Expenditure (OpExp)
 Multi-tenancy: better resource utilization
 Reliability: redundant sites
 Security: better protection from outside attacks.
 Security: big ? from malicious cloud employees.
The Problem to solve
• Protecting clients’ data privacy from cloud
employee.
• Perfect solution: fully homomophic encryption
algorithm (FHEA). No practical algorithm
available.
• Without FHEA, 100% data privacy may not be
possible.
PASS Scheme
• Protect data Privacy by Authentication and
Secret Sharing (PASS).
• Objective: minimize the risk of leaking private
data.
• Approach:
– Encrypt data by a key shared with the client.
– Do not store the key anywhere in the cloud.
– Use secret sharing to authenticate users and
recover the shared key.
PASS Scheme
• 5 security components:
– Public key cryptosystem (PKC): published by cloud.
– Key agreement (KA): agree on a shared key and two
secret shares at registration.
– Key management (KM): keep a profile for each client.
– Authentication(AUTH):
• client’s counter <-> server’s counter;
• Computed hashed key from client’s request <-> stored
hashed key
– Access control (ACL): second defense for a time frame
that the secret key is in use for processing a query.
PASS Scheme
• Design guideline:
– Ensure secret isolation (secret compartment).
– Security with a higher priority than efficiency.
– Choose a design choice that would benefit
multiple security components.
PASS Scheme - PKC
• PASS chooses ECC over RSA.
• ECC: a curve y 2  x3  ax  b is chosen over a
prime p. A base point G with an order n.
• Cloud provider publishes the ECC domain
parameter <p, a, b, G, n>.
• Each cloud entity (server, clients) sets up his
own public-private key pair.
– Server: public
– Client i: public
Ds
Di
, private
, private
, where Ds  dsG
di , where Di  di G
ds
PASS Scheme – Key Agreement
• Each client i and the cloud server s agree on a
data encryption key k i and two secret
shares SSi (known to the client) and CS i
(known to the server).
• The secret shares are used to recover the
encryption key.
PASS Scheme – Key Agreement
• Encryption key agreement:
– Client i chooses a random number ri and then
sends Ri  riG to the server s
– Server s chooses a random number rs and then
sends Rs  rsG to the client i
– Both compute a point Qi  ri Rs  rs Ri
– Agree on an encryption key k i : the x-coordinate
of Qi
PASS Scheme – Key Agreement
• Secret shares agreement:
– Both computes a point Qi  Di and let a be the
x-coordinate of the point
– Both construct a same poly f ( x)  ki  ax
– SSi  ( x1 , f ( x1 ))
– CSi  ( x2 , f ( x2 ))
– With both secret shares, the poly and then the
secret key can be recovered
PASS Scheme – Key Management
• The cloud keeps a profile for each client i
Security
• Client h(ki ) SSi
D
SRC
ID
i
i
Label
• Hashed key and server request counter
for authentication
• Security label for access control
SRCi
PASS Scheme – Client Authentication
•
•
•
•
Client keeps his own request counter CRCi
Client  Server: ENCD (CRCi || CSi )
Server decrypt and get both CRCi and CS i
Client authentication succeeds if both
s
– the stored hashed key matches the hashed key
derived from secret shares
– The server and client request counters are
matched
PASS Scheme – Access Control
•
•
•
•
Security label: (security level, {categories})
Security level: secret, non-secret
Each client i is a category Ci
All query servers/processes are in category
“query-system”  {all Ci }
• Security label for client i’s profile: (secret, { Ci })
PASS Scheme – Integrating five
Components
• Step1 - 4 for initial client registration: key
agreement and data encryption
• Step 5-12 for a query processing
• Diagram in the following link shows these
steps.
• http://cs.boisestate.edu/~jhyeh/pass_diagram
.pdf