Protection of Identity Information in Cloud Computing

advertisement
Protection of Identity Information in
Cloud Computing without Trusted
Third Party
作者:Rohit Ranchal, Bharat Bhargave , Lotfi Ben Othmane, Leszek
Lilien, Anya Kim, Myong Kang, Mark Linderman
IEEE International Symposium on Reliable Distributed System
報告日期:12.13
報告者:許睿中
Outline
Introduction
 Relate works
 Select research problems
 Proposed schemes

◦ Multi-party computing
◦ Predicate encryption scheme
◦ Active Bundle Scheme

Conclusions
Introductions

In cloud computing, entities may have multi accounts
associate with a single or multi service provider(SP).

Share sensitive identity information(Personal
identifiable information or PII) along with associated
attributes of the same entity across services can be
lead to mapping of the identity to the entity,
tantamount to privacy loss.
Introductions

Identity management(IDM) is one of the core
components in cloud privacy and security and can
help alleviate some of the problems associated with
cloud computing.

To used a cloud service, a user need to authenticate
herself to it.

The user has to give away some private information,
which uniquely identifies the user to SP. That is user’s
PII(Personal identifiable information).
Introductions

Obtaining the user’s PII gives some assurance to SPs
about the user’s identity, which helps SP to decide
whether to permit to its service or not.

The propose of an IDM system is to decide upon
the disclosure of this information in a secure
manner.
The main problem for Bob is to
decide which portion of his PII
should he disclose, and how do
disclose it in a secure way.
Relate works

Different solutions use different ways of sending
user’s PII for negotiation with the SPs. The common
ways are:
◦ Use of a Trusted Third Party(TTP). The major issue
with such approach in cloud computing are:
 (a) TTP could be a cloud service, so SP could be TTP ;
therefore, TTP may not be an independent trusted
entity anymore.
 (b) Using a single TTP.
Relate works

Different solutions use different ways of sending
user’s PII for negotiation with the SPs. The common
ways are:
◦ Prohibiting untrusted host. A client application
holding PII must be executed on trusted host to
prevent malicious host from accessing PII.
Select Research Problems

Authenticating without disclosing PII
◦ When a user sends PII to authenticate for a service,
the user may encrypt it. However, PII is decrypted
before an SP uses it. As soon as PII is decrypted, it
becomes prone to attacks.

Using services on untrusted host
◦ The available IDM solutions require user to execute
IDM from a trusted host. They do not recommend
using IDM on untrusted hosts, such as public host
Proposed scheme

The goal in the paper is to assure that IDM does
not use TTP for verifying credentials.

This implies that IDM could use TTPs for other
purpose, such as the use of a TTP by IDM for
management of decryption key.
Proposed scheme

Proposed an approach for IDM in cloud computing
that:
◦ Does not require TTPS
 This is achieved through the use of multi-party
computing, in which secret are split into shares
distributed to different hosts.
Proposed scheme

Proposed an approach for IDM in cloud computing
that:
◦ Can be used for an untrusted or unknown hosts
 This is achieved though the use of the active bundle
scheme. An active bundle has a self-integrity check
mechanism, which triggers apoptosis(a complete selfdestruction) or evaporation(a partial self-destruction)
when the check fails.
Proposed scheme

Proposed an approach for IDM in cloud computing
that:
◦ Uses encrypted data when negotiating the use of PII
for authentication to services in cloud computing
 This is achieved by using predicate over encrypted data.
Multi-party computing

Threshold secret sharing
◦ First, a secret data item D is divided into n shares D1,
D2, …, Dn, then a threshold k is chosen, so that:
 To recover D, k or more of arbitrary Di’s are required.
 Using any k-1 or fewer Di’s leaves D completely
undetermined.
Multi-party computing

A function f using secret input from all the party.
Involves n party, which calculate only partial function
output.

One of the player is selected as the dealer(DLR),
and is provide the partial function outputs to find
out the full results of function computation.

Let f be a linear function of degree n known to each
of the n party, and t be an arbitrary threshold value,
and Pi denote Party i, and xi denote the secret input
of Pi for f.
Multi-party computing

Let a1, a2 , …,an be distinct non-zero elements in the
domain of f. Player Pi is assigned the point ai.

DLR will receive from the n parties the partial
outputs of f calculated by the n parties using their
respective secret inputs x1, x2,…, xn.

Each party Pi generates a polynomial hi of degree t
such that hi(0)=xi
Multi-party computing

Each party Pi send to each Pj one si,j=hi(aj) of Pj’s
input.

Then, each Pi computes a portion of function f using
share si,j of the input that it has or received from
n-1 other parties.
Predicate encryption scheme

Predicate encryption scheme allows evaluating
predicate with encrypted data.
◦ For example, Alice can compute the predicate using
encrypted data.
1.
2.
3.
4.
Setup
Encrypt(PK,PII)
KeyGen(PK,MSK,p)
Query(PK,CT,TKp)
PK,MSK
CT
TKP
p(PII)
◦ Alice uses a Setup algorithm scheme that generate a
public key PK and a secret key MSK.
Predicate encryption scheme

Predicate encryption scheme allows evaluating
predicate with encrypted data.
◦ For example, Alice can compute the predicate using
encrypted data.
1.
2.
3.
4.
Setup
Encrypt(PK,PII)
KeyGen(PK,MSK,p)
Query(PK,CT,TKp)
PK,MSK
CT
TKP
p(PII)
◦ Alice uses PK to encrypt her PII and gets ciphertext
CT.
Predicate encryption scheme

Predicate encryption scheme allows evaluating
predicate with encrypted data.
◦ For example, Alice can compute the predicate using
encrypted data.
1.
2.
3.
4.
Setup
Encrypt(PK,PII)
KeyGen(PK,MSK,p)
Query(PK,CT,TKP)
PK,MSK
CT
TKP
p(PII)
◦ Alice has the function p representing a predicate that
she wishes to evaluate for her CT.
◦ She uses the KeyGen algorithm, PK ,MAK and p to
output the token TKP.
Predicate encryption scheme

Predicate encryption scheme allows evaluating
predicate with encrypted data.
◦ For example, Alice can compute the predicate using
encrypted data.
1.
2.
3.
4.
Setup
Encrypt(PK,PII)
KeyGen(PK,MSK,p)
Query(PK,CT, TKP)
PK,MSK
CT
TKP
p(PII)
◦ She gives TKP to the host that evaluates the token for
CT, and returns the result p(PII) to Alice.
Proposed schemes

An owner O encrypts PII using algorithm Encrypt and
O’s public key PK. Encrypt outputs CT-the encrypted PII.

The secret key MSK is spilt between n parties.

SP transform his request for PII to a predicate
represented by function P.

SP send share of p to the n parties who hold the shares
of MSK.
Proposed schemes

The n parties execute together KeyGen using PK,
MSK, and P and return TKP to SP.

SP call the algorithm Query that take as input PK,
CT, TKP and produces p(PII) which is evaluation of
the predicate.

The owner O is allow to use the service only when
the predicate evaluate to “true”.
Active Bundle Scheme

Include:
◦ Identity data:
 Data used for authentication, getting service, using
service
 The data are encrypted
◦ Metadata : Describe active bundle and its privacy
policy
 (a) integrity check metadata
 (b) access control metadata
 (c) dissemination control metadata
Active Bundle Scheme

Includes:
◦ Virtual machine(VM):manages and controls the
program code enclosed in a bundle.
 Enforcing bundle access control policies through
apoptosis, evaporation
 Enforcing bundle dissemination policies
 Validate bundle integrity
◦ Disclosure policy:
 A set of rule for choosing which identity data to disclose
Active Bundle Scheme

Active bundle send from a source host to the
destination.

An active bundle ascertain the host’s trust level
through a TTP.

Using its disclosure policy, it decides whether the
host may be eligible to access all or part of bundle’s
data, and which portion of sensitive data can be
revealed to it.
Active Bundle Scheme

The remaining data may be evaporated as specified
in the access control polies, protecting the data.

An active bundle may realize its security is about to
be compromised.
◦ It may discover that its self-integrity check fail
◦ Or the trust level of its host is to low

The active bundle may choose to apoptosize , that is
perform atomically a clean self-destruction.
Active Bundle Scheme
Active Bundle Scheme
Conclusions

It is very likely that user end up having multiple
identities in multiple service providers security
repositories, as well as multiple credential and
multiple access permissions for different services
provided by different SPs.

There is a strong need for an efficient and effective
privacy-preserving system that is independent of
TTPs, able to unambiguously identify users that
can be trusted.
Download