上海交通大学：云安全（PPT讲稿）Cloud Security

Cloud Security 李芮,蒋希坤,崔男 2018年4月 上浒文大孝 SHANGHAI JIAO TONG UNIVERSITY

Cloud Security 李芮，蒋希坤，崔男 2018年4月

Concerns Where's data? Who has access? Do you have the right to audit? anyone else can see it? Could the data be duplicated? 上海廴大字

Concerns Where’s data? Who has access? Do you have the right to audit? Anyone else can see it? Could the data be duplicated? ……

Data privacy Liang K, Su C, Chen J, et al. Efficient Multi-Function Data Sharing and Searching Mechanism for Cloud-Based Encrypted Data[c]/ACM on Asia Conference on Computer and Communications Security. ACM, 2016: 83-94 Cloud virtual networks Majumdar S, Wang Y, Madi T, et al. Tenant Guard: Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation[c]/The Network and Distributed System Security Symposium. 2017 Verification A Ahmad, K Kim, MI Sarfaraz, et al. OBLIVIATE: A Data Oblivious File System for Intel SGX [C]/Network and Distributed Systems Security (NDSS)Symposium 2018 上海廴大字

Liang K, Su C, Chen J, et al. Efficient Multi-Function Data Sharing and Searching Mechanism for Cloud-Based Encrypted Data[C]// ACM on Asia Conference on Computer and Communications Security. ACM, 2016:83-94. Majumdar S, Wang Y, Madi T, et al. TenantGuard: Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation[C]// The Network and Distributed System Security Symposium. 2017. Data privacy A Ahmad, K Kim, MI Sarfaraz, et al. OBLIVIATE: A Data Oblivious File System for Intel SGX [C]//Network and Distributed Systems Security (NDSS) Symposium 2018 Cloud virtual networks Verification

Contents 1 Cloud data Tenantguard 3> Data Obliviate File System for Intel SGX 上海廴大字

Contents 1 Cloud data 2 TenantGuard 3 A Data Obliviate File System for Intel SGX

For cloud data Homomorphic Homomorphic encryption ° For cloud computing Cloud-Based Encrypted Data Cloud data share Cloud data search

For cloud data • Homomorphic encryption • For cloud computing Homomorphic • Cloud data share • Cloud data search Cloud-Based Encrypted Data

Page 8 What’ s Homomorphic?(同态) a way to delegate processing of your data, without giving away access to it. [Gen09 Example??

Page . 8 A way to delegate processing of your data, without giving away access to it. [Gen09] What’s Homomorphic? (同态) Example??

Page EXample for Homomorphic

Page . 9 Example for Homomorphic

Page. 10 Application cloud computing Processing data Without access to get

Page . 10 Application cloud computing Processing data Without access to get

Page 11 Client Company Alice Bob /Gen(p, a) Encryption: Enc(m, pk) Input: p, q EP C=m' mod n Output: (pk, sk) (c c2)mod n=m, m2 C2=m2 modn Publickey- pk=(e, n) rekey: sk= Computation Cloud provider performs request: CxC2 calculations on encrypted data Ct C2

Page . 11

Page Comparison for he TABLE IV. COMPARISON OF PARTIAL AND FULLY HE[14] Parameter Partial HE Fully HE It allows either It allows both addition Type of operation addition or and multiplication supported multiplication scheme operations It allows a limited It allows an unlimited Computation number of number of computations computations Computational efforts It requires less effort Requires more efforts Performance It is faster and more It has slower compact performance Versatility It is low It has high Speed It is fast in speed Is slow In spee Ciphertext size It is small It is large Unpadded rsa Example Gentry Scheme ElGamal

Page . 12 Comparison for HE