Jyh-haw Yeh
Dept. of Computer Science
Boise State University
Cloud provides services – software,, platform,
Infrastructure.
 Clients are charged by per-use basis.
 Capital Expenditure (CapExp) -> Operational
Expenditure (OpExp)
 Multi-tenancy: better resource utilization
 Reliability: redundant sites
 Security: better protection from outside
attacks.
 Security: big ? from malicious cloud
employees.




Protecting clients’ data privacy from cloud
employee.
Perfect solution: fully homomophic
encryption algorithm (FHEA). No practical
algorithm available.
Without FHEA, 100% data privacy may not be
possible.



Protect data Privacy by Authentication and
Secret Sharing (PASS).
Objective: minimize the risk of leaking private
data.
Approach:
◦ Encrypt data by a key shared with the client.
◦ Do not store the key anywhere in the cloud.
◦ Use secret sharing to authenticate users and
recover the shared key.

5 security components:
◦ Public key cryptosystem (PKC): published by cloud.
◦ Key agreement (KA): agree on a shared key and two
secret shares at registration.
◦ Key management (KM): keep a profile for each
client.
◦ Authentication(AUTH):
 client’s counter <-> server’s counter;
 Computed hashed key from client’s request <->
stored hashed key
◦ Access control (ACL): second defense for a time
frame that the secret key is in use for processing a
query.

Design guideline:
◦ Ensure secret isolation (secret compartment).
◦ Security with a higher priority than efficiency.
◦ Choose a design choice that would benefit multiple
security components.




PASS chooses ECC over RSA.
2
3
ECC: a curve y  x  ax  b
is chosen over a
prime p. A base point G with an order n.
Cloud provider publishes the ECC domain
parameter <p, a, b, G, n>.
Each cloud entity (server, clients) sets up his
own public-private key pair.
◦ Server: public Ds , private d s , where Ds  d s G
◦ Client i: public Di , private di , where Di  di G


Each client i and the cloud server s agree on a
data encryption key ki and two secret
shares SSi (known to the client) and CSi
(known to the server).
The secret shares are used to recover the
encryption key.
Encryption key agreement:

◦
◦
◦
◦
Client i chooses a random number ri and then
sends Ri  ri G to the server s
Server s chooses a random number rs and then
sends Rs  rs G to the client i
Both compute a point Qi  ri Rs  rs Ri
Agree on an encryption key k i : the x-coordinate
of Qi

Secret shares agreement:
◦ Both computes a point Qi  Di and let
a
be the
x-coordinate of the point
◦ Both construct a same poly f ( x)  ki  ax
◦ SSi  ( x1 , f ( x1 ))
◦ CSi  ( x2 , f ( x2 ))
◦ With both secret shares, the poly and then the
secret key can be recovered




The cloud keeps a profile for each client i
Client
ID
h( k i )
SSi
Di
SRCi
Securit
y Label
Hashed key and server request counter SRCi
for authentication
Security label for access control




Client keeps his own request counter CRC i
Client  Server: ENCD (CRCi || CSi )
Server decrypt and get both CRC i and CSi
Client authentication succeeds if both
s
◦ the stored hashed key matches the hashed key
derived from secret shares
◦ The server and client request counters are matched





Security label: (security level, {categories})
Security level: secret, non-secret
Each client i is a category
C i are in category
All query servers/processes
“query-system”  {all C i }
Security label to client i’s profile: (secret, { C i })




Step1 - 4 for initial client registration: key
agreement and data encryption
Step 5-12 for a query processing
Diagram in the following link shows these
steps.
http://cs.boisestate.edu/~jhyeh/presentation
/pass_diagram.pdf