Cloud Computing &

Privacy Protection

07/2013

Cloud Computing

• Infrastructure-as-a-Service (IaaS)• Platform-as-a-Service (PaaS)• Software-as-a-Service (SaaS)

• Public Cloud• Private Cloud• Hybrid Cloud

Cloud Computing (cont.)

Major Benefits:

• reduce capital cost (CAPEX -> OPEX)• focus on core business• access from anywhere• divest infrastructure management• enterprise technology

Cloud Computing (cont.)

Issues:

• security / privacy• compliance• legal

Cloud Computing - Security Concerns

Security vs. Privacy

• Security – overall information protection• Privacy – individual information governance

• Cloud Computing & Security – meet very well• Cloud Computing & Privacy – contradictory

Cloud Computing - Security Concerns (cont.)

• Business information• Personal information

Privacy is the issue!

Cloud Computing - Security Concerns (cont.)

Encryption is one of the most effective data protection techniques.

• Security Data at Rest Encryption, Data in Transit Encryption

• PrivacyData in Use Encryption

Data Encryption & Privacy Preserving

Challenges:

• Data Storage/Sharing & Privacy preserving

• Cloud Computing technology integration

• Decentralized Identity Management

• Multi-trusted domain model

Proposed model

Identity-Based Encryption & Identity Management

• Identity-Based Key Generator + OpenID Connect/OAuth2

• Identity provider (OpenID Connect/OAuth2)

• Client-side zero-knowledge encryption

Proposed model (cont.)• Identity-Based Encryption - no passwords, no certificates, e-mail address

• Identity identifier - e-mail address

• OAuth2 - open standard for authorization

• OpenID Connect - decentralized and secure authentication system on top of OAuth2

Proposed model (cont.)

Identity-Based Encryption is as strong as Identity Management itself!

Business model I.

User Agent(Browser)

Identity/OAuth Provider +Data/App Provider

Identity-Based SecaaS Provider

Google, Microsoft, Oracle, Dropbox Cisco, Symantec

Customer

Business model II.

User Agent(Browser)

Data/App ProviderIdentity/OAuth Provider +

Identity-Based SecaaS Provider

Cloud Computing Health Service Hospital, Clinic, …

Patient, Physician, …

Technology

• NIST SHA-256, AES-256, CTR-DRBG-256• OpenSSL FIPS 140-2 validated• OAuth 2.0 Identity Provider• OpenID Connect Provider

Pros

• usability (no passwords, no certificates)• no certificates management (creation, storage,

distribution, revocation)• lost key prevention• IBE like features, key escrow/fair encryption, no

need for receiver’s public key before encryption• no IBE revocation problem (online service)

Cons

• online service• master key security

Opportunities

• Data Storage / Sharing• Health Records / Medical Data Sharing• Big Data• Data Boxes• Databases• Reporting / Business Intelligence• Management Information System• e-mail• eForms / Workflow• Document Management / Workflow• Internet of Things

Featured links

• www.leadict.com• igi64.github.io