Click here to load reader
Upload
igor-zboran
View
274
Download
1
Embed Size (px)
Citation preview
Cloud Computing &
Privacy Protection
07/2013
Cloud Computing
• Infrastructure-as-a-Service (IaaS)• Platform-as-a-Service (PaaS)• Software-as-a-Service (SaaS)
• Public Cloud• Private Cloud• Hybrid Cloud
Cloud Computing (cont.)
Major Benefits:
• reduce capital cost (CAPEX -> OPEX)• focus on core business• access from anywhere• divest infrastructure management• enterprise technology
Cloud Computing (cont.)
Issues:
• security / privacy• compliance• legal
Cloud Computing - Security Concerns
Security vs. Privacy
• Security – overall information protection• Privacy – individual information governance
• Cloud Computing & Security – meet very well• Cloud Computing & Privacy – contradictory
Cloud Computing - Security Concerns (cont.)
• Business information• Personal information
Privacy is the issue!
Cloud Computing - Security Concerns (cont.)
Encryption is one of the most effective data protection techniques.
• Security Data at Rest Encryption, Data in Transit Encryption
• PrivacyData in Use Encryption
Data Encryption & Privacy Preserving
Challenges:
• Data Storage/Sharing & Privacy preserving
• Cloud Computing technology integration
• Decentralized Identity Management
• Multi-trusted domain model
Proposed model
Identity-Based Encryption & Identity Management
• Identity-Based Key Generator + OpenID Connect/OAuth2
• Identity provider (OpenID Connect/OAuth2)
• Client-side zero-knowledge encryption
Proposed model (cont.)• Identity-Based Encryption - no passwords, no certificates, e-mail address
• Identity identifier - e-mail address
• OAuth2 - open standard for authorization
• OpenID Connect - decentralized and secure authentication system on top of OAuth2
Proposed model (cont.)
Identity-Based Encryption is as strong as Identity Management itself!
Business model I.
User Agent(Browser)
Identity/OAuth Provider +Data/App Provider
Identity-Based SecaaS Provider
Google, Microsoft, Oracle, Dropbox Cisco, Symantec
Customer
Business model II.
User Agent(Browser)
Data/App ProviderIdentity/OAuth Provider +
Identity-Based SecaaS Provider
Cloud Computing Health Service Hospital, Clinic, …
Patient, Physician, …
Technology
• NIST SHA-256, AES-256, CTR-DRBG-256• OpenSSL FIPS 140-2 validated• OAuth 2.0 Identity Provider• OpenID Connect Provider
Pros
• usability (no passwords, no certificates)• no certificates management (creation, storage,
distribution, revocation)• lost key prevention• IBE like features, key escrow/fair encryption, no
need for receiver’s public key before encryption• no IBE revocation problem (online service)
Cons
• online service• master key security
Opportunities
• Data Storage / Sharing• Health Records / Medical Data Sharing• Big Data• Data Boxes• Databases• Reporting / Business Intelligence• Management Information System• e-mail• eForms / Workflow• Document Management / Workflow• Internet of Things