IIT Roorkee Talk - Jan 2018patrey/ppts/IITRoorkeeTalk_Jan2018.pdf · NETSEC 2018, IIT, ROORKEE 1....
Transcript of IIT Roorkee Talk - Jan 2018patrey/ppts/IITRoorkeeTalk_Jan2018.pdf · NETSEC 2018, IIT, ROORKEE 1....
-
SecureCTask: Secure Tasking over Untrusted Third-Party ServersPRADEEP K ATREY
A L BA N Y L A B F O R P R I VA CY A N D S E C U R I T Y ( A L P S )
D E PA R T M E N T O F C O M P U T E R S C I E N C E , C O L L E G E O F E N G I N E E R I N G A N D
A P P L I E D S C I E N C E S
E M A I L : PAT R E Y @ A L B A N Y. E D U , U R L : W W W. C S . A L B A N Y. E D U / ~ PAT R E Y
NETSEC 2018, IIT, ROORKEE 1
-
Where I come from?
NETSEC 2018, IIT, ROORKEE 2
-
Where I come from?
NETSEC 2018, IIT, ROORKEE 3
-
State University of New York at Albany (UAlbany)
NETSEC 2018, IIT, ROORKEE 4
UAlbany Video
-
SecureCTask: Secure Tasking over Untrusted Third-Party ServersPRADEEP K ATREY
A L BA N Y L A B F O R P R I VA CY A N D S E C U R I T Y ( A L P S )
D E PA R T M E N T O F C O M P U T E R S C I E N C E , C O L L E G E O F E N G I N E E R I N G A N D
A P P L I E D S C I E N C E S
E M A I L : PAT R E Y @ A L B A N Y. E D U , U R L : W W W. C S . A L B A N Y. E D U / ~ PAT R E Y
NETSEC 2018, IIT, ROORKEE 5
-
Motivation
NETSEC 2018, IIT, ROORKEE 6
510,000 comments, 293,000 status
updates, and 136,000 photos
300 hours of video
204 million emails
350,000 tweets
2.4 million search queries, 12000
GB free Google Drive space
Terabytes of video
STORAGE
&
PROCESSING
Data Per Minute
> 2000 TB
Gigabytes of audio data
-
Mo
tiva
tio
n
(co
nt.
)
NETSEC 2018, IIT, ROORKEE 7
Source: www.csoonline.com
published Oct 11, 2017
-
Motivation (cont.)Email Security Breaches
NETSEC 2018, IIT, ROORKEE 8
-
Image source: http://www.teleware.com/solutions/call-recording/
How many of you
have called to a call
center at least once?
9
Motivation (cont.)
NETSEC 2018, IIT, ROORKEE
-
Image source: http://www.teleware.com/solutions/call-recording/
SSN Passport Health
Policy CardCredit Card Date of Birth
111-22-3333
10
Motivation (cont.)
NETSEC 2018, IIT, ROORKEE
How many of you
have called to a call
center at least once?
-
Motivation (cont.)
Can we trust third-party CSPs?
Internal attackers at CSP
NETSEC 2018, IIT, ROORKEE 11
Honest User
Cloud Service
Provider (CSP)
Semi-Honest
CSP
Malicious External
Attacker
Data
Threat Model
Can We Securely Perform Tasks at Cloud?
-
Motivation (cont.)
Can we trust third-party CSPs?
Internal attackers at CSP
NETSEC 2018, IIT, ROORKEE 12
Honest User
Cloud Service
Provider (CSP)
Semi-Honest
CSP
Malicious External
Attacker
Data
Threat Model
Can We Securely Perform Tasks at Cloud? SecureCTask
-
SecureCTasko SecureCScaling
− Secure Cloud-based Image/Video Scaling
o SecureCEnhance− Secure Cloud-based Image/Audio Enhancement
o SecureCMail− Secure Cloud-based Emailing
o SecureCMerge− Secure Cloud-based PDF merging
o SecureCEdit− Secure Cloud-based Document Editing
o SecureCDedup− Secure Cloud-based Data Deduplication
NETSEC 2018, IIT, ROORKEE 13
-
SecureCTasko SecureCScaling
− Secure Cloud-based Image/Video Scaling
o SecureCEnhance− Secure Cloud-based Image/Audio Enhancement
o SecureCMail− Secure Cloud-based Emailing
o SecureCMerge− Secure Cloud-based PDF merging
o SecureCEdit− Secure Cloud-based Document Editing
o SecureCDedup− Secure Cloud-based Data Deduplication
NETSEC 2018, IIT, ROORKEE 14
-
15
SecureCScaling:Secure Cloud-based Image/Video Scaling
• Architecture and Workflow
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
NETSEC 2018, IIT, ROORKEE
-
Cryptosystem - Shamir’s Secret Sharing
11000…110110000…0101
00011…1100
01110…0001
Secret Random Number
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
NETSEC 2018, IIT, ROORKEE 16
Source: http://www.ocss-va.org/jrotc/chain.html
-
11000…110110000…0101
00011…1100
01110…0001
Trash
Cryptosystem - Shamir’s Secret Sharing
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
NETSEC 2018, IIT, ROORKEE 17
Secret Random Number
Source: http://www.ocss-va.org/jrotc/chain.html
-
11000…110110000…0101
00011…1100
01110…0001
Cryptosystem - Shamir’s Secret Sharing
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
NETSEC 2018, IIT, ROORKEE 18
Source: http://www.ocss-va.org/jrotc/chain.html
-
10000…0101
00011…1100
01110…0001
Homomorphic property: E(A) o E(B) = E(AoB)
o: +, - *, /, |
Cryptosystem - Shamir’s Secret Sharing
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
NETSEC 2018, IIT, ROORKEE 19
Source: http://www.ocss-va.org/jrotc/chain.html
-
20
SecureCScaling:Secure Cloud-based Image Scaling
• Results: Scaling
Required Zoomed Shadow
Image
Recovered Zoomed
Image
M. Mohanty, W.-T. Ooi and P. K. Atrey. Scale me, crop me, know me not: Supporting scaling and cropping in secret
image sharing. IEEE International Conference on Multimedia and Expo (ICME'2013), July 15-19, 2013, San Jose, CA, USA.
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
NETSEC 2018, IIT, ROORKEE
-
21
SecureCScaling:Secure Cloud-based Video Scaling
O.-A. Kristensen, M. Mohanty, and P. K. Atrey. Don’t see me, just edit me: Towards secure cloud-based video editing. The 11th
Annual Symposium on Information Assurance (ASIA'16) with NYS Cyber Security Conference, pp 74-78, June 2016, Albany, NY, USA.
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
NETSEC 2018, IIT, ROORKEE
-
SecureCTasko SecureCScaling
− Secure Cloud-based Image/Video Scaling
o SecureCEnhance− Secure Cloud-based Image/Audio Enhancement
o SecureCMail− Secure Cloud-based Emailing
o SecureCMerge− Secure Cloud-based PDF merging
o SecureCEdit− Secure Cloud-based Document Editing
o SecureCDedup− Secure Cloud-based Data Deduplication
NETSEC 2018, IIT, ROORKEE 22
-
SecureCEnhance:Encrypted-domain Image Quality Enhancement over Cloud
23
Architecture and WorkflowMULTIMEDIA
CAPRTURING
DEVICE
SERVER, SPreprocesses
Original Image,
Creates and
Distributes Shares
CDC1:
LPF
CDC2:
LPF
CDCN:
LPF
AUTHORIZED
USERObtains any T
Shares and
Reconstructs
Enhanced (LPF)
Image
DISPLAY DEVICESHARE 1
SHARE 2
SHARE N
PROCESSED SHARE 1
PROCESSED SHARE 2
PROCESSED SHARE N
A. Lathey, P. K. Atrey and N. Joshi. Homomorphic low pass filtering on encrypted multimedia over cloud. IEEE International Conference
on Semantic Computing (ICSC'2013), September 2013, Irvine, CA, USA.
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
NETSEC 2018, IIT, ROORKEE
-
The proposed method is demonstrated to work for
◦ Noise removal and anti-aliasing
◦ Results – Scheme 1 (Demo)
◦ Results – Scheme 2 (Demo)
◦ Edge and contrast enhancement (Demo)
◦ Dehazing (Demo)
More demos available on:
◦ https://sites.google.com/site/ankitaresearchdemos/home
24
A. Lathey and P. K. Atrey. Image enhancement in encrypted domain over cloud. ACM Transactions on
Multimedia, Computing, Communications and Applications, January 2015.
SecureCEnhance:Encrypted-domain Image Quality Enhancement over Cloud
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
NETSEC 2018, IIT, ROORKEE
-
25
A. Yakubu, N. Maddage and P. K. Atrey. Secure audio reverberation over cloud. The 10th International Symposium
on Information Assurance (ASIA’15) with NYS Cyber Security Conference, pp 39-43, June 2015, Albany, NY, USA.
SecureCEnhance:Encrypted-domain Audio Reverberation over Cloud
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
NETSEC 2018, IIT, ROORKEE
-
26
SecureCEnhance:Encrypted-domain Speech Noise Reduction over Cloud
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
- A. Yakubu, N. Maddage and P. K. Atrey. Encrypted domain cloud-based speech noise reduction. The 1st International
Workshop on Privacy in Multimedia (PIM’16) with ICME’16, July 2016, Seattle, WA, USA.
- A. Yakubu, N. Maddage and P. K. Atrey. Securing speech noise reduction in outsourced environment. ACM Transactions on
Multimedia Computing, Communication and Applications. Vol. 13, No. 4, Article 51, August (2017).
NETSEC 2018, IIT, ROORKEE
-
SecureCTasko SecureCScaling
− Secure Cloud-based Image/Video Scaling
o SecureCEnhance− Secure Cloud-based Image/Audio Enhancement
o SecureCMail− Secure Cloud-based Emailing
o SecureCMerge− Secure Cloud-based PDF merging
o SecureCEdit− Secure Cloud-based Document Editing
o SecureCDedup− Secure Cloud-based Data Deduplication
NETSEC 2018, IIT, ROORKEE 27
-
SecureCMail: Securing Emails from Service Providers using Secret Sharing
Have you ever sent
any confidential
information such as
passport and SSN
over email?
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
NETSEC 2018, IIT, ROORKEE 28
Gmail now has more than 1 billion
monthly active users – Alarming?
-
29
Share
creation
using
SSS
Email
(content +
attachment)
GMAIL
server
YAHOO
server
Email
reconstr
uction
using
SSS
Email
(content +
attachment)
SENDER RECEPIENT
SecureCMail: Securing Emails from Service Providers using Secret Sharing
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
P. Singh, S. Arora, K. Williamson and P. K. Atrey. S3Email: A method for securing emails from service providers. The
2017 IEEE International Conference on Systems, Man, and Cybernetics (SMC'2017), Banff, Canada, October 2017.
NETSEC 2018, IIT, ROORKEE
ALBANY
server
UMASS
server
-
30
SecureCMail: Securing Emails from Service Providers using Secret Sharing
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
Demo: http://www.screencast.com/t/NiURJXpZdL1
P. Singh, S. Arora, K. Williamson and P. K. Atrey. S3Email: A method for securing emails from service providers. The
2017 IEEE International Conference on Systems, Man, and Cybernetics (SMC'2017), Banff, Canada, October 2017.
NETSEC 2018, IIT, ROORKEE
-
SecureCTasko SecureCScaling
− Secure Cloud-based Image/Video Scaling
o SecureCEnhance− Secure Cloud-based Image/Audio Enhancement
o SecureCMail− Secure Cloud-based Emailing
o SecureCMerge− Secure Cloud-based PDF merging
o SecureCEdit− Secure Cloud-based Document Editing
o SecureCDedup− Secure Cloud-based Data Deduplication
NETSEC 2018, IIT, ROORKEE 31
-
32
SecureCMerge: Secure Online PDF Merging
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
NETSEC 2018, IIT, ROORKEE
Have you ever merged two pdf files using
online merge tools?
Can they see your documents? YES
-
33
SecureCMerge: Secure Online PDF Merging
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
NETSEC 2018, IIT, ROORKEE
Server 1
1st PDF
P1
Server n
1st Merged
Share
M1
Merged
PDF
Any k
merged
shares
M12
1st Share
S21
nth Share
S2n
1st Share
S11
nth Share
S1n
P2
2nd PDF
Mn
nth Merged
Share
Input Local Machine Servers Local Machine Output
-
34
SecureCMerge: Secure Online PDF Merging
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
NETSEC 2018, IIT, ROORKEE
N. Sharma, P. Singh and P. K. Atrey. SecureCMerge: Secure PDF Merging over Untrusted Servers. IEEE Int.
Conf. on Multimedia Information Processing and Retrieval (MIPR) 2018, Miami, USA (Accepted)
-
35
SecureCMerge: Secure Online PDF Merging
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
NETSEC 2018, IIT, ROORKEE
N. Sharma, P. Singh and P. K. Atrey. SecureCMerge: Secure PDF Merging over Untrusted Servers. IEEE Int.
Conf. on Multimedia Information Processing and Retrieval (MIPR) 2018, Miami, USA (Accepted)
-
SecureCTasko SecureCScaling
− Secure Cloud-based Image/Video Scaling
o SecureCEnhance− Secure Cloud-based Image/Audio Enhancement
o SecureCMail− Secure Cloud-based Emailing
o SecureCMerge− Secure Cloud-based PDF merging
o SecureCEdit− Secure Cloud-based Document Editing
o SecureCDedup− Secure Cloud-based Data Deduplication
NETSEC 2018, IIT, ROORKEE 36
-
37
SecureCEdit: Secure Online Document Editing
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
◦ Google Docs: Are they secure?
◦ Online image editing o Online Audio Editor
NETSEC 2018, IIT, ROORKEE
-
38
SecureCEdit: Secure Online Document Editing
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
S. Arora, G. Varshney, P. K. Atrey and M. Mishra. SecureCEdit: An approach for secure cloud-based document editing.
The 2nd International Workshop on Security and Privacy in the Cloud (SPC’16) with IEEE CNS’16 , Philadelphia, USA
Key Generation:
s1: The application key,
s2: Cloud storage key
s3: User specified key
Further Issues:
- Secure Collaborative
Editing
- Secure Concurrent
Access
NETSEC 2018, IIT, ROORKEE
-
SecureCTasko SecureCScaling
− Secure Cloud-based Image/Video Scaling
o SecureCEnhance− Secure Cloud-based Image/Audio Enhancement
o SecureCMail− Secure Cloud-based Emailing
o SecureCMerge− Secure Cloud-based PDF merging
o SecureCEdit− Secure Cloud-based Document Editing
o SecureCDedup− Secure Cloud-based Data Deduplication
NETSEC 2018, IIT, ROORKEE 39
-
40
SecureCDedup: Secure Cloud-based Data Deduplication
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
NETSEC 2018, IIT, ROORKEE
MM.pdf
@ALBANY.EDU
@IITR.AC.IN
MM.pdf
IITR.AC.IN server
has two copies of
MM.pdf
@IITR.AC.IN
-
41
SecureCDedup: Secure Cloud-based Data Deduplication
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
NETSEC 2018, IIT, ROORKEE
Upload Protocol
MH ( )K =
K, ME ( )C =
CH ( )T =Store K, T
T
CH ( )T’ =
If T = T’Update U
Else Request C
Dual Integrity Convergent Encryption (DICE) Protocol
CStore C, T’ = T
A. Agarwala, P Singh and P. K. Atrey. DICE: A dual integrity convergent encryption protocol for client side secure data deduplication.
The 2017 IEEE International Conference on Systems, Man, and Cybernetics (SMC'2017), Banff, Canada, October 2017.
-
42
SecureCDedup: Secure Cloud-based Data Deduplication
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
NETSEC 2018, IIT, ROORKEE
Download Protocol
K, CD ( )M =
Uid , T
CH ( )T’’ =
If T = T’Send C
Else C is corrupted
Dual Integrity Convergent Encryption (DICE) Protocol
C
A. Agarwala, P Singh and P. K. Atrey. DICE: A dual integrity convergent encryption protocol for client side secure data deduplication.
The 2017 IEEE International Conference on Systems, Man, and Cybernetics (SMC'2017), Banff, Canada, October 2017.
If T = T’’
Else M is corrupted
DICE is secure against poison attack (i.e.
duplicate faking and eraser attacks)
-
43
SecureCDedup: Secure Cloud-based Data Deduplication
| SecureCScale | SecureCEnhance | SecureCEmail | SecureCMerge | SecureCEdit | SecureCDedup |
NETSEC 2018, IIT, ROORKEE
DICE-NI Protocol
DICE Protocol for Near-Identical (NI) Images
A. Agarwala, P Singh and P. K. Atrey. Client Side Image Data Deduplication Using DICE Protocol. IEEE Int. Conf. on Multimedia
Information Processing and Retrieval (MIPR) 2018, Miami, USA (Accepted)
-
44
What Next?This is not the end of the world! Encouraging sign ☺
NETSEC 2018, IIT, ROORKEE
-
Thanks to Collaborators
NETSEC 2018, IIT, ROORKEE 45
Ankita Lathey Nishant Joshi
Abukari
Yakubu
Wei-Tsang
Ooi
Namunu
Maddage
Manoranjan
Mohanty
Manoj
Mishra
Gaurav
VarshneyPriyanka
Singh
Shashank Arora
Kaliel
Williamson
Neha Sharma Ashish Agarwala
-
NETSEC 2018, IIT, ROORKEE 46
متشکرم
谢谢!ありがとう!