cloud computing & privacy protection

Report

Post on 21-Jun-2015

274 Views

Category:

Technology

1 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Cloud Computing &

Privacy Protection

07/2013

Cloud Computing

• Infrastructure-as-a-Service (IaaS)• Platform-as-a-Service (PaaS)• Software-as-a-Service (SaaS)

• Public Cloud• Private Cloud• Hybrid Cloud

Cloud Computing (cont.)

Major Benefits:

• reduce capital cost (CAPEX -> OPEX)• focus on core business• access from anywhere• divest infrastructure management• enterprise technology

Cloud Computing (cont.)

Issues:

• security / privacy• compliance• legal

Cloud Computing - Security Concerns

Security vs. Privacy

• Security – overall information protection• Privacy – individual information governance

• Cloud Computing & Security – meet very well• Cloud Computing & Privacy – contradictory

Cloud Computing - Security Concerns (cont.)

• Business information• Personal information

Privacy is the issue!

Cloud Computing - Security Concerns (cont.)

Encryption is one of the most effective data protection techniques.

• Security Data at Rest Encryption, Data in Transit Encryption

• PrivacyData in Use Encryption

Data Encryption & Privacy Preserving

Challenges:

• Data Storage/Sharing & Privacy preserving

• Cloud Computing technology integration

• Decentralized Identity Management

• Multi-trusted domain model

Proposed model

Identity-Based Encryption & Identity Management

• Identity-Based Key Generator + OpenID Connect/OAuth2

• Identity provider (OpenID Connect/OAuth2)

• Client-side zero-knowledge encryption

Proposed model (cont.)• Identity-Based Encryption - no passwords, no certificates, e-mail address

• Identity identifier - e-mail address

• OAuth2 - open standard for authorization

• OpenID Connect - decentralized and secure authentication system on top of OAuth2

Proposed model (cont.)

Identity-Based Encryption is as strong as Identity Management itself!

Business model I.

User Agent(Browser)

Identity/OAuth Provider +Data/App Provider

Identity-Based SecaaS Provider

Google, Microsoft, Oracle, Dropbox Cisco, Symantec

Customer

Business model II.

User Agent(Browser)

Data/App ProviderIdentity/OAuth Provider +

Identity-Based SecaaS Provider

Cloud Computing Health Service Hospital, Clinic, …

Patient, Physician, …

Technology

• NIST SHA-256, AES-256, CTR-DRBG-256• OpenSSL FIPS 140-2 validated• OAuth 2.0 Identity Provider• OpenID Connect Provider

Pros

• usability (no passwords, no certificates)• no certificates management (creation, storage,

distribution, revocation)• lost key prevention• IBE like features, key escrow/fair encryption, no

need for receiver’s public key before encryption• no IBE revocation problem (online service)

Cons

• online service• master key security

Opportunities

• Data Storage / Sharing• Health Records / Medical Data Sharing• Big Data• Data Boxes• Databases• Reporting / Business Intelligence• Management Information System• e-mail• eForms / Workflow• Document Management / Workflow• Internet of Things

Featured links

• www.leadict.com• igi64.github.io

http://www.leadict.com/
http://igi64.github.io/

top related

privacy & compliance issues with cloud computing...
Business
cloud computing in healthcare: privacy and security ... ·...
Documents
cloud computing security and privacy christian goire
Documents
security and privacy in cloud computing · 2017-08-27 ·...
Documents
a privacy manager for cloud computing - hp labs
Documents
a privacy manager for cloud computingkeywords: cloud...
Documents
privacy, security, and trust in cloud computing
Documents
cloud computing security and privacy
Technology
privacy and cloud computing in public schools
Documents
cloud computing - information security and privacy
Documents
privacy, security and trust in cloud computing · •...
Documents
gecnilokheri.ac.ingecnilokheri.ac.in/gpcontent/unit-iv cloud...
Documents
cloud computing initiative privacy impact assessment (pia)
Documents
the impact of cloud: cloud computing security and privacy
Technology
@coissa cloud computing and privacy
Law
an effective privacy protection scheme for cloud computing
Documents
cloud computing: information security and privacy
Documents
johan vandendriessche privacy & compliance issues with cloud...
Documents
privacy in cloud computing
Documents
security and privacy in cloud computing with mega
Technology