Enterprise Level Security with Homomorphic Encryption

Kevin Foltz, William R. Simpson

Abstract

Enterprise Level Security (ELS) is an approach to enterprise information exchange that provides strong security guarantees. It incorporates measures for authentication, encryption, access controls, credential management, monitoring, and logging. ELS has been adapted for cloud hosting using the Virtual Application Data Center (VADC) approach. However, a key vulnerability in placing unprotected data in the cloud is the database that stores each web application’s data. ELS puts controls on the end-to-end connection from requester to application, but an exploit of the back-end database can allow direct access to data and bypass ELS controls at the application. In a public cloud environment the data and web application may be vulnerable to insider attacks using direct hardware access, misconfiguration, and redirection to extract data. Traditional encryption can be used to protect data in the cloud, but it must be transferred out of the cloud and decrypted to perform processing, and then re-encrypted and sent back to the cloud. Homomorphic encryption offers a way to not only store encrypted data, but also perform processing directly on the encrypted values. This paper examines the current state of homomorphic encryption and its applicability to ELS.

References

  1. Akin, I. H., and Berk S. 2015. “On the Difficulty of Securing Web Applications using CryptDB,” International Association for Cryptologic Research. Available at https://eprint.iacr.org/2015/082.
  2. Chandersekaran, C. and Simpson, W. R. 2008. “The Case for Bi-lateral End-to-End Strong Authentication.” World Wide Web Consortium (W3C) Workshop on Security Models for Device APIs. London, England.
  3. Chandersekaran, C. and Simpson, W. R., 2012. “A Uniform Claims-Based Access Control for the Enterprise.” International Journal of Scientific Computing, Vol. 6, No. 2, ISSN: 0973-5'X, pp. 1- 23.
  4. Cheon, J. H., Coron, J., Kim, J., Lee, M. S., Lepoint, T., Tibouchi, M., and Yun, A. 2013. “Batch fully homomorphic encryption over the integers.” In: Johansson, T., Nguyen, P.Q., eds. EUROCRYPT 2013. LNCS, vol. 7881. Heidelberg: Springer, pp. 315-335.
  5. Dayioglu, Z. N. et al. 2015. “Secure Database in Cloud Computing: CryptDB Revisited,” International Journal of Information Security Science, Vol. 3, No. 1, pp. 129-147.
  6. U.S. Department of Defense. 2011. DoDI 8520.2, Public Key Infrastructure (PKI) and Public Key (PK) Enabling.
  7. Foltz, K. and Simpson, W. R. 2016. “The Virtual Application Data Center.” In: Proceedings of Information Security Solutions Europe (ISSE) 2016. Paris, France.
  8. Foltz, K. and Simpson, W. R. 2016. “Enterprise Level Security - Basic Security Model.” In: Proceedings of the 20th World Multi-Conference on Systemics, Cybernetics and Informatics: WMSCI, Volume I, WMSCI 2016. Orlando, FL.
  9. Foltz, K. and Simpson, W. R. 2016. “Federation for a Secure Enterprise.” In: Proceedings of The Twentyfirst International Command and Control Research and Technology Symposium (ICCRTS 2016). London, UK.
  10. Gennaro, R., Gentry, C., and Parno, B. 2010. “Noninteractive verifiable computing: outsourcing computation to untrusted workers.” In: Proceedings of the 30th annual conference on Advances in cryptology. Santa Barbara, CA, USA.
  11. Gentry, C. 2009. “A Fully Homomorphic Encryption Scheme.” Doctoral thesis. Stanford University. Available at https://crypto.stanford.edu/craig/craigthesis.pdf.
  12. Gentry, C., Halevi, S., and Smart, N. 2012. “Homomorphic evaluation of the AES circuit.” In: Advances in Cryptology - CRYPTO 2012. Springer, pp. 850-8.
  13. Gligor, V. 2014. “Homomorphic Computations in Secure System Design,” Final Report. Pittsburgh, PA: Carnegie Mellon University.
  14. Joppe, W., Lauter, K., Loftus, J., and Naehrig, M. 2013. “Improved Security for a Ring-Based Fully Homomorphic Encryption Scheme.” In: Lecture Notes in Computer Science, PQCrypto. Springer. pp. 45-64.
  15. Lauter, K., Naehrig, M., and Vaikuntanathan, V. 2011. “Can homomorphic encryption be practical?” In: C. Cachin, and Ristenpart, T., eds. CCSW 7811, ACM. pp. 113-124.
  16. Naveed, M., Kamara, S., and Wright, C. V. 2015. “Inference Attacks on Property-Preserving Encrypted Databases.” In: CCS'15, Denver, CO.
  17. Popa, R. A., Redfield, C. M.S., Zeldovich, N., and Balakrishnan, H. 2012 “CryptDB: Processing Queries on an Encrypted Database,” Comm. ACM, vol. 55, no 9, Sept. 2012 (also Proc. of 23rd ACM SoSP, Sept. 2011).
  18. Ragouzis, N. et al. 2008. “Security Assertion Markup Language (SAML) V2.0 Technical Overview.” OASIS Committee Draft, March 2008.
  19. RSA Laboratories. 2012. “Public Key Cryptography Standard, PKCS #1 v2.2,” RSA Cryptography Standard, Oct 27, 2012.
  20. Simpson, W. R. 2016. Enterprise Level Security - Securing Information Systems in an Uncertain World. Boca Raton, FL: CRC Press, p. 397.
  21. Simpson, W. R. and Chandersekaran, C. 2011. “An Agent Based Monitoring System for Web Services.” In: CCCT2010, Volume II. Orlando, FL. pp. 84-89.
  22. World Wide Web Consortium. 2008. “The Transport Layer Security (TLS) Protocol Version 1.2.” RFC 5246.
  23. Wang, S., Agrawal, D., and Abbadi, A. E. 2012. “Is homomorphic encryption the holy grail for database queries on encrypted data?” Technical report, Department of Computer Science, University of California Santa Barbara.
  24. Doroz, Y., Hu, Y., and Sunar. B. 2014. “Homomorphic AES evaluation using NTRU.” In: Cryptology ePrint Archive, Report 2014/039.
Download


Paper Citation


in Harvard Style

Foltz K. and Simpson W. (2017). Enterprise Level Security with Homomorphic Encryption . In Proceedings of the 19th International Conference on Enterprise Information Systems - Volume 1: ICEIS, ISBN 978-989-758-247-9, pages 177-184. DOI: 10.5220/0006245901770184


in Bibtex Style

@conference{iceis17,
author={Kevin Foltz and William R. Simpson},
title={Enterprise Level Security with Homomorphic Encryption},
booktitle={Proceedings of the 19th International Conference on Enterprise Information Systems - Volume 1: ICEIS,},
year={2017},
pages={177-184},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006245901770184},
isbn={978-989-758-247-9},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 19th International Conference on Enterprise Information Systems - Volume 1: ICEIS,
TI - Enterprise Level Security with Homomorphic Encryption
SN - 978-989-758-247-9
AU - Foltz K.
AU - Simpson W.
PY - 2017
SP - 177
EP - 184
DO - 10.5220/0006245901770184