To Share or Not to Share in Client-Side Encrypted Clouds

With the advent of cloud computing, a number of cloud providers have arisen to provide Storage-as-a-Service (SaaS) offerings to both regular consumers and business organizations. SaaS (different than Software-as-a-Service in this context) refers to an architectural model in which a cloud provider provides digital storage on their own infrastructure. Three models exist amongst SaaS providers for protecting the confidentiality data stored in the cloud: 1) no encryption (data is stored in plain text), 2) server-side encryption (data is encrypted once uploaded), and 3) client-side encryption (data is encrypted prior to upload). This paper seeks to identify weaknesses in the third model, as it claims to offer 100% user data confidentiality throughout all data transactions (e.g., upload, download, sharing) through a combination of Network Traffic Analysis, Source Code Decompilation, and Source Code Disassembly. The weaknesses we uncovered primarily center around the fact that the cloud providers we evaluated were each operating in a Certificate Authority capacity to facilitate data sharing. In this capacity, they assume the role of both certificate issuer and certificate authorizer as denoted in a Public-Key Infrastructure (PKI) scheme - which gives them the ability to view user data contradicting their claims of 100% data confidentiality. We have collated our analysis and findings in this paper and explore some potential solutions to address these weaknesses in these sharing methods. The solutions proposed are a combination of best practices associated with the use of PKI and other cryptographic primitives generally accepted for protecting the confidentiality of shared information

Recent Decision

The Fifth Circuit Court of Appeals has taken the instant opportunity to write an essay on the law of search and seizure on the high seas. Applying Ramsey, the majority found authority for the Coast Guard action, either under section 89(a) or through the consent of the Panamanian Government. Although both conclusions are open to dispute, the major question arises from the court\u27s analysis of the constitutionality of the Coast Guard action. While a firm resolution of the confusion engendered by previous conflicting Fifth Circuit decisions is certainly desirable, the instant court\u27s resolution fails to provide necessary analytical clarity. Judge Tjoflat concluded that the fourth amendment should be applied less rigorously when the action in question occurs at sea rather than on land, and he delineated the search and seizure standard to be used for actions occurring at sea. This attempt is analytically inconsistent. On one hand the court applied Ramsey\u27s two-part analysis utilizing a balancing test derived from land-based search and seizure law; on the other hand, the court substituted a more lenient test for the constitutionality of searches and seizures at sea

QuPARA: Query-Driven Large-Scale Portfolio Aggregate Risk Analysis on MapReduce

Stochastic simulation techniques are used for portfolio risk analysis. Risk portfolios may consist of thousands of reinsurance contracts covering millions of insured locations. To quantify risk each portfolio must be evaluated in up to a million simulation trials, each capturing a different possible sequence of catastrophic events over the course of a contractual year. In this paper, we explore the design of a flexible framework for portfolio risk analysis that facilitates answering a rich variety of catastrophic risk queries. Rather than aggregating simulation data in order to produce a small set of high-level risk metrics efficiently (as is often done in production risk management systems), the focus here is on allowing the user to pose queries on unaggregated or partially aggregated data. The goal is to provide a flexible framework that can be used by analysts to answer a wide variety of unanticipated but natural ad hoc queries. Such detailed queries can help actuaries or underwriters to better understand the multiple dimensions (e.g., spatial correlation, seasonality, peril features, construction features, and financial terms) that can impact portfolio risk. We implemented a prototype system, called QuPARA (Query-Driven Large-Scale Portfolio Aggregate Risk Analysis), using Hadoop, which is Apache's implementation of the MapReduce paradigm. This allows the user to take advantage of large parallel compute servers in order to answer ad hoc risk analysis queries efficiently even on very large data sets typically encountered in practice. We describe the design and implementation of QuPARA and present experimental results that demonstrate its feasibility. A full portfolio risk analysis run consisting of a 1,000,000 trial simulation, with 1,000 events per trial, and 3,200 risk transfer contracts can be completed on a 16-node Hadoop cluster in just over 20 minutes.Comment: 9 pages, IEEE International Conference on Big Data (BigData), Santa Clara, USA, 201

TOWARDS ENHANCING SECURITY IN CLOUD STORAGE ENVIRONMENTS

Although widely adopted, one of the biggest concerns with cloud computing is how to preserve the security and privacy of client data being processed and/or stored in a cloud computing environment. When it comes to cloud data protection, the methods employed can be very similar to protecting data within a traditional data center. Authentication and identity, access control, encryption, secure deletion, integrity checking, and data masking are all data protection methods that have applicability in cloud computing. Current research in cloud data protection primarily falls into three main categories: 1) Authentication & Access Control, 2) Encryption, and 3) Intrusion Detection. This thesis examines the various mechanisms that currently exist to protect data being stored in a public cloud computing environment. It also looks at the methods employed to detect intrusions targeting cloud data when and if data protection mechanisms fail. In response to these findings, we present three primary contributions that focus on enhancing the overall security of user data residing in a hosted environment such as the cloud. We first provide an analysis of Cloud Storage vendors that shows how data can be exposed when shared - even in the most `secure' environments. Secondly, we o er Pretty Good Privacy (PGP) as a method of securing data within this environment while enhancing PGP'sWeb of Trust validation mechanism using Bitcoin. Lastly, we provide a framework for protecting data exfiltration attempts in Software-as-a-Service (SaaS) Cloud Storage environments using Cyber Deception

Reply to “Comment on ‘Accurate and fast numerical solution of Poisson\u27s equation for arbitrary, space-filling Voronoi polyhedra: Near-field corrections revisited’ ”

This is a Reply to the Comment by Gonis and Zhang on our recent paper. They discuss supposed issues with our “accurate and fast numerical solution of Poisson’s equation for arbitrary Voronoi polyhedra” (VP)

Psalms and Work

Introduction to Psalms Book 1 (Psalms 1–41) Personal Integrity in Work (Psalm 1) Obedience to God (Psalm 2) Foes and opponents (Psalms 4, 6, 7, 17) Authority (Psalm 8) Business ethics (Psalms 15, 24, 34) Trusting God in the face of institutional pressure (Psalm 20) God’s presence in our struggles at work (Psalm 23) God’s guidance in our work (Psalm 25) Book 2 (Psalms 42–72) God’s presence in the midst of disaster (Psalm 46) Anxiety when unscrupulous people succeed (Psalms 49, 50, 52, 62) Book 3 (Psalms 73–89) The workplace consequences of personal failings (Psalm 73) The economic consequences of national wrongdoings (Psalm 81, 85) God’s grace in the midst of judgment (Psalm 86) Book 4 (Psalms 90–106) Working in a fallen world (Psalms 90, 101) Human creativity with God (Psalm 104) Book 5 (Psalms 107–150) God undergirds all work and productivity (Psalm 107) Virtues for those in business (Psalm 112) Participating in God’s work (Psalm 113) Producing true value at work (Psalms 127) The work of marriage, raising children, and caring for parents (Psalm 127, 128, 139) The right use of power (Psalm 136) God’s glory in all of creation (Psalm 146-150) Psalm 146 Psalm 147 Psalm 149 Psalm 148 Psalm 15