Transcription
FujitsuWorld Tour2018May 30, 2018#FujitsuWorldTour1Copyright 2018 FUJITSU
Security and Privacy of Big DataA NIST PerspectiveArnab RoyFujitsu Laboratories of AmericaCo-Chair, NIST Big Data WG: Security and Privacy SG2Copyright 2018 FUJITSU
What is Big Data?Big Data consists of extensivedatasets - primarily in thecharacteristics of volume,variety, velocity, and/or variability- that require a scalablearchitecture for efficient storage,manipulation, and analysis.[NIST SP1500-1]3Copyright 2018 FUJITSU
Why are Security and Privacyimportant for Big Data? Volume of data is growing exponentially 90% of the data in the world today was created inthe last two years (Source: http://www01.ibm.com/software/data/bigdata/) Global big data market revenues were forecastedto reach 12.4 Billion in 2014 growing to 23.8Billion in 2016, according to the firm Visiongainand IDC Data breach is costly Average cost of breach for single record is 200 With 20% probability 10,000 records get breached(in 2 year time frame) in any organization With 20% probability organization will lose 2M intwo years!!! Data breach damages company reputation4Copyright 2018 FUJITSU
NIST Big Data Public Working Group (NBDPWG)GoalDevelop a securedreference architecturethat is vendor-neutral,technology- andinfrastructure-agnosticto enable anystakeholders (datascientists, researchers,etc.) to performanalytics processing fortheir given data sourceswithout worrying aboutthe underlyingcomputingenvironment.5 Subgroups (July 2013 – now)12Definitions &TaxonomiesDeliverables1Big Data Definitions2Big Data Taxonomies3Big Data Requirements & Use CasesUC & Requirements3Security & Privacy4Big Data Security & Privacy4Reference Architecture5Big Data Architectures White Paper Survey6Big Data Reference Architecture7Big Data Standards Roadmap5Standards Roadmap5Copyright 2018 FUJITSU
Version 1 ReleasedV1 (high-level Reference Architecture components anddescriptions) for Big Data Interoperability FrameworkReleased on September 16, 2015http://bigdatawg.nist.govNIST SP1500-1DefinitionsNIST SP1500-2TaxonomiesNIST SP1500-3Use Cases &RequirementsNIST SP1500-4Security & PrivacyNIST SP1500-5Architecture Survey– White PaperNIST SP1500-6ReferenceArchitectureNIST SP1500-7Standards Roadmap6Copyright 2018 FUJITSU
Version 2 draft is in NIST review phasePublic comments received on 21 September 2017https://bigdatawg.nist.gov/home.php7Copyright 2018 FUJITSU
A 10,000-feet yright 2018 FUJITSU
Emergent S&P Considerations(Big) Scaling(Data) MixingRetarget to Big Data infrastructuralshiftControl visibility while enabling utilityDistributed computing platformslike HadoopBalancing privacy and utilityNon-relational data storesEnabling analytics and governanceon encrypted dataReconciling authentication andanonymity9Copyright 2018 FUJITSU
S&P Requirements Emergingdue to Big Data CharacteristicsVarietyTraditional encryption schemes hinderorganization of data based on semantics.VolumeThreat models for multi-tiered datastorages are complex and evolving.VelocityDistributed computing infrastructures and nonrelational data storages require retargeting oftraditional security mechanisms.10Copyright 2018 FUJITSU
S&P Requirements Emergingdue to Big Data CharacteristicsVeracityKeeping track and ensuring integrity ofthe ownership, source and othermetadata of individual data is a complexand sophisticated requirement, given themovement of data between nodes,entities and geographical boundaries.VolatilityIndefinitely persistent data requires evolving S&Pconsiderations. With the passage of time, roles mayevolve and governance may shift depending on themerger and disappearance of responsibleorganizations.11Copyright 2018 FUJITSU
Conceptual Classification of S&P Topics12Copyright 2018 FUJITSU
Operational Classification of S&P TopicsDevice andApplicationRegistrationIdentity and AccessManagementRisk nance13Copyright 2018 FUJITSU
S&P doesn’t compose!DataSystem ASystem BDataSystem A and System B have known data flow restrictions14Copyright 2018 FUJITSU
S&P doesn’t compose!DataSystem ASystem BDataSystem A and System B have known data flow restrictions.Combined system can have unexpected data flows!15Copyright 2018 FUJITSU
S&P doesn’t compose!DataSystem ASystem BDataThere is a need for Architectural Thinking16Copyright 2018 FUJITSU
NIST Big Data Reference Architecture17Copyright 2018 FUJITSU
Big Data Security Reference ArchitectureEnd-point Input ValidationPrivacy preserving Data Analytics and disseminationReal Time Security MonitoringCompliance with regulations such as HIPAAData Discovery and ClassificationGovernment access to data and freedom of expression concernsSecure Data AggregationData ProviderBig Data Application ProviderData ConsumerData Centric Security such as identity/policy-based encryptionPolicy Management for access controlComputing on the encrypted data: searching / filtering / deduplicationGranular auditsGranular access controlBig Data Framework ProviderSecuring Data Storage and Transaction LogsKey ManagementSecurity Best Practices for non-relational Data StoresSecurity against DoS attacksData Provenance18Copyright 2018 FUJITSU
Use CasesRetail/MarketingHealthcareConsumer DigitalMedia ly level RetailTransactionsGenetic PrivacyWeb TrafficAnalysisPharma ClinicalTrial Data IndustrialMilitaryAviation: SensorData Storage andAnalyticsEducationTransportation:Cargo ShippingCopyright 2018 FUJITSU
Emerging Cryptographic TechnologiesTechnologyData ProviderApplication ypts dataStores encrypteddataCapability to performcomputationsOnly at Data ProviderFunctional EncryptionEncrypts dataStores encrypteddataCapability to performcomputationsResult of allowed computationsvisible at Application ProviderEncrypts dataStores encrypteddataNo capability to performcomputationsOnly for entities which have asecret key satisfying the accesscontrol policySecure Multi-PartyComputationPlaintext dataCollaborative computationStores plaintext data among multiple ApplicationProvidersBlockchainPlaintext or encrypteddataEncrypts dataAccess Control PolicyBased EncryptionHardware primitives forsecure computationsApplication Providers do not learnothers’ inputs. They only learn thejointly computed function.DecentralizedImmutable decentralizeddatabaseTransaction logging in adecentralized, untrustedenvironmentStores encrypteddataCapability to performcomputations. Verifiedexecution.Controllable visibility atApplication Provider.20Copyright 2018 FUJITSU
Secure Outsourcing of ComputationSuppose you want to send all your sensitive data to the cloud:photos, medical records, financial records, etc.You could send everythingencryptedSolution: Fully HomomorphicEncryption But wouldn’t be much use if youwanted the cloud to perform somecomputations on them Cloud can perform any computation onthe underlying plaintext, all the whilethe results are encrypted! What if you wanted to see how muchyou spent on movies last month? Cloud has no clue about the plaintext orthe results21Copyright 2018 FUJITSU
Fully Homomorphic Encryption yptProcessedCiphertextCiphertextPlaintext With FHE, computation on plaintext can be transformed into computation on Ciphertext As a use case, a cloud can keep and process customer’s data without ever knowing thecontents Only customer can decrypt the processed data End to end security of customer data22Copyright 2018 FUJITSU
Access Control Policy-based Encryption Traditionally access control has been enforced by systems – Operating Systems, Virtual Machines Restrict access to data, based on access policy Data is still in plaintext Systems can be hacked! Security of the same data in transit is ad-hoc What if we protect the data itself in a cryptographic shell depending on the access policy? Decryption only possible by entities allowed by the policy Keys can be hacked! – but much smaller attack surface Encrypted data can be moved around, as well as kept at rest – uniform handling23Copyright 2018 FUJITSU
Identity-based EncryptionPublic-Key EncryptionID-based EncryptionCertificate AuthorityMaster AuthorityMaster Public KeySigned Certificateof Public KeyBobSigned Certificateof Public KeyAliceEncrypted DataEncrypted DataAliceBobGeorge24Copyright 2018 FUJITSU
Policy-Based Encryptionϕ ORPKANDDoctorORANDICUNurseDoctorNurseICUSKSKDoctor - NeurologyNurse - PhysicalTherapy25Mitchell et al.Copyright 2018 FUJITSU
Blockchain Technology in Practice TodayCryptocurrencySmart ContractsAsset and ownershipmanagementTransaction logging foraudit and transparencyBidding for auctions andcontract opyright 2018 FUJITSU
Recommendations Many technologies address S&P requirements of Big Data projects Which technology to use involves a lot of risk/benefit analysis Consider sensitivity of the data, cost of breach and cost of securing systems whendoing this analysis For example, for the task of running software on encrypted data at rest, there are atleast three possibilities:Decrypt the data in the cloud andrun softwareRun software on the datadecrypted inside an HSMRun software on encrypted datausing Fully HomomorphicEncryptionPro: fast executionPro: less fast, but still practicalPro: cryptographically secure, no sidechannel attacksCon: if decryption key is leaked, allthe data is exposedCon: side channel attacksCon: very slow at this point, exceptlimited operations27Copyright 2018 FUJITSU
Take Away Points Think S&P at the time of architecting the overall system Not as an afterthought In S&P, 1 1 0, NOT 2, definitely NOT 4! Does not compute compose Re-analyze S&P when adding new features or joining systems Cryptography magic is on the way Stay tuned and patient Read NIST Big Data Interoperability Framework SP1500documents Especially Volume 4: Security and Privacy28Copyright 2018 FUJITSU
Thank you! Any Questions?Arnab RoyFujitsu Laboratories of Americaaroy@us.fujitsu.com29Copyright 2018 FUJITSU
30Copyright 2018 FUJITSU
NIST Big Data Public Working Group (NBD-PWG) Goal. Develop a secured reference architecture that is vendor-neutral, technology- and infrastructure-agnostic to enable any stakeholders (data scientists, researchers, etc.) to perform analytics processing for their given data sources without worrying about
