enhancements for security and availability of public cloud ... · pdf fileredundant array of...

Department of Computer Science | Institute of Systems Architecture | Chair of Computer Networks

Enhancements for Security and Availability of Public Cloud Storage Environments

Dresden, June 2012

Prof. Dr. Alexander Schill

http://www.rn.inf.tu-dresden.de/

http://tu-dresden.de/

http://flexcloud.eu/

# 2

Who we are

Dr.-Ing. Josef Spillner

Dipl.-Medieninf. Marc Mosch

Dr.-Ing. Stephan Groß

Dipl.-Medieninf. Yvonne Thoß

Dr.-Ing. Anja Strunk

(from left to right)

EU-funded research group

Exploring Cyber Physical Systems

Network

Planning and

Security Internet

Information

Retrieval

Mobile &

Ubiquitous

Computing

Real-Time

Collaboration

Energy

Lab

Service &

Cloud

Computing

# 3

Cloud Computing …

• What is it all about?

• Problems

• π-Box: Building your personal secure cloud

• π-Data Controller: Secure Cloud Storage

• Conclusion & Future Work

Outline

# 4

The shape of a cloud …

… is in the eye of the beholder.

IaaS/PaaS*

Cloud Operating System, part of Azure Platform

* SaaS = Software as a Service PaaS = Platform as a Service IaaS = Infrastructure as a Service

PaaS*

Development and hosting of web applications SaaS/PaaS*

Business cloud services focussing on customer

relationship management

IaaS*

Migration of virtual machines between private

and public clouds

SaaS*

Customized applications for business and home user, based on Google

App Engine, e.g. collaboration tools

# 5

Cloud Computing Characteristics

Cloud Computing is …

… the on-demand and

pay-per-use application of

virtualized IT services

over the Internet.

On-demand

self service

Broadband network

access

Resource pooling

Measured and

optimized service

Rapid elasticity

Adopted from the NIST Definition of Cloud Computing [MeGr2011]

# 6

Service & Deployment Models

Software Services (SaaS)

Platform Services (PaaS)

Infrastructure Services (IaaS)

User Interface Machine Interface

Components Services

Compute Network Storage

User/Clients

Adopte

d fro

m [

MeG

r2011]

and [

BKN

T2010]

Cloud Architecture Stack

Public

Hybrid

Private

Community

Convenie

nce

User Control

Cloud Organization

Physical Resource Set (PRS)

Virtual Resource Set (VRS)

Programming Environment

Execution Environment

Applications Services

Applications

# 7

Cloud Computing …


• Problems




# 8

Reliability and security when giving up physical possession

> Failure of monocultures

> Cloud providers‘ trustworthiness

> Staying in control

Problems of Cloud Computing

# 9

FlexCloud Objectives

π-Cloud: Establishing a secure cloud computing life cycle Hybrid cloud platform to integrate a user’s (cloud) resources, services and data.

> Unified Cloud

Prevent Vendor-Lock-in + Integration of existing IT

> Secure Cloud

Ensure data privacy and security

> Managed Cloud

Keep the user in command

> Efficient Cloud

Adapt to user preferences and cloud's vital signs

# 10

Cloud Computing …


• Problems




# 11

Subsume all end devices within a Personal Secure Cloud (π-Cloud) controlled by the π-Box.

π-Cloud

π-Box

FlexCloud's Approach

# 12

π-Box distinguishes between public and sensitive data

and enforces security mechanisms for the latter.

π-Cloud

π-Box

FlexCloud's Approach

# 13

Analysis of structured,

unstructured data and

context information

PKI

π-Cloud

?

Document classification concerning security requirements.

Addressee identification and derivation of respective keys.

Transparent Encryption

# 14

Conceptual design of a user-centric cloud management solution • Categorization of user groups concerning technical skills and organizational interests • Guidelines for constructing adaptable graphical user interfaces • Refinement of user profiles according to individual preferences

π-B

ox

π-Service Controller

π-Data Controller

π-Resource Manager

π-Cockpit

Peer-to-Peer Network

private resources (trustworthy)

public resources (not necessarily

trustworthy)

User Interface / GUI

π-Box Architecture

# 15

π-B

ox


π-Data Controller

π-Resource Manager

π-Cockpit




trustworthy)


Service execution with respect to security and other non-functional requirements.

π-Box Architecture

User-controlled reliable service execution in the cloud • Automatic composition and deployment of services with respect to security and other

non-functional properties • Easy integration of existing IT environments

# 16

π-B

ox


π-Data Controller

π-Resource Manager

π-Cockpit




trustworthy)


User-controlled reliable data storage in the cloud • Automatic assurance of availability, integrity and confidentiality • Easy integration of existing IT environments • Adaptable and optimizable storage with respect to user preferences


Data storage & distribution with

respect to security and other non-

functional requirements.

π-Box Architecture

# 17

Organization of a user’s cloud resources • Description of cloud resources and their (non-)functional properties • System architecture for a reliable and scalable cloud resource directory • Protocols for automatic (de-)registration of cloud resources within the π-Cloud

π-B

ox


π-Data Controller

π-Resource Manager

π-Cockpit




trustworthy)



Data storage & distribution with

respect to security and other non-

functional requirements.

Infrastructure management

π-Box Architecture

# 18

Cloud Computing …


• Problems?




# 19

Unreliable, proprietary

and insecure

cloud storage

Unreliable, low quality hard disk

Increasing Availability: from RAID to RAIC

RAID: Redundant Array of Independent Disks

RAIC: Redundant Array of Independent Clouds

Integration Layer

Logical partition

Preprocessing Layer

RAID level redundancy routine (mirror, stripe, …)

Transport Layer

Block resources

Reliable, universal

and secure cloud

storage

Integration Layer

Versioning

Distributed file system

Web access

Preprocessing Layer

Fragment level transformation (e.g. encryption)

File level transformation (e.g. compression)

Dispersal routine

Transport Layer Caching

Local persistence

Provider Storage API adapter

Reliable disk storage

# 20

π-Data Controller

π-Cloud = Company Intranet

Clo

ud S

tora

ge

Pro

tocol Adapte

r

Share

d F

old

er

Meta Data

File D

ispers

ion

Cry

pto

gra

phy

Secure Cloud Storage Integrator for Enterprises System Architecture [SGS11]

API FTP

CIFS

# 21

π-Data Controller


Clo

ud S

tora

ge

Pro

tocol Adapte

r

Share

d F

old

er

Meta Data

File D

ispers

ion

Cry

pto

gra

phy

Storing Files (1/5)

# 22

• Technology: FUSE (Filesystem in Userspace)

• CIFS/SMB network share on proxy file server

• Unified user interface for arbitrary cloud storage services

• Utilizing CIFS access control mechanisms

User space

Kernel

VFS

FUSE

NFS

Ext3

…

ls - /tmp/fuse

./xmp /tmp/fuse

glibc glibc

libfuse

CIFS = Common Internet File System NFS = Network File System Ext3 = Third Extended File System SMB = Server Message Block FUSE = Filesystem in Userspace VFS = Virtual File System glibc = GNU C library

Implementation of the Shared Folder

# 23

π-Data Controller


Clo

ud S

tora

ge

Pro

tocol Adapte

r

Share

d F

old

er

Meta Data

File D

ispers

ion

Cry

pto

gra

phy

Storing Files (2/5)

# 24

Ensure availability despite of unreliable cloud storage providers …

n total # of shares a file is split into

k threshold, i.e. # of necessary shares to reconstruct

E.g. k=6, n=8 If k < n, we need redundant information.

File Dispersion

# 25

Objective: Divide a secret 𝑠 ∈ 𝑆 in 𝑛 shares 𝑠1, … , 𝑠𝑛 with

1. Knowledge of any 𝑘 or more 𝑠𝑖 shares makes 𝑠 easily computable.

2. Knowledge of any 𝑘 − 1 or fewer 𝑠𝑖 shares leave 𝑠 completely

undetermined (in the sense that all its possible values are equally likely).

Input: 𝑠

𝑠1 𝑠2

𝑠𝑛

…

Dealer

Share holders store

Sharing

… Share holders

Reconstructor

Reconstruction

Output: 𝑠∗

si1 𝑠𝑖2 sik

Secret Sharing aka Threshold Schemes

# 26

[Sourc

e:

htt

p:/

/goo.g

l/w

atJ

C]

Secret Sharing: An informal example with 2 shares

Visual Cryptography [NaSh1994]

Simplification: n = k = 2

Secret cannot be determined independently!

… revealed!

http://goo.gl/watJC

# 27

Shamir's scheme [Shamir1979]

Idea: It takes k points to define a polynomial of degree k-1.

Sharing: Be a0:=s є S the secret to be shared where S is an

infinite field known to all share holders.

Randomly choose (k-1) coefficients a1,a

2,…a

k-1 є S to

build f(x):=Σai·xi.

Calculate shares sj:=[j,f(j)] with j є ℕ

n.

Recovering: Use Lagrange interpolation to find coefficients of the

polynomial including constant term a0.

s1

s2

Secret Sharing: More formalism

s3

Gra

phic

s taken f

rom

Wik

ipedia

.

s

Blakley's scheme [Blakley1979]

Idea: Any n nonparallel n-dimensional hyper-planes intersect at a specific point.

Sharing: Encode the secret as any single coordinate of the point of intersection. Recovering: 1. Calculating the planes' point of intersection. 2. Take a specified coordinate of that intersection.

Example: n≥3, k=3

1 share available 2 shares available 3 shares available

# 28

Information Dispersal: Computationally secure secret sharing

Rabin's scheme [Rabin1989]

• Guarantees only availability but no secrecy.

• Construction Be 𝑎𝑖 ≔ 𝑠 ∈ 𝑆 where 𝑖 = 1, … , 𝑘, i.e. 𝑓 𝑥 ≔ 𝑠 ∙ 𝑥𝑖𝑘

𝑖=1 . Rest as with Shamir's secret sharing.

• Properties • With a polynomial and shares of the same size as before, we can now

share a value 𝑘 times as long as before.

• Length of each share is only 1

𝑘-th of the length of the secret, and

if 𝑘 shares must be sufficient for reconstruction, one can obviously not get shorter. ➔ Space optimal

• However, one might gain some information if he gets access to several shares. ➔ Computationally secure

More efficient information dispersal schemes

• Need to be maximum distance separable to use 𝑘 arbitrary shares for reconstruction.

• Examples: Cauchy-Reed-Solomon, Liberation, Blaum-Roth [PSS2008]

# 29

π-Data Controller


Clo

ud S

tora

ge

Pro

tocol Adapte

r

Share

d F

old

er

Meta Data

File D

ispers

ion

Cry

pto

gra

phy

Storing Files (3/5)

API FTP

# 30

+ SHA256

+ SHA256

+ SHA256

+ SHA256

AES-CBC

AES-CBC

AES-CBC

AES-CBC

Cryptography: Confidentiality & Integrity

# 31

π-Data Controller


Clo

ud S

tora

ge

Pro

tocol Adapte

r

Share

d F

old

er

Meta Data

File D

ispers

ion

Cry

pto

gra

phy

Storing Files (4/5)

# 32

π-Data Controller


Clo

ud S

tora

ge

Pro

tocol Adapte

r

Share

d F

old

er

Meta Data

File D

ispers

ion

Cry

pto

gra

phy

Storing Files (5/5)

Stored Meta Data per component

• Shared Folder: General file system information, e.g. file size, access rights …

• File Dispersion: Used dispersion algorithm/parameters (n, k), shares‘ locations

• Cryptography: Used cryptographic keys and calculated checksums per share

• Cloud Storage Protocol Adapter: Storage protocol parameters and provider login data

# 33

π-Data Controller


Clo

ud S

tora

ge

Pro

tocol Adapte

r

Share

d F

old

er

Meta Data

File D

ispers

ion

Cry

pto

gra

phy

Retrieving Files (1/3)

Dispersion parameters: n=6

# 34

π-Data Controller


Clo

ud S

tora

ge

Pro

tocol Adapte

r

Share

d F

old

er

Meta Data

File D

ispers

ion

Cry

pto

gra

phy


Dispersion parameters: n=6, k=3

# 35

π-Data Controller


Clo

ud S

tora

ge

Pro

tocol Adapte

r

Share

d F

old

er

Meta Data

File D

ispers

ion

Cry

pto

gra

phy


# 36

NubiSave [SBM+11]

π-Cockpit desktop application

SecCSIE [SGS11] web interface for π-Cockpit

ResUbic Cloud Storage Allocator for Cyber Physical Systems

Prototype Implementations

# 37

Performance Evaluation Upload

0 10 20 30 40

Test 5

Test 4

Test 3

Test 2

Test 1

SMB transfer

Dispersion

Cryptography

Provider Upload

Time (seconds)

Test case π-Box used # local storage # cloud storage # encrypted shares

1 No 0 1 0

2 Yes 0 1 0

3 Yes 8 0 0

4 Yes 4 4 4

5 Yes 0 8 8

File size: 24 MB; Dispersion parameters: n=8, k=6; Cryptography parameters: AES (256 bit, 14 iterations), SHA256; Network Up/Downlink: 10/20 Mbit/s

Upload finished from

user perspective

# 38

Performance Evaluation Download

0 5 10 15 20

Test 5

Test 4

Test 3

Test 2

Test 1

Provider Download

Cryptography

Dispersion

SMB transfer

Time (seconds)

Test case π-Box used # local storage # cloud storage # encrypted shares

1 No 0 1 0

2 Yes 0 1 0

3 Yes 8 0 0

4 Yes 4 4 4

5 Yes 0 8 8

File size: 24 MB; Dispersion parameters: n=8, k=6; Cryptography parameters: AES (256 bit, 14 iterations), SHA256; Network Up/Downlink: 10/20 Mbit/s

Download finished from

user perspective

# 39

π-Box

SOHO Enterprise

π-Box Scalability

Embedded systems

AVM FRITZ!OS plugin

Home Server

Enterprise Server

Virtual Machine

SOHO: Small Office and Home Office

# 40

Cloud Computing …


• Problems?




# 41

Results so far & future work (π-Data Controller)

• Integration of existing cloud storage services (Cloud-of-Clouds)

• Proxy server for transparent mediation ➔ easy to use for end-user, common scheme for enterprises

• Good performance, high security & data control for the user

• Data store for database system (block-based dispersion)

• Collaboration scenarios, file sharing, access by external entities

• Securing the meta data database

• Automatic classification of data

• Improving performance, e.g. scheduling algorithms, caching/prefetching, parallelization

• Optimized cloud storage

# 42

… by connecting several π-Clouds and propagating data and services within one π-Cloud and to others.

Simplified approach: assuming public, i.e. insecure π-Clouds

Advanced approach: Trust relationships between π-Clouds

π-Box

π-Cloud

Building a cloud of clouds

# 43

Towards a secure cloud life cycle

Cloud Adaption and Optimization

Strategies for the compensation of SLA violations Strategies for minimization of energy consumption Mechanisms for the visuali- zation of complex Cloud Monitoring data

Fine-grained Service Level Agreements

Methods to determine fine-grained non- functional properties of Cloud Services

Identification of assets and corresponding requirements

Deduction of monitoring targets from SLAs

Cloud Surveillance and Incident Detection Specification of monitoring targets and SLA violations Models for the proactive recognition of SLA violations and the evaluation of a Cloud‘s energy efficiency Mechanisms for reliable distributed Monitoring

Dynamic Provider Selection and Cloud Setup

Flexible distribution mechanisms for Cloud Platforms

Strategies for the performance optimization of Cloud Applications

Reputation consideration to improve reliability and trustworthiness

# 44

Tomorrow's forecast: still cloudy but sunny spots

Contact:

[email protected]

[email protected]


mailto:[email protected]









# 45

References

[BKNT2010] C. Baun, M. Kunze, J. Nimis and S. Tai: Cloud Computing. Web-basierte dynamische IT-Services. Springer Verlag, 2010.

[Blakley1979] G. R. Blakley: Safeguarding cryptographic keys; AFIPS Conference Proceedings Vol. 48, National Computer Conference (NCC) 1979, 313-317.

[MeGr2011] P. Mell and T. Grace: The NIST Definition of Cloud Computing. NIST Special Publication 800-145, September 2011.

[NaSh1994] M. Naor and A. Shamir, Visual Cryptography , Eurocrypt 94.

[PSS2008] J. S. Plank, S. Simmerman, C. D. Schuman: Jerasure: A Library in C/C++ Facilitating Erasure Coding for Storage Applications – Version 1.2. Technical Report CS-08-627, University of Tennessee, 2008.

[Rabin1989] M. O. Rabin: Efficient Dispersal of Information for Security, Load Balancing, and Fault Tolerance; Journal of the ACM 36/2 (1989) 335-348.

[SBM+2011] J. Spillner, G. Bombach, S. Matthischke, R. Tzschicholz, and A. Schill: Information Dispersion over Redundant Arrays of Optimal Cloud Storage for Desktop Users. In: IEEE International Conference on Utility and Cloud Computing. Melbourne, Australien, December 2011.

[SGS2011] R. Seiger, S. Groß, and A. Schill: A Secure Cloud Storage Integrator for Enterprises. In: International Workshop on Clouds for Enterprises. Luxemburg, September 2011.

[Shamir1979] A. Shamir: How to Share a Secret; Communications of the ACM 22/11 (1979) 612- 613.

enhancements for security and availability of public cloud ... · pdf fileredundant array of...

Documents