slide credits: ragib hasan, johns hopkins university cs573 data privacy and security in the cloud
TRANSCRIPT
Slide credits: Ragib Hasan, Johns Hopkins University
CS573 Data privacy and security in the cloud
2
What is Cloud Computing?
Let’s hear from the “experts”
3
What is Cloud Computing?
The infinite wisdom of the crowds (via Google Suggest)
4
What is Cloud Computing?
Larry Ellison, founder of Oracle
We’ve redefined Cloud Computing to include everything that we already do. . . . I don’t understand what we would do differently in the light of Cloud Computing other than change the wording of some of our ads.
5
What is Cloud Computing?
Richard StallmanGNU
It’s stupidity. It’s worse than stupidity: it’s a marketing hype campaign
6
What is Cloud Computing?
Ron RivestThe R of RSA
Cloud Computing will become a focal point of our work in security. I’m optimistic …
7
So, What really is Cloud Computing?
Cloud computing is a new computing paradigm, involving data and/or computation outsourcing, with– Infinite and elastic resource scalability– On demand “just-in-time” provisioning– No upfront cost … pay-as-you-go
That is, use as much or as less you need, use only when you want, and pay only what you use,
8
The real story
“Computing Utility” – holy grail of computer science in the 1960s. Code name: MULTICS
Why it failed?
•Ahead of time … lack of communication tech. (In other words, there was NO (public) Internet)
•And personal computer became cheaper and stronger
9
The real story
Mid to late ’90s, Grid computing was proposed to link and share computing resources
10
The real story … continued
Post-dot-com bust, big companies ended up with large data centers, with low utilization
Solution: Throw in virtualization technology, and sell the excess computing power
And thus, Cloud Computing was born …
11
Cloud computing means selling “X as a service”
IaaS: Infrastructure as a Service– Selling virtualized hardware
PaaS: Platform as a service– Access to a configurable platform/API
SaaS: Software as a service– Software that runs on top of a cloud
12
Cloud computing architecturee.g., Web browser
SaaS , e.g., Google Docs
PaaS, e.g., Google AppEngine
IaaS, e.g., Amazon EC2
13
So, if cloud computing is so great, why aren’t everyone doing it?Clouds are still subject to
traditional data confidentiality, integrity, availability, and privacy issues, plus some
additional attacks
14
Companies are still afraid to use clouds
[Chow09ccsw]
15
Anatomy of fear …
Confidentiality– Will the sensitive data stored on a cloud remain
confidential? Will cloud compromises leak confidential client data (i.e., fear of loss of control over data)
– Will the cloud provider itself be honest and won’t peek into the data?
16
Anatomy of fear …
Integrity– How do I know that the cloud provider is doing
the computations correctly?– How do I ensure that the cloud provider really
stored my data without tampering with it?
17
Anatomy of fear …
Availability– Will critical systems go down at the client, if the
provider is attacked in a Denial of Service attack?– What happens if cloud provider goes out of
business?
18
Anatomy of fear …
Privacy issues raised via massive data mining– Cloud now stores data from a lot of clients, and
can run data mining algorithms to get large amounts of information on clients
19
Anatomy of fear …
Increased attack surface– Entity outside the organization now stores and
computes data, and so– Attackers can now target the communication link
between cloud provider and client– Cloud provider employees can be phished
20
Anatomy of fear …
Legal quagmire and transitive trust issues– Who is responsible for complying with regulations
(e.g., SOX, HIPAA, GLBA)?– If cloud provider subcontracts to third party
clouds, will the data still be secure?
1/31/2011 en.600.412 Spring 2011
21
What we need is to …
• Adapt well known techniques for resolving some cloud security issues
• Perform new research and innovate to make clouds secure
1/31/2011 en.600.412 Spring 2011
22
Traditional systems security vs
Cloud Computing Security
Securing a traditional system
Securing a cloud
23
Traditional systems security vs
Cloud Computing Security
Securing a house Securing a motel
Owner and user are often the same entity
Owner and users are almost invariably distinct entities
Analogy
24
Traditional systems security vs
Cloud Computing Security
Securing a house Securing a motel
Biggest user concernsSecuring perimeter
Checking for intrudersSecuring assets
Biggest user concernSecuring room against
(the bad guy in next room | hotel owner)
25
Data Privacy and Security in Cloud: Overview
• Novel attacks• Trustworthy cloud architectures• Data integrity and availability• Computation integrity• Data and computation privacy• Data forensics• Misbehavior detection• Malicious use of clouds
26
Co-tenancy in clouds creates new attack vectors
A cloud is shared by multiple users
Malicious users can now legally be in the same infrastructure
Misusing co-tenancy, attackers can launch side channel attacks on victims
Example: the Topology attack on Amazon EC2 (“Hey You! Get off of my Cloud …” CCS 2009)
Research question: How to prevent attackers from exploiting co-tenancy in attacking the infrastructure and/or other clients?
27
Today’s cloud architectures act like big black boxes
Clients have no idea of or control over what is happening inside the cloud
Clients are forced to trust cloud providers completely
Research Question: How do we design cloud computing architectures that are semi-transparent and provide clients with control over security?
Existing Approaches: TCCP (uses TPM), CloudProof
28
Today’s clouds provide no guarantee about outsourced data
Amazon’s Terms of services
29
Today’s clouds provide no guarantee about outsourced data
Research Question: How can clients get assurance/proofs that the cloud provider is actually storing data, is not tampering with data, and can make the data available on-demand?
Problem: Dishonest cloud providers can throw data away or lose data.Malicious intruders can delete or tamper with data.Clients need reassurance that the outsourced data is available, has not been tampered with, and remains confidential.
Example Approaches: Provable Data Possession (PDP), Proof of Retrievability (PoR), HAIL
30
Ensuring confidentiality of data in outsourced computation is difficult
Most type of computations require decrypting data before any computations
If the cloud provider is not trusted, this may result in breach of confidentiality
Research Question: How can we ensure confidentiality of data and computations in a cloud?
Existing Approaches: Homomorphic encryption, TCCP
31
Clients have no way of verifying computations outsourced to a Cloud
Scenario User sends her data processing job to the cloud. Clouds provide dataflow operation as a service (e.g., MapReduce, Hadoop etc.)Problem: Users have no way of evaluating the correctness of results
Research question: How can we verify the accuracy of outsourced computation?
Existing Approaches: Runtime Attestation, Majority voting, Redundant operations
32
Clouds can be used for malicious purposes
Adversaries can rent clouds temporarily to create a large scale botnet very quickly
Clouds can be used for spamming, Denial of service, brute force password breaking, and other attacks
Research question: How can we rapidly detect misbehavior of clients in a cloud?
Example: WPACracker.com – a password cracking service that claims to test 300,000,000 words in 20 minutes for $17, using a cloud
33
Final quote
[Cloud Computing] is a security nightmare and it can't be handled in traditional ways.
John ChambersCISCO CEO
34
Secure Data Outsourcing
35
Homomorphic encryption
• The ability to perform computations on the ciphertext without decrypting it first
• A specific algebraic operation performed on the plaintext is equivalent to another (possibly different) algebraic operation performed on the ciphertext
36
A Simple Example
• Rot-13 is homomorphic with respect to concatenation
37
Homomorphic encryption schemes
• Multiplicative homomorphic – e.g. RSA
• Additive homomorphic, e.g. Paillier
• Fully homomorphic encryption (FHE) (Gentry, 2010)
38
Alternative techniques
• Search encrypted data• Fragmentation• Aggregation• …