Chapter 8 SECURE DISTRIBUTED DATA STORAGE IN CLOUD COMPUTING

Chapter 8 SECURE DISTRIBUTED DATA STORAGE IN CLOUD COMPUTING

Introduction A cloud actually is a collection of devices and resources
Connected through the Internet One of the core services provided by cloud computing is data storage How to create secure and reliable data storage and access facilities Over remote service providers in the cloud One of the necessary tasks to be addressed before cloud computing is accepted Data storage has been recognized as one of the main concerns of IT 1.1 CLOUD COMPUTING IN A NUTSHELL

Introduction (cont.) The benefits of network-based applications have led to the transition from server-attached storage to distributed storage A great quantity of efforts has been made in the area of distributed storage security The research in cloud computing security is still in its infancy The unique issues of cloud computing security have not been recognized Cloud computing security will not be much different from existing security practices Well-managed using existing techniques 1.1 CLOUD COMPUTING IN A NUTSHELL

Introduction (cont.) SSL (Secure Sockets Layer) is a protocol
e.g., Digital signatures, encryption, firewalls, and/or the isolation of virtual environments, and so on SSL (Secure Sockets Layer) is a protocol Provides reliable secure communications on the Internet For things Web browsing, , instant messaging, and other data transfers The specific security requirements for cloud computing have not been well-defined within the community Warnings on the security threats in the cloud computing model Potential users still wonder if the cloud is secure 1.1 CLOUD COMPUTING IN A NUTSHELL

Introduction (cont.) At least two concerns when using the cloud
The users do not want to reveal their data to the cloud service provider The data could be sensitive information like medical records The users are unsure about the integrity of the data they receive from the cloud. Within the cloud, more than conventional security mechanisms will be required for data security Consider the recent research progress and some results of secure distributed data storage in cloud computing 1.1 CLOUD COMPUTING IN A NUTSHELL

Cloud Storage: from LANs to WANs
The results of the migration from traditional distributed data storage to the cloud-computing-based data storage platform A new vulnerability through analyzing three current commercial cloud service platforms The major difference brought by distributed data storage in cloud computing environment 1.1 CLOUD COMPUTING IN A NUTSHELL

Moving From LANs to WANs
Most designs of distributed storage take the form of Either storage area networks (SANs) or network-attached storage (NAS) on the LAN level e.g., The networks of an enterprise, a campus, or an organization SANs are constructed on top of block-addressed storage units Connected through dedicated high-speed networks NAS is implemented by attaching specialized file servers to a TCP/IP network Providing a file-based interface to client machine 1.1 CLOUD COMPUTING IN A NUTSHELL

Moving From LANs to WANs (cont.)
For SANs and NAS, the distributed storage nodes are managed by the same authority The system administrator has control over each node Essentially the security level of data is under control The reliability of such systems is often achieved by redundancy The storage security is highly dependent on the security of the system against the attacks and intrusion from outsiders The confidentiality and integrity of data are mostly achieved using robust cryptographic schemes 1.1 CLOUD COMPUTING IN A NUTSHELL

Not be robust enough to secure the data in distributed storage applications At the level of wide area networks Specifically in the cloud computing environment Global-scale collaboration over heterogeneous networks under different authorities The specific data storage strategy is transparent to the user In a peer-to-peer (P2P) file sharing environment, or the distributed storage in a cloud computing environment 1.1 CLOUD COMPUTING IN A NUTSHELL

No approach to guarantee that data host nodes are under robust security protection The activity of the medium owner is not controllable to the data owner Attackers can do whatever they wants to the data stored in a storage node once the node is compromised The confidentiality and the integrity of the data would be violated When an adversary controls a node or the node administrator becomes malicious 1.1 CLOUD COMPUTING IN A NUTSHELL

Existing Commercial Cloud Services
Data storage services on the platform of cloud computing are fundamentally provided by applications/software based on the Internet User authentication, data confidentiality, and data integrity can be solved through IPSec proxy Using encryption and digital signature The key exchanging issues can be solved by SSL proxy Applied to today’s cloud computing to secure the data on the cloud Also secure the communication of data to and from the cloud 1.1 CLOUD COMPUTING IN A NUTSHELL

Existing Commercial Cloud Services (cont.)
The service providers claim that their services are secure Three secure methods used in three commercial cloud services and discusses their vulnerabilities Amazon’s Web Service Amazon provides Infrastructure as a Service (IaaS) with different terms e.g., Elastic Compute Cloud (EC2), SimpleDB, Simple Storage Service (S3), and so on Supposed to ensure the confidentiality, integrity, and availability of the customers’ applications and data 1.1 CLOUD COMPUTING IN A NUTSHELL

1.1 CLOUD COMPUTING IN A NUTSHELL

The data processing methods adopted in Amazon’s AWS Used to transfer large amounts of data between the AWS cloud and portable storage devices When the user wants to upload the data, stores some parameters into an import metadata file Called the manifest file e.g., AccessKeyID, DeviceID, Destination, and so on Then signs the manifest file s the signed manifest file to Amazon Another metadata file is used by AWS Named the signature file To describe the cipher algorithm adopted to encrypt the job ID and the bytes in the manifest file 1.1 CLOUD COMPUTING IN A NUTSHELL

Can uniquely identify and authenticate the user request Attached with the storage device, which is shipped to Amazon for efficiency On receiving the storage device and the signature file The service provider will validate the signature in the device with the manifest file sent through the Amazon will management information back to the user Including the number of bytes saved, the MD5 of the bytes, the status of the load, and the location on the Amazon S3 of the AWS Import-Export Log 1.1 CLOUD COMPUTING IN A NUTSHELL

The log contains details about the data files that have been uploaded Including the key names, number of bytes, and MD5 checksum values The downloading process is similar to the uploading process The user creates a manifest and signature file, s the manifest file, and ships the storage device attached with signature file When Amazon receives these two files Validate the two files, copy the data into the storage device, ship it back, and to the user with the status including the MD5 checksum of the data Amazon claims that the maximum security is obtained via SSL endpoints 1.1 CLOUD COMPUTING IN A NUTSHELL

Microsoft Windows Azure An Internet-scale cloud services platform hosted in Microsoft data centers Provides an operating system and a set of developer services Can be used individually or together Provides scalable storage service Three basic data items: blobs (up to 50 GB), tables, and queues (<8k) Based on the blob, table, and queue structures Microsoft promises to achieve confidentiality of the users’ data 1.1 CLOUD COMPUTING IN A NUTSHELL

The procedure for providing security for data accessing to ensure that the data will not be lost 1.1 CLOUD COMPUTING IN A NUTSHELL

To use Windows Azure Storage service, a user needs to create a storage account Can be obtained from the Windows Azure portal web interface The user will then receive a 256-bit secret key Each time when the user wants to send the data to or fetch the data from the cloud The user has to use his secret key to create a HMAC SHA256 signature for each individual request for identification The user uses his signature to authenticate request at server The signature is passed with each request to authenticate the user requests by verifying the HMAC signature 1.1 CLOUD COMPUTING IN A NUTSHELL

A REST request for a PUT/GET block operation 1.1 CLOUD COMPUTING IN A NUTSHELL

Content-MD5 checksums can be provided to guard against network transfer errors and data integrity The Content-MD5 checksum in the PUT is the MD5 checksum of the data block in the request The MD5 checksum is checked on the server If it does not match, an error is returned The content length specifies the size of the data block contents There is also an authorization header inside the HTTP request header If the Content-MD5 request header was set when the blob has been uploaded 1.1 CLOUD COMPUTING IN A NUTSHELL

It will be returned in the response header The user can check for message content integrity The secure HTTP connection is used for true data integrity Google App Engine (GAE) Provides a powerful distributed data storage service Features a query engine and transactions An independent third-party auditor claims that GAE can be secure under the SAS70 auditing industry standard Issued Google Apps an SAS70 Type II certification 1.1 CLOUD COMPUTING IN A NUTSHELL

From the on-line storage technical document of lower API There are only some functions such as GET and PUT No content addressing the issues of securing storage services The security of data storage is assumed guaranteed using techniques based on our knowledge of security method adopted by other services e.g., by SSL link One of the secure services based on GAE Called Google Secure Data Connector (SDC) Constructs an encrypted connection between the data source and Google Apps 1.1 CLOUD COMPUTING IN A NUTSHELL

When the user wants to get the data, an authorized data requests to Google Apps will be first sent As long as the data source is in the Google Apps domain to the Google tunnel protocol servers Forwards the request to the tunnel server 1.1 CLOUD COMPUTING IN A NUTSHELL

The tunnel servers validate the request identity If the identity is valid, the tunnel protocol allows the SDC to set up a connection, authenticate, and encrypt the data that flows across the Internet The SDC uses resource rules to validate if a user is authorized to access a specified resource When the request is valid, the SDC performs a network request The server validates the signed request, checks the credentials, and returns the data if the user is authorized The SDC and tunnel server are like the proxy To encrypt connectivity between Google Apps and the internal network 1.1 CLOUD COMPUTING IN A NUTSHELL

For more security, the SDC uses signed requests To add authentication information to requests that are made through the SDC In the signed request, the user has to submit identification information Including the owner_id, viewer_id, instance_id, app_id, public_key, consumer_key, nonce, token, and signature within the request To ensure the integrity, security, and privacy of the request 1.1 CLOUD COMPUTING IN A NUTSHELL

Vulnerabilities in Current Cloud Services
Storage services accepting a large amount of data normally adopt strategies that help make the shipment more convenient > 1 TB Just as the Amazon AWS does Services that only accept a smaller data amount allow the data to be uploaded or downloaded via the Internet ≤ 50 GB Just as the Azure Storage Service does To provide data integrity 1.1 CLOUD COMPUTING IN A NUTSHELL

Vulnerabilities in Current Cloud Services (cont.)
The Azure Storage Service stores the uploaded data MD5 checksum in the database Returns it to the user when the user wants to retrieve the data Amazon AWS computes the data MD5 checksum s it to the user for integrity checking The SDC is based on GAE’s attempt to strengthen Internet authentication using a signed request If these services are grouped together When user_1 stores data in the cloud He can ship or send the data to the service provider with MD5_1 If the data are transferred through the Internet, a signed request could be used to ensure the privacy, security, and integrity of the data 1.1 CLOUD COMPUTING IN A NUTSHELL

When the service provider receives the data and the MD5 checksum It stores the data with the corresponding checksum (MD5_1) When the service provider gets a verified request to retrieve the data from another user or the original user It will send/ship the data with a MD5 checksum to the user On the Azure platform, the original checksum MD5_1will be sent A re-computed checksum MD5_2 is sent on Amazon’s AWS 1.1 CLOUD COMPUTING IN A NUTSHELL

The above procedure is secure for each individual session The integrity of the data during the transmission can be guaranteed by the SSL protocol applied From the perspective of cloud storage services Data integrity depends on the security of operations while in storage and the security of the uploading and downloading sessions The uploading session can only ensure The data received by the cloud storage is the data that the user uploaded 1.1 CLOUD COMPUTING IN A NUTSHELL

The downloading session can simply guarantee The data that the user retrieved is the data cloud storage recorded This procedure applied on cloud storage services cannot guarantee data integrity Consider the following two scenarios Assume that Alice stores the company financial data at a cloud storage service provided by Eve Then Bob downloads the data from the cloud Three important concerns in this simple procedure Confidentiality 1.1 CLOUD COMPUTING IN A NUTSHELL

Eve is considered as an untrustworthy third party Alice and Bob do not want reveal the data to Eve Integrity As the provider of the storage service, Eve has the capability to play with the data in hand How can Bob be confident that the data he fetched from Eve are the same as what was sent by Alice? Are there any measures to guarantee that the data have not been tampered by Eve? Repudiation If Bob finds that the data have been tampered with, is there any evidence for him to demonstrate that it is Eve who should be responsible for the fault? Eve needs certain evidence to prove her innocence 1.1 CLOUD COMPUTING IN A NUTSHELL

The repudiation issue opens a door for potentially blackmailers When the user is malicious Alice wants to blackmail Eve Eve is a cloud storage service provider Claims that data integrity is one of their key features Alice stored some data in the cloud Later she downloaded the data She reported that her data were incorrect It is the fault of the storage provider Alice claims compensation for her so-called loss How can eve demonstrate her innocence? 1.1 CLOUD COMPUTING IN A NUTSHELL

Confidentiality can be achieved by adopting robust encryption schemes The integrity and repudiation issues are not handled well on the current cloud service platform One-way SSL session only guarantees one-way integrity One critical link is missing between the uploading and downloading sessions There is no mechanism for the user or service provider to check if the record has been modified in the cloud storage 1.1 CLOUD COMPUTING IN A NUTSHELL

This above vulnerability leads to the following questions Upload-to-Download Integrity The integrity in uploading and downloading phase are handled separately How can the user or provider know the data retrieved from the cloud is the same data that the user uploaded previously? Repudiation Between Users and Service Providers When data errors happen without transmission errors in the uploading and downloading sessions How can the user and service provider prove their innocence? 1.1 CLOUD COMPUTING IN A NUTSHELL

Bridge the Missing Link
Some ideas can bridge the missing link Based on digital signatures and authentication coding schemes Whether there is a third authority certified (TAC) by the user and provider Whether the user and provider are using the secret key sharing technique (SKS) Four solutions to bridge the missing link of data integrity between the uploading and downloading procedures Other digital signature technologies can also be adopted to fix this vulnerability with different approaches 1.1 CLOUD COMPUTING IN A NUTSHELL

Bridge the Missing Link (cont.)
Neither TAC nor SKS Uploading Session User: Sends data to service provider with MD5 checksum and MD5 Signature by User (MSU) Service Provider: Verifies the data with MD5 checksum, if it is valid, the service provider sends back the MD5 and MD5 Signature by Provider (MSP) to user MSU is stored at the user side, and MSP is stored at the service provider side Once the uploading operation finished Two sides agreed on the integrity of the uploaded data Each side owns the MD5 checksum and MD5 signature generated by the opposite site 1.1 CLOUD COMPUTING IN A NUTSHELL

Downloading Session User: Sends request to service provider with authentication code Service Provider: Verifies the request identity, if it is valid, the service provider sends back the data with MD5 checksum and MD5 Signature by Provider (MSP) to user User verifies the data using the MD5 checksum When disputation happens The user or the service provider can check the MD5 checksum and the signature of MD5 checksum generated by the opposite side to prove its innocence There are some special cases that exist When the service provider is trustworthy, only MSU is needed 1.1 CLOUD COMPUTING IN A NUTSHELL

When the user is trustworthy, only MSP is needed If each of them trusts the other side, neither MSU nor MSP is needed The final approach is the current method adopted in cloud computing platforms When the identity is authenticated, trust is established With SKS but without TAC Uploading Session User: Sends data to service provider with MD5 checksum Service Provider: Verifies the data with MD5 checksum, if it is valid, the service provider sends back the MD5 checksum 1.1 CLOUD COMPUTING IN A NUTSHELL

The service provider and the user share the MD5 checksum with SKS Both sides agree on the integrity of the uploaded data and share the agreed MD5 checksum Downloading Session User: Sends request to the service provider with authentication code Service Provider: Verifies the request identity, if it is valid, the service provider sends back the data with MD5 checksum User verifies the data through the MD5 checksum When disputation happens The user or the service provider can take the shared MD5 together, recover it, and prove his/her innocence 1.1 CLOUD COMPUTING IN A NUTSHELL

With TAC but without SKS Uploading Session User: Sends data to the service provider along with MD5 checksum and MD5 Signature by User (MSU) Service Provider: Verifies the data with MD5 checksum, if it is valid, the service provider sends back the MD5 checksum and MD5 Signature by Provider (MSP) to the user MSU and MSP are sent to TAC On finishing the uploading phase Both sides agree on the integrity of the uploaded data TAC owns their agreed MD5 signature Downloading Session 1.1 CLOUD COMPUTING IN A NUTSHELL

User: Sends request to the service provider with authentication code Service Provider: Verifies the request with identity, if it is valid, the service provider sends back the data with MD5 checksum User verifies the data through the MD5 checksum When disputation happens The user or the service provider can prove his innocence by presenting the MSU and MSP stored at the TAC There are some special cases When the service provider is trustworthy, only the MSU is needed When the user is trustworthy, only the MSP is needed 1.1 CLOUD COMPUTING IN A NUTSHELL

If each of them trusts the other, the TAC is not needed The last case is the method adopted in the current cloud computing platforms When the identity is authenticated, trust is established With Both TAC and SKS Uploading Session User: Sends data to the service provider with MD5 checksum Service Provider: Verifies the data with MD5 checksum Both the user and the service provider send MD5 checksum to TAC TAC verifies the two MD5 checksum values 1.1 CLOUD COMPUTING IN A NUTSHELL

If they match, the TAC distributes MD5 to the user and the service provider by SKS Both sides agree on the integrity of the uploaded data and share the same MD5 checksum by SKS The TAC own their agreed MD5 signatures Downloading Session User: Sends request to the service provider with authentication code Service Provider: Verifies the request identity, if it is valid, the service provider sends back the data with MD5 checksum User verifies the data through the MD5 checksum When disputation happens 1.1 CLOUD COMPUTING IN A NUTSHELL

The user or the service provider can prove their innocence by checking the shared MD5 checksum together If the disputation cannot be resolved They can seek further help from the TAC for the MD5 checksum Here are the special cases When the service provider is trustworthy, only the user needs the MD5 checksum When the user is trustworthy, only the service provider needs MD5 checksum If both of them can be trusted, the TAC is not needed The last is the method used in the current cloud computing platform 1.1 CLOUD COMPUTING IN A NUTSHELL

TECHNOLOGIES FOR DATA SECURITY IN CLOUD COMPUTING
Presents several technologies for data security and privacy in cloud computing Focusing on the unique issues of the cloud data storage platform from a few different perspectives Database Outsourcing and Query Integrity Assurance Storing data into and fetching data from devices and machines behind a cloud are essentially a novel form of database outsourcing Data Integrity in Untrustworthy Storage The fear of losing data or data corruption 1.1 CLOUD COMPUTING IN A NUTSHELL

TECHNOLOGIES FOR DATA SECURITY IN CLOUD COMPUTING (cont.)
Relieve the users’ fear by providing technologies that enable users to check the integrity of their data Web-Application-Based Security Once the dataset is stored remotely, a Web browser is one of the most convenient approaches that end users can use to access their data on remote services for cloud computing, Web security plays a more important role than ever Multimedia Data Security With the development of high-speed network technologies and large bandwidth connections, more and more multimedia data are being stored and shared in cyber space The security requirements for video, audio, pictures, or images are different from other applications 1.1 CLOUD COMPUTING IN A NUTSHELL

Database Outsourcing and Query Integrity Assurance
Database outsourcing has become an important component of cloud computing The cost of transmitting a terabyte of data over long distances has decreased significantly in the past decade. The total cost of data management is five to ten times higher than the initial acquisition costs A growing interest in outsourcing database management tasks to third parties Can provide these tasks for a much lower cost due to the economy of scale The benefits of reducing the costs for running Database Management Systems (DBMS) independently 1.1 CLOUD COMPUTING IN A NUTSHELL

Database Outsourcing and Query Integrity Assurance (cont.)
Enabling enterprises to concentrate on their main businesses The general architecture of a database outsourcing environment with clients The database owner outsources its data management tasks Clients send queries to the untrusted service provider The data is preprocessed, encrypted, and stored at the service provider For evaluating queries, a user rewrites a set of queries against the data to queries against the encrypted database 1.1 CLOUD COMPUTING IN A NUTSHELL

The outsourcing of databases to a third-party service provider Two security concerns Data privacy and query integrity Data Privacy Protection A method to execute SQL queries over encrypted databases To process as much of a query as possible by the service providers, without having to decrypt the data Decryption and the remainder of the query processing are performed at the client side An order-preserving encryption scheme for numeric values 1.1 CLOUD COMPUTING IN A NUTSHELL

Allows any comparison operation to be directly applied on encrypted data Able to handle updates New values can be added without requiring changes in the encryption of other values Existing methods enable direct execution of encrypted queries on encrypted data sets Allow users to ask identity queries over data of different encryptions To make queries in encrypted databases as efficient as possible Preventing adversaries from learning any useful knowledge about the data Did not consider the problem of query integrity 1.1 CLOUD COMPUTING IN A NUTSHELL

Query integrity examines the trustworthiness of the hosting environment When a client receives a query result from the service provider Assures that the result is both correct and complete Correct means that the result must originate in the owner’s data and not has been tampered with Complete means that the result includes all records satisfying the query A solution named dual encryption Ensure query integrity without requiring the database engine to perform any special function beyond query processing 1.1 CLOUD COMPUTING IN A NUTSHELL

Enables cross-examination of the outsourced data The data consist of the original data stored under a certain encryption scheme and another small percentage of the original data stored under a different encryption scheme Users generate queries against the additional piece of data and analyze their results to obtain integrity assurance Technique that can ensure both privacy and integrity for outsourced spatial data The solution first employs a one-way spatial transformation method based on Hilbert curves It encrypts the spatial data before outsourcing and hence ensures its privacy 1.1 CLOUD COMPUTING IN A NUTSHELL

By probabilistically replicating a portion of the data and encrypting it with a different encryption key, a mechanism is devised for the client to audit the trustworthiness of the query results 1.1 CLOUD COMPUTING IN A NUTSHELL

Data Integrity in Untrustworthy Storage
The transparent cloud provides flexible utility of network-based resources The fear of loss of control on their data is one of the major concerns that prevent end users from migrating to cloud storage services A potential risk that the storage infrastructure providers become self-interested, untrustworthy, or even malicious Different motivations for a storage service provider could become untrustworthy To cover the consequence of a mistake in operation 1.1 CLOUD COMPUTING IN A NUTSHELL

Data Integrity in Untrustworthy Storage (cont.)
Or deny the vulnerability in the system after the data have been stolen by an adversary Two technologies to enable data owners to verify the data integrity When the files are stored in the remote untrustworthy storage services Before cloud computing, several remote data storage checking protocols have been suggested In practice, a remote data possession checking protocol has to satisfy the following five requirements 1.1 CLOUD COMPUTING IN A NUTSHELL

The verifier could be either the data owner or a trusted third party The prover could be the storage service provider or storage medium owner or system administrator Requirement #1 The verifier has to possess a complete copy of the data to be checked In practice, it does not make sense for a verifier to keep a duplicated copy of the content to be verfiﬁed Storing a more concise contents digest of the data at the verifier should be enough Requirement #2 The protocol has to be very robust considering the untrustworthy prover 1.1 CLOUD COMPUTING IN A NUTSHELL

A malicious prover is motivated to hide the violation of data integrity The protocol should be robust enough that such a prover ought to fail in convincing the verifier Requirement #3 The amount of information exchanged during the verification operation should not lead to high communication overhead Requirement #4 The protocol should be computationally efficient Requirement #5 It ought to be possible to run the verification an unlimited number of times 1.1 CLOUD COMPUTING IN A NUTSHELL

A PDP-Based Integrity Checking Protocol Based on the provable data procession (PDP) technology Allows users to obtain a probabilistic proof from the storage service providers Used as evidence that their data have been stored there The proof could be generated by the storage service provider by accessing only a small portion of the whole dataset The amount of the metadata that end users are required to store is also small, i.e., O(1) Such a small amount data exchanging procedure lowers the overhead in the communication channels 1.1 CLOUD COMPUTING IN A NUTSHELL

The flowcharts of the protocol for provable data possession The data owner, namely the client, executes the protocol to verify that a dataset is stored in an outsourced storage machine As a collection of n blocks Before uploading the data into the remote storage The data owner pre-processes the dataset and a piece of metadata is generated The metadata are stored at the data owner’s side The dataset will be transmitted to the storage server 1.1 CLOUD COMPUTING IN A NUTSHELL

The cloud storage service stores the dataset Sends the data to the user in responding to queries from the data owner in the future As part of pre-processing procedure, the data owner (client) may conduct operations on the data e.g., Expanding the data or generating additional metadata to be stored at the cloud server side The data owner could execute the PDP protocol before the local copy is deleted To ensure that the uploaded copy has been stored at the server machines successfully The data owner may encrypt a dataset before transferring them to the storage machines 1.1 CLOUD COMPUTING IN A NUTSHELL

During the time that data are stored in the cloud, the data owner can generate a “challenge” Send it to the service provider to ensure that the storage server has stored the dataset The data owner requests that the storage server generate a metadata based on the stored data and then send it back Using the previously stored local metadata, the owner verifies the response On the behalf of the cloud service provider’s side, the server may receive multiple challenges from different users at the same time For the sake of availability 1.1 CLOUD COMPUTING IN A NUTSHELL

Highly desired to minimize not only the computational overhead of each individual calculation, but also the number of data blocks to be accessed Considering the pressure on the communication networks Minimal bandwidth consumption also implies that there are a limited amount of metadata included in the response generated by the server The PDP scheme only randomly accesses one subdata block when the sample the stored dataset The PDP scheme probabilistically guarantees the data integrity Mandatory to access the whole dataset if a deterministic guarantee is required by the user 1.1 CLOUD COMPUTING IN A NUTSHELL

An Enhanced Data Possession Checking Protocol The above PDP-based protocol does not satisfy Requirement #2 with 100% probability An enhanced protocol has been proposed based on the idea of the Diffie-Hellman scheme A specific method of securely exchanging cryptographic keys over a public channel Satisfies all five requirements Computationally more efficient than the PDP-based protocol 1.1 CLOUD COMPUTING IN A NUTSHELL

The verification time has been shortened at the setup stage By taking advantage of the trade-offs between the computation times required by the prover and the storage required at the verifier 1.1 CLOUD COMPUTING IN A NUTSHELL

Web-Application-Based Security
In cloud computing environments Resources are provided as a service over the Internet in a dynamic, virtualized, and scalable way Users access business applications on-line from a Web browser Web security plays a more important role than ever The Web site server is the first gate that guards the vast cloud resources The cloud may operate continuously to process millions of dollars’ worth of daily on-line transactions 1.1 CLOUD COMPUTING IN A NUTSHELL

Web-Application-Based Security (cont.)
The impact of any Web security vulnerability will be amplified at the level of the whole cloud Web attack techniques are often referred as the class of attack Attacker will employ those techniques to take advantage of the security vulnerability The types of attack can be categorized in Authentication, Authorization, Client-Side Attacks, Command Execution, Information Disclosure, and Logical Attacks Authentication The process of verifying a claim that a subject made to act on behalf of a given principal 1.1 CLOUD COMPUTING IN A NUTSHELL

Authentication attacks target a Web site’s method of validating the identity of a user, service, or application Including Brute Force, Insufficient Authentication, and Weak Password Recovery Validation Brute Force attack employs an automated process To guess a person’s username and password by trial and error In the Insufficient Authentication case Some sensitive content or functionality are protected by hiding the specific location in obscure string but still remains accessible directly through a specific URL 1.1 CLOUD COMPUTING IN A NUTSHELL

The attacker could discover those URLs through a Brute Force probing of files and directories Many Web sites provide password recovery service Automatically recover the user name or password to the user if he can answer some questions defined as part of the user registration process If the recovery questions are either easily guessed or can be skipped, this Web site is considered to be Weak Password Recovery Validation Authorization Used to verify if an authenticated subject can perform a certain operation Authentication must precede authorization 1.1 CLOUD COMPUTING IN A NUTSHELL

e.g., Only certain users are allowed to access specific content or functionality Authorization attacks use various techniques to gain access to protected areas beyond their privileges One typical authorization attack is caused by Insufficient Authorization When a user is authenticated to a Web site It does not necessarily mean that he should have access to certain content that has been granted arbitrarily Insufficient authorization occurs When a Web site does not protect sensitive content or functionality with proper access control restrictions 1.1 CLOUD COMPUTING IN A NUTSHELL

Other authorization attacks are involved with session Include Credential/Session Prediction, Insufficient Session Expiration, and Session Fixation In many Web sites, after a user successfully authenticates with the Web site for the first time The Web site creates a session and generate a unique session ID to identify this session This session ID is attached to subsequent requests to the Web site as Proof of the authenticated session Credential/Session Prediction attack deduces or guesses the unique value of a session to hijack or impersonate a user 1.1 CLOUD COMPUTING IN A NUTSHELL

Insufficient Session Expiration occurs When an attacker is allowed to reuse old session credentials or session IDs for authorization e.g., In a shared computer, after a user accesses a Web site and then leaves With Insufficient Session Expiration, an attacker can use the browser’s back button to access Web pages previously accessed by the victim Session Fixation forces a user’s session ID to an arbitrary value Via Cross-Site Scripting or peppering the Web site with previously made HTTP requests Once the victim logs in, the attacker uses the predefined session ID value to impersonate the victim’s identity 1.1 CLOUD COMPUTING IN A NUTSHELL

Client-Side Attacks Lure victims to click a link in a malicious Web page Leverage the trust relationship expectations of the victim for the real Web site In Content Spoofing The malicious Web page can trick a user into typing user name and password Use this information to impersonate the user Cross-Site Scripting (XSS) launches attacker-supplied executable code in the victim’s browser The code is usually written in browser-supported scripting languages, e.g., JavaScript, VBScript, ActiveX, Java, or Flash 1.1 CLOUD COMPUTING IN A NUTSHELL

The code will run within the security context of the hosting Web site Has the ability to read, modify, and transmit any sensitive data, e.g., cookies, accessible by the browser Cross-Site Request Forgery (CSRF) is a server security attack to a vulnerable site Does not take the checking of CSRF for the HTTP/HTTPS request The attacker knows the URLs of the vulnerable site not protected by CSRF checking and the victim’s browser stores credentials like cookies of the vulnerable site After luring the victim to click a link in a malicious Web page, the attacker can forge the victim’s identity and access the vulnerable Web site on victim’s behalf 1.1 CLOUD COMPUTING IN A NUTSHELL

Command Execution Exploit server-side vulnerabilities to execute remote commands on the Web site Users supply inputs to the Web-site to request services If a Web application does not properly sanitize user-supplied input before using it within application code, an attacker could alter command execution on the server e.g., If the length of input is not checked before use, buffer overflow could happen and result in denial of service If the Web application uses user input to construct statements 1.1 CLOUD COMPUTING IN A NUTSHELL

An attacker may inject arbitrary executable code into the server if the user input is not properly filtered e.g., SQL, XPath, C/C11 Format String, OS system command, LDAP, or dynamic HTML Information Disclosure Acquires sensitive information about a web site Revealed by developer comments, error messages, or well-know file name conventions e.g., A Web server may return a list of files within a requested directory If the default file is not present Supply an attacker with necessary information to launch further attacks against the system 1.1 CLOUD COMPUTING IN A NUTSHELL

Other types of Information Disclosure includes using special paths e.g., “.” and “..” for Path Traversal Or uncovering hidden URLs via Predictable Resource Location Logical Attacks Involve the exploitation of a Web application’s logic flow A user’s action is completed in a multi-step process The procedural workflow of the process is called application logic 1.1 CLOUD COMPUTING IN A NUTSHELL

Denial of Service (DoS) attacks Attempt to consume all available resources in the Web server such as CPU, memory, disk space, and so on, by abusing the functionality provided by the Web site When any one of any system resource reaches some utilization threshold, the Web site will no long be responsive to normal users Often caused by Insufficient Anti-automation where an attacker is permitted to automate a process repeatedly An automated script could be executed thousands of times a minute, causing potential loss of performance or service 1.1 CLOUD COMPUTING IN A NUTSHELL

Multimedia Data Security Storage
More and more multimedia contents are being stored and delivered over many kinds of devices, databases, and networks Multimedia Data Security plays an important role in the data storage to protect multimedia data How storage multimedia contents are delivered by both different providers and users has attracted much attentions and many applications Protection from Unauthorized Replication Contents replication is required to generate To keep multiple copies of certain multimedia contents e.g., Content distribution networks (CDNs) have been used to manage content distribution to large numbers of users 1.1 CLOUD COMPUTING IN A NUTSHELL

Multimedia Data Security Storage (cont.)
By keeping the replicas of the same contents on a group of geographically distributed surrogates The replication can improve the system performance the unauthorized replication causes some problems like contents copyright, waste of replication cost, and extra control overheads Protection from Unauthorized Replacement The storage capacity is limited A replacement process must be carried out when the capacity exceeds its limit A currently stored content must be removed from the storage space to make space for the new coming content 1.1 CLOUD COMPUTING IN A NUTSHELL

How to decide which content should be removed is very important If an unauthorized replacement happens The content which the user doesn’t want to delete will be removed resulting in an accident of the data loss If the important content like system data is removed by unauthorized replacement, the result will be more serious Protection from Unauthorized Pre-fetching The Pre-fetching is widely deployed in Multimedia Storage Network Systems between server databases and end users’ storage disks If a content can be predicted to be requested by the user in future requests 1.1 CLOUD COMPUTING IN A NUTSHELL

This content will be fetched from the server database to the end user before this user requests it To decrease user response time The Pre-fetching shows its efficiency The unauthorized pre-fetching should be avoided to make the system to fetch the necessary content 1.1 CLOUD COMPUTING IN A NUTSHELL

OPEN QUESTIONS AND CHALLENGES
All the current commercial cloud service providers adopt robust cipher algorithms For confidentiality of stored data Also depend on network communication security protocols to protect data in transmission in the network e.g., SSL, IPSec, or others Apply strong authentication and authorization schemes in their cloud domains 1.1 CLOUD COMPUTING IN A NUTSHELL

OPEN QUESTIONS AND CHALLENGES (cont.)
The requirement for a security cloud computing is different from the traditional security problems Encryption, digital signatures, network security, firewalls, and the isolation of virtual environments all are important for cloud computing security These alone will not make cloud computing reliable for consumers 1.1 CLOUD COMPUTING IN A NUTSHELL

Concerns at Different Levels
The cloud computing environment consists of three levels of abstraction The cloud infrastructure providers At the back end, own and manage the network infrastructure and resources including hardware devices and system software The cloud service providers Offer services such as on-demand computing, utility computing, data processing, software services, and platforms for developing application software The cloud consumers At the front end of the cloud computing environment Consists of two major categories of users 1.1 CLOUD COMPUTING IN A NUTSHELL

Concerns at Different Levels (cont.)
Application developers take advantage of the hardware infrastructure and the software platforms to construct application software for ultimate end users End users carry out their daily works using the on-demand computing, software services, and utility services For data/information security The users at different levels have variant expectations and concerns For cloud consumers, the data owners The concerns are essentially raised from the loss of control when the data are in a cloud As the dataset is stored in unknown third-party infrastructure 1.1 CLOUD COMPUTING IN A NUTSHELL

The owner loses not only the advantages of endpoint restrictions and management, but also the fine-grained credential quality control The uncertainty about the privacy and the doubt about the vulnerability Also resulted from the disappearing physical and logical network boundaries Main security concerns of the end users include Confidentiality, loss of control of data, and the undisclosed security profiles of the cloud service and infrastructure providers The users’ data are transmitted between the local machine and cloud service provider for variant operations 1.1 CLOUD COMPUTING IN A NUTSHELL

Also persistently stored in the cloud infrastructure provider’s facilities Data might not be adequately protected While being moved within the systems or across multiple sites owned by these providers The data owner also cannot check the security assurances before using the service from the cloud The actual security capabilities associated with the providers are transparent to the user/owner The problem becomes more complicated when the service and infrastructure providers are not the same Additional communication links in the chain 1.1 CLOUD COMPUTING IN A NUTSHELL

Involving a third party in the services also introduces an additional vector of attack In practice, there are more challenging scenarios Multiple end users have different sets of security requirements while using the same service offered by an individual cloud service provider To handle such kind of complexity, one single set of security provisions does not fit all in cloud computing The back-end infrastructure and/or service providers must be capable of supporting multiple levels requirements of security Similar to those guaranteed by front-end service provider For the cloud service providers 1.1 CLOUD COMPUTING IN A NUTSHELL

The main concern of protecting users’ data is the transfer of data from devices and servers within the control of the users to its own devices Subsequently to those of the cloud infrastructure, where the data is stored The data are stored in cloud service provider’s devices on multiple machines across the entire virtual layer The data are also hosted on devices that belong to infrastructure provider The cloud service provider needs to ensure users The security of their data is being adequately addressed between the partners 1.1 CLOUD COMPUTING IN A NUTSHELL

Their virtual environments are isolated with sufficient protection The cleanup of outdated images is being suitably managed at its site and cloud infrastructure provider’s storage machines For the cloud infrastructure providers The security concerns are not less than those of end users or cloud service providers A single point of failure in its infrastructure security mechanisms Would allow hackers to take out thousands of data bytes owned by the clients Most likely data owned by other enterprises 1.1 CLOUD COMPUTING IN A NUTSHELL

How are the data stored in its physical devices protected? How does the cloud infrastructure manage the backup of data, and the destruction of outdated data, at its site? How can the cloud infrastructure control access to its physical devices and the images stored on those devices? 1.1 CLOUD COMPUTING IN A NUTSHELL

Technical and Nontechnical Challenges
The following technical challenges need to be addressed to make cloud computing acceptable for common consumers Open security profiling of services that is available to end users and verifiable automatically Service providers need to disclose in detail the levels of specific security properties rather than providing blanket assurances of secure services The cloud service/infrastructure providers are required to enable end users To remotely control their virtual working platforms in the cloud and monitor others’ access to their data 1.1 CLOUD COMPUTING IN A NUTSHELL

Technical and Nontechnical Challenges (cont.)
Includes the capability of fine-grained accessing controls on their own data, no matter where the data files are stored and processed To possess the capability of restricting any unauthorized third parties from manipulating users’ data, including the cloud service provider and cloud infrastructure providers Security compliance with existing standards could be useful to enhance cloud security Consistency between the security requirements and/or policies of service consumers and the security assurances of cloud providers Mandatory for the providers to ensure that software is as secure as they claim 1.1 CLOUD COMPUTING IN A NUTSHELL

These assurances may include certification of the security of the systems in question A certificate issued after rigorous testing according to agreed criteria (e.g., ISO/IEC 15408) can ensure the degree of reliability of software in different configurations and environments as claimed by the cloud providers Some special efforts are needed to meet the nontechnical challenges One of the most difficult issue to be solved in cloud computing is the users’ fear of losing control over their data End users feel that they do not clearly know where and how their data are handled 1.1 CLOUD COMPUTING IN A NUTSHELL

Or when the users realize that their data are processed, transmitted, and stored by devices under the control of some strangers, it is reasonable to concern about things happening in the cloud In traditional work environments, to keep a dataset secure, the operator just keeps it away from the threat In cloud computing, datasets are moved closer to their threats They are transmitted to, stored in, and manipulated by remote devices controlled by third parties, not by the owner of the data set This is partly a psychological issue 1.1 CLOUD COMPUTING IN A NUTSHELL

Until end users have enough information and insight that make them believe cloud computing security and its dynamics, the fear is unlikely to go away End-user license agreements (EULAs) and vendor privacy policies are not enough to solve this psychological issue Service-level agreements(SLAs) need to specify the preferred security assurances of consumers in detail Proper business models and risk assessments related to cloud computing security need to be defined The ability to change one’s mind is crucial Consumers are more security-aware than ever before 1.1 CLOUD COMPUTING IN A NUTSHELL

They not only make the service-consuming decision on cost and service They also want to see real, credible security measures from cloud providers 1.1 CLOUD COMPUTING IN A NUTSHELL

Chapter 8 SECURE DISTRIBUTED DATA STORAGE IN CLOUD COMPUTING

Similar presentations

Presentation on theme: "Chapter 8 SECURE DISTRIBUTED DATA STORAGE IN CLOUD COMPUTING"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Chapter 8 SECURE DISTRIBUTED DATA STORAGE IN CLOUD COMPUTING

Similar presentations

Presentation on theme: "Chapter 8 SECURE DISTRIBUTED DATA STORAGE IN CLOUD COMPUTING"— Presentation transcript:

Similar presentations

About project

Feedback