11. Security in the Cloud - Control Questions Flashcards
● What are the main advantages and disadvantages of cloud computing?
https://www.levelcloud.net/why-levelcloud/cloud-education-center/advantages-and-disadvantages-of-cloud-computing/// advantages and disadvantages
● What type of service models exist in cloud computing?
○ Software-as-a-Service (SaaS)
■ Provides access to specific applications running on a cloud infrastructure
■ Accessible via thin clients (typically a browser)
● E.g.: Office 365, Google Apps, Salesforce CRM
■ Clients have no control over where and how data is stored
○ Platform-as-a-Service (PaaS)
■ Provides tools and resources running on a cloud infrastructure that can be used to develop applications and services
● E.g.: Google App Engine, Microsoft Azure (Table/Blob Storage, Web Sites)
■ Limited control over the data
○ Infrastructure-as-a-Service (IaaS)
■ Provisions fundamental computing resources, such as servers, storage, and networks
● E.g.: Amazon Elastic Compute Cloud (EC2), Microsoft Azure (Virtual Machines)
■ Clients can deploy and run virtual machines with (mostly) arbitrary operating systems and applications
■ The VMs are managed by the clients -> mostly full control over the data
● What type of deployment models exist in cloud computing?
○ Public cloud
■ Owned and managed by a service provider
■ The resources are rented to the public
■ Clients can typically scale their plan dynamically (in near real-time), according to their requirements
■ Examples: Amazon, Google, Microsoft, …
○ Private cloud
■ Owned (possibly rented) by an organization
■ The entire pool of resources is dedicated to the organization who can use it however they see fit
○ Community cloud
■ Similar to a private cloud, but the resources are shared among the members of a closed community of similar interests
■ May be operated by a third party or by the community members in a collaborative fashion
■ Example: NIIF cloud
○ Hybrid cloud
■ A combination of private, public, and/or community clouds
■ Examples:
● A company that has its own private cloud, but decides to have an off-site backup in the cloud
● A community that has its own community cloud, but makes use of a public cloud service provider if there is more demand than their infra can handle
● What are the main security issues in cloud computing and which of these represent real new challenges?
○ Many aspects of securing cloud computing are not unique to the cloud setting
■ Authentication of users
■ Authorization and access control to resources
■ Protection of data from eavesdropping and modification
■ Ensuring the availability of data and services
○ Some security issues are specific to cloud computing, in particular, in case of public clouds
■ Resources are shared among multiple clients (tenants), some of which may have malicious intent
■ Cloud-based data is usually widely accessible by potentially insecure protocols and APIs across public networks
■ Data in the cloud may be more vulnerable to being lost, e.g. deleted or corrupted by the provider (usually unintentionally)
■ Data in the cloud can be accessed by the cloud provider, its subcontractors and employees
○ The problem of data being accessible to the cloud provider is fundamentally new (honest-but-curiousadversary model)
● What is the main problem with outsourcing data and processing?
○ Data in the cloud may be accessed by the cloud provider
○ The cloud provider as a whole (or its employees individually) may deliberately or inadvertently disclose their customers’ data
○ The cloud provider may also have subcontractors
■ E.g., a software-as-a-serviceprovider will subcontract to an infrastructure-as-a-serviceprovider
■ The subcontractors may also have access to the data
● What approaches exist to cope with the problem of outsourced data?
○ Blind Trust
■ Neglect the problem and hope that the cloud provider will not misuse our data
○ Legislation and Contracts
■ The cloud provider may be required to have internal processes that restrict data access to as few employees as possible
● How can you verify that this is being met?
● The international nature of cloud providers like Amazon and Google make it difficult to legislate their behaviour effectively
■ A contract may be signed to forbid the cloud provider from disclosing the data to third parties
● If the cloud provider is large, it is likely to have subcontracting arrangements with other service providers these need to enter the contract as well
● The cloud provider may have numerous employees, and it may be very hard to vet them all
○ Even cloud providers with good reputation have had to fire employees for illegitimate access to customer data
● It might be difficult for the data owner to prove liability in case of data breach, and even more difficult to take legal action and obtain compensation
○ Technical Solutions
■ Technical solutions aim to give the data owner verifiable guarantees that their data remains confidential
■ If the cloud’s role is confined to storing the data on behalf of the owner, then the problem can be solved by encrypting the data before uploading it to the cloud
■ However, typically one wants the cloud provider to be able to do non-trivial computations with the data
● –keyword search (in encrypted files)
● –sort (encrypted) records
● –compute statistics on the (encrypted) data
● –do arbitrary computations on the (encrypted) data
■ The data owner may also want to share the (encrypted) data with a group of other users
■ Therefore, the problem is in fact very hard to solve technically
● What does homomorphic encryption mean?
○ The data owner can encrypt the data before sending it to the cloud
○ With ordinary encryption, this prevents the cloud provider from operating on the data
○ With homomorphic encryption, the cloud provider can perform certain operations on the encrypted data and obtain the encrypted result, without ever accessing the data itself
○ Homomorphic encryption schemes can be
■ Partial: addition or multiplication is supported,at least for some inputs
■ Full: addition and multiplication are both supported
● Why is RSA only a partially homomorphic encryption scheme?
○ RSA (without PKCS#1 formatting) ■ Operation (reminder): ● Public key: (n, e) ● Private key: d ● Encryption: E(m) = me mod n = c ● Decryption: E-1(c) = cd mod n = m ■ Homomorphic property: ● E(x1) E(x2) = x1e x2e mod n = (x1x2)e mod n = E(x1x2) ■ Homomorphy is only partial: ● E(x1) +E(x2) ≠ E(x1+x2) ■ Problems: ● RSA without PKCS#1 is insecure ● Limited practical use due to being only partially homomorphic
● What are the main disadvantages of current fully homomorphic encryption schemes?
○ Schemes supporting any operation on encrypted data
■ Arbitrary computations can be performed
■ For long, it was uncertain if such schemes exist at all
○ First breakthrough: Craig Gentry (2009)
■ Start from a noisy homomorphic encryption scheme
● Noisy: noise accumulates over calculations
■ Refresh the ciphertext when the noise grows too large
● Obtain a new ciphertext that encrypts the same value as before but has smaller noise
● Arbitrary number of iterations are possible without accumulating noise
○ Implementation of the first scheme (Gentry, 2009)
■ Small public keys are ~70 MB long, large ones are ~2.3 GB long
■ The refreshoperation takes from 30 seconds to 30 minutes(!)
○ AES (as a computation) was implemented in a second generation homomorphic encryption scheme
■ Initially, a single invocation took 40 minutes (on average)
■ This was later reduced to 7 seconds (still a lot)
○ Another disadvantage is that the cloud can obtain the encrypted result but cannot make decisions based on it
■ Suppose you wish to do spam filtering in the cloud
■ Suppose you have a program (function) program that can compute TRUE (or FALSE) if an encrypted e-mail is spam (or not)
■ The result of the computation (TRUE/FALSE) will be encrypted, so the cloud provider cannot act based on the result (i.e. discard spam)
■ The cloud provider can perform spam detection, but not filtering :(
○ Hence, fully homomorphic encryption is unlikely to gain widespread adoption (at least in the foreseeable future)
● How can the application of trusted hardware help achieve guarantees similar to homomorphic encryption?
○ Instead of using fancy crypto schemes,users can protect their data by requiring the cloud provider to perform computations on the data in a special, physically protected(tamper resistant) execution environment
○ Physical protection means that even attackers that have physical access to the platform (e.g.,the cloud provider) cannot break it
○ Data can be stored encrypted in the cloud
○ Programs can be uploaded to the secure execution environment
■ To load the encrypted data and to decrypt it
■ To perform any computation on the plaintext
■ To encrypt the result and off-load it from the execution environment
○ If the program is uploaded by the user, then it can also be encrypted so that only the secure execution environment can decrypt it
■ The decryption key for the input can be part of the program
■ The business logic of the program also remains confidential
○ If the program is provided by the cloud provider, then the decryption key for the input must be provided by the user in an encrypted form so that only the secure execution environment can decrypt it
● What does tamper resistance mean and how can it be achieved?
○ Needs trust in the secure execution environment
■ Why should we trust it more than the cloud platform?
■ Because it is tamper resistant
● Protects data from the employees of the cloud provider and other insiders
■ Because we may choose the vendor
● The cloud provider may offer different platforms from different vendors
○ Other advantages
■ Any computation can be performed
■ The computation itself can be hidden from the cloud provider
○ Disadvantages:
■ Full execution environments that are tamper resistant can be very expensive
■ Performance Scalability issues
● What do the following terms mean? ○ Searchable encryption ○ order preserving encryption ○ verifiable computation ○ proof of data possession
○ proof of deletion
○ Searchable encryption
■ Searchable encryption scheme is a cryptographic technique that allows search of specific information in an encrypted content.
■ Assume that Alice want to redirect the mail to Bob containing the term “office” as she is away in a holiday. Now how would the service provider know which mail to send to Bob if it is not able to read the data ? Again it is a security concern to transmit the data without end to end encryption. A solution of this problem is to use Searchable Encryption.
Here Alice chose to encryption the message and create a collection of tags or search keyword that can uniquely identify the message for a specific search. Now there tags are appended to the encrypted message so that the service provided can perform the task of forwarding the mail without knowing the details of the mail.
○ order preserving encryption ■ Order-preserving symmetric encryption (OPE) is a deterministic encryption scheme whose encryption function preserves numerical ordering of the plaintexts. ■ The reason for new interest in such schemes is that they allow efficient range queries on encrypted data. That is, a remote untrusted database server is able to index the (sensitive) data it receives, in encrypted form, in a data structure that permits efficient range queries (asking the server to return ciphertexts in the database whose decryptions fall within a given range, say [a; b]). By "efficient" we mean in time logarithmic (or at least sub-linear) in the size of the database, as performing linear work on each query is prohibitively slow in practice for large databases. ■ Order-preserving encryption scheme (OPES) allows comparison operations to be directly applied on encrypted data,without decrypting the operands. Thus, equality and range queries as well as the MAX, MIN, and COUNT queries can be directly processed over encrypted data. Similarly, GROUP BY and ORDER BY operations can also be applied. Only when applying SUM or AVG to a group do the values need to be decrypted. ■ OPES is also endowed with the following properties: ● The results of query processing over data encrypted using OPES are exact. They neither contain any false positives nor miss any answer tuple. ● OPES handles updates gracefully. A value in a column can be modified or a new value can be inserted in a column without requiring changes in the encryption of other values. ● OPES can easily be integrated with existing database systems as it has been designed to work with the existing indexing structures such as B-trees. The fact that the database is encrypted can be made transparent to the applications. // Order-preserving_encryption
○ verifiable computation
■ Verifiable computing (or verified computation or verified computing) is enabling a computer to offload the computation of some function, to other perhaps untrusted clients, while maintaining verifiable results. The other clients evaluate the function and return the result with a proof that the computation of the function was carried out correctly. The introduction of this notion came as a result of the increasingly common phenomenon of “outsourcing” computation to untrusted users in projects such as SETI@home and also to the growing desire of weak clients to outsource computational tasks to a more powerful computation service like in cloud computing.
■ Gennaro et al. defined the notion of verifiable computation scheme as a protocol between two polynomial time parties to collaborate on the computation of a function F: {0,1}n → {0,1}m. This scheme consists of three main phases:
● Preprocessing. This stage is performed once by the client in order to calculate some auxiliary information associated with F. Part of this information is public to be shared with the worker while the rest is private and kept with the client.
● Input preparation. In this stage, the client calculates some auxiliary information about the input of the function. Part of this information is public while the rest is private and kept with the client. The public information is sent to the worker to compute F on the input data.
● Output computation and verification. In this stage, the worker uses the public information associated with the function F and the input, which are calculated in the previous two phases, to compute an encoded output of the function F on the provided input. This result is then returned to the client to verify its correctness by computing the actual value of the output by decoding the result returned by the worker using the private information calculated in the previous phases.
■ The defined notion of verifiable computation scheme minimizes the interaction between the client and the worker into exactly two messages, where a single message sent from each party to the other party during the different phases of the protocol.
// Verifiable_computing
○ proof of data possession ■ Proof of data possession protocols (PDP) provide the integrity of test data stored on remote servers, and provide a number of requirements: easy and reliable test, which is based on various assumptions, security and computational efficiency. // Proof_of_data_possession
○ proof of deletion
● What security features does Tresorit provide? How are they achieved?
○ Provides encrypted cloud storage services
○ Uses client side encryption
■ All data is encrypted before being uploaded to the cloud
■ Uses asymmetric key cryptography to manage symmetric keys
○ File sharing is supported within groups
■ This needs appropriate key management (the decryption key should be made available only to group members)
○ Easy group management
■ Adding and removing members
■ Removing members require re-encryption of content
○ Tresorituses lazy re-encryption
■ Files are re-encrypted only when they change
■ This provides forward secrecy…
● Removed users cannot read new files
■ … and weak backward secrecy
● New users cannot read removed files