CS573 Data privacy and security in the cloud in the cloud Slide - - PowerPoint PPT Presentation

cs573 data privacy and security in the cloud in the cloud
SMART_READER_LITE
LIVE PREVIEW

CS573 Data privacy and security in the cloud in the cloud Slide - - PowerPoint PPT Presentation

Nov 09, 2023 310 likes •711 views

CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns Hopkins University What is Cloud Computing ? Lets hear from the experts 2 What is Cloud Computing ? The infinite wisdom of the crowds (via

slide-1
SLIDE 1

CS573 Data privacy and security in the cloud

Slide credits: Ragib Hasan, Johns Hopkins University

in the cloud

slide-2
SLIDE 2

What is Cloud Computing?

2

Let’s hear from the “experts”

slide-3
SLIDE 3

What is Cloud Computing?

3

The infinite wisdom of the crowds (via Google Suggest)

slide-4
SLIDE 4

What is Cloud Computing?

We’ve redefined Cloud Computing to include everything that we already do. . . . I don’t understand what we would do differently in the light of Cloud Computing other than

4

Larry Ellison, founder of Oracle light of Cloud Computing other than change the wording of some of our ads.

slide-5
SLIDE 5

What is Cloud Computing?

It’s stupidity. It’s worse than stupidity: it’s a marketing hype campaign

5

Richard Stallman GNU

slide-6
SLIDE 6

What is Cloud Computing?

Cloud Computing will become a focal point of

  • ur work in security. I’m
  • ptimistic …

6

Ron Rivest The R of RSA

  • ptimistic …
slide-7
SLIDE 7

So, What really is Cloud Computing?

Cloud computing is a new computing paradigm, involving data and/or computation outsourcing, with

Infinite and elastic resource scalability Infinite and elastic resource scalability On demand “just-in-time” provisioning No upfront cost … pay-as-you-go

7

That is, use as much or as less you need, use only when you want, and pay only what you use,

slide-8
SLIDE 8

The real story

“Computing Utility” – holy grail of computer science in the 1960s. Code name: MULTICS

8

Why it failed?

Ahead of time … lack of communication tech.

(In other words, there was NO (public) Internet)

And personal computer became cheaper and stronger

slide-9
SLIDE 9

The real story

Mid to late ’90s, Grid computing was proposed to link and share link and share computing resources

9

slide-10
SLIDE 10

The real story … continued

Post-dot-com bust, big companies ended up with large data centers, with low utilization

10

Solution: Throw in virtualization technology, and sell the excess computing power And thus, Cloud Computing was born …

slide-11
SLIDE 11

Cloud computing means selling “X as a service”

IaaS: Infrastructure as a Service

Selling virtualized hardware

PaaS: Platform as a service PaaS: Platform as a service

Access to a configurable platform/API

SaaS: Software as a service

Software that runs on top of a cloud

11

slide-12
SLIDE 12

Cloud computing architecture

e.g., Web browser SaaS , e.g., Google Docs PaaS, e.g., Google AppEngine

12

PaaS, e.g., Google AppEngine IaaS, e.g., Amazon EC2

slide-13
SLIDE 13

So, if cloud computing is so great, why aren’t everyone doing it?

Clouds are still subject to traditional data confidentiality, integrity, availability, and privacy issues, plus some additional attacks

13

additional attacks

slide-14
SLIDE 14

Companies are still afraid to use clouds

14

[Chow09ccsw]

slide-15
SLIDE 15

Anatomy of fear …

Confidentiality

Will the sensitive data stored on a cloud remain confidential? Will cloud compromises leak confidential client data (i.e., fear of loss of control confidential client data (i.e., fear of loss of control

  • ver data)

Will the cloud provider itself be honest and won’t peek into the data?

15

slide-16
SLIDE 16

Anatomy of fear …

Integrity

How do I know that the cloud provider is doing the computations correctly? How do I ensure that the cloud provider really How do I ensure that the cloud provider really stored my data without tampering with it?

16

slide-17
SLIDE 17

Anatomy of fear …

Availability

Will critical systems go down at the client, if the provider is attacked in a Denial of Service attack? What happens if cloud provider goes out of What happens if cloud provider goes out of business?

17

slide-18
SLIDE 18

Anatomy of fear …

Privacy issues raised via massive data mining

Cloud now stores data from a lot of clients, and can run data mining algorithms to get large amounts of information on clients amounts of information on clients

18

slide-19
SLIDE 19

Anatomy of fear …

Increased attack surface

Entity outside the organization now stores and computes data, and so Attackers can now target the communication link Attackers can now target the communication link between cloud provider and client Cloud provider employees can be phished

19

slide-20
SLIDE 20

Anatomy of fear …

Legal quagmire and transitive trust issues

Who is responsible for complying with regulations (e.g., SOX, HIPAA, GLBA)? If cloud provider subcontracts to third party If cloud provider subcontracts to third party clouds, will the data still be secure?

1/31/2011 en.600.412 Spring 2011

20

slide-21
SLIDE 21

What we need is to …

Adapt well known techniques for resolving some cloud security issues Perform new research and innovate to make Perform new research and innovate to make clouds secure

1/31/2011 en.600.412 Spring 2011

21

slide-22
SLIDE 22

Traditional systems security vs Cloud Computing Security

Securing a traditional system Securing a cloud

22

slide-23
SLIDE 23

Traditional systems security vs Cloud Computing Security

Analogy Securing a house Securing a motel Owner and user are

  • ften the same entity

Owner and users are almost invariably distinct entities

23

slide-24
SLIDE 24

Traditional systems security vs Cloud Computing Security

Securing a house Securing a motel Biggest user concerns Securing perimeter Checking for intruders Securing assets Biggest user concern Securing room against (the bad guy in next room | hotel owner)

24

slide-25
SLIDE 25

Data Privacy and Security in Cloud: Overview

Novel attacks Trustworthy cloud architectures Data integrity and availability Computation integrity Computation integrity Data and computation privacy Data forensics Misbehavior detection Malicious use of clouds

25

slide-26
SLIDE 26

Co-tenancy in clouds creates new attack vectors

A cloud is shared by multiple users Malicious users can now legally be in the same infrastructure Misusing co-tenancy, attackers can launch side channel attacks on victims

Example: the Topology attack on Amazon EC2 (“Hey You! Get

  • ff of my Cloud …” CCS 2009)

Research question: How to prevent attackers from exploiting co-tenancy in attacking the infrastructure and/or other clients?

26

slide-27
SLIDE 27

Today’s cloud architectures act like big black boxes

Clients have no idea of or control over what is happening inside the cloud Clients are forced to trust cloud providers completely

27

Research Question: How do we design cloud computing architectures that are semi-transparent and provide clients with control over security?

Existing Approaches: TCCP (uses TPM), CloudProof

slide-28
SLIDE 28

Today’s clouds provide no guarantee about outsourced data

Amazon’s Terms of services

28

slide-29
SLIDE 29

Today’s clouds provide no guarantee about outsourced data

Problem: Dishonest cloud providers can throw data away or lose data. Malicious intruders can delete or tamper with data. Clients need reassurance that the outsourced data is available, has not been tampered with, and remains confidential. Research Question: How can clients get assurance/proofs that the cloud provider is actually storing data, is not tampering with data, and can make the data available on-demand? has not been tampered with, and remains confidential.

29

Example Approaches: Provable Data Possession (PDP), Proof of Retrievability (PoR), HAIL

slide-30
SLIDE 30

Ensuring confidentiality of data in

  • utsourced computation is difficult

Most type of computations require decrypting data before any computations If the cloud provider is not trusted, this may result in breach of confidentiality

30

breach of confidentiality Research Question: How can we ensure confidentiality of data and computations in a cloud?

Existing Approaches: Homomorphic encryption, TCCP

slide-31
SLIDE 31

Clients have no way of verifying computations outsourced to a Cloud

Scenario User sends her data processing job to the cloud. Clouds provide dataflow operation as a service (e.g., MapReduce, Hadoop etc.) Problem: Users have no way of evaluating the correctness of results

31

Research question: How can we verify the accuracy of outsourced computation?

Existing Approaches: Runtime Attestation, Majority voting, Redundant operations

slide-32
SLIDE 32

Clouds can be used for malicious purposes

Adversaries can rent clouds temporarily to create a large scale botnet very quickly Clouds can be used for spamming, Clouds can be used for spamming, Denial of service, brute force password breaking, and other attacks Research question: How can we rapidly detect misbehavior

  • f clients in a cloud?

Example: WPACracker.com – a password cracking service that claims to test 300,000,000 words in 20 minutes for $17, using a cloud

32

slide-33
SLIDE 33

Final quote

[Cloud Computing] is a security nightmare and it can't be handled in traditional ways.

33

traditional ways.

John Chambers CISCO CEO

slide-34
SLIDE 34

Secure Data Outsourcing

34

slide-35
SLIDE 35

Homomorphic encryption

The ability to perform computations on the ciphertext without decrypting it first A specific algebraic operation performed on the plaintext is equivalent to another (possibly the plaintext is equivalent to another (possibly different) algebraic operation performed on the ciphertext

35

slide-36
SLIDE 36

A Simple Example

Rot-13 is homomorphic with respect to concatenation

36

slide-37
SLIDE 37

Homomorphic encryption schemes

Multiplicative homomorphic – e.g. RSA Additive homomorphic, e.g. Paillier Fully homomorphic encryption (FHE) (Gentry, 2010)

37

slide-38
SLIDE 38

Alternative techniques

Search encrypted data Fragmentation Aggregation … …

38