protegiendo la información en la nube. tecnologías de cifrado
Upload: centro-de-investigacion-para-la-gestion-tecnologica-del-riesgo-cigtr
Post on 12-May-2015
368 views
DESCRIPTION
Isaac Agudo. Profesor asociado . Universidad de Málaga. Network, Information and Computer Security Lab. Curso de Verano "Innovación Disruptiva en tecnologías de seguridad". Campus Vicálvaro de la URJC. Summer Course "Disruptive innovation in security technologies". URJC's Vicálvaro Campus.TRANSCRIPT
Protec'ng your data in the Cloud.
Isaac Agudo -‐ [email protected]
Network, Informa/on and Computer Security Lab
www.nics.uma.es
University of Malaga (Spain)
URJC 2014
Outline
§ Introduc/on to Cloud Compu/ng § Security Challenges in Cloud Compu/ng § Security in Virtualized Environments § Cryptography in the Cloud § Iden/ty Management in the Cloud
URJC 2014
Introduc'on to Cloud Compu'ng
URJC 2014
The NIST Defini/on of Cloud Compu/ng
§ Cloud compu/ng is a model for enabling convenient, on-‐demand network access to a shared pool of configurable compu/ng resources (for example, networks, servers, storage, applica/ons and services) that can be rapidly provisioned and released with minimal management effort or service provider interac/on
§ This cloud model is composed of
– five essen/al characteris/cs, – three service models, – four deployment models.
URJC 2014
Source: The NIST Definition of Cloud Computing (Special Publication 800-145)
Cloud Compu/ng Service and Deployment Models
URJC 2014
Cloud Compu/ng Actors
§ Cloud Provider: Company or organiza/on that owns the IT infrastructure and offer services using the Cloud Model.
§ Customer: Individual, organiza/on or company that hire services from a Cloud provider. Customer runs their applica/ons in the Cloud and pay the provider for that.
§ Users: Individual or set o individuals that access the applica/ons running in the Cloud
URJC 2014
Cloud Provider
Internet Customer
User User User
Security Challenges in Cloud Compu'ng
URJC 2014
Security in Cloud Compu/ng
URJC 2014
Cloud Compu/ng Top Threats in 2013
URJC 2014
§ The Notorious Nine: Cloud Compu/ng Top Threats in 2013 hUps://cloudsecurityalliance.org/download/the-‐notorious-‐nine-‐cloud-‐compu/ng-‐top-‐threats-‐in-‐2013/
§ Revises Top Threats Cloud Compu/ng V1.0 (2010)
hUps://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
§ Responses to the survey by companies from USA (50%), INDIA (8,6%), UK (5,5%), CANADA (4,1%) and other contries (31,8%) – 53% Cloud consumers – 30% Cloud providers
The Notorious Nine by CSA
URJC 2014
76 78 80 82 84 86 88 90 92
Shared Technology Vulnerabili/es
Insuficiente Due Diligence
Abuse of Cloud Services
Malicious Insiders
Denial of Service
Insecure Interfaces & APIs
Account/Service & Traffic Hijacking
Data Loss
Data Breaches
#1 Top Threat: Data Breaches
§ There is risk that sensi/ve internal data falls into the hands of compe/tors.
§ The cloud provider is in charge of enforcing access control policies for their costumers’ data.
§ Cloud providers implement redundancy and replicate data in order to provide beUer service and avoid data loss but this expose costumers’ data even more.
§ Mul'tenant clouds might be vulnerable to side channels aUacks.
URJC 2014
Source: Chris Brenton, The basics of Virtualization Security https://cloudsecurityalliance.org/wp-content/uploads/ 2011/11/virtualization-security.pdf
#3 Top Threat: Account/Service Traffic Hijacking
§ Account or service hijacking is not new. AUack methods such as phishing, fraud, and exploita/on of sogware vulnerabili/es s/ll achieve results. Creden/als and passwords are ogen reused, which amplifies the impact of such aUacks.
§ In April 2010, Amazon experienced a Cross-‐Site Scrip/ng (XSS) bug that allowed aUackers to hijack creden/als from the site. In 2009, numerous Amazon systems were hijacked to run Zeus botnet nodes.
§ It is cri/cal to leverage strong authen/ca/on techniques where possible, e.g. two-‐factor authen/ca/on.
URJC 2014
#6 Top Threat: Malicious Insiders
§ The risk of malicious insiders is percep/bly higher as costumers are not aware of what employees from the cloud provider have access to their data
§ A malicious insider, such as a system administrator, in an improperly designed cloud scenario can have access to poten/ally sensi/ve informa/on.
§ From IaaS to PaaS and SaaS, the malicious insider has increasing levels of access to more cri/cal systems, and eventually to data.
§ Systems that depend solely on the cloud service provider (CSP) for security are more vulnerable. Relying on server side encryp/on does not solve the problem, only reduces it.
URJC 2014
#7 Top Threat: Abuse of Cloud Services
§ Cloud compu/ng advantages and opportuni/es are also aUrac/ng hackers.
§ The easy registra/on process and the rela/ve anonymity can in someway allow spammers, malicious code authors and other criminals to conduct their ac/vi/es with rela/ve impunity.
§ The Cloud make their aUacks simpler and cheaper.
Password and Key cracking, DDoS, dynamic aUack points, hos/ng malicious data and code, botnet command and control, building rainbow tables, CAPTCH solving farms, etc.
URJC 2014
Some aUacks to IaaS
§ People run tampered images
§ Easy and instant access to many machines
§ Auto-‐Scaling: DoS AUacks paid by the customer
§ Side Channel AUacks (Cloud Cartography)
§ AUack based on lack of entropy for random numbers
§ Bugs in virtualiza/on sogware
§ ….
URJC 2014
Source: Matthias Jung, elastic-security.com http://www.slideshare.net/CloudCampFRA/matthias-jung-cloud-security-new-problem-or-new-context
Tampered Images
§ Demonstrated method to get prime placement in AWS list of available AMIs, as a way to get users to run an untrustworthy AMI
§ Malicious Virtual Machine Images
– SSH authorized keys
– Rootkits
– Trojaned binaries (e.g., sshd)
– Open sockets (e.g., reverse shell /connect back)
– Trojaned custom Xen kernel
URJC 2014
“Cloud Computing Models and Vulnerabilities: Raining on the Trendy New Parade”, Alex Stamos,Andrew Becherer, Nathan Wilcox,Black Hat USA 2009 / DEF CON 17 http://www.sensepost.com/blog/3797.html
AMI-‐Exposed
§ Presence of SSH authorized_keys – Poten/al backdoor
§ Presence of SSH iden/ty keys – Can be used to gain illicit access to other hosts
§ Presence of AWS x.509 cer/ficate (.pem) files – Can be used to tamper with publisher's EC2 account
§ Ac/ve connec/ons to other hosts – Poten/al backdoors
§ SSH Password authen/ca/on enabled – Poten/al backdoor via default passwords – Poten/al exposure via weak passwords
URJC 2014
DEF CON 19 "Get Off of My Cloud: Cloud Credential Compromise and Exposure". http://wn.com/defcon_19_get_off_of_my_cloud_cloud_credential_compromise_and_exposure AMI Exposed - A framework for security scanning of Amazon Machine Images (AMIs) Copyright (C) 2011 Jeff Jarmoc - Dell SecureWorks Counter Threat Unit https://github.com/jjarmoc/AMI-Exposed/
AMI aiD
§ The AMI aiD (AMID) tool scans your system for security or privacy cri/cal data before publishing or when started as virtual machine in the cloud, e.g. an Amazon Machine Image (AMI).
§ It is not bounded to Amazon Images, it can also be used with other infrastructure-‐as-‐a-‐service (IAAS) cloud providers.
URJC 2014
Center for Advanced Security Research Darmstadt (Fraunhofer SIT) http://trust.cased.de/AMID http://code.google.com/p/amid/
Security in Virtualised Environments
URJC 2014
Virtualiza/on
§ The hypervisor is in charge of emula/ng all the specific hardware configura/ons for the “guest” opera/ng systems.
URJC 2014
Source: Chris Brenton, The basics of Virtualization Security https://cloudsecurityalliance.org/wp-content/uploads/2011/11/virtualization-security.pdf
Introspec/on
§ Expansion of the hypervisor’s capabili/es – Beyond monitoring compute and store calls
§ Introspec/on permits you to monitor – Memory and program execu/on – Access to data files within storage – Network traffic
§ Conduit for deeper VM analysis. – Can be leverage to implement security.
URJC 2014
Source: Chris Brenton, Hypervisor vs. Host Based Securty https://cloudsecurityalliance.org/wp-content/uploads/2011/11/hypervisor-vs-hostbased-security.pdf
Introspec/on (II)
§ Hypervisor runs with higher privileges than WMs
– It sees and control everything.
§ Kernel Level Rootkits can’t escape Introspec/on
§ Introspec/on is not the Holy Grail
– Introspec/on checks require complex hypervisors
– The more complex the code the more prone to bugs and vulnerabili/es
URJC 2014
Introspec/on and Security
§ Malware control and Intrusion Detec/on. – Hypervisor can efficiently monitor anomalies system wide
§ Data Loss Preven/on – Introspec/on can protect por/ons of the disk or even schedule
backups independently of the host policies.
§ Firewalling – Between VMs
§ Forensics – Logs and audit trails can be compiled by the hypervisor
URJC 2014
An/Virus in the Cloud
§ AV Storms – Scheduled scanning in mul/ple VM at
the same /me can drain Hardware resources.
§ Only a single AV instance per box – Each host is connect to the AV by
Introspec/on using a small driver
§ Advantages – Integra/on of security policies – Efficiency – Easier to manage – …
URJC 2014
Source: Vmware vShield Endpoint http://bit.ly/R0Pgyh
Cryptography in the Cloud
URJC 2014
Encryp/on in the Cloud
§ Amazon, as many other cloud
providers offer the possibility to store the data encrypted.
§ Every element is encrypted with a different key.
§ Keys are stored in a different place.
§ E.g. Dropbox
URJC 2014
http://aws.typepad.com/aws/2011/10/new-amazon-s3-server-side-encryption.html
How is our data stored in the Cloud?
Mul/-‐layer Encryp/on
§ Addi/onally, customers/users can implement their own client side encryp/on mechanisms.
§ Or implement encryp/on in a trusted Cloud and store data in a commodity Cloud (Twin Clouds)
URJC 2014
S. Bugiel, St. Nurnberger, A. R. Sadeghi, Th. Schneide.Twin Clouds: An Architecture for Secure Cloud Computing. Workshop on Cryptography and Security in Clouds, March 15-16, 2011, Zurich.
Advanced Crypto schemes for the Cloud
§ Even encrypted data is vulnerable at processing /me
§ There are cryptographic schemes that can process encrypted data without decryp/ng it. We will focus on these schemes
URJC 2014
-‐ Searchable Encryp'on. Random queries on encrypted data without decryp/ng it
-‐ Homomorphic Encryp'on. Random process of encrypted data without decryp/ng it
-‐ Proxy Re-‐encryp'on. Changing encryp/on keys without decryp/ng data.
Searchable Encryp/on (SE)
§ Servers execute queries without having to decrypt the data – Ideally, without learning any informa/on about it
§ Basically, a SE scheme is a set of cryptographic primi/ves that enables the possibility of searching keywords over the encrypted data through the crea/on of trapdoors.
§ We can dis/nguish:
– Symmetric schemes
– Asymmetric schemes
URJC 2014
Query +trapdoor
Query results
Searchable Encryp/on (SE) Issues
§ Data Ownership – Who owns data, who can update or include new data, who can
perform queries.
§ Index genera/on and update – How is the index updated and generated
§ Access Control and revoca/on – Is it possible to revoke trapdoors?
§ Type of Queries – Single keywords, mul/ple keywords, conjunc/ve and ranked queries, ...
§ Security Models – Random Oracle vs. Standard Model, Adversary models, ...
URJC 2014
Symmetric Searchable Encryp/on (SSE)
§ SSE assume that the data is encrypted with the same master key that will be used during searching and that the owner of the data is the one who triggers the queries
§ Some schemes can perform conjunc/ve keywords searches
§ There are symmetric schemes that enable mul/ple par/es to search over the data encrypted by a single user
URJC 2014
R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky, “Searchable symmetric encryption: improved definitions and efficient constructions,” in Proceedings of the 13th ACM conference on Computer and communications security. ACM, 2006, pp. 79–88.
L. Ballard, S. Kamara, and F. Monrose, “Achieving efficient conjunctive keyword searches over encrypted data,” Information and Communications Security, pp. 414–426, 2005.
D. X. Song, D. Wagner, and A. Perrig. “Practical techniques for searches on encrypted data”. In Symposium on Security and Privacy. IEEE, 2000.
Asymmetric Searchable Encryp/on (ASE)
§ Any party that knows the public key is able to encrypt and add data to the server, but only the party in possession of the private key can generate trapdoors.
§ Ini/al schemes only focused on finding hits not on recovering data.
§ Some schemes allow subset, range and conjunc/ve queries
§ More recent schemes can recover encrypted data
REce
URJC 2014
D. Boneh, G. Di Crescenzo, R. Ostrovsky, and G. Persiano, “Public key encryption with keyword search,” in Advances in Cryptology EUROCRYPT 2004. Springer, 2004, pp. 506–522.
D. Boneh and B. Waters, “Conjunctive, subset, and range queries on encrypted data,” Theory of Cryptography, pp. 535–554, 2007.
T. Fuhr and P. Paillier, “Decryptable searchable encryption,” Provable Security, pp. 228–236, 2007. D. Hofheinz and E. Weinreb, “Searchable encryption with decryption in the standard model,” Cryptology eprint archive, report 2008/423, Tech. Rep., 2008.
Homomorphic Encryp/on (HE)
§ Homomorphic encryp/on can process data in a confiden/al way
§ First schemes focused on encryp/on and digital signatures related computa/ons.
§ There are also fully homomorphic schemes that cover arbitrary computa/ons, unfortunately those schemes are not yet viable.
§ Recent works on Lavce-‐based Cryptography show that "somewhat" homomorphic encryp/on can be used in prac/ce
URJC 2014
M. v. Dijk, C. Gentry, S. Halevi, and V. Vaikuntanathan. Fully homomorphic encryption over the integers. In Advances in Cryptology - EUROCRYPT'10, vol. 6110, LNCS, pages 24-43. Springer, 2010.
Kristin Lauter, Michael Naehrig, and Vinod Vaikuntanathan, Can Homomorphic Encryption be Practical?, no. MSR-TR-2011-61, 6 May 2011
Related schemes
§ Private Set Intersec/on (PSI). It allows two par/es to compute the intersec/on of their sets without revealing any informa/on about items that are not in the intersec/on.
§ Secure Mul/party Computa/on (SMC).
URJC 2014
Benny Pinkas (BIU), Thomas Schneider (TUDA), Michael Zohner (TUDA): Faster private set intersection based on OT extension. In 23rd USENIX Security Symposium (USENIX Security'14), August 20-22, 2014.
https://sharemind.cyber.ee/introduction-to-sharemind
Enable parties to jointly compute a function over their inputs, while at the same time keeping these inputs private.
Proxy Re-‐Encryp/on (PRE)
§ A proxy re-‐encryp/on scheme is an asymmetric encryp/on scheme that allows a proxy to transform ciphertexts under Alice’s public key into ciphertexts under Bob’s public key
§ Proper/es – Bidirec/onal vs. Unidirec/onal
– Single-‐hop vs. Mul/-‐hop
– Collusion resistant (Alice-‐Proxy; Bob-‐Proxy)
URJC 2014
Alice Proxy Bob EA(m) EB(m)
rA-B
Proxy Re-‐Encryp/on Applica/ons
§ Secure Mail Delega/on – Mail inspec/on for law enforcement – Delega/on of du/es
§ Distributed encrypted storage – Access control to encrypted data
§ Outsourced Filtering of SPAM – Delega/on of SPAM Filtering
§ Digital Rights Managements (DRM) – Moving or copying protected content from one device to another – iTunes DRM crack in 2005
URJC 2014
Some Proxy Re-‐Encryp/on Schemes
§ Introduced in 1998 by Blaze et al. based on Elgamal – Bidirec/onal; Mul/-‐hop; Not resistant to collusions.
§ In 2005 Ateniese et al. propose new proxy re-‐encryp/on schemes based on bilinear pairings – Unidirec/onal; Single-‐hop; Resistant to collusions.
§ In 2007 Ateniese et al. propose new proxy re-‐encryp/on schemes for Iden/ty-‐based encryp/on
URJC 2014
M. Blaze, G. Bleumer, and M. Strauss, “Divertible protocols and atomic proxy cryptography,” Advances in Cryptology EUROCRYPT’98, pp. 127–144, 1998.
G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved proxy re-encryption schemes with applications to secure distributed storage,” 12th Annual Network and Distributed System Security Symposium, 2005, pp. 29–44.
M. Green and G. Ateniese, “Identity-based proxy re-encryption,” in Applied Cryptography and Network Security. Springer, 2007, pp. 288–306.
Iden'ty Management in the Cloud
URJC 2014
Cloud Iden/ty as a Service (IDaaS)
§ Cloud Iden/ty as a Service (IDaaS) is fundamentally the management of iden//es in the cloud, outside the applica/ons (and possibly even the providers) that use them.
§ The service is provided as third party management of iden/ty and access control func/ons, including user life cycle management and single sign-‐on.
§ The provider is in control of all iden//es and has to be fully tursted.
URJC 2014
https://cloudsecurityalliance.org/guidance/csaguide-dom12-v2.10.pdf
Secure IDaas
URJC 2014
���� �����������������
���������������
����������
���
���
����������
���
���
IdM Protocol
Data Protection
Cloud Identity Provider
Service Provider
Storage
givenName=5W$...sn=e4%SFd...
Data Protection
IdM protocol
Host OrganizationAuthentication
IdM protocol
Authoritative source
Data Protection
Integra/ng OpenID with PRE to enhance privacy in cloud-‐based iden/ty services
§ IDaaS introduces the same kind of problems regarding privacy and data confiden/ality as other cloud services.
§ A Privacy-‐preserving IDaaS system can be implemented using OpenID AUribute Exchange and a proxy re-‐encryp/on scheme.
§ In this way the iden/ty provider can serve aUributes to other par/es without being able to read their values.
URJC 2014
D. Nuñez, I. Agudo, and J. Lopez, "Integrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services", In IEEE CloudCom 2012, IEEE Computer Society, pp. 241 - 248, Dec 2012
Overview
URJC 2014
OpenID Provider
Encrypted attributes
Re-encryption
OpenID Consumer
Decryption
User
Identity Provider Service Provider
Encryption
Original Protocol
URJC 2014
���(�'�(��%�#���!��#)!�!�'
�(�' �� ���
�������((�)$����(!)�
����%�#���"$�!#
���!(�$+�',
����(($�!�)!$#
����*) �#)!��)!$#�'�&*�()�������'��!'��)!$#�
���*) �#)!��)!$#
����*) �#)!��)!$#�'�(%$#(��������'��!'��)!$#�
�����(�'�!(��*) �#)!��)��
�����'!�!��)!$#�$��'�(%$#(�
Modified protocol
URJC 2014
���*) �#)!��)!$#
���(�'�(��%�#���!��#)!�!�'
�(�' �� ���
�������((�)$����(!)�
����%�#���"$�!#
���!(�$+�',
����(($�!�)!$#
����*) �#)!��)!$#�'�&*�()�������'��!'��)!$#�
����*) �#)!��)!$#�'�(%$#(��������'��!'��)!$#�
�����(�'�!(��*) �#)!��)��
�����'!�!��)!$#�$��'�(%$#(�
�������� � �������������� �� �� �������� �
�������� ������������������ �
Main limita/on
§ AUributes are stored in the cloud directly by users. Most SP require “cer/fied” aUributes, issued by a trusted IdP.
§ Instead of using OpenID and allow users to upload their own aUributes we can use SAML and allow organiza/ons to store informa/on regarding all their users
URJC 2014
Cloud Identity Provider
Service Provider
Host Organization
rH!SP(pH , sH) (pSP , sSP )
ca c0a
D. Nuñez, and I. Agudo, "BlindIdM: A Privacy-Preserving Approach for Identity Management as a Service", In International Journal of Information Security, vol. 13, issue 2, Springer, pp. 199-215, 2014
Federated IdM
Service ProviderHost Organization(Identity Provider)
Employee
belongs to requestsservice
direct trust
retrieves identity
provides identityinformation
URJC 2014
BlindIdM
URJC 2014
Cloud Identity Provider Service Provider
Host OrganizationEmployee
belongs to
requestsservice
outsourcesidentity
management
directtrust direct
trust
indirect trust
retrieves identity
provides identityinformation
SAML Informa/on Flow User agent Service Provider Cloud Identity Provider Host Organization
Request service
Discovery of the IdP
SAML AuthnRequest
AuthnRequest (User redirection)
SAML AuthnRequest
AuthnRequest (User redirection)
User authentication SAML Response
Response (User redirection)
Re-encryption of user attributes and creation of SAML Response
Response (User redirection)
Decryption of user attributes and verification of SAML Response
Access to service
URJC 2014
URJC 2014
Privacy in the Cloud
URJC 2014
What is Privacy?
§ The concept of privacy varies widely among (and some/mes within) countries, cultures, and jurisdic/ons.
§ It is shaped by public expecta/ons and legal interpreta/ons; as such, a concise defini/on is elusive if not impossible.
§ Privacy rights or obliga/ons are related to the collec/on, use, disclosure, storage, and destruc/on of personal data (or Personally Iden/fiable Informa/on—PII).
§ At the end of the day, privacy is about the accountability of organiza/ons to data subjects, as well as the transparency to an organiza/on’s prac/ce around personal informa/on.
51 URJC 2014
What is the data life cycle?
52
Source: Tim Mather,Subra Kumaraswamy,Shahed Latif , Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance, O'Reilly Media, Inc., 2009
URJC 2014
What Are the Key Privacy Concerns?
§ Typically mix security and privacy
§ Some considera/ons to be aware of:
– Storage
– Reten/on
– Destruc/on
– Audi/ng, monitoring and risk management
– Privacy Breaches
– Who is responsible for protec/ng privacy?
53 URJC 2014
Storage
§ Where is the data in the Cloud?
§ The aggrega/on of data raises new privacy issues – Some governments may decide to search through data without
necessarily no/fying the data owner, depending on where the data resides
§ Is the cloud provider en/tled to access customer data?
§ Do cloud providers store behavioural informa/on about customers and their clients?
54 URJC 2014
Reten/on
§ How long is personal informa/on retained?
§ Which reten/on policy governs the data?
§ Does the organiza/on own the data, or the Cloud Provider?
§ Who enforces the reten/on policy in the cloud, and how are excep/ons to this policy managed?
55 URJC 2014
Destruc/on
§ How does the cloud provider destroy Personal Informa/on at the end of the reten/on period?
§ How can we be sure that the Cloud destroyed it at the right point and is not available to other cloud users?
§ Cloud storage providers usually replicate the data across mul/ple systems and sites—increased availability is one of the benefits they provide. – Are there any addi/onal copies? – Is data destroyed or just unavailable? – Is the Cloud using the data for its own benefits?
56 URJC 2014
Audi/ng, monitoring and risk management
§ How can organiza/ons monitor their Cloud Providers and provide assurance to relevant stakeholders that privacy requirements are met when their PII is in the cloud?
§ Are they regularly audited?
§ What happens in the event of an incident?
§ Transparency, compliance controls, and auditability are key criteria in the evalua/on of any cloud service provider
57 URJC 2014
Privacy breaches
§ How do you know that a breach has occurred?
§ Who is responsible for managing the breach no/fica/on process?
§ How is responsible for the consequences?
§ Data breaches have a cascading effect
58 URJC 2014