A Highlight of Security Challenges in Big Data

Transcription

1 A Highlight of Security Challenges in Big Data Eweka Raphael Osawaru MSc-MBIS Student School of Engineering & Computing Sciences University of East London - FTMS College Technology Park Malaysia Bukit Jalil, Kuala Lumpur, Malaysia ralpheweka@aol.com Riyaz Ahamed A. H. Lecturer, School of Engineering & Computing Sciences FTMS College, Technology Park Malaysia Bukit Jalil, Kuala Lumpur, Malaysia riyazahd@gmail.com Abstract Big data security challenges are magnified by its own attributes Variety, Volume and Velocity. In a world where critical decisions made by Government and Organizations now depend on thorough analysis of both streaming and static large data sets, big data has now become a very useful technology. Its ability to produce historical and predictive results is overwhelming. However, all its benefits can be dwarf by its challenges, foremost of which is security. Data for this research are collected from a case study of Big data application platforms, application users and Cloud Security Alliance (CSA). This paper carefully highlights various security issues Big data analytic faces so far and encourage further collaborative research for mitigating both security and privacy challenges relating to big data. Keywords: Analysis, Big data, Security, Challenges, Privacy. 1. Introduction Big data is the term given to a collection of data so large and complex that database management systems find it difficult to process. It is the massive amount of digital information companies and governments collect about human beings and our environment. It is an exponential growth of both structured and unstructured data analyzed for faster decision making. In 2012, limits on the size of data that could be process in a reasonable amount of time were on the Exabyte of data. Scientists and researchers often had limitations due to large data sets from numerous areas including meterology, social networking, complex physics simulations biological and environmental research, finance and business information. These data sets has increased in size partially because they are increasingly being generated/gathered by ubiquitous information sensing mobile devices, aerial sensory technology, software logs, camera, microphones, radio frequency Identification reader, wireless networks sensors generating up to 2.5 exabyte as at then. Figure 1: Big Data Growth ISSN: Page 1

2 Big data is difficult to work with using relational database management systems and desktop visualization/static packages, it requires instead massively parallel software running on tens, hundreds and thousands of servers. The huge attention big data is getting is more to the fact that there is so much additional information derivable from analysis of just a single large data set of related data as compared to smaller separate sets with same total amount of data, hence providing correlations to be found, you can spot business trends, determine quality of research, predict disease spread, prevent disease, combat crime and so much more. Government and organizations are now using data driven decision-making. In the past various concept of database engineering has been employed to provide critical information for decision making from large data. Concepts like data warehousing, data mining, OLAP and OLTP, Distributed database and parallel database. In recent years, Big Data has been leading this trend due to the enormous results produced by the analysis of large datasets. Until 2012, Big data has been use by Government and Large organizations only who can afford the mammoth infrastructure needed to analyze and process such tsunami of data surging in. However, with the emergent of big data analysis applications like IBM Apache Hadoop, organizations can now use big data, hence partaking in the gross results and insights derived from big data analysis. Big data, though it has huge promises for the future, considering researchers/scientist have shown in a short time it s the contribution to help solve complex issues in areas of diseases, crime, medicine, market analysis etc. However, these promises can be dwarf with the challenges that comes with big data like all trending technology. Though in this paper, we are pointing out the Security Challenges of Big Data, we will consider briefly examine the general challenges of big data. 2. General Challenges of Big Data 2.1 Heterogeneity and Incompleteness Data must be carefully structured as a first step in data analysis. Example: A good example will be a patient in an hospital who has one record for Medical report/lab test, one record for surgical operations, one record for each admission at the hospital and one record for a lifetime hospital interaction with the patient. The number of surgical operations and lab tests per record would be different for each patient. The three design choices listed have successively less structure and, conversely, successively greater variety. Pointing out the acquisition of big data from various sources with variety of structures, structuring these data is almost impossible before data analysis. Computer systems are known to work more efficiently if they can store these data all identical in size and structure and complete. Example: Let s consider a large retailer customer record database design that has field for name, date of birth, occupation, etc. If one of this information is not provided by the customer what do we do? For record purposes, the data provided would still be entered into the database, but with the corresponding value that was not provided set to null. A data analysis that tends to categorize customers according to occupation will leave out such customer due to unknown occupation. 2.2 SCALE Definitely one has to worry about size when it comes to big data. Managing large and rapidly increasing volumes of data has been an issue for decades. This challenge was earlier handled by developing faster processor to cope with increasing volume of data. However, data ISSN: Page 2

3 volume is scaling faster than computer resources and CPU speed is static, instead of processors doubling its clock cycle frequency every months, due to power constraints, clock speed has largely stalled and processors are developed with more cores. Example: Power considerations will likely prohibit us from efficiently using all of the hardware in a system continuously, forcing data systems to actively manage the power consumption of the processor. Hence, forcing us to re-work how we design, build and operate data processing components. Also pointing out move towards cloud computing, dealing with system failure as we operate on larger and larger clusters and the transformative change of the traditional I/O subsytems: from HDD to solid states drives which does not have sequential and random I/O performance, not to forget the amount of CO 2 emission from these hundreds/thousands of processing nodes affecting our precious GREEN ecosystem, making us to rethink how we design storage system for data processing. 2.3 Timeliness The opposite of size in processing is indeed speed. Though it s not designing a system that effectively deals with size to produce a system that can process data faster that is usually meant when one speaks of velocity in context of big data. Rather it starts with Acquisition rate challenge. 2.4 Human Collaboration Despite the technological advancement in computational analysis, human inputs remains essential. There are many patterns human can detect while computer algorithms cannot. CAPTCHA is a good example of such. Ideally big data analytic will definitely have human in the loop. However it often require multiple experts from diverse domains to easily understand what is going on. These experts might be dispersed in various locations. New methods like crowdsourcing have proven ingenuity in examples like Wikipedia and Encyclopedia. 3. Security Challenges for Big Data Security in big data is magnified by the three V s, Volume, Variety and Velocity. According to recent article by Cloud Security Alliance (CSA) Big Data security challenges can be categorized under 4 major categories. Infrastructure Security Data Privacy Data Management Integrity and Reactive Security Secure Computation in Distributed programming frameworks Privacy preserving Data minning and analytiucs Secure data storgae and transaction logs End point validation and filtering Security best practices for Non-Relational data stores Cryptographically enforced data-centric security Granular audits real time security monitoring Granular Access Control Figure 2: Categorization of Big Data Security Challenges. ISSN: Page 3

4 These four categories are subdivided into nine distinct security challenges by top experts from various organizations and government working with big data by interviewing CSA members, surveyed security practitioner oriented journals, studied published solutions. 4. Infrastructure Attack Big data processing hugely depends on the underlying cloud infrastructure to operate. Inherent are the security issues mentioned below. 4.1 Secure Computation in distributed programming framework Secure Computation in distributed programming framework (Hadoop as a point of reference) Parallel computation and storage is used by distributed programming framework to process massive amount of data. For example, see the map reduce architecture below: Figure 3: Mapreduce architecture Mapreduce framework splits an input file into multiple chunks. Mapreduce uses two phases, firstly mapper for each chunk reads the data, performs computation, and output a list of key pairs. Secondly, a reducer combines the key belonging to each distinct keys and output the result, hence inviting two major attacks: securing the mappers and securing the data in the presence of an untrusted mapper. The fact is that with large data sets, it is nearly impossible to identify malicious mappers that might create damage. We can further breakdown the threat to mappers into three, as explained below: a. Malfunctioning compute worker nodes malfunctions can occur in a distribute computation framework due to incorrect configuration or faulty node. A node that is malfunctioning can return incorrect output, hence incorrect aggregate result. b. Infrastructure attacks A compromised worker node may tap communication in between the worker and the master which can be replay or man-in-the-middle attack or Denial of Service attacks. c. Rogue Data Nodes rogue data nodes can be added to a cluster, and subsequently receive replicated data or output altered mapreduce code. This is a quite easy attack in cloud and virtual environments and is difficult to detect. We can use two techniques in ensuring the trustworthiness of mappers and secure data despite presence of untrusted mappers; Trust Establishment using master worker secure authentication when a worker sends a connection request to the master, granting only authenticated worker mapper tasks; thereafter regular checking of worker periodically if any preauthenticated security as well as security policy has changed. ISSN: Page 4

5 Mandatory Access Control (MAC) is used to ensure access to files must go through predefined security policy. With MAC you can ensure security of input to mappers as well as returned output, but cannot prevent data leakage from mappers outputs. With the above solutions, there are still two problems to be tackled before full adoption Performance penalties for imposing MAC Limitations of differential privacy in providing guarantees 4.2 Security best practice for Non-relational Data stores This is popularized by NoSQL database, which are still evolving. NoSQL database was designed to tackle analytics, providing performance and scalability, However, it failed to address security. Developers using nosql database usually embeds security in their middleware. There is no support for enforcing security thoroughly in NoSQL. Moreover, clustering aspect of nosql poses more challenges to the security practices. Organizations that deal with large data sets may benefit by migrating from traditional relational databases (RDBs) to a nosql database which accommodates and process huge volumes of streaming and static data for predictive and historical analysis. Compared to RDBs, nosql has a very thin security layer, trusting its security philosophy to external enforcement mechanisms. To mitigate security incidents, organizations have to review security policy for middleware as well as toughen nosql database itself to match the security of RDBs without compromising the performance. Below are the six major threat scenarios of NoSQL databases: Transactional integrity NoSQL most visible drawbacks is its soft approach towards transaction integrity, enforcing complex integrity constraints into its architecture will fail NoSQL s primary objective (performance and scalability). LAX Authentiction mechanisms Generally, NoSQL uses weaker authentication techniques and weak password storage mechanism, exposing NoSQL databases to replay attacks and password brute force attacks, resulting in information leakage. Although some NoSQL database offer authentication at local nodes level, authentication across all the cluster nodes failed to be enforced. Insufficient Authorization Mechanism different NoSQL solutions have their different authorization technique, many known solutions offer authorization at higher layers rather than enforcing authorization at lower layers (at per-database level rather than collection level). Susceptibility to injection attacks Backdoor access to the file system for malicious activities can be allowed by ease to employ injection techniques like array injection, view injection, REST injection, SQL injection, Schema injection, etc. since NoSQL architecture employ lightweight protocols and mechanism that are closely coupled. Impact of such an attack ranges from databases with corrupt data to DoS attacks (total unavailability of the database) for example an attacker can use schema injection to inject more columns to the database with its own data. Lack of consistency if it is impossible to simultaneously enforce all three elements of the CAP theorem (consistency, availability and partition tolerance) while in distributed mode undermine the trustworthiness of the churned results. ISSN: Page 5

6 Hence users are no more guaranteed consistent result at any given time, as each node may not be entirely synched with the node holding the latest image. Insider attack poor security mechanism can be leveraged to achieve insider attack, which can go unnoticed if no proper logging and log analysis method is employed along with other rudimentary security mechanism. Haven modeled and analyzed NoSQL database, it is essential to hide NoSQL under the secure layer of middleware or accessing NoSQL using a framework like hadoop provide a virtual secure layer around the NoSQL perimeter, passwords must not be allowed to be in plain text while in transit, it should be encrypted or hashed securely using intelligent hashing algorithms. Similarly, data stored in databases should not be in form of clear text, having considered the weak Authentication and Authorization methods employed by NoSQL, it is advisable to encrypt data while at rest and not considering the performance impact as it may. Using large file encryption or hardware encryption can help reduce the performance effect of encrypting data while at rest in the database. Using SSL/TSL to securely connect clients to server and the communication clusters will be a good practice to secure data while in transit. Each nodes should be able to verify and validate trust level of other nodes before establishing connections. All NoSQL solution has to be run on a secured network environment, meaning that only secure nodes can access database ports. Use of Appropriate logging mechanism can expose possible attacks and appropriate data tagging with time stamps can defend unauthorized data modifications. 5. Data Privacy 5.1 Scalable Privacy Preserving Data Mining and Analytics User data collected by large organizations is accessed constantly by inside analysts as well as outside contractors and business partners. An untrusted partner or a malicious insider can misuse this data set and extract information of customers. Analysis done not long ago on how companies leverage data analytics for marketing purposes included an example of how a retailer was able to identify a teen s pregnancy before her father found out. So also, just anonymizing data for analytics is not enough to guarantee user privacy, e.g. AOL released an anonymized search log for academic purpose, but users were able to be identified by their searches. Privacy-preserving analytics is still an open area of research that can help minimize malicious being successful in accessing data sets. Continuous monitoring must be implemented. Though there are some few solutions currently in deployment, however some are in their infancy. Like Homomorphic Encription and Differential Privacy. While this paper is focused on analysis, implementations must also follow privacy regulations. 5.2 Cryptographically Enforced Data-Centric Security The visibility of data in different entities can be controlled by two major approaches. Firstly, by limiting access to the underlying system (e.g. the operating system) and secondly, by encapsulating the data itself in a protective shell using cryptography. Though both approaches have their benefits as well as their detriments. Though various research into various cryptographic threat models are proved to be secure in their respective models, research is still on going to find simpler constructions, efficiency improvements, and partially homomorphic schemes that surfice. ISSN: Page 6

7 5.3 Granular Access Control When it comes to access control, the security properties that matters is secrecy preventing the access to data from people who should not have access. However, the problem with grained access is that, data that should be shared originally is swept into a more restrictive access for security purpose. Managing the plethora of legal and policy restrictions has hiked the price of application development upward and limiting the number of people who can participate in the analysis. To achieve granular access security requires various elements that spread around big data. Different protocols for tracking access restrictions as well as data are needed and should be stored in the storage systems, like NoSQL. 6. Data Management As explained by Boyd and Crawford, Big data can potentially enable privacy invasion, decreased liberties, invasive marketing and increased state and corporate control. Under this category, we will look at three type of security challenge. 6.1 Secure Data Storage and Transaction Logs Data and transaction logs are stored in multi-tiered storage media, manual moving of data gives the IT manager total control of which data will be moved and when. However, as data has risen exponentially, forcing auto-tiering of Big Data storage management, consequentially storing data without keeping track. New methods have to be used to mitigate unauthorized access and ensuring constant availability. For example, The National Health care system (NHS) wants to integrate different hospital data. Some data are rarely retrieved, while some hospitals use same data pool. Auto-tiering can save the day for NHS by moving the rarely utilized data to a lower tier. However, there may be consequence, such data might be critical, because it is rarely accessed does not mean it is less important (it might be results of R & D). Since the lower tier is less secured, NHS has to review its tiering storage strategy properly. Here are a few threat auto-tiering may face: a. Confidentiality and Integrity storage service providers as also assumed to be not trustworthy third party, Data transmission within tiers can provide clues to storage service providers, enabling them to correlate user activities and data sets without deciphering. b. Availability - Auto-tiering also put pressure on storage service providers to guarantee availability, irrespective of the security limitations of the lower tier. c. Provenance Due to its Large data set, it is infeasible to download all its data and verify its integrity and availability. d. Consistency It is now clear with the above insights that data flows between tiers and is shared among users. To maintain consistency among multiple duplicates stored in various locations is very important. e. Collusion Attacks Data set owner decides to store cypher text in the auto-tiier storage and provide the key and permission for users to assess part of the data set, Whereas, the cypher text is useless to the service providers without the key materials. However, if the service provider colludes with users by exchanging the key and data, they will obtain a data set that they is untitled to them. f. Roll-Back Attacks Service providers can launch a roll back attack in a multi user environment. Users can store updated data and the service provider will return outdated data. Users will need evidence to be able to notice this roll back. g. Disputes A lack of recordkeeping will lead to disputes between users and the storage service provider, or among users. When data loss or tampering occurs, transmission logs/records are critical to determining responsibility. For example, a ISSN: Page 7

8 malicious user outsources data to a storage system. Later, the user reports data loss and asks for compensation for his claimed loss. In this case, a well-maintained log can effectively prevent fraud. Recently, the information assurance and cyber infrastructure security fields have rapidly evolved. There are now refined systems to address the security issues listed above. Confidentiality and integrity can be achieved with tough encryption techniques and messagedigests. The swap of signed message-digests can be used to address potential disputes. Rollback Attacks can be solved by periodic audit and chain hash. Secure untrusted data repository (SUNDR) can be used to detect consistency attack. Broadcast encryption and key rotation can be used to improve scalability. Researchers have proposed that Data availability can be improved through proof of retrievability (POR) or provable data possession (PDP) methods with high probability. Regarding collusion attacks, as long as the users do not exchange their private keys, a policy-based encryption system (PBES) can successfully guarantee a collusion-free environment. If the users are willing to exchange their private keys without exchanging the decrypted content, a mediated decryption system can avoid collusion attacks. If the users are willing to exchange the decrypted contents, digital rights management can prevent collusion attacks. While it appears that there are techniques for each individual security problem in large scale auto-tier storage systems, there is no systematic approach to integrate them into a holistic solution. The non-uniform security policies among different tiers pose an additional challenge to securing inter-tier data transmission. More considerations are necessary to balance tradeoffs among security, usability, complexity, and cost. 6.2 Granular Audit When it comes to real time security monitoring; notification of an attack at the moment it takes place is the goal. In real life, this is not always the case. In other to determine missed attack, auditing of information is necessary. Information from auditing is very key to understanding what occurred and what went wrong, for compliance, regulations and forensic investigation. Auditing is not something new, but big data tend to extend its reach because of its volume and sometimes distributed processes. Auditing capabilities need to be implemented across big data infrastructure depending on the auditing features enabled for the infrastructure components. Examples include syslog on routers, application logging and enabling logging on the operating system. 7. Integrity and Reactive Security 7.1 End-Point Input Validation Various Big Data uses in enterprise environment demand data collection from many different sources, including end-point devices. The key challenge in data collection process is input validation. How can we trust the data received? How can we validate the data source is not malicious? And how can we filter these malicious inputs from our data? One way or another input validation and filtering is always a daunting task due to untrusted input sources, which is raised furthermore by Bring Your Own Device (BYOD) model. For example, data collected from weather sensors and feedback votes sent by an iphone app share similar validation problem. These are the various threats for input validation. ISSN: Page 8

9 A determined adversary can alter a device from which data is collected or rather alter the data collection app running on the device to provide malicious input to a central data collection system. An attacker might perform Identity cloning attack on data collection system by creating different fake identities (e.g. spooked Iphone identity) and use it to provide malicious input. A more complicated scenario will be when an adversary decides to manipulate or alter input sources of sensed data. e.g, instead of manipulating the data, an attacker can alter the input by simulating a GPS satellite. With clear insight of the above threats, two categories of solutions are needed: Firstly, A solution that will prevent an adversary from generating and sending malicious input to the central collection system Achieving this is still a work in progress, as there are several researches overtime to produce a tamper-proof secure software. It is very difficult to develop complex software without any vulnerabilities is close to impossible. Though regular PC has also been adequately protected over time, but adequate security for mobile devices and its application is still a research trend. Consequently, determined adversary might find it easy to compromise mobile devices and its applications. Secondly, A solution that will filter malicious data if they make I to the central collection system - Big Data processing can assist with this, as millions of data are collected from sources in real live practice, malicious/altered data might appear as outliers. outliers detection technique may be employed to detect such malicious input. 7.2 Real-Time Security monitoring The challenge of big data security monitoring is the number of generated alerts by the security devices, given the volume and velocity of big data streams. These alerts are often ignored due to limited human capacity analysis. Big data technologies can be used to provide real-time anomaly detection based on scalable security analytics. Common use include utilizing the technology to answer questions such as are we under attack, who is accessing which data from which resources at what time For example: Health care benefits immensely from big data technologies, potentially saving billions of taxpayers by becoming more accurate with the payment of claims and reducing fraud related to claims. So also, stored records of patients are extremely sensitive and must be protected to comply with patient privacy regulations. Real time detection of anomalous retrieval of patient s information gives the health care provider opportunity to fix the damage and prevent further misuse. 8. CONCLUSION Big Data has come to stay. Though proper analysis of both streaming and static large data sets we can make better advances in many scientific and medical disciplines and profitability for many enterprises. It is practically impossible to imagine the next application without it consuming data, creating new forms of data, and containing data-driven algorithms. As computing environments become chaper, application environments become networked, and system and analytics environments become shared over the cloud, security, access control, compression, encryption and compliance introduce challenges that must be addressed in a systematic way. This paper has highlighted the top security and privacy problems that need to be addressed if we are to make Big Data processing and computing infrastructure more secure. Our believe is that this paper will spur action in the research and development community to ISSN: Page 9

10 collaboratively focus on the barriers to greater security and privacy in Big Data platforms and future works. Reference [1] A community White paper developed by leading researchers across united states, Challenges and Opportunity with Big Data, Feb [2] A Cloud Securty Alliance Collaborative research, Expanded Top Ten Big Data Security and Privacy challenges, April [3] I. Roy, S. T. V. Setty, A. Kilzer, V. Shmatikov and E. Witchel, Airavat: security and privacy for MapReduce in USENIX conference on Networked systems design and implementation, pp 20-20, [4] L. Okman, N. Gal-Oz, Y Gonen, E. Gudes and J Abramov, Security Issues in NoSQL Databases in TrustCom IEEE Conference on International Conference on Trust, Security and Privacy in Computing and Communications, pp , [5] J. Feng, Y. Chen, W.-S. Ku, and P. Liu, Analysis of Integrity Vulnerabilities and a Non-repudiation Protocol for Cloud Data Storage Platforms, the 2nd International Workshop on Security in Cloud Computing (SCC 2010), in conjunction with ICPP 2010, San Diego, California, USA, Sept. 14, [6] D. Boneh, C. Gentry, and B. Waters, Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys, Lecture Notes in Computer Science, [7] D. Boyd, and K. Crawford. Criticial Questions for Big Data, in Information, Communication & Society, 15:5, pp , May 10, ISSN: Page 10