How To Protect Your Data In A Cloud Environment

Transcription

1 A Framework to Avoid Vulnerability Incidents in Cloud Computing 1 Kavyashree M U, 2 Manjunath H 1 PG Scholar, Department of Computer Science & Engineering, Mangalore Institute of Technology & Engineering, Moodbidri, Karnataka 2 HOD, Department of Information Science& Engineering, Mangalore Institute of Technology & Engineering, Moodbidri, Karnataka 1 kavyamu@gmail.com, 2 hebbs@rediffmail.com Abstract One of the latest drift in small and medium businesses and enterprise sized IT is the need for a significant transformation of the IT environment. Cloud computing provides a major shift in the way companies see the IT infrastructure. It is an emerging style of computing where applications, data and resources are provided to users as services over the web. Even though migrating to cloud environment is a tempting trend these days, there are many aspects that a company must consider before adopting cloud computing. One of the most important and crucial aspect is the security in cloud. To deal with the security issues, the cloud provider must build up sufficient controls to provide such level of security than the company would have if the cloud were not used. To address this problem, here we propose a framework which can avoid some of the vulnerability incidents that may occur in the cloud computing environment. Index Terms attribute based encryption, authentic re-encryption, cloud computing, disorientation scheme, inveigle information, vulnerability incidents. I. INTRODUCTION Information is pouring in faster than we can make sense of it. It is being authored by billions of people and flowing from a trillion intelligent devices, sensors and instrumented objects. With 80 percent of new data growth existing as unstructured content from music files to 3D images, to medical records, to keystrokes and more the challenge is trying to pull it all together and make it useful. Cloud computing plays a very important role in these scenarios [16]. Cloud computing is an emerging style of technology where applications, data and resources are provided to users as services over the Web. The services provided may be available globally, always on, low in cost, on demand, massively scalable, pay as you use. Consumers of a cloud service need to care only about what the service does for them and not on how it is implemented. Cloud computing is a technology that allows users to access software applications, store information, develop and test new software, create virtual servers, draw on disparate IT resources and more, all over the Internet or other broad network. It is a model driven methodology that provides configurable computing resources such as servers, networks, storage and applications as and when required with minimum efforts over the Internet. Along with these benefits, cloud computing raises severe concerns especially regarding the security level provided. Security is considered to be a key requirement in cloud computing by many distinct groups including academia researchers, business decision makers and government organizations. Migrating to a cloud computing infrastructure poses security risks to an organization s data. One of the biggest user concerns about Cloud Computing is its security, as naturally with any emerging Internet technology [11][14][15][16]. In the absence of security standards, businesses and organizations are vulnerable to security breaches. This paper primarily aims to highlight the major vulnerability incidents in current existing cloud computing environments, help users recognize the risks of them and provide a framework which can avoid these potential vulnerability incidents. The rest of the paper is structured as follows. Section II describes the vulnerability incidents in cloud. Section III says about the related work in this area. Section IV & V describe the authentic re-encryption scheme and the disorientation scheme. Finally section VI concludes the paper. II. VULNERABILITY INCIDENTS IN CLOUD COMPUTING Even though there are many advantages of cloud computing, businesses and organizations are slow in accepting it due to the security issues or vulnerability incidents associated with it. Vulnerability refers to the 12

2 unauthorized access of resources from the cloud server. It may be a service running on a cloud server, unmatched applications or operating system software, or an unsecured physical entrance. There are several significant vulnerabilities that should be considered when an organization is ready to move its critical applications and data to a cloud computing environment. By considering both the promises of cloud computing and the risks associated with it, the Cloud Security Alliance (CSA) [1] has created the industry-wide standards for effective cloud security. In recent years, CSA has released security guidance and implementation documents. These documents have quickly become the industry-standard catalogue of best practices to secure cloud computing. Already, many businesses, organizations, and governments have incorporated this guidance into their cloud strategies. CSA conducted a survey of industry experts to find out professional opinion on the greatest vulnerabilities within cloud computing [1][15][16]. The critical vulnerability incidents to cloud security as identified by the experts of CSA are: 1. Data Breaches 2. Data Loss 3. Account Hijacking 4. Insecure API s 5. Denial of Service 6. Malicious Insiders 7. Abuse of Cloud Services 8. Insufficient Due Diligence 9. Shared Technology The aim here is to focus on data breaches and malicious insiders, their risks to cloud environment and develop a framework to avoid these two vulnerability incidents. III. RELATED WORK Cloud security has been identified as an important factor from both research point of view and application point of view as huge amount of critical data is stored on cloud and this data is accessible by a huge number of people [15]. According to a recent survey on cloud computing, users rate cloud security as the first preference before availability and performance. An abundant number of related works and publications exist in the literature, emphasizing the importance and demand of security solutions for cloud computing [4][5][8][15]. Data Management in the Cloud: Limitations and Opportunities, (March 2009), is focused to discuss the limitations and opportunities of deploying data management issues on these emerging cloud computing platforms. Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing (2009), describes that Cloud Computing has been envisioned as the next generation architecture of IT Enterprise. Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control (2009), characterizes the problems and their impact on adoption. Security Guidance for Critical Areas of Focus in Cloud Computing (April 2009), is intended to provide security practitioners with a comprehensive roadmap for being proactive in developing positive and secure relationships with cloud providers. Security Issues for cloud computing (2010), discusses security issues for cloud computing and present a layered framework for secure clouds and then focus on two of the layers, i.e., the storage layer and the data layer. CryptoNET: Software Protection and Secure Execution Environment (2010), describes protection of software modules which is based on strong encryption techniques, for example public key encryption and digital signature. Addressing cloud computing security issues (2010), aims at twofold; firstly to evaluate cloud security by identifying unique security requirements and secondly to attempt to present a viable solution that eliminates these potential threats. This paper proposes introducing a Trusted Third Party, tasked with assuring specific security characteristics within a cloud environment. Deployment Models: Towards Eliminating Security Concerns from Cloud Computing (2010), claims that Cloud computing has become a popular choice as an alternative to investing new IT systems. A survey on security issues in service delivery models of cloud computing (2010), discusses that the architecture of cloud poses such a threat to the security of the existing technologies when deployed in a cloud environment. Improved proxy re-encryption schemes with applications to secure distributed storage (2006), the solution here is to let the data owner issue a re-encryption key to an untrusted server to re -encrypt the data. Cryptographic cloud storage (2010), discusses an approach, were users are revoked by having a third party to re-encrypt data such that previous keys can no longer decrypt any data. Information security and cloud computing (2011), gives a description of cloud computing followed by a general description of information security issues and solutions, and a brief description of issues linking cloud computing with information security. Security issues in cloud computing (2011), mentions that Cloud Computing is a distributed architecture that centralizes server resources on a scalable platform so as to provide on demand computing resources and services. 13

3 IV. AUTHENTIC RE-ENCRYPTION SCHEME availability [7][8]. As a distributed system, the cloud will experience failures common to such systems, such as server crashes and network outages. As a result, re-encryption commands sent by the data owner may not propagate to all of the servers in a timely fashion, thus creating security risks. A. Overview Fig 1: A classic cloud environment Fig 2: A sample time slice One of the famous techniques to protect the data from a possible untrusted CSP is for the data owner to encrypt the outsourced data. Flexible encryption schemes can be adopted to provide fine grained access control. Attribute Based Encryption (ABE) is one of such flexible encryption schemes which allows data to be encrypted using an access structure comprised of different attributes. Instead of specific decryption keys for specific files, users are issued attribute keys[4][5][6]. Users must have the necessary attributes that satisfy the access structure in order to decrypt a file. The key problem of storing encrypted data in the cloud lies in revoking access rights from users. A user whose permission is revoked will still retain the keys issued earlier, and thus can still decrypt data in the cloud. A naive solution is to let the data owner immediately re-encrypt the data, so that the revoked users cannot decrypt the data using their old keys, while distributing the new keys to the remaining authorized users. This solution will lead to a performance bottleneck, especially when there are frequent user revocations. An alternative solution is to apply the proxy re-encryption (PRE) technique. This approach takes advantage of the abundant resources in a cloud by delegating the cloud to re-encrypt data. This approach is also called command-driven re-encryption scheme, where cloud servers execute re-encryption while receiving commands from the data owner. However, command-driven re-encryption schemes do not consider the underlying system architecture of the cloud environment. A cloud is essentially a large scale distributed system where a data owner s data is replicated over multiple servers for high A better solution is to allow each cloud server to independently re-encrypt data without receiving any command from the data owner. Here, we propose an authentic re-encryption scheme. It is a time-based re-encryption scheme, which allows each cloud server to automatically re-encrypt data based on its internal clock. The basic idea of this scheme is to associate the data with an access control and an access time. Each user is issued keys associated with attributes and attribute effective times. The data can be decrypted by the users using the keys with attributes satisfying the access control, and attribute effective times satisfying the access time[10]. Unlike the command-driven re-encryption scheme, the data owner and the CSP share a secret key, with which each cloud server can re-encrypt data by updating the data access time according to its own internal clock. Even through this scheme relies on time; it does not require perfect clock synchronization among cloud servers. Classical clock synchronization techniques that ensure loose clock synchronized in the cloud are sufficient. Fig1depicts a classic cloud environment. B. Problem Formulation We consider a cloud computing environment consisting of a data owner, a cloud service provider (CSP) and multiple data users. The data owner outsources his data in the form of a set of files F 1. F n to the CSP[6][7][9]. Each file is encrypted by the data owner before uploading to the CSP. Data users that want to access a particular file must first obtain the necessary keys from the data owner in order to decrypt the file. The data owner can also update the contents of a file after uploading it to the CSP. This is termed a write command. Each file, F, is encrypted with two parameters, time slice and attributes. We divide time into time slices, and every time slice is of equal length. Fig.2 illustrates this concept. Attributes are organized into an access structure, A, which regulates access to a file. A file F can only be decrypted with keys that satisfy both the access structure and time slice[10]. A data user, after being authenticated by the data owner, is granted a set of keys, each of which is associated with an attribute and an effective time that denotes the length of time the user is authorized to possess the attributes. For example, if Alice is authorized to possess attributes a 1. a m from TS 1 to TS n, she will be issued keys. The security requirements of the authentic re-encryption scheme are as follows: 14

4 1) Access control correctness. This requires that a data user with invalid keys cannot decrypt the file. 2) Data consistency. This requires that all data users who request file F, should obtain the same content in the same time slice. 3) Data confidentiality. The file content can only be known to data users with valid keys. The CSP is not considered a valid data user. 4) Efficiency. The cloud servers should not re-encrypt any file unnecessarily. This means that a file that has not been requested by any data user should not be re-encrypted. C. Adversary Model Our system considers two types of adversaries. The first type of adversary is the CSP. The CSP adversary is considered honest-but-curious. This means that the CSP will always correctly execute a given protocol, but may try to gain some additional information about the stored data[9][10]. The second type of adversary is malicious data users. The data user adversary will try to learn the file content that he is not authorized to access. This adversary is assumed to possess invalid keys (either with incorrect attributes or time). We also assume the data user adversary can query any server in the cloud. Note that both an honest-but-curious CSP and malicious data users can exist together. However, we assume that the CSP and data users will not collude to break the system, because the CSP is considered to be honest-but-curious. D. Control Flow Diagram A. Overview V. DISORIENTATION SCHEME Data theft attacks are amplified if the attacker is a malicious insider. This is considered as one of the top threats to cloud computing by the Cloud Security Alliance[1]. While most Cloud computing customers are well-aware of this threat, they are left only with trusting the service provider when it comes to protecting their data. Cloud customers private keys might be stolen, and their confidential data might be extracted from a hard disk. After stealing a customer s password and private key, the malicious insider get access to all customer data, while the customer has no means of detecting this unauthorized access[2][3].the possible solution for this is encryption of data. But there are chances that the encryption techniques also fail. This scenario can be dealt in the cloud using offensive inveigle technology. We monitor data access in the cloud and detect abnormal data access patterns. When unauthorized access is suspected and then verified using challenge questions, we launch a disinformation attack by returning large amounts of decoy information to the attacker. This protects against the misuse of the user s real data[11][12]. We propose a completely different approach for securing the cloud using inveigle information technology, which we are referring as disorientation scheme. We use this technology to launch disinformation attacks against malicious insiders, preventing them from distinguishing the real sensitive customer data from fake worthless data. The inveigle information then serve two purposes: (1) validating whether data access is authorized when abnormal information access is detected, and (2) confusing the attacker with bogus information. B. Depicting the User Actions We monitor data access in the cloud and detect abnormal data access patterns. Depicting user actions is a well-known technique that can be applied here to model how, when, and how much a user accesses their information in the Cloud. Such normal user action can be continuously checked to determine whether abnormal access to a user s information is occurring. This method of action-based security is commonly used in fraud detection applications[1][2][3]. Such profiles would naturally include volumetric information, how many documents are typically read and how often. We monitor for abnormal search behaviors that exhibit deviations from the user baseline the correlation of search behavior anomaly detection with trap-based inveigle files should provide stronger evidence of malfeasance, and therefore improve a detector s accuracy C. Providing a Inveigle File Fig 3: Control Flow Diagram We propose a different approach for securing data in the cloud using offensive decoy technology. We monitor data 15

5 access in the cloud and detect abnormal data access patterns. We launch a disinformation attack by returning large amounts of decoy information to the attacker[3][10[13]. This protects against the misuse of the user s real data. We use this technology to launch disinformation attacks against malicious insiders, preventing them from distinguishing the real sensitive customer data from fake worthless data the inveigle information then serve two purposes: (1) Validating whether data access is authorized when abnormal information access is detected, and (2) Confusing the attacker with bogus information. VI. CONCLUSION Cloud based systems have brought a new, scalable application delivery service model to the market. Cloud services promise to help reduce capital and operational costs while providing higher service levels. However, cloud services rely heavily on keeping the data and applications they are managing available at all times and to restore operations quickly following any type of data disaster. Cloud administrators need to ensure that the cloud which has so many advantages is largely affected by the different vulnerabilities. Organizations and businesses fear to adopt cloud services because of these security issues. There is a need to prevent the data in the cloud from being accessed by the intruder. Accordingly, here we focused on the two important security concerns in cloud environments these days i.e., data breaches and malicious insiders and developed a secure framework which can prevent them. The framework consists of authentic re-encryption scheme and disorientation scheme which can provide unprecedented levels of security in the Cloud environment. REFERENCES [1] Cloud Security Alliance, Top Threat to Cloud Computing V1.0, March 2010[Online]. Available: ts.v1.0.pdf [2] M. Ben-Salem and S. J. Stolfo, Modeling user search-behavior for masquerade detection, in Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection. Heidelberg: Springer, September 2011, pp [3] B. M. Bowen and S. Hershkop, Decoy Document Distributor: [Online]. Available: [4] S. Kamara and K. Lauter, Cryptographic cloud storage, Financial Cryptography and Data Security, [5] M. Armbrust, A. Fox, R. Griffith, A. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, and I. Stoica, A view of cloudcomputing, Communications of the ACM, [6] Cong Wang, Student Member, IEEE, Sherman S.M. Chow, Qian Wang, Student Member, IEEE, Kui Ren, Senior Member, IEEE, and Wenjing Lou, Senior Member, IEEE, Privacy-Preserving Public Auditing for Secure Cloud Storage, IEEE TRANSACTIONS ON COMPUTERS, [7] J. Bethencourt, A. Sahai, and B. Waters, Ciphertext-policy attributebased encryption, in Proc. of IEEE Symposium on S&P, [8] Boldyreva, V. Goyal, and V. Kumar, Identity-based encryption with efficient revocation, Proc. of ACM CCS, [9] G.Wang, Q. Liu, and J. Wu, Hierarchical attribute-based encryptionfor fine-grained access control in cloud storage services, in Proc. Of ACM CCS (Poster), [10] S. Yu, C. Wang, K. Ren, and W. Lou, Achieving secure, scalable, andine-grained data access control in cloud computing, in Proc. of IEEE INFOCOM, [11] Foster I, Zhao Y, Raicu I, Lu, S. Cloud Computing and Grid Computing 360-degree compared. Proceedings of the Grid Computing Environments Workshop, GCE 2008; IEEE Press, Nov. 2008, [12] M. Prince, The four critical security flaws that resulted in last Friday'shack, Available: flaws. [13] M Rouse, Two-factor authentication, Available: [14] Sizing the Cloud: Understanding and Quantifying the Future of Cloud Computing, Forrester Research, Inc. April 21, [15] Paquette S, Jaeger P T, Wilson S C. Identifying the security risks associated with governmental use of cloud computing. Government Information Quarterly; 2010;27(3): [16] Dr. Kumar Saurabh, 2012, Cloud Computing, Wiley India, Delhi,