Ky Managmnt Systm Framwork for Cloud Storag Singa Suparman, Eng Pin Kwang Tmask Polytchnic {singas,ngpk}@tp.du.sg Abstract In cloud storag, data ar oftn movd from on cloud storag srvic to anothr. Mor frquntly usd data ar stord on a location narr to th usr for fastr accss, and lss frquntly usd data ar movd to furthr location whr usag is lowr and chapr. To safguard th data and th data transmission from attackrs, appropriat ky managmnt is ncssary. Th currnt Ky Managmnt Systm (KMS) standards availabl for ntrpriss ar not abl to mt th rquirmnts for th clouds. Cryptography KMS in th ntrpris today is insufficint to mt th cloud s scurity rquirmnts. It is an inadquat modl of propritary solutions that is not ffctiv, nor is it scalabl. If w xpct KMS to work in th cloud, thn w nd a nw modl. In this papr, w propos a novl approach to KMS Framwork for Cloud Storag Srvic which adapts xisting Public Ky Infrastructur (PKI) basd on hybrid ky managmnt. W stablish a trilatral communication protocol in which rlatd componnts must work as on to function. W also dmonstrat that gnratd privat kys nvr lav th ky gnrator, thus strngthning th scurity of our systm. W prform all transactions using unscurd data communication as all our data is in ncryptd format. Kywords: Scurity, Cloud Computing, Cloud Storag, Infrastructur As A Srvic, Ky Managmnt Systms. 1. Introduction Cloud computing is bing rapidly mbracd across all industris. Trms lik Softwar as a Srvic (SaaS), Infrastructur as a Srvic (IaaS), and Platform as a Srvic (PaaS) hav bcom common trms in th IT vocabulary. As cloud computing is gaining incrasd popularity, concrns ar bing voicd about th scurity issus introducd through its adoption. Th ffctivnss and fficincy of traditional protction mchanisms ar bing rconsidrd as th charactristics of this innovativ dploymnt modl diffr widly from thos of traditional architctur. According to [1], IT dpartmnts workd on th assumption that data on th company intrant was scur as long as it was hiddn bhind firwalls and VPNs. Th assumption that ncryption is a good solution for providing data scurity is no longr tru. Howvr, data ncryption can only b part of th solution; th nd usr must still dal with distributing, scuring, and rnwing dcryption kys. Thus ncryption simply shifts th burdn from protcting data to protcting kys. Managing cryptography kys rmains on of th difficult problms in applid cryptography. Without propr ky managmnt, an othrwis thortically scur systm is, in rality, quit vulnrabl. For xampl, TLS and IPSc will b rndrd inscur without a propr PKI, and SSH is vulnrabl to man-in-th-middl attacks without trustd public kys[2]. In this papr, w analyz shortcomings of prvious approachs and propos a nw architctur by adopting xisting PKI algorithm to addrss th problm basd on th ky managmnt systm. Our architctur modl also taks into considration othr factors lik authntication through Crtificat Authority. Anothr fatur is th us of a trilatral communication to nhanc th scurity of ovrall architctur dsign. Th proposd solution will b implmntd at th IaaS lvl for cloud srvics. Th tchnical challng with th nw trilatral communication protocol is that no individual componnt can accss th ncryptd data without th information providd by th othr rlatd componnts; this strngthns th scurity of our systm. W summariz our contributions as follows: W propos a novl architctur that adapts xisting PKI algorithm to addrss th problm of th ky managmnt systm. W propos th trilatral communication protocol which rquirs all rlatd componnts to work togthr thus, rducing th risk of compromisd scurity du to intrusion on any of th componnts. W organiz th papr as follows. In Sction 2, w brifly introduc prvious work on ky managmnt. Emphasis will b placd on ky managmnt as kys ar crucial in providing accss control, and authntication for th usrs to accss th data. In Sction 3, w propos a novl architctur for cloud storag and in Sction 4, w propos our novl ky managmnt communication. Sction 6 concluds th papr. 2. Rlatd Work Th scurity community is not starting from scratch in tackling th cloud; a lot of rsarch has bn don and tools dvlopd, including th work of th Cloud Scurity Allianc [3]. Organisations hav to xamin th risks involvd in a cloud computing srvic and masurs to mitigat thos risks. According to [4], xisting cloud srvic providrs may provid basic ncryption ky schms to scur cloud-basd application dvlopmnt and srvics, or thy may lav all such protctiv masurs up to thir customrs. Whil cloud srvic providrs ar progrssing towards supporting robust ky managmnt schms, mor has to b don to ovrcom barrirs to adoption. Emrging standards should solv this problm in th nar futur, but work is still in progrss. Thr ar svral ky managmnt issus and challngs within Cloud Computing: 1
Scur ky stors. Ky stors must thmslvs b protctd, just as any othr snsitiv data. Thy must b protctd in storag, in transit, and in backup. Impropr ky storag could lad to th compromis of all ncryptd data. Accss to ky stors. Accss to ky stors must b limitd to th ntitis that spcifically nd th individual kys. Thr should also b policis govrning th ky stors, which us sparation of rols to hlp control accss; an ntity that uss a givn ky should not b th ntity that stors that ky. Ky backup and rcovrability. Loss of kys invitably mans loss of th data that thos kys protct. Whil this is an ffctiv way to dstroy data, accidntal loss of kys protcting mission critical data would b dvastating to a businss, so scur backup and rcovry solutions must b implmntd. 2.1 Ky Managmnt Standards According to [5], th currnt ky managmnt standards availabl for ntrpriss ar not abl to mt th rquirmnts for th clouds. In short, thr is a lack of currnt ky managmnt standards suitabl for th clouds. Cryptography ky managmnt in th ntrpris today is brokn. It is a faild modl of propritary solutions that is not ffctiv, nor is it scalabl. OASIS (Organisation for th Advancmnt of Structurd Information Standards), and spcifically, its Ky Managmnt Introprability (KMIP) Tchnical Committ (TC) [6] is working on an improvd modl for a unifid cloud managmnt. Whil KIMP will crtainly improv ntrpris ky managmnt, such an improvmnt is still not good nough to scal to cloud computing. What cloud computing nds is ky managmnt. Similar to fdratd idntity managmnt, ky managmnt is ndd for intr-ntrpris and cloud us. Th primary issus that nd to b addrssd with ky managmnt for cloud computing ar not only introprability, which KMIP is addrssing, but also scalability, which KMIP is not addrssing. KMIP TC has don rlativly wll in addrssing th ntrpris ky managmnt problm, but mor can b don. Th lack of any viabl ky managmnt modl for cloud computing is a major scurity and oprational issu today. For cloud computing us to b ffctivly scalabl, a scalabl ky managmnt modl is rquird. In a cloud nvironmnt, data can potntially b anywhr; i.. sam data, diffrnt application or sam data, diffrnt srvr. To ncrypt or dcrypt it, th right ky is rquird. Ky managmnt solvs this vry problm. 2.2 Ky Managmnt Architcturs Currnt rsarch works hav bn focusing on ky managmnt architcturs. Ky managmnt is classifid into thr groups; a) Cntralizd Ky Managmnt, b) Distributd Ky Managmnt, c) Hybrid Ky Managmnt. In cntralizd ky managmnt systm, all ky cration, rkying, modification, dltion, backup, logs and vnts ar prformd cntrally. Th administrator has cntralizd control ovr whr ach part of th ky managmnt procss occurs and limits th points at which th kys and data can b accssd by usrs or dvics that prform th ncryption. Th advantag of this approach is that th control ovr ky managmnt is asir. Howvr, thr ar a numbr of disadvantags. Firstly, to scur th ky xchang btwn usrs and cntralizd ky managr, thr ar a numbr of mthods and tchniqus proposd in th litratur such as TLS[7], IPSc[8] and SSH[9]. Ths mthods suffr from an incras in th latncy bcaus xtra algorithm must b applid to scur th communication channl. Scondly, if th cntralizd sit is compromisd by attackrs, th ntir systm will fail. A backup sit for th cntralizd managr will thus b ncssary. This incrass th complxity of th systm by introducing a backup rcovry plan, which adds cost to th systm dsign. In cas of failur, it will tak substantial tim to rcovr from th backup. Lastly, th ky rcovry procss may b slowr in a cntralizd systm bcaus mor tim is rquird to r-stablish th kys at rmot sit. In distributd ky managmnt, usrs manag thir own kys locally. This maks ky rcovry rlativly asir compard to a cntralizd systm. Distributd systms provid bttr scurity mchanisms in plac such that if on sit is compromisd or down, th rst of th sits ar still oprational. Howvr, thr is no ky managmnt policy btwn a cntral sit and rmot sits sinc ach sit gnrats its ky indpndntly. Thus, th transfr of data from rmot sit to othr sits is not fasibl. Scondly, a scur data communication protocol must b stablishd btwn th cntral sit and all rmot sits to transfr data or kys; this incurs ovrhads for using scur communication protocol. Hybrid ky managmnt is th combination of both cntralizd and distributd systm. Th cntralizd ky managr has a communication channl with all th rmot ky managrs. Ky gnration is still prformd at th cntralizd ky managr but ky rcovry is prformd on rmot sits. 3. Architctur Our goal is to crat a schm that allows th storag of and accss to ncryptd data on diffrnt sits within th sam cloud, according to its importanc and frquncy of us. Th main advantag of th schm is that it allows th transfr of ncryptd data across unscurd channls without any brach of scurity. In this sction, w will giv a short ovrviw of th proposd ky managmnt architctur modl, and th trminology will b in Sction 3.4. 3.1 Policy Managr & Domain Managr Communications btwn th Policy Managr (PM) and th Domain Managrs (DMs) ar unscurd. Th ncryptd public kys ar transfrrd btwn th managrs utilizing normal ntwork protocols. Th DM consists of itslf and a sub componnt: th Cach Managr (CM). Rqusts for and submission of kys from th Domains undr th DM ar communicatd first through th CM, and subsquntly to th PM through th DM. Th nxt sction dscribs th procss in mor dtails. Th scondary domain managrs srv as a backup for th systm in cas of failur; priodical updats btwn th primary and scondary DM nsur that th status of th public kys ar updatd. Thr ar no rstrictions on th typ of cryptographic standards to ncrypt th public kys or on th ntwork protocol 2
usd for th transmission of data, as th fundamntal scurity is basd on th fact that th privat ky nvr lavs th ncryptd ky storag. Implmntrs of this systm ar fr to slct th protocols basd on thir critria for spd, cost and lvl of scurity. For intr DM communication, th PM srvs as a DNS srvr by providing th locations of othr DMs. DM may also rqust for th public kys of th othr DM through th PM. Th rtrivd public ky will b stord in th Cach Managr of th rqusting DM and subsquntly snd to th Domain which will stor th rcivd data from th othr Domains, for dcryption purposs. 3.2 Cach Managr Th Cach Managr (CM) is a componnt of th DM and mainly hlps to xpdit th rtrival of public kys by caching th rcntly usd kys in its rpository. It rsponds to th Domains rqust for public kys and sts up th ncssary rqusts to th DM if cach miss occurs. Figur 1. Architctur Policy Managr is th ngin which coordinats th 3.3 Mchanism xchangs btwn th Domain Managrs and rsponds to rqusts from Domain Managrs for public kys which ar W want to nforc th xclusivity of th privat ky usd for dcryption by ach Domain, to b rstrictd to th Domain, without having to lav th Ky Gnrator. Encryption and dcryption of th data is to b carrid out only at th Ky Gnrator. Th form of communication btwn th componnts of th Domain, which w trmd th Trilatral not stord in thir individual Cach Managrs. Domain Managr is th front nd intrfac for th Domains undr its charg, taskd with updating of th public kys of th Domains and th transfr of ncryptd data btwn thm. It intracts with its Cach Managr to nsur th public kys ar updatd. Communication, will nsur that no componnt will know th complt information rquird to fully dcrypt and driv maning from th data. Sction 4.7 will discuss this furthr. Latncy of th data transfr will b kpt to a minimum through two factors: th transfr of data ovr unscurd channls, thus liminating th nd for tdious and timconsuming fram computation; and th us of Cach Managr to rduc th numbr of rqusts ndd for public kys. This approach will b adaptd for cloud storag. Howvr, w will b looking at dploying it across diffrnt sits within th sam cloud, and nabl it to b adaptd for diffrnt cloud computing systms including diffrnt oprating systms and storag systms. Figur 2 provids th procss flow btwn th CM and th DM, as wll as, th flow btwn th DMs. 3.4 Trminology In our architctur, th trminology is as follows: 3 Figur 2. Procss Flow Btwn Domain Managrs
Cach Managr Th Cach Managr provids Domain Managr with cachd information on th public kys, thrby rducing th numbr of rqust raisd to th Policy Managr and othr Domain Managrs. Domain intrfacs with th Ky Gnrator and th Data Storag to coordinat th ncryption and dcryption procss during data storag and rtrival rspctivly. It rsponds to usr rqust for cration of data and subsquntly th dltion and migration of th data du to changs in th status of data. Ky Gnrator Gnrats privat and public kys for ncryption and dcryption of th data from th Domain. Ky Storag This contains th privat kys gnratd by th Ky Gnrator. As th privat kys nvr lav th Ky Storag xcpt for ncryption and dcryption by th Ky Gnrator, possibility of a lak is rducd to a minimum. Data Storag This is whr all ncryptd data ar stord. 4. Ky Managmnt In this sction, w propos our ky managmnt framwork for cloud storag. Our ky managmnt schm has th following attributs: Privat Kys nvr lav th Ky Gnrator. Trilatral Communication xists btwn DM, Domain and Ky Gnrator. Data is always ncryptd. All data communications ar unscurd. 4.1 Ovrviw In our systm, ky managmnt compriss two major componnts: Domain and Ky Gnrator. Domain functions as follows: Snd rqust to Ky Gnrator for gnration of public and privat kys. Rciv public ky from th Ky Gnrator and pass it to Domain Managr for updats. Updat/Dlt privat ky location from th databas. Rciv othr public kys and pass thm on to Ky Gnrator for dcryption. In Domain, a databas is usd to kp th location of data stord using fil pointrs. Th databas is updatd whn rciving th nw public ky from th Ky Gnrator in th vnt of data cration, or whn rciving th confirmation from th othr Domain in th vnt of data migration. 4.2 Ky Gnrator In our architctur, w us asymmtric ky cryptosystm to gnrat public/privat ky. For simplicity of ncryption and digital signaturs, w adopt th RSA approach for privat/public ky gnration. W dfin th following: n Product of two prims, p and q PUBLIC KEY rlativly prim to ( p 1) ( q 1) PRIVATE KEY 4 ENCRYPTING d = 1 (mod( p 1) ( q 1)) c = m DECRYPTING m = c d (modn) (modn) Th Ky Gnrator (KG) has th following functions: Gnrat a pair of kys (Public and Privat) and snd public kys to th Domain Encryption and dcryption of data Rtrival of privat ky from th Ky Storag Rtrival of ncryptd data from th Data Storag Snd ncryptd data to th Data Storag Stor privat ky in Ky Storag and dlt privat ky Snd ncryptd data to th Domain Following [7], th privat ky is sufficint and ncssary for dcrypting a ciphr. W scur th privat ky by nsuring that it is only stord on a Ky Storag. Public kys ar scurd by mans of authntication by th CA. A list of privat kys location is stord on th Ky Gnrator s databas. Th locations of th privat kys ar known to th Ky Gnrator and th privat ky can b rtrivd from th Ky Storag. 4.3 Initial Kys Stup Th initial ky stup is triggrd by th Ky Gnrator whn w first dploy or us th systm. This is achivd by gnrating a pair of public/privat ky in th Ky Gnrator. Th initial privat ky location is dtrmind by th Ky Gnrator and th location addrss is stord on th local databas. Th privat ky is thn stord on th Ky Storag. Th public ky is distributd to th Domain, Domain Managr, Policy Managr and othr Domain Managrs cach. Ky Gnration Algorithm for Domains and Policy Managr (PM) Stp 1: Th public and privat kys ar functions of a pair of larg prim numbrs. Th ky gnrator gnrats th two larg prim numbrs p and q. Stp 2: Comput = ( p 1) ( q 1) such that is th public ky for th currnt domain and policy managr Stp 3: Comput d = 1 (mod( p 1) ( q 1)) such that d is th privat ky for th currnt domain and this also applis to th policy managr Stp 4: Stor d in th Ky Storag and thn dlt d from Ky gnrator. In cas of PM, d is not dlt from ky gnrator, rathr it is stord on its databas. Stp 5: Snd public ky to Domain Managrs and Policy Managr. In cas of PM, is stord in all Domains. 4.4 Crtificat Authority (CA) in Policy Managr Crtificat Authority is th agnt that built into th Policy Managr and its function is to authnticat th gnuinnss of
th Domains public kys.g. to dtrmin whthr th public ky is from th sndr. This is to prvnt any man-in-th-middl attacks. Sinc th public ky of th Policy Managr rsids on ach Domain and th Policy Managr has a list of all Domains public kys, it is an asy procss to vrify th public ky from th sndr. Th stps ar as follow: CA Vrification Stp 1: Rqustor uss th CA public ky CA to ncrypt his public ky R. E.g. CA R ) ( Stp 2: CA dcrypts th ky and compar th Stp 3: If tru, CA will us sndr s public ky of R. E.g. S R ) ( Stp 4: Upon rciv th ky from CA, sndr will dcrypt and rvaling R public ky. Th diagram in Figur 3 illustrats th CA vrification procss. For xampl, rqustor B wishs to rqust som data from A. By using CA in th Policy Managr, w can nsur that th public ky of B is gnuin and thus prvnt any man-in-th middl attack. 4.5 Data Rtrival Figur 3. CA Vrification R in databas S to ncrypt Figur 4. Lowr Lvl Ky Managmnt data rtrival 4.6 Data Stor Ky Stor Algorithm Stp 1: Th public and privat kys ar functions of a pair of larg prim numbrs. Th ky gnrator gnrats th two prim numbrs p and q. Stp 2: Comput = ) c m (modn) givn m is th data. Stp 3: Stor d in Ky Storag and thn dlt d from Ky gnrator. Stp 4: Snd public ky to Policy Managr (CA) Th following xampl dpictd in Figur 5 illustrats th stps for storing data from a host or from othr Domains. For data rtrival, rqustor s Domain rqusts data from othr domain. Upon rcivd th data, th rqustor ky managr nds to dcrypt th data. Ky Rtrival Algorithm Stp 1: Rtriv th privat ky d data from data storag. d Stp 2: Comput = (modn) m Stp 3: Comput R (mod ) c c = m n, whr c, whr c is th ncryptd of th rqustor. Stp 4: Snd c to Domain and Domain Managr R is th public ky Th following xampl dpictd in Figur 4 illustrats th stps for ky rtrival. Insid th Ky Gnrator, upon rciving th ncryptd data from Data Storag and th privat ky from th Ky Storag, it dcrypts th data bfor ncrypting again using th public ky of th rqustor. Th ncryptd data is snt all th way to th rqustor Domain Managr. Figur 5. Lowr Lvl Ky Managmnt data storing Whn th Ky Gnrator rciv th data from Domain, it rtrivs th privat ky from its Ky Storag and dcrypts th incoming data into plaintxt bfor ncrypting it again using a 5
nwly gnratd public/privat ky pair. Aftr storing th ncryptd data and ky, th nw public is snt to th Policy Managr. 4.7 Trilatral Communication Th trilatral communication is stablishd to safguard any malicious attacks on any of th thr procsss: Domain Managr, Domain and Ky Gnrator. As dpictd in Figur 4 and 5, if Domain is attackd, th attackr could only accss th data location. Evn though h/sh may rtriv th data givn th data location, th data is in ncryptd format and h/sh still nds th privat ky to dcrypt it. Trilatral communication adds scurity masurs to th systm. All thr componnts Domain Managr, Domain and Ky Gnrator must work togthr in ordr for th systm to function. 5. Exprimnt In this sction, w compar th prformanc of th proposd PKI schm with othr PKI schms. W dfin th following stup: W group Data Storag, Ky Storag, Ky Gnrator and Domain as 1 subsystm. W run 2 subsystms on 2 systms running Fdora Cor with 200GB Hard disk and 8 GB of RAM spac. W oprat 2 Domain Managrs and th Policy Managr on 3 systms running Fdora Cor with 200GB Hard disk and 8 GB of RAM spac. Our datasts ar 1MB, 5MB, 10MB, 100MB, 1GB, 10GB and 100GB. Thr ar a numbr of public ky algorithms prsntd in th litratur. W study thr algorithms for our tsting platforms: RSA is th asist to implmnt for ncryption and digital signaturs. Elgamal is usd for ncryption and DSA is for digital signatur whil Diffi-Hllman is th asist algorithm for ky xchang. Du to spac constraints, w will prsnt only on st of xprimnts conductd for this papr. Figur 6 illustrats th avrag tim (sconds) to ncrypt th data in th ky gnrator. (Sconds) 390 360 330 300 270 240 210 180 150 120 90 60 30 0 1MB 10MB 100MB 1GB 10GB 100GB Figur 6. Avrag Tim to Encrypt W choos th widly accptd RSA in implmnting th ncryption as it provids bttr scurity ovr Diffi-Hllman dspit th longr procssing tim. In Figur 7, w masur th rspons tim vrsus th IO oprations issud to th systm. At various lvls of workload, Siz RSA ELGamal/DSA Diffi-Hllman w dtrmin th avrag tim rquird to srv a rqust to rtriv or stor data. At up to 90% workload, rspons tim is gnrally blow 10 millisconds, aftr which rspons incrass xponntially. Rspons Tim / ms 16 14 12 10 8 6 4 2 0 10% Figur 7. Rspons Tim vs. IO Rqust pr sc 6. Conclusion 50% 10000 30000 50000 60000 70000 In this papr, w hav prsntd th architctur of ky managmnt for cloud storag systm and focusd on th ky managmnt. Our architctur has svral faturs ovr xisting ons. W analyzd th shortcomings of xisting approachs by adopting xisting PKI algorithm to addrss th problm basd on th hybrid ky managmnt systm. Our architctur modl also taks into considration othr factors lik authntication through Crtificat Authority. W dmonstratd that by adopting our approach, w can solv th tthing problm dscribd arlir in th chaptr. W plan to implmnt this ky managmnt architctur in a ral systm and tst th rsult. With this implmntation, w will b abl to masur th prformanc of our ky managmnt systm. Rfrncs [1]T. Acar, M. Blnkiy, C. Ellsion, L. Nguyn. Ky Managmnt In Distributd Systms. Microsoft Rsarch Tch Rport. [2]M. Stvns, A. Sotirov, J. Applbaum, A. Lnstra, D. Molnar, D.A. Osvik, B. d Wgr, Short Chosn-Prfix Collisions for MD5 and th Cration of a Rogu CA Crtificat, Crypto 2009, Santa Barbara, CA, August 16-20, 2009 [3]https://cloudscurityallianc.org/ [4]Cloud Scurity Allianc. Domain 11: Encryption and Ky Managmnt. Scurity Guidanc for Critical Aras of Focus in Cloud Computing V3.0, pags 130-36, 2011. [5]Ky Managmnt in th Cloud, Tim Mathr, http://broadcast.orilly.com/2010/01/ky-managmnt-in-thcloud.html [6]http://www.oasisopn.org/committs/tc_hom.php?wg_abbrv=kmip [7]T.Dirks and C.Alln. Th tls protocol vrsion 1.0. Tchnical Rport, Th Intrnt Enginring Task Forc IETF, 1999. [8]IPSc_Working_Group. Ip scurity protocol (ipsc). Tchnical Rport, Th Intrnt Enginring Task Forc IETF, 2002. [9]T.Ylonn, T.Kivinn, M.Saarinn, T.Rinn, and S.Lhtinn. SSH protocol architctur. Tchnical Rport, Th Intrnt Enginring Task Forc IETF, 2002 80% IO Rqust pr sc / IOPS 90% 100% 6