Outline
Cloud Computing Security Major Concern Physical Layer Security Network Level Security Management level Security General Issues
Cloud Computing
Cloud computing is the delivery of computing as a service rather than a product, whereby shared resources, software, and information are provided to computers and other devices as a utility over a network. Cloud computing providers deliver applications via the internet, which are accessed from a web browser, while the business software and data are stored on servers at a remote location.
Minimized Capital expenditure Location and Device independence Utilization and efficiency improvement Very high Scalability High Computing power
Customer Data
Customer Customer Code Provider Premises
DATA LOCATION
When user use the cloud, user probably won't know exactly where your data is hosted, what country it will be stored in? Data should be stored and processed only in specific jurisdictions as define by user. Provider should also make a contractual commitment to obey local privacy requirements on behalf of their customers, Data-centered policies that are generated when a user provides personal or sensitive information, that travels with that information throughout its lifetime to ensure that the information is used only in accordance with the policy
Data Policies
Backups of Data
Data store in database of provider should be redundantly store in multiple physical location. Data that is generated during running of program on instances is all customer data and therefore provider should not perform backups. Control of Administrator on Databases
Solution: A trusted set of users is defined through the distribution of digital certification, passwords, keys etc. and then access control policies are defined to allow the trusted users to access the resources of the hosts.
Some virus and worm create-Job Starvation Issue : where one job takes up a huge amount of resource resulting in a resource starvation for the other jobs.
Solutions:
Advanced reservations of resources priority reduction
Information Security
Security related to the information exchanged between different hosts or between hosts and users.
This issues pertaining to secure communication, authentication, and issues concerning single sign on and delegation. Secure communication issues include those security concerns that arise during the communication between two entities. These include confidentiality and integrity issues. Confidentiality indicates that all data sent by users should be accessible to only legitimate receivers, and integrity indicates that all data received should only be sent/modified by legitimate senders. Solution: XML Signature, XML Encryption, and the Secure Sockets Layer (SSL) enables secure authentication and communication over computer networks.
Identity Management:
Managing user access to applications and information based on proof of identity Combination of authentication (user identification) and authorization (user access rights) Controlling access is critical
<Transport>
Client/Consumer
WS-SECURITY
Enhancement to SOAP Uses XML Encryption xmlenc XML Digital Signatures xmlsig SSL/TLS
XML ENCRYPTION
XML Encryption is a specification, that defines how to encrypt the contents of an XML element. XML Encryption use the KeyInfo element, and provides information to a recipient about what keying material to use in validating a signature or decrypting encrypted data. The KeyInfo element is optional: it can be attached in the message, or be delivered through a secure channel.
SOLUTIONS:
Encrypt Data in Small Portions:
We can Encrypt XML data in small portions rather than a complete document i.e documents,elements and element content level.
SOLUTIONS (CONTD.)
We can set and certify the time, when the signature was made.
Use PGP keys, certificates or RSA keys for data signing and encryption
1) Pretty Good Privacy (PGP) is a data encryption and decryption computer
program that provides cryptographic privacy for data communication. 2)PGP encryption uses a serial combination of hashing, data compression, symmetric -key cryptography, and, finally,public-key-cryptography.
Use of Intruder detection Switches and Shield Connectors between Data Communication
XML SIGNATURE:
An XML signature is a digital signature obtained by applying a digital signature operation to arbitrary data. Existing technologies allow us to sign only a whole XML document. WE CAN PROVIDE A MEANS OF SIGNING A PORTION OF DOCUMENT. This functionality helps a lot whenever changes and additions to documents are required The Signature which is to be inserted in first represented as a hash function and the resulting value is place in the element along with other function.
In this case, every additional diagnosis added to the patient record must be singularly signed.
This important feature is supported by XML signature.
XML AUTHENTICATION
Value-based access control in which the access permission is decided by XML contents: XML contents must contain some identity information with the help of which user can grant to access permission. Access control on a specific node at an arbitrary depth: XML contents can provide security information at various XML subdocuments and XML infrastructure.
Management is important as the cloud is heterogeneous in nature and may consist of multiple entities, components, users, domains, policies, and stake holders.
Credential Management:
Credential management systems store and manage the credentials for a variety of systems and users can access them according to their needs. Secure and safe storage of credentials is equally important.
ENCRYPTION ALGORITHMS
Various Encrypion Algorithm Can be Used to encrypt data Such as DES,3DES,RSA,AES,IDEA,Blowfish etc RSA is one of the best encryption algorithm used for encrypting data.
RSA is widely used in electronic commerce protocols, and is believed to be sufficiently secure given sufficiently long keys and the use of up-to-date implementations.
The RSA algorithm can be used for both public key encryption and digital signatures. Its security is based on the difficulty of factoring large integers.
RSA ALGORITHM
RSA involves a public key and a private key. The public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted using the private key. The keys for the RSA algorithm are generated the following way:
1. 2. 3. 4. 5.
Algorithm Choose two distinct prime numbers p and q. Compute n = pq. Compute z= (p1)(q1) Choose a number relatively Prime to z and call it d Find e such that e*d=1mod z
To encrypt a message P compute C=P^e(mod n) To decrypt a message you need d,n(private keys) P=C^d(mod n)
DISADVANTAGE
Its major disadvantage is that it requires keys of atleast 1024 bits for good security , which makes it quite slow. Moreover Security of this algorithm also depends on the factoring of RSA Modules. Encryption using this algo is cheap but decryption is costlier due to large key factoring
SOLUTIONS:
Large Key Size: One of the best way for secure encryption is to use large key size as large key size will be difficult to factor for the attackers Performance: We have to concentrate on three factors 1.Modular Calculation 2.Exponential Multiplication 3.Decryption Exponential Calculation One way is to prestore values from earlier calculations which save a lot of time in processing.
SOLUTIONS(CONT.)
For Decryption We can divide process as 1. One which schedule and perform RSA decryption.This can use round-robin strategy to aggregate the decryption request. 2. Other which send decryption request for decryption from the client. This can have two advantages 1. It improves the throughput of the RSA algorithm. 2. Scheduling improves the behaviour of system if message is bursty.
THANK YOU
QUESTIONS????