Securely Using Cloud

Computing Services
Qin Liu
Email: gracelq628@126.com
Hunan University
Part I
2
Outline
3. Introduction to Our Work
2. Security Issues in Clouds
1. Cloud Computing
Evolution of Computing Patterns
What Is Cloud Computing?
Wikipedia Definition
Cloud computing is a concept of using the Internet to allow
people to access technology-enabled services
It allows users to consume services without knowledge of
control over the technology infrastructure that supports them

NIST Definition
5 essential characteristics
3 cloud service models
4 cloud deployment models

The NIST Cloud Definition Framework
Community
Cloud
Private
Cloud
Public Cloud
Hybrid Clouds
Service
Models
Essential
Characteristics
Software as a
Service (SaaS)
Platform as a
Service (PaaS)
Infrastructure as a
Service (IaaS)
Resource Pooling
Broad Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
Deployment
Models
On-demand service
Get computing capabilities as needed automatically
Broad Network Access
Services available over the net using desktop, laptop, PDA,
mobile phone
Resource pooling
Provider resources pooled to server multiple clients
Rapid Elasticity
Ability to quickly scale in/out service
Measured service
Control, optimize services based on metering



Essential Characteristics
Essential Characteristics
Cloud Service Models
Software as a Service (SaaS)
We use the provider apps
User doesnt manage or control the network, servers, OS,
storage or applications
Platform as a Service (PaaS)
User deploys their apps on the cloud
Controls their apps
User doesnt manage servers, IS, storage
Infrastructure as a Service (IaaS)
Consumers gets access to the infrastructure to deploy their
stuff
Doesnt manage or control the infrastructure
Does manage or control the OS, storage, apps, selected
network components



SaaS
PaaS
IaaS
Amazon Google Microsoft Salesforce
Service Delivery Model Examples
Products and companies shown for illustrative purposes only and should not
be construed as an endorsement
10
Cloud Deployment Models
Private cloud
Enterprise owned or leased
Community cloud
Shared infrastructure for specific community
Public cloud
Sold to the public, mega-scale infrastructure
Hybrid cloud
Composition of two or more clouds
Cloud Deployment Models


Top 8 Cloud Computing Companies
Cloud Computing Example - Amazon EC2
IaaS
http://aws.amazon.com/ec2
Cloud Computing Example - Google AppEngine
PaaS
http://code.google.com/appengine/
Google AppEngine API
Python runtime environment
Datastore API
Images API
Mail API
Memcache API
URL Fetch API
Users API
A free account can use up to 500 MB storage,
enough CPU and bandwidth for about 5 million page
views a month
Conventional
Manually
Provisioned
Dedicated
Hardware
Fixed Capacity
Pay for Capacity
Capital &
Operational
Expenses
Managed via
Sysadmins
Cloud
Self-provisioned
Shared
Hardware
Elastic Capacity
Pay for Use
Operational
Expenses
Managed via
APIs
Conventional Computing
vs.
Cloud Computing
Why A Cloud?

Why A Cloud?

Why A Cloud?
Cloud Computing Summary
Cloud computing is a kind of network service and is
a trend for future computing
Scalability matters in cloud computing technology
Users focus on application development
Services are not known geographically
20
3. Introduction to Our Work
2. Security Issues in Clouds
1. Cloud Computing
Outline
21
What Not a Cloud?
Kai Hwang and Deyi Li, Trusted Cloud Computing with Secure Resources
and Data Coloring, IEEE Internet Computing, Sept. 2010
Cloud Providers and Security Measures

23
General Security Advantages
Shifting public data to an external cloud reduces the exposure of
the internal sensitive data
Cloud homogeneity makes security auditing/testing simpler
Clouds enable automated security management
Redundancy / Disaster Recovery
24
General Security Challenges
Trusting vendors security model
Customer inability to respond to audit findings
Obtaining support for investigations
Indirect administrator accountability
Proprietary implementations cant be examined
Loss of physical control

10 Security Concerns
Wheres the data?
Who has access?
What are your regulatory requirements?
Do you have the right to audit?
What type of training does the provider offer their
employees?
What type of data classification system does the provider
use?
What are the service level agreement (SLA) terms?
What is the long-term viability of the provider?
What happens if there is a security breach?
What is the disaster recovery/business continuity plan
(DR/BCP)?

7 Potential Risks
Privileged user access
Regulatory compliance
Data location
Data segregation.
Recovery
Investigative support
Long-term viability
What Is Not New?
Data Loss
Downtimes
Phishing
Password Cracking
Botnets and Other Malware

Data Loss
Downtimes
29
Phishing
hey! check out this funny blog about you...
30
Password Cracking
31
What Is New?
Accountability
No Security Perimeter
Larger Attack Surface
New Side Channels
Lack of Auditability
Regulatory Compliance
Data Security

Accountability
33
No Security Perimeter
Little control over physical or network location of cloud
instance VMs
Network access must be controlled on a host by host
basis
Larger Attack Surface
Cloud Provider
Your Network
New Side Channels
You dont know whose VMs are sharing the physical
machine with you.
Attackers can place their VMs on your machine.
See Hey, You, Get Off of My Cloud paper for how.
Shared physical resources include
CPU data cache: Bernstein 2005
CPU branch prediction: Onur Aciimez 2007
CPU instruction cache: Onur Aciimez 2007
In single OS environment, people can extract
cryptographic keys with these attacks.

36
Lack of Auditability
Only cloud provider has access to full network traffic,
hypervisor logs, physical machine data.
Need mutual auditability
Ability of cloud provider to audit potentially malicious or
infected client VMs.
Ability of cloud customer to audit cloud provider environment.
37
Regulatory Compliance
Certifications
39
Data Security
Symmetric
Encryption
Homomorphic
Encryption
SSL
MAC Homomorphic
Encryption

SSL
Redundancy Redundancy Redundancy
Confidentiality
Authorized to know
Availability
Data Never Loss
Machine Never Fail
Integrity
Data Has Not Been
Tampered With

Storage Processing Transmission
Data Security Is A Major Concern

Security concerns arising because both customer data and
program are residing in Provider Premises.

Security is always a major concern in Open System Architectures

Customer
Customer
Data
Customer
Code
Provider Premises
Why Data Is Not Secure
Cloud Security problems are coming from
Loss of control
Lack of trust
Multi-tenancy

Mainly exist in public cloud



Loss of Control in the Cloud
Consumers loss of control
Data, applications, resources are located with provider
User identity management is handled by the cloud
User access control rules, security policies and enforcement
are managed by the cloud provider
Consumer relies on provider to ensure
Data security and privacy
Resource availability
Monitoring and repairing of services/resources

Lack of Trust in the Cloud
A brief deviation from the talk
Trusting a third party requires taking risks
Defining trust and risk
Opposite sides of the same coin
People only trust when it pays
Need for trust arises only in risky situations
Defunct third party management schemes
Hard to balance trust and risk
e.g. Key Escrow
Is the cloud headed toward the same path?
Multi-tenancy Issues in the Cloud
Conflict between tenants opposing goals
Tenants share a pool of resources and have opposing goals
How does multi-tenancy deal with conflict of interest?
Can tenants get along together and play nicely ?
If they cant, can we isolate them?
How to provide separation between tenants?

Possible Solutions
Loss of Control
Take back control
Data and apps may still need to be on the cloud
But can they be managed in some way by the consumer?
Lack of trust
Increase trust (mechanisms)
Technology
Policy, regulation
Contracts (incentives): topic of a future talk
Multi-tenancy
Private cloud
Takes away the reasons to use a cloud in the first place
Strong separation

Cloud Security Summary
Cloud computing is sometimes viewed as a reincarnation
of the classic mainframe client-server model
However, resources are ubiquitous, scalable, highly virtualized
Contains all the traditional threats, as well as new ones
In developing solutions to cloud computing security issues
it may be helpful to identify the problems and approaches
in terms of
Loss of control
Lack of trust
Multi-tenancy problems

48
3. Introduction to Our Work
2. Security Issues in Clouds
1. Cloud Computing
Outline
Our Main Work
Selected Publications
G. Wang, Q. Liu, F. Li, S. Yang, and J. Wu, "Outsourcing Privacy-Preserving Social
Networks to a Cloud," accepted to appear in the 32nd IEEE International Conference
on Computer Communications (IEEE INFOCOM 2013).
Q. Liu, C. C. Tan, J. Wu, and G. Wang, "Efficient Information Retrieval for Ranked
Queries in Cost-Effective Cloud Environments" Proceedings of the 31st IEEE
International Conference on Computer Communications (IEEE INFOCOM 2012).
G. Wang, Q. Liu, and J. Wu, "Hierarchical Attribute-Based Encryption for Fine-Grained
Access Control in Cloud Computing," Proceedings of the 17th ACM Conference on
Computer and Communications Security (CCS-10).
Q. Liu, C. C. Tan, J. Wu, and G. Wang, "Towards Differential Query Services in Cost-
Efficient Clouds," accept to appear in IEEE Transactions on Parallel and Distributed
Systems (TPDS).
Q. Liu, G. Wang, and J. Wu, "Time-Based Proxy Re-encryption Scheme for Secure
Data Sharing in a Cloud Environment", Information Sciences.
Q. Liu, C. C. Tan, J. Wu, and G. Wang, "Cooperative Private Searching in Clouds,"
Journal of Parallel and Distributed Computing (JPDC).
G. Wang, Q. Liu, and J. Wu, "Hierarchical Attribute-Based Encryption and Scalable
User Revocation for Sharing Data in Cloud Servers," Computers & Security.
Multi-User Data Sharing Environment
Cloud Security problems are coming from :

Loss of control
Lack of trust (mechanisms)
Multi-tenancy

Security Issues
Data Security
Revocation
Retrieval Privacy

The cloud service provider is a potential attacker!!
Data Security
Natural way
Adopting cryptographic technique

Current solutions
Traditional symmetric/ asymmetric encryption
Low cost for encryption and decryption
Support key delegation--HIBE
Hard to achieve fine-grained access control
Attribute-Based encryption
Easy to achieve fine-grained access control
High cost for encryption and decryption
Do not support key delegation


Public Key Cryptography
53
Attribute-Based Encryption (ABE)
Key Policy ABE
Ciphertext Policy ABE
Hierarchical Attribute-Based Encryption (HABE)
Application scenario
Sample URA
Requirements
Fine-grained access
control
Hierarchical key
generation
Efficiency
Hierarchical Attribute-Based Encryption (HABE)
Key technique
Combine the hierarchical identity-based encryption and
attribute-based encryption
Use the attributes and exact ID to identify each user

HABE Architecture
User Revocation
Nave solution
The data owner re-encrypts data and distributes new keys
to the data user
Frequent revocation will make the data owner become a
performance bottleneck
Proxy re-encryption (PRE)

Time-Based Proxy Re-Encryption
PRE in clouds
The data owner to send re-encryption instruction to the
cloud
The cloud perform re-encryption based on proxy re-
encryption
Cloud Service Provider Cloud Service Provider
T
2
:

R
e
-
e
n
c
r
y
p
t
i
o
n





T
1
:

A
c
c
e
s
s

D
a
t
a
Data Owner Data Owner
Data User Data User
T2<T1: Potential security risk
How to achieve automatic
revocation without sending
any instructions?
Time-Based Proxy Re-Encryption
Key technique
Incorporate time into PRE
This scheme is suitable for the application where the valid of
access is pre-determined
2012
12
...
1 31
...
1
1 31
...
( )
a s
s H a
( )
( )
a
y
a s
s H y
( )
( , )
( )
y
a
y m
a
s
s H m
( , )
( , , )
( )
y m
a
y m d
a
s
s H d
A time tree is constructed
The data owner and the cloud
share a secret seed s
The cloud re-encrypt data
based on internal time
automatically while receiving a
data access request

User Privacy
User privacy
Search privacy: The cloud cannot know what the users are searching
for
Access privacy: The cloud cannot know what/which files are returned
to the users
Existing solutions
Private search (PS) can protect user privacy while
searching public data
Searchable encryption (SE) can protect search privacy
while searching private data

Searchable Encryption (SE)
Bob sends to Alice an
email encrypted under
Alices public key.
Alices email gateway
wants to test whether the
email contains the
keyword urgent so that it
could route the email to
her PDA immediately.
But,Alice does not want
the email gateway to be
able to decrypther
messages
Efficient Searchable Encryption

Problem
The user needs to perform decryption
Thin client has only limited resources
Requirements
Enable the cloud to perform partial decryption without
compromising search privacy
User can access data from the cloud anytime and anywhere with
any devices



Efficient Searchable Encryption

Key technique
Alice takes both Bob and CSPs public key as inputs of the
encryption algorithm
CSP uses its secret key to perform partial decrypt and
generate an intermediate value
Bob use the intermediate value to quickly recover data
Private Search (PS)
Cloud
Bob
[1] [1] [0] [0]
F
1
F
2
0 NA

A compressed
version of all files
F1: {A,B}
F2:{B,D}
F3:{C,D}
Given a public dictionary that contains all keywords, e.g.,
dictionary=<A,B,C,D>.
Bob wants to retrieve files with keywords A and B
Private Search (PS)




Homomorphic encryption
E(x)*E(y) = E(x+y)
E(x)^y = E(x*y)
F
1
: { A, B} F
2
: {B,D} F
3
: {C,D}
F
1
F
2
0 NA

[1] [1] [0] [0]
key trick: map
unmatched
files to 0
F
1
NA

F
1
F
2
F
3

F
2
0
survival
collision survival
unmatched
E(F
2
)* E(0) =E(F
2
)
Cooperative Private Search (COPS)
Problem for simple PS
Processing each query is expensive. Given n users, the cloud
needs to execute n queries
Performance bottleneck on the cloud
COPS Architecture
A proxy server (ADL) is introduced between the users and the
cloud (trusted)
Aggregate user queries
Distribute searching results





Cooperative Private Search (COPS)
Key technique
The user and the cloud share
Shuffle functions shuffle the dictionary and the query
--- to preserve search privacy
Pseudonym function: hide file name
Obfuscated function: hide file content
---preserve access privacy
Key merits
User privacy is preserved from
The cloud
The proxy server
Other users

Efficient Information Retrieval for Ranked
Queries (EIRQ)
Problem for Simple COPS
No ranked queries
The cloud returns all matched files

Queries are classified into 0,1,,r-1 ranks.
Rank-i query retrieves (1-i/r) percentage of matched files
Files that match
rank 0 queries
Files that match
rank 1 queries
Files that match
rank i queries
Will not be filtered
Filtered with
probability 1/r
Filtered with
probability i/r



The cloud
Cannot know which files are filtered/returned
Cannot know each queries rank
Efficient Information Retrieval for Ranked
Queries (EIRQ)
Key techniques:
Construct a mask matrix to protect query ranks
Filter files without knowing which files are filtered

QueryGen
Step 1:
User
ADL Cloud
Keywords,
rank
FileFilter
File
Recovery
Matrix
Construct
Step 2:
Step 4:
Step 3:
Mask
matrix
Buffer

Certain percentage of files
matching user keywords
Efficient Information Retrieval for Ranked
Queries (EIRQ)
ADL constructs a mask matrix that is encrypted with its
publics key, and sends it to the cloud
Cloud
ADL
A
B
C
D
[1] [1]
[1] [1]
[1] [0]
[0] [0]

[0] [0]
{A, B} Rank 0
{A, C} Rank 1
Alice
Bob
Number of ranks, r=2
Number of
keywords
Construct Mask Matrix
Cloud
F
1
: { A, B} F
2
: {B, D} F
3
: {C, D}
buffer
ADL

A
B
C
D
[1] [1]
[1] [1]
[1] [0]
[0] [0]

[0] [0]

The cloud chooses a random
column for each file


F1 and F2 will be returned
F3 will be filtered with 50%

A file, matched rank i query,
the probability to be filtered i/r




For F
3
: 50% 50%
E(0)*E(0)=E(0) E(0)*E(0)=E(0)
E(0)^F
3
=E(0) E(1)^ F
3
=E(F
3
)




Filter Files
Evaluation
Evaluation

75
Questions?