AbstractIn the emerging Cloud computing, security is widely considered as the prime obstacle to accelerate cloud inhabitation. Due to the conceptual development of Cloud architecture and multi tenancy system, new security vulnerabilities arise with promising security platform and APIs. In this paper, we identify the generic and specific threats and questions that need to be addressed for private and public cloud in order to maintain adequate trust among the Cloud users and systems. KeywordsCloud computing; cloud security; computer security; security I. INTRODUCTION Cloud computing[1] is a combined architecture of multiple computing technology to achieve or provide the following services based on widely accepted NIST definition [2] that identifies five essential Cloud characteristics [3] (1) Ondemand selfservice; (2) Broad network access and diversity of client devices; (3) Resource pooling that allows providers to serve multitenant customers by managing resource utilization more efficiently using virtualization, resource partitioning and workload balancing; (4) Rapid elasticity that allows scaling resources dynamically; (5) Measured service with the payperuse business model. Other additional feature is the heterogeneity on both provider and customer sides, and multiprovider services. Cloud computing is considered a major shift in contemporary computing style. The success of Internet, web applications, cluster computing, terminal services and virtualization have set the grounds for the remote service consumers to utilize distributed computing, resource sharing and payasyou go models in Cloud architecture[4]. Three basic elements construct the basis of service definition of Cloud computing which is as follows [1, 4]. First one, SoftwareasaService (SaaS) enables the usage of software as a service. We do not need to install the application itself rather we can use any cloud client machine to access the software and resume our work there. Now clients can use office documents such as spreadsheet, presentation over internet. Microsoft, Google and some other companies are providing these as service to the public clients. Second one, PlatformasaService (PaaS) provides software development platform as a service. As a result companies who do not have some platform to develop code, they can use platforms provided by cloud vendors. Thus, it can reduce the overhead by outsourcing maintenance cost and infrastructure. Large number of companies is looking forward to provide Citrix or VMware based Windows/Linux remote interface to their employees, contractors and other users. Third one, InfrastructureasaService (IaaS) enables the provision of software, hardware, and network equipment devices as ondemand service. Companies can use data center as a service without having their own. Similarly as PaaS, it can cut the expenditure and responsibility in buying and maintenance by not housing own equipment. There are many published literature which analysis the security threat in cloud computing. We categorize these studies into four groups.
• • • •
Classical security threats relevent to Cloud computing New security profile emerges due to Cloud computing Revisiting Public Key Infrastructure in respect to Cloud security Data encryption and challenges in Cloud
We try to answer several questions in this paper: II. CHALLENGES IN CLOUD COMPUTING Security remains a major issue for adapting cloud computing model. To achieve successful shift in next generation computation model, Cloud computing needs to address secure infrastructure operation and security concerns of the users. Because, several surveys and researches have shown that the security and privacy are the main obstacles to widely adopt Cloud computing [5], [6]. There is no doubt that security is the major challenge in cloud computing and there is need for research to find secure cloud model. Although Cloud computing can provide enormous benefit for remote users or organizations, lack of assurance of data/infrastructure security preventing to move towards cloud environment. A wellknown working group, CSA (Cloud security alliance) [7, 8] has identified 7 domains of threat as below No Threat definition 1 Abuse and nefarious use of Cloud computing 2 Insecure interfaces and APIs 3 Malicious insiders 4 Shared technology issues 5 Data loss or leakage 6 Account or service hijacking 7 Unknown risk profile (Zero day exploit) To ensure personal data privacy and confidentiality we need to address this issue so that small to large organizations feel secure to utilize cloud resources. III. CLASSICAL SECURITY THREATS RELEVANT TO CLOUD COMPUTING Generally, when we talk about Cloud computing security, we tend to focus on the data security on remote resources with multiple shared users, security on network transmission protocol, encrypted information, multiparty data/service provision security, etc. These threats are conventional security threats of the system, storage and network, not very new only to the Cloud environment. We may rely on the data centers for physical data security including having a data dump machine in our own office premises for any unforeseen disaster. However, exploiting conventional mechanisms and applying new techniques or due to bug on Cloud software vendor, attacks on Cloud environment have been intensified. The following conventional threats have been revealed, Malware: Stuxnet[9] and Flame[10] malware in recent years revealed that Cloud computing environment can be penetrated through the sophisticated malwares. In late 2010 one of the major Certificate
Authorities’ (Comodo) employee’s login credential was compromised that resulted fake digital certificate of multiple big web players like Google, Yahoo, and etc. And, man in the middle attack surfaced for months with those fake certificates and unknown numbers of emails were victimized. Cross site scripting: Some vendors like Amazon EC2 uses SOAP based cloud control interface to monitor, add/remove virtual machine instances. XML signature wrapping attacks on public SOAP interface in the cloud can lead to creation of unwanted new instances of VM as well as start and stopping VMs[11]. Code injection in Web application poses threat to business users that is still an open issue[12]. Botnet, DOS and DDOS: Botnets attackers now have utilized Cloud resources to expand their network and processing power, posing threat to shared resources on same host. Denial of Service (DOS) and Distributed Denial of Service (DDOS) attacks on shared resources or same physical Cloud machine will have big impact provisioning Cloud services. To ensure additional layer of security, it is feasible to perform dynamic security tagging or labeling system on specific information, files, lines or folders that will enforce higher and tighter level encryption for sensitive data. Thus one possibility is Cloud consumers will not need to encrypt all the data rather they can quickly encrypt selected data source, minimizing the encryption/decryption time & cost over network transport and end point process. IV. NEW SECURITY PROFILE ON CLOUD Virtual system image: Virtualization provides a solid ground to utilize virtual desktop and save the whole client system image in cloud server. Maintain integrity of saved images is also a challenge for virtualization vendors. Some work also have been progress to answer the challenge[13]. Side channels and covert channels: Multitenancy security and privacy concern over reading CPU cache memory, timing analysis[14] and tracking of hardware resources can open door to side channels (passively observing information) and covert channels (actively sending data) attack[15]. This basic architectural issue in shared computer is a concern for tenants in the Cloud [16]. The attacker can detect the target Virtual Machine[VM] in a physical device using the techniques like “measuring cache usage”, “loadbased coresidence detection” and “estimating traffic rates on network address” [17]. When the target virtual instance and malicious instance is in same physical machine, monitoring the CPU, memory and network utilization and behavior can lead to Cross Virtual Machine information leakage. Although it was proposed to build new Computer based on secure cache design[18], we have already seen much Cloud server deployed with time sharing caches. Therefore, we need to address this issue. Fate sharing: Another issue mentioned is the reputation fate sharing, when one affected server/service is locked down and dependency issue for shared services on that particular machine[16]. Data ownership and integrity:
In Public Cloud environment we will not have physical control over data; therefore, periodic data audit for integrity is necessary. This will be a potential security challenge for the large companies. In the private, public, community or hybrid Cloud, "proof of ownership" method can be employed over remote storage system that the data will not be exposed to unwanted user, which is also concern in terms of security. Privacy and automated supervision: Provisioning and managing end user access in the cloud are different than what is in traditional Exchange server or Linux use profile. This is a potential research option how to ensure security policy and data access is scalable and fault tolerant or redundant. When there is software or security bug in VM or cloud platform itself, a Zero day exploit can happen, as well as an infected VM on same machine is a concern for rest of the VM holders. It is a potential question how we can monitor these attacks on Cloud system without destroying their privacy. Security and access management framework in Cloud environment has also been proposed[19]. Trust based Cloud collaboration: A few papers talk about security framework which would provide “trust relation” base access to the Cloud resources and these trust relation can be formed dynamically [20]. We have experienced trust or referral based information filtering to protect mail servers against spammers, for example, Google email, Orkut mail services, and social networking services. In Cloud environment it is difficult to establish trust when a server shares data with other and it does not have control over the other server as well as how the other server deals with the shared data [21]. It is a challenge to enforce predefined security policies across servers and services to enhance trust in Cloud. Additionally, it is possible to rate the service requester or provider on basis of dynamic security ranking. For new service consumer or provider, there could be security rating consultant or tracker for future rating. V. PUBLIC KEY INFRASTRUCTURE IN RESPECT TO CLOUD SECURITY
Public key infrastructure (PKI) provides the basic trust for ecommerce on Internet Cloud. There are over 600 Certificate Authorities (CA) around the globe. They can provide digital certificates to private and public entities. In 2011, Diginotar CA was compromised and they could not provide any data how many fake certificates were issued or the nature of the data leakage. Therefore, the major Internet browser vendors had to block “DigiNotar CA” and all the clients of DigiNotar CA had to revoke their certificate. The Comodo fake certificate incident also raises concern to rethink about the PKI implementation. DNSSEC protocol[22] has been introduced to domain name server (DNS) to mitigate maninthemiddle (MITM) attack in Internet. DNSSEC takes the privilege of using PKI and CA into DNS level, thus, it protects the local user not to be victim of MITM attack. However, the issue of fake digital certificate still remains unsolved in case of compromised CA. In cloud environment machinetomachine (M2M) communication will be predominant due to the necessity of Cluster of servers, distributed and synchronized applications. Fake certificate raise a big threat to stability of private and public cloud services due to revoking all these issued certificates and generating a new one cannot be done on the fly due
to the limitation of PKI system. VI. DATA ENCRYPTION ON CLOUD SERVERS
We may secure the remote data by adding our own personal encryption to cloud data and decrypt it on our local machine on demand basis. However, it would not be scalable. It is also proposed to create metadata of the personal encrypted data and send semantic or keyword search query within the encrypted metadata. Therefore, when we will get matching of encrypted metadata, selected data will be downloaded to local machine. And, then we may decrypt with our own key. It was pointed out this way we can skip the overhead of decryption.[23] However, it is possible that “searchable encrypted metadata" will be potential target when this Meta tag is understood by others, thus we need to address how this metadata information can be secured from unwanted user. Considering the classical and new threats on Cloud resources, research efforts is also focused on how to encrypt the static data on remote sever and effectively share encrypted data to legitimate user or groups. Public Cloud infrastructure might not be secure enough to encourage the Medial, commercial and banking organization to adopt this technology, however, if these organizations are allowed to encrypt their own data and run key management or authentication system to their data by their own or with partnership with the Cloud service provider, we can expect rapid embracing of Cloud services among all potential Cloud customer. Widely used software do not generate encrypted document, therefore, the resources will be left unsecure to the Cloud server. Manual encryption of the Cloud data could be feasible answer. However, key management among all the legitimate users is a problem. In 2008 Google took the initiative to provide full https sessions for its end clients, however, they became confident in 2010 to provide reasonable good service over the security/latency tradeoff and starting from that major email service provides like hotmail enabled full https session throughout the mail session. VII. CONCLUSION
Data encryption vs. performance is still an ongoing issue in research community. In case of highly sensitive data for service consumer, we might need to design the data/service in such a way that it could selfdestruct in case of emergency or intruder threat. This automotive erasing can be invoked via email/phone system or can be triggered manually. This can reduce the possible data exposure. It is required to have a newly designed host operating system that will ensure the root user not to have access to the end Cloud user data. This will eradicate data duplication possibilities that can happen on Zero day exploit.
REFERENCES
[1] L. M. Vaquero, L. RoderoMerino, J. Caceres, and M. Lindner, "A break in the clouds: towards a cloud definition," SIGCOMM Comput. Commun. Rev., vol. 39, pp. 5055, 2008. [2] P. Mell and T. Grance. (2009, A NIST definition of Cloud computing. Available: http://csrc.nist.gov/publications/nistpubs/800145/SP800145.pdf [3] M. Hogan, F. Liu, A. Sokol, and J. Tong, "NIST Cloud Computing Standards Roadmap," 2011. [4] L. Youseff, M. Butrico, and D. Da Silva, "Toward a Unified Ontology of Cloud Computing," in Grid Computing Environments Workshop, 2008. GCE '08, 2008, pp. 110. [5] H. Takabi, J. B. D. Joshi, and G. Ahn, "Security and Privacy Challenges in Cloud Computing Environments," Security & Privacy, IEEE, vol. 8, pp. 2431, 2010. [6] D. Catteddu and G. Hogben, "Cloud Computing Risk Assessment," The European Network and Information Security Agency (ENISA), 2009. [7] C. s. alliance, "Security guidance for critical areas of focus in Cloud computing," 2011. [8] C. S. Alliance. (2009, Top Threats in Cloud Computing v 1.0. Available: https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf [9] P. Fitzgerald. (2010, The Hackers Behind Stuxnet. Available: http://www.symantec.com/connect/blogs/hackersbehindstuxnet [10] A. Gostev. (2012, The Flame: Questions and Answers. Available: http://www.securelist.com/en/blog/208193522/The_Flame_Questions_and_Answers [11] J. Somorovsky, M. Heiderich, M. Jensen, #246, r. Schwenk, N. Gruschka, and L. L. Iacono, "All your clouds are belong to us: security analysis of cloud management interfaces," presented at the Proceedings of the 3rd ACM workshop on Cloud computing security workshop, Chicago, Illinois, USA, 2011. [12] M. Johns, "Code injection vulnerabilities in Web applications Exemplified at Crosssite Scripting," University of Passau, Passau, 2009. [13] J. Wei, X. Zhang, G. Ammons, V. Bala, and P. Ning, "Managing security of virtual machine images in a cloud environment," presented at the Proceedings of the 2009 ACM workshop on Cloud computing security, Chicago, Illinois, USA, 2009. [14] A. Aviram, S. Hu, B. Ford, and R. Gummadi, "Determinating timing channels in compute clouds," presented at the Proceedings of the 2010 ACM workshop on Cloud computing security workshop, Chicago, Illinois, USA, 2010. [15] Y. Xu, M. Bailey, F. Jahanian, K. Joshi, M. Hiltunen, and R. Schlichting, "An exploration of L2 cache covert channels in virtualized environments," presented at the Proceedings of the 3rd ACM workshop on Cloud computing security workshop, Chicago, Illinois, USA, 2011. [16] Y. Chen, V. Paxson, and R. H. Katz, "What’s new about Cloud Computing Security? ," EECS Department, University of California, Berkeley, 2010. [17] T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, "Hey, you, get off of my cloud: exploring information leakage in thirdparty compute clouds," presented at the Proceedings of the 16th ACM conference on Computer and communications security, Chicago, Illinois, USA, 2009. [18] Z. Wang and R. B. Lee, "New cache designs for thwarting software cachebased side channel attacks," SIGARCH Comput. Archit. News, vol. 35, pp. 494505, 2007. [19] M. Almorsy, J. Grundy, and A. S. Ibrahim, "CollaborationBased Cloud Computing Security Management Framework," in Cloud Computing (CLOUD), 2011 IEEE International
Conference on, 2011, pp. 364371. [20] Y. Demchenko, N. Canh, C. de Laat, T. W. Wlodarczyk, R. Chunming, and W. Ziegler, "Security Infrastructure for Ondemand Provisioned Cloud Infrastructure Services," in Cloud Computing Technology and Science (CloudCom), 2011 IEEE Third International Conference on, 2011, pp. 255263. [21] K. M. Khan and Q. Malluhi, "Establishing Trust in Cloud Computing," IT Professional, vol. Vol. 12, pp. pp. 2027, 2010. [22] ICANN. DNSSEC Standards. Available: http://www.icann.org/en/news/infocus/dnssec/standards [23] R. Kui, W. Cong, and W. Qian, "Security Challenges for the Public Cloud," Internet Computing, IEEE, vol. 16, pp. 6973, 2012.