You are on page 1of 32


By: Varun Agarwal

• • • • • • Cloud Computing Security Major Concern Physical Layer Security Network Level Security Management level Security General Issues

Cloud Computing

Cloud computing is the delivery of computing as a service rather than a product, whereby shared resources, software, and information are provided to computers and other devices as a utility over a network. Cloud computing providers deliver applications via the internet, which are accessed from a web browser, while the business software and data are stored on servers at a remote location.

Benefits of Cloud Computing :

• •

Minimized Capital expenditure Location and Device independence Utilization and efficiency improvement Very high Scalability High Computing power

Why Security is Important??? • Security concerns arising because both customer data and program are residing in Provider Premises. • Security is always a major concern in Open System Architectures Customer Data Customer Customer Code Provider Premises .

• Loss of Privacy. • Bad guys corrupting or eavesdropping on communication . Vulnerabilities • Hostile Program. • Hostile people giving instructions to good programs. • Damage information.Dangers and Vulnerabilities Security is to save data and program from danger and vulnerability Dangers • Theft of Information.

Common Security Requirements .

Security at Different Levels • • • • • Server access security Internet access security Database access security Data privacy security Program access Security .

We need to answer following Questions… • What is Data Security at Physical Layer? • What is Data Security at Network Layer? • How much safe is data from Natural disaster? • How much trusted is Encryption scheme of Service Provider? .

what country it will be stored in? • Data should be stored and processed only in specific jurisdictions as define by user. • Data-centered policies that are generated when a user provides personal or sensitive information. that travels with that information throughout its lifetime to ensure that the information is used only in accordance with the policy Data Policies .DATA LOCATION • When user use the cloud. user probably won't know exactly where your data is hosted. • Provider should also make a contractual commitment to obey local privacy requirements on behalf of their customers.

• Control of Administrator on Databases . • Data that is generated during running of program on instances is all customer data and therefore provider should not perform backups.Backups of Data • Data store in database of provider should be redundantly store in multiple physical location.

. the job may well be a virus or a worm which can destroy the system • Solution: A trusted set of users is defined through the distribution of digital certification. keys etc. passwords. and then access control policies are defined to allow the trusted users to access the resources of the hosts.Host Security Issues • The host running the job.

Some virus and worm create-Job Starvation Issue : where one job takes up a huge amount of resource resulting in a resource starvation for the other jobs. Solutions: • Advanced reservations of resources • priority reduction .

and issues concerning single sign on and delegation. XML Encryption. Confidentiality indicates that all data sent by users should be accessible to only “legitimate” receivers. authentication.  These include confidentiality and integrity issues.  This issues pertaining to secure communication. and integrity indicates that all data received should only be sent/modified by “legitimate” senders.  Solution: XML Signature.  Secure communication issues include those security concerns that arise during the communication between two entities. . and the Secure Sockets Layer (SSL) enables secure authentication and communication over computer networks.Information Security  Security related to the information exchanged between different hosts or between hosts and users.

Identity Management: • Managing user access to applications and information based on proof of identity • Combination of authentication (user identification) and authorization (user access rights) • Controlling access is critical .

user/device/location/time identification • Provide secure source of identity information • Disable auxiliary ports • Establish clearly defined access policies .Creating an Identity Management Infrastructure: • Improve methods of identity management – something better than ID and passwords – Possibilities – biometrics.

Cloud Security Structure .

THE WEB SERVICES A service WSDL SOAP UDDI <Transport> Client/Consumer .

WS-SECURITY Enhancement to SOAP  Uses ◦ XML Encryption xmlenc ◦ XML Digital Signatures xmlsig ◦ SSL/TLS  .

and provides information to a recipient about what keying material to use in validating a signature or decrypting encrypted data. • XML Encryption use the KeyInfo element.XML ENCRYPTION • XML Encryption is a specification. • The KeyInfo element is optional: it can be attached in the message. . or be delivered through a secure channel. that defines how to encrypt the contents of an XML element.

e documents.SOLUTIONS: Encrypt Data in Small Portions: •We can Encrypt XML data in small portions rather than a complete document i. Use Different Encryption Keys: While Encrypting we can use different encryption keys for different subdocuments and same keys can be used for decrypting the data.elements and element content level. . Session Management: Expiring session within required time when asking sensitive security.

SOLUTIONS (CONTD. 2)PGP encryption uses a serial combination of hashing.) • We can set and certify the time. symmetric -key cryptography. data compression.public-key-cryptography. • Use PGP keys. • Use of Intruder detection Switches and Shield Connectors between Data Communication . finally. certificates or RSA keys for data signing and encryption 1) Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy for data communication. when the signature was made. and.

XML SIGNATURE: An XML signature is a digital signature obtained by applying a digital signature operation to arbitrary data. •This functionality helps a lot whenever changes and additions to documents are required •The Signature which is to be inserted in first represented as a hash function and the resulting value is place in the element along with other function. •WE CAN PROVIDE A MEANS OF SIGNING A PORTION OF DOCUMENT. . • Existing technologies allow us to sign only a whole XML document.

This record can contain several entries (diagnoses) coming from several doctors.EXAMPLE FOR XML SIGNATURE Consider a patient record stored in a hospital repository. In this case. This important feature is supported by XML signature. every additional diagnosis added to the patient record must be singularly signed. . Each doctor wants to take responsibility only over her diagnosis.

XML AUTHENTICATION Value-based access control in which the access permission is decided by XML contents: XML contents must contain some identity information with the help of which user can grant to access permission. Access control on a specific node at an arbitrary depth: XML contents can provide security information at various XML subdocuments and XML infrastructure. .

policies. . users. Credential Management: • Credential management systems store and manage the credentials for a variety of systems and users can access them according to their needs.Management Related Issues: • Management is important as the cloud is heterogeneous in nature and may consist of multiple entities. domains. and stake holders. components. • Secure and safe storage of credentials is equally important.

Is it possible for all of my data to be fully encrypted? What algorithms are used? Who holds. Encryption . Encryption can complicate availability Solution The cloud provider should provide evidence that encryption schemes were designed and tested by experienced specialists.HOW SECURE IS ENCRYPTION SCHEME is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge. maintains and issues the keys? Problem: Encryption accidents can make data totally unusable. usually referred to as a key.

Its security is based on the difficulty of factoring large integers. and is believed to be sufficiently secure given sufficiently long keys and the use of up-to-date implementations.IDEA.3DES. • The RSA algorithm can be used for both public key encryption and digital signatures.AES. .RSA.ENCRYPTION ALGORITHMS • Various Encrypion Algorithm Can be Used to encrypt data Such as DES. • RSA is widely used in electronic commerce protocols.Blowfish etc • RSA is one of the best encryption algorithm used for encrypting data.

3. 2.n(private keys) P=C^d(mod n) . The keys for the RSA algorithm are generated the following way: • 1. 5. Compute z= (p – 1)(q – 1) Choose a number relatively Prime to z and call it d Find e such that e*d=1mod z • To encrypt a message P compute C=P^e(mod n) • To decrypt a message you need d. 4. Algorithm Choose two distinct prime numbers p and q.RSA ALGORITHM • RSA involves a public key and a private key. • Messages encrypted with the public key can only be decrypted using the private key. Compute n = pq. The public key can be known to everyone and is used for encrypting messages.

DISADVANTAGE • Its major disadvantage is that it requires keys of atleast 1024 bits for good security . • Moreover Security of this algorithm also depends on the factoring of RSA Modules. • Encryption using this algo is cheap but decryption is costlier due to large key factoring . which makes it quite slow.

.Exponential Multiplication 3.SOLUTIONS: Large Key Size: One of the best way for secure encryption is to use large key size as large key size will be difficult to factor for the attackers Performance: We have to concentrate on three factors 1.Decryption Exponential Calculation One way is to prestore values from earlier calculations which save a lot of time in processing.Modular Calculation 2.

It improves the throughput of the RSA algorithm.This can use round-robin strategy to aggregate the decryption request.SOLUTIONS(CONT. 2. Scheduling improves the behaviour of system if message is bursty. . 2. This can have two advantages 1. Other which send decryption request for decryption from the client.) For Decryption We can divide process as 1. One which schedule and perform RSA decryption.


8 :807.3.f°f– ¯ ° °€f¾n W 2574.8847/8 !488-908 -42097.3/5.02039 842093-099079.3. f°–f° °.02094/841/03992.



.-8.920 /0391.-0.:7084:7.:.0.08 ../080.7/0130/.08854.943 W !74.943 W 8.041/039931472.754798 W 89..


  nn .

@ J I.

0 $ $ ! & %7.385479 039. 807..

438:207 .

J .

$3.75943203.  9.3.9:70828  $$.0203994$ ! O &808  3.D@ 3.

%$ O .


-4:9.850./.3/574.907.9.80.75943 8.330 .943  9..9.3  002039 W  3.9:7047/0.70.75990.1./08 31472..94:803 .93..9032.5039.94394.0 47-0/0.83.3-0.99. W %0 0314 002039845943..070/974:..7590//.:70.759303.75943:8090 0314 002039 .9/01308494 03.0/390 2088.9@W 3.439039841.

3/002039.2008.7594308147/1107039 8:-/4..3/ 57380884393706:70/92003.!479438 W0.$ &% $ 3.759390/.8380389..:20398.0 &8011070393.4390390.080.3-0:80/147/0.425090 /4.9079.3:80/110703903.75930. 54794387.3. $08843.382.7594308 03.759.:20398 0020398.:2039 0/4...3$2.3.:79 .9.9.

08.75943 .75947.9478-09003 . !! 8.3/$0/4330.9:70.9.90847#$08147/.9574..$ &% $  % W 0. /..422:3.3/ 03./0 W &80!!08 .9.3809.75943  !709944/!7..422:3.75943 .943 .9./08.29..425:907 5747.82.147/.079190920 039083.943$9...5..0791.833.3/..3//0.03.943  99 °n½° ¾ ¾f¾ fn¯ °f°€ f¾°– ff n¯½ ¾¾° ¾¯¯ n  n½–f½ f° €°f ½ n   n½–f½ W &8041397:/07/090..57.9.

.7/.9:704-9.943 .8 1:3.:2039 W!# '$ $! #%    &% W%81:3.30/- .9:704507.7-97.70706:70/ W%0$3..94394.83.9:708.49030.9.07.O.-@D 383.4:8948343.553.9058.8.0390002039.894-0380790/317897057080390/.34408.308./9. W 89390.9:70.83.943.3/90708:93.943.:20398./9.:085.439 49071:3.//943894 /4.40 /4..3/..

.3910.07.07085438-9434.3 .07...380.-@D 438/07.80 0.039708 /./4.439.9:7088:554790/-83.47/89470/3.47/2:89 -083:.903970.34808 .9:70 .0707/.//0/94905.7830/  %825479.3488.07./.423174280./4.903970.70548947 %870.//943.4859.5.9  O.398949.947.9478 .47/.O.3488 398.


3574.9:70 .088507288438/0.4390398.7/059 .4397443.897:.90..80/.:20398.74:8  8:-/4..08850728843 ./0/ -./080...9.9.1..3.34/0.850..943990 0541.38420/039931472.439.7-97..43903982:89.088.3/317.:7931472...37..4390398 .3994 .:0 -.@'.439743.:807.943.088.

041..43889412:950 039908 .0203988902889470..02039 W 70/039.39.39 .8806:.02039825479.8147..70/039.3.47/394907300/8 W $0.08 .0 90.3.4:/8 090740304:833..890.3/ 89.3/2.9:70..3.04/078 70/039.38 54.02039#0.70/039.3/:8078.108947..70941889028..90/88:08 W .088902...3.3/2.3/8. 25479.425430398 :8078 /42.:70..2.3 .3.

J .

D  -.


:3:8.412/..-9 $4:943 %0.943 7010770/ 94.4:/574.-0 3.70:80/ 44/8 2.7590/ . 31472.09.7010770/94..507 942.09 :370.3/90890/-050703...3.75943 8.0/.949.0208070/0830/.75943 890574.3814723 .47928.34300.8.38..75943....0/ .9./00..4792 ./.3 .8 5.90..3/88:089008 !74-02 3.0/850.059948054880883850.75943.9.898  3..903.94-01:03.0884197./0398. 340/0 :8:./03.425.39./0784:/574..3909 :83. 0 895488-0147.32.-094.9.


48 .3/ /9.759/..0 57494.3-0&80/9403.003.70390078 .. W '.9@. W #$8/0:80/3 00.3/90:8041 :5 94 /.4792.7543 4792.7593 /.03980.902502039.80/4390/11. $:.3/8-00.0394308.75943.9743.9438 W %0#$.:798-..:9411.9.0/ 94-08:11.9473 .75943.74:83.8$ $ #$ $  41809.9.42207.4792:80/14703.:70.3-0:80/147-495:-.038:11.@.83.9:708 9880.. W #$84304190-08903.

W #$3.2088.759. 5:-.0!.75932088.4792.3/8:80/14703.@.3/.9/ 3/08:.0. W      4792 448094/893.08 W 088..3:2-0770.425:90!)0 24/3 W %4/0.0.90/90 1443.7590/9905:-.343-0/0.9 57203:2-078 5 . 57.4.2088.900 %00814790#$.0 .700307.3/ 6 425:90 3  56 425:90  53 3 63 3 4480..3 -0343940..9008 !)/ 24/3 .3/.900 %05:-.90 /24/ W %403.759.9.0803.08.9.7590/:83 9057..0!72094..07430.04:300// 3 57..

89  -9814744/80.75943:8398.5-:9 / .089.7001.I-@ W 982..4792.0.:794198.9473 .947341#$4/:08 W 3..2.4 8.08 96:9084 W 4704.07$0.:79 ./.759438.47/8.84 /0503/843901..

.0397.943  543039..4941 9203574.:0817420.904397001..707.94714790.14780.8.:9941.943 30..:7003.D@- .75943 543039..:..943  0.99...0 0.9478  4/:.43.:.700$0 304190-089.3.7.:95.89457089470.8.:.75943894:80.70 080-0/11..9438.70080...094.078 !071472..0.0883 .


8.9090/0.75943174290 ..094.0890974:5:94190#$.3:80 74:3/ 74-3897..3/5071472#$/0.39.0890-0.803//0.75943706:089  907..039 %8.75943 0..08 -:789 .088./0574.9094.0/:32574.3.4792  $./.4:7 418890212088.-@ % 470...8  30.75943 %8 .70.08  92574.75943706:089147/0.3/.0/:0.

@-D .D@-"""" .