Department of Computer Science | Institute of Systems Architecture | Chair of Computer Networks
Enhancements for Security and Availability of Public Cloud Storage Environments
Dresden, June 2012
Prof. Dr. Alexander Schill
# 2
Who we are
Dr.-Ing. Josef Spillner
Dipl.-Medieninf. Marc Mosch
Dr.-Ing. Stephan Groß
Dipl.-Medieninf. Yvonne Thoß
Dr.-Ing. Anja Strunk
(from left to right)
EU-funded research group
Exploring Cyber Physical Systems
Network
Planning and
Security Internet
Information
Retrieval
Mobile &
Ubiquitous
Computing
Real-Time
Collaboration
Energy
Lab
Service &
Cloud
Computing
# 3
Cloud Computing …
• What is it all about?
• Problems
• π-Box: Building your personal secure cloud
• π-Data Controller: Secure Cloud Storage
• Conclusion & Future Work
Outline
# 4
The shape of a cloud …
… is in the eye of the beholder.
IaaS/PaaS*
Cloud Operating System, part of Azure Platform
* SaaS = Software as a Service PaaS = Platform as a Service IaaS = Infrastructure as a Service
PaaS*
Development and hosting of web applications SaaS/PaaS*
Business cloud services focussing on customer
relationship management
IaaS*
Migration of virtual machines between private
and public clouds
SaaS*
Customized applications for business and home user, based on Google
App Engine, e.g. collaboration tools
# 5
Cloud Computing Characteristics
Cloud Computing is …
… the on-demand and
pay-per-use application of
virtualized IT services
over the Internet.
On-demand
self service
Broadband network
access
Resource pooling
Measured and
optimized service
Rapid elasticity
Adopted from the NIST Definition of Cloud Computing [MeGr2011]
# 6
Service & Deployment Models
Software Services (SaaS)
Platform Services (PaaS)
Infrastructure Services (IaaS)
User Interface Machine Interface
Components Services
Compute Network Storage
User/Clients
Adopte
d fro
m [
MeG
r2011]
and [
BKN
T2010]
Cloud Architecture Stack
Public
Hybrid
Private
Community
Convenie
nce
User Control
Cloud Organization
Physical Resource Set (PRS)
Virtual Resource Set (VRS)
Programming Environment
Execution Environment
Applications Services
Applications
# 7
Cloud Computing …
• What is it all about?
• Problems
• π-Box: Building your personal secure cloud
• π-Data Controller: Secure Cloud Storage
• Conclusion & Future Work
# 8
Reliability and security when giving up physical possession
> Failure of monocultures
> Cloud providers‘ trustworthiness
> Staying in control
Problems of Cloud Computing
# 9
FlexCloud Objectives
π-Cloud: Establishing a secure cloud computing life cycle Hybrid cloud platform to integrate a user’s (cloud) resources, services and data.
> Unified Cloud
Prevent Vendor-Lock-in + Integration of existing IT
> Secure Cloud
Ensure data privacy and security
> Managed Cloud
Keep the user in command
> Efficient Cloud
Adapt to user preferences and cloud's vital signs
# 10
Cloud Computing …
• What is it all about?
• Problems
• π-Box: Building your personal secure cloud
• π-Data Controller: Secure Cloud Storage
• Conclusion & Future Work
# 11
Subsume all end devices within a Personal Secure Cloud (π-Cloud) controlled by the π-Box.
π-Cloud
π-Box
FlexCloud's Approach
# 12
π-Box distinguishes between public and sensitive data
and enforces security mechanisms for the latter.
π-Cloud
π-Box
FlexCloud's Approach
# 13
Analysis of structured,
unstructured data and
context information
PKI
π-Cloud
?
Document classification concerning security requirements.
Addressee identification and derivation of respective keys.
Transparent Encryption
# 14
Conceptual design of a user-centric cloud management solution • Categorization of user groups concerning technical skills and organizational interests • Guidelines for constructing adaptable graphical user interfaces • Refinement of user profiles according to individual preferences
π-B
ox
π-Service Controller
π-Data Controller
π-Resource Manager
π-Cockpit
Peer-to-Peer Network
private resources (trustworthy)
public resources (not necessarily
trustworthy)
User Interface / GUI
π-Box Architecture
# 15
π-B
ox
π-Service Controller
π-Data Controller
π-Resource Manager
π-Cockpit
Peer-to-Peer Network
private resources (trustworthy)
public resources (not necessarily
trustworthy)
User Interface / GUI
Service execution with respect to security and other non-functional requirements.
π-Box Architecture
User-controlled reliable service execution in the cloud • Automatic composition and deployment of services with respect to security and other
non-functional properties • Easy integration of existing IT environments
# 16
π-B
ox
π-Service Controller
π-Data Controller
π-Resource Manager
π-Cockpit
Peer-to-Peer Network
private resources (trustworthy)
public resources (not necessarily
trustworthy)
User Interface / GUI
User-controlled reliable data storage in the cloud • Automatic assurance of availability, integrity and confidentiality • Easy integration of existing IT environments • Adaptable and optimizable storage with respect to user preferences
Service execution with respect to security and other non-functional requirements.
Data storage & distribution with
respect to security and other non-
functional requirements.
π-Box Architecture
# 17
Organization of a user’s cloud resources • Description of cloud resources and their (non-)functional properties • System architecture for a reliable and scalable cloud resource directory • Protocols for automatic (de-)registration of cloud resources within the π-Cloud
π-B
ox
π-Service Controller
π-Data Controller
π-Resource Manager
π-Cockpit
Peer-to-Peer Network
private resources (trustworthy)
public resources (not necessarily
trustworthy)
User Interface / GUI
Service execution with respect to security and other non-functional requirements.
Data storage & distribution with
respect to security and other non-
functional requirements.
Infrastructure management
π-Box Architecture
# 18
Cloud Computing …
• What is it all about?
• Problems?
• π-Box: Building your personal secure cloud
• π-Data Controller: Secure Cloud Storage
• Conclusion & Future Work
# 19
Unreliable, proprietary
and insecure
cloud storage
Unreliable, low quality hard disk
Increasing Availability: from RAID to RAIC
RAID: Redundant Array of Independent Disks
RAIC: Redundant Array of Independent Clouds
Integration Layer
Logical partition
Preprocessing Layer
RAID level redundancy routine (mirror, stripe, …)
Transport Layer
Block resources
Reliable, universal
and secure cloud
storage
Integration Layer
Versioning
Distributed file system
Web access
Preprocessing Layer
Fragment level transformation (e.g. encryption)
File level transformation (e.g. compression)
Dispersal routine
Transport Layer Caching
Local persistence
Provider Storage API adapter
Reliable disk storage
# 20
π-Data Controller
π-Cloud = Company Intranet
Clo
ud S
tora
ge
Pro
tocol Adapte
r
Share
d F
old
er
Meta Data
File D
ispers
ion
Cry
pto
gra
phy
Secure Cloud Storage Integrator for Enterprises System Architecture [SGS11]
API FTP
CIFS
# 21
π-Data Controller
π-Cloud = Company Intranet
Clo
ud S
tora
ge
Pro
tocol Adapte
r
Share
d F
old
er
Meta Data
File D
ispers
ion
Cry
pto
gra
phy
Storing Files (1/5)
# 22
• Technology: FUSE (Filesystem in Userspace)
• CIFS/SMB network share on proxy file server
• Unified user interface for arbitrary cloud storage services
• Utilizing CIFS access control mechanisms
User space
Kernel
VFS
FUSE
NFS
Ext3
…
ls - /tmp/fuse
./xmp /tmp/fuse
glibc glibc
libfuse
CIFS = Common Internet File System NFS = Network File System Ext3 = Third Extended File System SMB = Server Message Block FUSE = Filesystem in Userspace VFS = Virtual File System glibc = GNU C library
Implementation of the Shared Folder
# 23
π-Data Controller
π-Cloud = Company Intranet
Clo
ud S
tora
ge
Pro
tocol Adapte
r
Share
d F
old
er
Meta Data
File D
ispers
ion
Cry
pto
gra
phy
Storing Files (2/5)
# 24
Ensure availability despite of unreliable cloud storage providers …
n total # of shares a file is split into
k threshold, i.e. # of necessary shares to reconstruct
E.g. k=6, n=8 If k < n, we need redundant information.
File Dispersion
# 25
Objective: Divide a secret 𝑠 ∈ 𝑆 in 𝑛 shares 𝑠1, … , 𝑠𝑛 with
1. Knowledge of any 𝑘 or more 𝑠𝑖 shares makes 𝑠 easily computable.
2. Knowledge of any 𝑘 − 1 or fewer 𝑠𝑖 shares leave 𝑠 completely
undetermined (in the sense that all its possible values are equally likely).
Input: 𝑠
𝑠1 𝑠2
𝑠𝑛
…
Dealer
Share holders store
Sharing
… Share holders
Reconstructor
Reconstruction
Output: 𝑠∗
si1 𝑠𝑖2 sik
Secret Sharing aka Threshold Schemes
# 26
[Sourc
e:
htt
p:/
/goo.g
l/w
atJ
C]
Secret Sharing: An informal example with 2 shares
Visual Cryptography [NaSh1994]
Simplification: n = k = 2
Secret cannot be determined independently!
… revealed!
# 27
Shamir's scheme [Shamir1979]
Idea: It takes k points to define a polynomial of degree k-1.
Sharing: Be a0:=s є S the secret to be shared where S is an
infinite field known to all share holders.
Randomly choose (k-1) coefficients a1,a
2,…a
k-1 є S to
build f(x):=Σai·xi.
Calculate shares sj:=[j,f(j)] with j є ℕ
n.
Recovering: Use Lagrange interpolation to find coefficients of the
polynomial including constant term a0.
s1
s2
Secret Sharing: More formalism
s3
Gra
phic
s taken f
rom
Wik
ipedia
.
s
Blakley's scheme [Blakley1979]
Idea: Any n nonparallel n-dimensional hyper-planes intersect at a specific point.
Sharing: Encode the secret as any single coordinate of the point of intersection. Recovering: 1. Calculating the planes' point of intersection. 2. Take a specified coordinate of that intersection.
Example: n≥3, k=3
1 share available 2 shares available 3 shares available
# 28
Information Dispersal: Computationally secure secret sharing
Rabin's scheme [Rabin1989]
• Guarantees only availability but no secrecy.
• Construction Be 𝑎𝑖 ≔ 𝑠 ∈ 𝑆 where 𝑖 = 1, … , 𝑘, i.e. 𝑓 𝑥 ≔ 𝑠 ∙ 𝑥𝑖𝑘
𝑖=1 . Rest as with Shamir's secret sharing.
• Properties • With a polynomial and shares of the same size as before, we can now
share a value 𝑘 times as long as before.
• Length of each share is only 1
𝑘-th of the length of the secret, and
if 𝑘 shares must be sufficient for reconstruction, one can obviously not get shorter. ➔ Space optimal
• However, one might gain some information if he gets access to several shares. ➔ Computationally secure
More efficient information dispersal schemes
• Need to be maximum distance separable to use 𝑘 arbitrary shares for reconstruction.
• Examples: Cauchy-Reed-Solomon, Liberation, Blaum-Roth [PSS2008]
# 29
π-Data Controller
π-Cloud = Company Intranet
Clo
ud S
tora
ge
Pro
tocol Adapte
r
Share
d F
old
er
Meta Data
File D
ispers
ion
Cry
pto
gra
phy
Storing Files (3/5)
API FTP
# 30
+ SHA256
+ SHA256
+ SHA256
+ SHA256
AES-CBC
AES-CBC
AES-CBC
AES-CBC
Cryptography: Confidentiality & Integrity
# 31
π-Data Controller
π-Cloud = Company Intranet
Clo
ud S
tora
ge
Pro
tocol Adapte
r
Share
d F
old
er
Meta Data
File D
ispers
ion
Cry
pto
gra
phy
Storing Files (4/5)
# 32
π-Data Controller
π-Cloud = Company Intranet
Clo
ud S
tora
ge
Pro
tocol Adapte
r
Share
d F
old
er
Meta Data
File D
ispers
ion
Cry
pto
gra
phy
Storing Files (5/5)
Stored Meta Data per component
• Shared Folder: General file system information, e.g. file size, access rights …
• File Dispersion: Used dispersion algorithm/parameters (n, k), shares‘ locations
• Cryptography: Used cryptographic keys and calculated checksums per share
• Cloud Storage Protocol Adapter: Storage protocol parameters and provider login data
# 33
π-Data Controller
π-Cloud = Company Intranet
Clo
ud S
tora
ge
Pro
tocol Adapte
r
Share
d F
old
er
Meta Data
File D
ispers
ion
Cry
pto
gra
phy
Retrieving Files (1/3)
Dispersion parameters: n=6
# 34
π-Data Controller
π-Cloud = Company Intranet
Clo
ud S
tora
ge
Pro
tocol Adapte
r
Share
d F
old
er
Meta Data
File D
ispers
ion
Cry
pto
gra
phy
Retrieving Files (2/3)
Dispersion parameters: n=6, k=3
# 35
π-Data Controller
π-Cloud = Company Intranet
Clo
ud S
tora
ge
Pro
tocol Adapte
r
Share
d F
old
er
Meta Data
File D
ispers
ion
Cry
pto
gra
phy
Retrieving Files (3/3)
# 36
NubiSave [SBM+11]
π-Cockpit desktop application
SecCSIE [SGS11] web interface for π-Cockpit
ResUbic Cloud Storage Allocator for Cyber Physical Systems
Prototype Implementations
# 37
Performance Evaluation Upload
0 10 20 30 40
Test 5
Test 4
Test 3
Test 2
Test 1
SMB transfer
Dispersion
Cryptography
Provider Upload
Time (seconds)
Test case π-Box used # local storage # cloud storage # encrypted shares
1 No 0 1 0
2 Yes 0 1 0
3 Yes 8 0 0
4 Yes 4 4 4
5 Yes 0 8 8
File size: 24 MB; Dispersion parameters: n=8, k=6; Cryptography parameters: AES (256 bit, 14 iterations), SHA256; Network Up/Downlink: 10/20 Mbit/s
Upload finished from
user perspective
# 38
Performance Evaluation Download
0 5 10 15 20
Test 5
Test 4
Test 3
Test 2
Test 1
Provider Download
Cryptography
Dispersion
SMB transfer
Time (seconds)
Test case π-Box used # local storage # cloud storage # encrypted shares
1 No 0 1 0
2 Yes 0 1 0
3 Yes 8 0 0
4 Yes 4 4 4
5 Yes 0 8 8
File size: 24 MB; Dispersion parameters: n=8, k=6; Cryptography parameters: AES (256 bit, 14 iterations), SHA256; Network Up/Downlink: 10/20 Mbit/s
Download finished from
user perspective
# 39
π-Box
SOHO Enterprise
π-Box Scalability
Embedded systems
AVM FRITZ!OS plugin
Home Server
Enterprise Server
Virtual Machine
SOHO: Small Office and Home Office
# 40
Cloud Computing …
• What is it all about?
• Problems?
• π-Box: Building your personal secure cloud
• π-Data Controller: Secure Cloud Storage
• Conclusion & Future Work
# 41
Results so far & future work (π-Data Controller)
• Integration of existing cloud storage services (Cloud-of-Clouds)
• Proxy server for transparent mediation ➔ easy to use for end-user, common scheme for enterprises
• Good performance, high security & data control for the user
• Data store for database system (block-based dispersion)
• Collaboration scenarios, file sharing, access by external entities
• Securing the meta data database
• Automatic classification of data
• Improving performance, e.g. scheduling algorithms, caching/prefetching, parallelization
• Optimized cloud storage
# 42
… by connecting several π-Clouds and propagating data and services within one π-Cloud and to others.
Simplified approach: assuming public, i.e. insecure π-Clouds
Advanced approach: Trust relationships between π-Clouds
π-Box
π-Cloud
Building a cloud of clouds
# 43
Towards a secure cloud life cycle
Cloud Adaption and Optimization
Strategies for the compensation of SLA violations Strategies for minimization of energy consumption Mechanisms for the visuali- zation of complex Cloud Monitoring data
Fine-grained Service Level Agreements
Methods to determine fine-grained non- functional properties of Cloud Services
Identification of assets and corresponding requirements
Deduction of monitoring targets from SLAs
Cloud Surveillance and Incident Detection Specification of monitoring targets and SLA violations Models for the proactive recognition of SLA violations and the evaluation of a Cloud‘s energy efficiency Mechanisms for reliable distributed Monitoring
Dynamic Provider Selection and Cloud Setup
Flexible distribution mechanisms for Cloud Platforms
Strategies for the performance optimization of Cloud Applications
Reputation consideration to improve reliability and trustworthiness
# 44
Tomorrow's forecast: still cloudy but sunny spots
Contact:
http://flexcloud.eu/
# 45
References
[BKNT2010] C. Baun, M. Kunze, J. Nimis and S. Tai: Cloud Computing. Web-basierte dynamische IT-Services. Springer Verlag, 2010.
[Blakley1979] G. R. Blakley: Safeguarding cryptographic keys; AFIPS Conference Proceedings Vol. 48, National Computer Conference (NCC) 1979, 313-317.
[MeGr2011] P. Mell and T. Grace: The NIST Definition of Cloud Computing. NIST Special Publication 800-145, September 2011.
[NaSh1994] M. Naor and A. Shamir, Visual Cryptography , Eurocrypt 94.
[PSS2008] J. S. Plank, S. Simmerman, C. D. Schuman: Jerasure: A Library in C/C++ Facilitating Erasure Coding for Storage Applications – Version 1.2. Technical Report CS-08-627, University of Tennessee, 2008.
[Rabin1989] M. O. Rabin: Efficient Dispersal of Information for Security, Load Balancing, and Fault Tolerance; Journal of the ACM 36/2 (1989) 335-348.
[SBM+2011] J. Spillner, G. Bombach, S. Matthischke, R. Tzschicholz, and A. Schill: Information Dispersion over Redundant Arrays of Optimal Cloud Storage for Desktop Users. In: IEEE International Conference on Utility and Cloud Computing. Melbourne, Australien, December 2011.
[SGS2011] R. Seiger, S. Groß, and A. Schill: A Secure Cloud Storage Integrator for Enterprises. In: International Workshop on Clouds for Enterprises. Luxemburg, September 2011.
[Shamir1979] A. Shamir: How to Share a Secret; Communications of the ACM 22/11 (1979) 612- 613.