Security Issues and Challenges in Cloud Computing

advertisement
Distributed and cloud computing
CSC 557
Akhila Reddy
Security Issues and Challenges in Cloud Computing
Abstract
Cloud computing is an Internet-based computing, where all the shared resources,
software and information, are provided on demand to computers and devices through internet. It
allows the users to access large number of applications without the need for
purchasing,
installing and downloading the applications. Through cloud computing people can share the
distributed resources and services that belong to different organizations. The users can access the
information from anywhere and anytime all they need is to connect to the internet. It refers to the
applications delivered as services over the Internet as well as the hardware and systems software
in the datacenters that provide all of those services. Since cloud computing uses distributed
resources in open environment, thus it is important to provide the security and trust to share the
data for developing cloud computing applications. This paper mainly describes the security
issues and their possible solutions.
Five main features of cloud computing:
• On-demand self-service: A consumer can acquire all the computing resources such as CPU
time, storage or software use, automatically as needed without any human interactions with
providers of these resources.
• Broad network access: All the computing resources such as software and information are
available over the network and accessed by various heterogeneous platforms such as laptops,
tablets and mobile phones etc.,
• Resource pooling: The provider’s computing resources are pooled to serve multiple consumers
using a multi-tenant model, with different physical and virtual resources dynamically assigned
and reassigned according to the demand . So the user do not have control or knowledge about
the location of these resources.
• Rapid elasticity: All the computing resources are elastic for the consumer ie., they are scaled
up to use whenever they are needed and scaled down to release whenever finished. To the
consumer, resources provisioning appears to be infinite and can be appropriated in any quantity
at any time.
Distributed and cloud computing
CSC 557
Akhila Reddy
• Measured Service: cloud system can use appropriate mechanisms to measure the usage of
these resources for each individual consumer through its metering capabilities, such as
monitoring, controlling, and reporting, which is transparent for both the provider.
Pricing :Cloud computing is completely based on usage and it does not have any upfront cost.
The user is usually billed based on the amount of resources they use. This will help the user to
track their usage and ultimately help them to reduce cost.
Cloud Architecture
Individual users connect to the cloud from their own personal computers or portable
devices, over the Internet. To these individual users, the cloud is seen as a single application,
device, or document. The hardware in the cloud (and the operating system that manages the
hardware connections) is invisible
Cloud computing can be divided according to deployment models and according to service
delivery models.
Cloud Deployments Models
In the cloud deployment model, networking, platform, storage, and software
infrastructure are provided as services that scale up or down depending on the demand . The
Cloud Computing model has four main deployment models which are:
Private cloud
It is set up within an organization’s internal enterprise datacenter and is manages or
operated by the organization or a third party regardless whether it exists on or off premise. In the
Distributed and cloud computing
CSC 557
Akhila Reddy
private cloud, all the resources and virtual applications provided by the cloud vendor are pooled
together and available for cloud users to share and use. A private cloud is designed to offer the
same features and benefits of public cloud systems, but removes a number of objections to the
cloud computing model including control over enterprise and customer data, worries about
security, and issues. Utilizing the resources on the private cloud can be much more secure than
that of the public cloud because of its specified internal exposure. Only the organization and
designated stakeholders may have access to operate on a specific Private cloud.
Public cloud
In public cloud the enterprise and storage service provider are separate and the data is
stored outside of the enterprise's data center. It is owned ,operated and managed by the public
cloud service provider. It is typically based on a pay-per-use model, similar to a prepaid
electricity metering system which is flexible enough to cater for spikes in demand for cloud
optimization. Public clouds are less secure than the other cloud models because of its open
structure and also it places an additional burden of ensuring all applications and data accessed on
the public cloud are not subjected to malicious attacks.
Community cloud:
It is constructed and shared by several organizations based on similar requirements and
interests, which may reduce utilization cost on every side.
Hybrid cloud
It is a combination of public cloud storage and private cloud storage where some critical
data resides in the enterprise's private cloud while other data is stored and accessible from a
public cloud storage provider. It provides more secure control of the data and applications and
also allows various parties to access information and resources over the Internet. It also has an
open architecture that allows interfaces with other management systems. Hybrid cloud storage
combines the advantages of scalability, reliability, rapid deployment and potential cost savings of
public cloud storage with the security and full control of private cloud storage.
Distributed and cloud computing
CSC 557
Akhila Reddy
Cloud computing service delivery models
There are three key cloud service models: Infrastructure as a Service (IaaS), Platform as a
Service (PaaS), and Software as a Service (SaaS). These services can be used independently, but
they can also work together.
• Software as a Service (SaaS):In SaaS, cloud providers install and operate application software
in the cloud and cloud users access the software from cloud clients. Cloud users do not manage
the cloud infrastructure and platform where the application runs. This eliminates the need to
install and run the application on cloud. Users usually rent the software instead of buying it,
which brings more choices and economical expense.
• Platform as a Service (PaaS): In PaaS, the users can create their own cloud services and
applications directly on a development environment or platform without the cost and complexity
of buying and managing the underlying hardware and software layers with tools offered by the
platform provider. They then can run and deploy these applications with full control.
• Infrastructure as a Service (IaaS): In IaaS, IT infrastructures, such as processing, storage,
networks, and other fundamental computing resources, are delivered as a service to the
consumer. The consumer can deploy and run arbitrary applications and operating systems. This
Distributed and cloud computing
CSC 557
Akhila Reddy
model makes users pay only for what they use. IaaS-cloud providers supply these resources ondemand from their large pools installed in data centers.
These features and models make cloud computing an open public system due to which
the data and applications are confronted to many security risks. Also users can access all the
uniformly distributed resources on the internet on demand through cloud computing, which
generates great interest in IT company. In cloud computing data is processed and stored in cloud
instead of local computers, which introduces more security issues.
CLOUD COMPUTING SECURITY ISSUES
A. Data Security
In cloud computing , especially in public cloud, users data is stored and processed in
cloud. Users cannot control cloud infrastructure managing their data, which causes threats to the
users data. Shown below are some of the security issues about the users data:
1) Data breach: It mainly violates two security properties of data : Integrity and confidentiality.
Integrity means protecting data from unauthorized deletion, modification . Confidentiality refers
to only authorized parties or systems having the ability to access the protected data. In a SaaS
model the user’s data is mainly stored and processed at the SaaS vendor end, so the data is at the
risk of breach. The breach behavior may come either from the inside employee or from outside
malicious hacker. Some of the common solutions to keep data integrity and confidentiality, are
employing strong encryption mechanisms like AES and DES under the management of common
PKI infrastructure. However, it introduces a heavy computation overhead on the data owner for
data management and key distribution when desiring fine-grained data access control. This issue
can be addressed by combining techniques of attribute-based encryption, proxy re-encryption,
and lazy re-encryption.
2) Data lock-in: It means the user cannot well migrate from a SaaS or IaaS vendor to another
vendor. It may lose users data, which prevents the users from adopting cloud computing.
Coghead is one example of a cloud platform whose shutdown left customers scrambling to
rewrite their applications to run on a different platform. The solution is to standardize cloud
Application Programming Interface (API), for instance GoGrid API.
3) Data Remanence: It is the residual representation of data that have been nominally erased or
removed in some way. In public cloud it can cause severe security security issues because of the
open environment ,especially in an IaaS model but it may cause minimum security issues in
Distributed and cloud computing
CSC 557
Akhila Reddy
private cloud. Storage network Industry Association (SNIA) proposes a set of mechanism for
data remanence problem. One of the solution is to encrypt the data and shred the key, making
device management become an pivotal function.
4) Data recovery: Sometimes server may break down and cause damage or loss to users data.
To avoid this, data should be backed up to be recovered in future. Cloud users can keep a backup
of important data on a local computer. For this purpose, the SaaS vendor may provide backup
service for users. For instance, Amazon’s S3 (Simple Storage Service) allows a user to specify
the files that should be backed up as well as the appropriate level of data mirroring.
5) Data locality: In a SaaS model of a cloud environment the user does not have any knowledge
about the location of the data, which may be an issue. To avoid the leakage of the sensitive
information, data privacy laws in many countries such as some European countries forbid some
types of data to leave the country, which makes locality of data be an extremely important
consideration in many enterprise architecture. The issue can be solved by creating secure SaaS
model which can provide reliability to the customer on the location of the data of the user.
B. Application Related Security Issues
Application security refers to using system resources such as the software and hardware
to ensure security of applications, which guards against intrusion from the malicious attackers.
1) Cloud browser security: In a SaaS model, the client's computation tasks are outsourced to
the remote servers. The client system can only be used for IO, receiving and sending commands
to the cloud. The web browser is an universal client application which satisfies this demand. In
this context, the browser security is especially important in cloud computing. There exists many
security issues when considering Transport Layer Security (TLS) protocol which is used for host
authentication and data encryption. The reason is that current web browsers can only use TLS
Encryption and TLS Signature which are not secure enough to keep out malicious attacks. One
solution is to use TLS, and at the same time XML based cryptography in the browser core.
2) Cloud malware injection attack: In this type of attack a malicious virtual machine or service
implementation is injected into the cloud system, the purpose of which varies extensively,
ranging from blockings or wiretapping by subtle data modification to entire functionality
changes.
The attacker creates a malicious VM instance or service implementation module such as SaaS or
IaaS and try to add it to the cloud system. Then he tries to trick the cloud system, making it to
Distributed and cloud computing
CSC 557
Akhila Reddy
believe the new instance is a valid instance. If succeeding, valid user requests will be redirected
automatically to the new instance and the malicious code in it will be executed. One solution to
prevent this is to perform a integrity check to the service instance before using it for incoming
requests in the cloud system.
3) Cookie poisoning: It is to make an unauthorized access into an application or to a webpage
by modifying the contents of cookie. In a SaaS model, Cookies maintain information that allows
the applications to authenticate the user identity and once these cookies are accessible, they
could be forged to impersonate an authorized user. The solution is to clean up the cookie or
encrypt the cookie data.
4) Backdoor and debug option: Developers often write code with a backdoor intentionally or
unintentionally. They also may leave some debug options for examining or revising the website
again . In a SaaS or PaaS model of a cloud environment, although these backdoors or debug
options facilitate the work of developers but also provide some entry points through which a
hacker can easily enter the website and access the sensitive information. These issues can be
solved at the development level.
C)Cloud Service Provider CSP level attacks
The increased demand on shared resource of the cloud and the shared nature of the cloud
computing could be an attractive target to attackers. End users should take into consideration the
vulnerabilities of cloud computing before migrating to it. Some of the examples of shared
resources are computing capacity, storage, and network. This shared nature exposes the cloud to
many security breaches that are listed below:
1) Guest-hopping attack
An attacker will try get access to one virtual machine by penetrating another virtual machine
hosted in the same hardware. One of the possible solution of guest hopping attack is the
Forensics and VM debugging tools to observe any attempt to compromise VM. Another possible
solution is using High Assurance Platform (HAP) which provides a high
degree of isolation between virtual machines.
2) SQL injection:
It is often used to attack websites. It can be done by injecting SQL commands into a database of
an application from the web to dump or crash that database. To mitigate SQL injection attack;
it is necessary to remove all stored procedures that are rarely used. Also, assign the least possible
Distributed and cloud computing
CSC 557
Akhila Reddy
privileges to users who have permissions to access the database.
3) Side channel attack:
It occurs when the an attacker places a malicious virtual machine on the same physical machine
as the victim machine; in that way the attacker can access all the confidential information on the
victim machine.
It is preferable to ensure that none of the legitimate user VMs resides on the same hardware of
other users in order to prevent this. This completely eliminates the risk of side-channel attacks in
a virtualized cloud environment.
4)Malicious Insider
One of the cloud computing challenges located at the data centers of the service providers is
when its employee is granted access to sensitive data of some or all customers administrators.
Such system privileges can expose these information to security threats. Strict privileges
planning, security auditing can minimize this security threat.
5)Data storage security
In cloud computing, user’s data is stored in the Cloud Service Provider (CSP) set of servers,
which are running in a simultaneous and distributed manner. Ensuring data integrity and
confidently is an important task. There are some means to ensure integrity and
confidently of the data stored in the cloud.
1. CSP employees must be provided with the limited access to the data.
2. Strong authentication mechanisms must be provided which allows only legitimate employees
to gain access and control CSP servers.
3. The CSP should use well defined Data backup and redundant data storage to make data
recovery possible.
6)Address Resolution Protocol (ARP) Cache Poisoning
Address Resolution Protocol (ARP) is used in the TCP/IP stack to resolve an IP address (logical)
at the sender side into MAC address (physical) address at the receiver side. The ARP cache
stores a table that maps all the IP address of the networked devices and their corresponding MAC
addresses. An attacker can exploit some weakness in the ARP protocol to map an IP address of
the network to one malicious MAC, and then update the ARP cache with this malicious MAC
address. To mitigate this attack it is possible to use static ARP entries, this technique can work
for small networks like private clouds; but on large scale clouds it is better to use other
Distributed and cloud computing
CSC 557
Akhila Reddy
techniques such as port security features that locks a specific port on the switch ( or network
device) to a specific IP address .
D)Network Level Security attacks
Cloud computing depends mainly on the existing networks infrastructure such as LAN, MAN
and WAN; that is the reason cloud computing is exposed to the same security attacks. These
attacks may be originated from users outside the cloud or a malicious insider residing between
the user and the CSP and trying to corrupt the data to/from the cloud.
1) Domain Name System (DNS) attacks
In the Internet, hosts are defined by names that are easy to remember by humans, while
computers deal with numbers. Each connected computer to the Internet has a globally unique
Internet Protocol (IP). The Domain Name System (DNS) converts host names into corresponding
Internet Protocol (IP) addresses using a distributed database scheme. Internet DNS servers are
subject to different types of attacks such as: ARP cache poisoning domain hijacking, and man-inthe-middle attacks.
1) Domain hijacking
Domain hijacking is defined as changing the name of a domain without the knowledge or
permission from the domain’s owner or creator. Domain hijacking enables intruders to access
sensitive corporate information and perform illegal activity such as phishing, where a website is
replaced by an identical website that records private information. One of the possible ways to
make domain hijacking very difficult is proposed by Internet Corporation for Assigned Names
and Numbers (ICANN) which forces a 60-day waiting period between a change in registration
information and a transfer to another registrar; most likely that the domain creator will discover
any change in that period. Another solution is using Extensible Provisioning Protocol (EPP) that
is used by many domain registries. EPP uses an authorization code issued exclusively to the
domain registrant as a security measure to prevent unauthorized name changing.
2) IP Spoofing
IP spoofing is where the attacker gains unauthorized access to a computer by pretending that the
traffic has originated form a legitimate computer. IP spoofing is utilized to make other attacks
such as Denial of Service attack and Man in The Middle attack:
Distributed and cloud computing
CSC 557
Akhila Reddy
a)Denial of service attacks (DoS):
The main purpose of these attacks is to make the target network/computer resources unavailable.
In DoS attack the attacker floods the victim host with a huge number of packets in a short
amount of time, DoS is concerned only with consuming bandwidth and resources of the target
network/computer. The attacker uses a spoofed IP address as the source IP address to make
tracking and stopping of Dos very difficult. Also it is possible to the attacker to use multiple
compromised machines which he has already hijacked to attack the victim machine at the same
time (this attack is known as Distributed DoS) and it is very difficult to track and stop. TCP SYN
flooding: it is an example of DoS attack; the attacker floods the victim machine with a stream of
spoofed TCP SYN packets. This attack exploits the limitations of the three way handshake in
maintaining half-open connections.
b)Man In The Middle Attack (MITM):
An attacker gains access to the network traffic using network packet sniffer, routing and
transport protocols flaws, these attacks could be used for theft of confidential information. IP
spoofing can be reduced using packet filtering by firewall, strong encryption and origin
authentication techniques.
D) End users’ attacks
Most of the cloud users attacks are phishing, fraud, and exploitation of software vulnerabilities
still work and can threaten the cloud service infrastructure. Phishing and fraud are attempts to
steal the identity of a legitimate user such as usernames, passwords, and credit card details.
Phishing is typically carried out by sending the user an email that contains a link to a fraud
website that looks like a legitimate one, when the user goes to that fake website, his user name
and password will be sent to the attacker who can use them to attack the cloud. Another form of
phishing and fraud is to send the user an email that pretends to become from the cloud service
provider and asking the user to supply his username and password for maintenance purposes for
example; but indeed that spoofed email came from an attacker to gain the user credentials then
using them to attack the cloud. Countermeasures of phishing are the use of Spam-filters, using
plug-in spam blocker in the Internet browsers and finally train the users not to respond to any
spoofed email and not to give their credentials to any website.
Distributed and cloud computing
CSC 557
Akhila Reddy
SECURITY REQUIREMENTS FOR CLOUD COMPUTING
A secure cloud computing should satisfy some security requirements.
Identification & Authentication: Depending on the cloud deployment and service models,
specified users must firstly be established and predefined access priorities and permissions
should be granted accordingly. This process is aimed at verifying and validating individual cloud
user by using a username and password which can protect the profiles of the cloud user.
• Authorization: Authorization is important to maintain referential integrity. It wields control
and privileges over process flows within Cloud computing. In a private cloud the authorization is
controlled by the system administrator.
• Non-Repudiation: In cloud computing, non-Repudiation can be obtained by traditional
technologies such as digital signatures, timestamps, token passing, and confirmation receipts
services.
• Availability: Availability is a key decision factor when deciding which deployment model and
delivery model to be used. The service level agreement (SLA) is a very important document
which describes availability in cloud services and resources between the cloud provider and
client.
CLOUD COMPUTING CHALLENGES
The following are the major challenges that prevent Cloud Computing from being adopted are:
1. Security: Security issue plays the most important role in hindering Cloud computing
acceptance. Putting data, and running software on someone else's hard disk using someone else's
CPU appears daunting to many users. Well-known security issues such as data loss, phishing,
pose serious threats to the data and software. Moreover, the multi-tenancy model and the pooled
computing resources in cloud computing has introduced new security challenges that require
novel techniques to tackle with.
2.Costing Model: Cloud consumers must consider the tradeoffs amongst computation,
communication, and integration. Migrating to the Cloud can significantly reduce the
infrastructure cost, which increases the cost of data communication. This problem is particularly
prominent if the consumer uses the hybrid cloud deployment model where the organization's data
is distributed amongst a number of public/private (in-house IT infrastructure)/community.
3. Charging Model: The elastic resource pool has made the cost analysis a lot more complicated
Distributed and cloud computing
CSC 557
Akhila Reddy
than regular data centers, which often calculates their cost based on consumptions of static
computing. Moreover, an instantiated virtual machine has become the unit of cost analysis rather
than the underlying physical server. For SaaS cloud providers, the cost of developing
multitenancy within their offering can be very substantial. These include: re-design and
redevelopment of the software that was originally used for single-tenancy, cost of providing new
features that allow for intensive customization, performance and security enhancement for
concurrent user access, and dealing with complexities induced by the above changes.
4. Service Level Agreement (SLA): Although cloud consumers do not have control over the
underlying computing resources, they need to ensure the quality, availability, reliability, and
performance of these resources when consumers have migrated their core business functions
onto their entrusted cloud. It is important for consumers to obtain guarantees from providers on
service delivery. Typically, these are provided through Service Level Agreements (SLAs)
negotiated between the providers and consumers.
5. Cloud Interoperability Issue: Currently, each cloud offering has its own way on how cloud
clients/applications/users interact with the cloud, leading to the "Hazy Cloud" phenomenon. This
hinders the development of cloud ecosystems by forcing vendor locking, which prohibits the
ability of users to choose from alternative vendors/offering simultaneously in order to optimize
resources at different levels within an organization. Proprietary cloud APIs makes it very
difficult to integrate cloud services with an organization's own existing legacy systems.
The primary goal of interoperability is to realize the seamless fluid data across clouds and
between cloud and local applications. Standardization is the
good solution to address the
interoperability problem. However, as cloud computing just starts to take off, the interoperability
problem has not appeared on the pressing agenda of major industry cloud vendors.
References
1. http://www.slideshare.net/xoai/cloud-computing-security-2153773
2. http://www.cse.wustl.edu/~jain/cse571-09/ftp/cloud/
3. http://www.ijarcsse.com/docs/papers/9_September2012/Volume_2_issue_9/V2I900174.pdf
4. http://www.moorestephens.com/cloud_computing_benefits_challenges.aspx
5.
issues
http://www.computerweekly.com/news/2240089111/Top-five-cloud-computing-security-
Download