New approach to enhance security in cloud computing against internal side channel attacks Issue : Survey of Cloud Computing Security ,Side channels attacks,problems and solutions Ahmed Bentajer University Cadi Ayyad High School of Technology, Safi, Morocco
[email protected] Mustapha Hedabou University Cadi Ayyad National School of Applied Sciences,Safi, Morocco
[email protected]
Ibtihal Mouhib University Moulay Smail, Faculty of sciences, Meknes, Morocco,
[email protected] El Ouadghiri Driss University Moulay Smail, Faculty of sciences, Meknes, Morocco,
[email protected]
Said EL Fezazi University Cadi Ayyad High School of Technology, Safi, Morocco Morocco
[email protected]
Abstract— Everyone in the technology world is talking about the Cloud Computing .It is now a solution adopted by 76% of large companies in the world [4] (Google, Facebook, Amazon, Microsoft, IBM, Cisco ..). It is described by three service models: IaaS (Infrastructure as a Service), PAAS (Platform as a Service) and SaaS (Software as a Service), divided into four deployment models (public, private, community and hybrid) and characterized by five main properties (On-demand self-service, Ubiquitous network access, Location independent resource pooling, Rapid elasticity, Pay per use). Principally, Cloud Computing is recognized as a great eliminator of the hefty costs and complex processes that come with evaluating, purchasing, configuring or managing software and hardware essentials that are necessary for enterprise applications. In spite of its many benefits, there are significant security concerns that need to be addressed when moving to the cloud. In this paper we will start by introducing the cloud computing technology, ,then we will give our survey on the security of the Cloud andfinally we will describe one of the most important security threat, is about the side channels Attacks and we will propose our approach to mitigate internal side channel attacks Key Words : Cloud Computing ,Security, Side channels attacks
I.
INTRODUCTION
The Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or cloud provider interaction [1].
The Cisco view of cloud computing is all encompassing[2], in terms of the architectural stack in a typical service value chain. These are services that are offered in a traditional IT datacenter. In a cloud value chain, they are virtualized and delivered on demand. The three major layers in the cloud computing value chain are as follows: Software as a Service (SaaS) is where application services are delivered over the network on a subscription and on-demand basis. Cisco WebEx™, Salesforce, Microsoft, and Google are a few providers in this layer. Platform as a Service (PaaS) consists of run-time environments and software development frameworks and components delivered over the network on a pay-as-you-go basis. PaaS offerings are typically presented as Application Programming Interface (API) to consumers. Examples of this are: Google Apps Engine, Amazon Web Services, force.com, and Cisco® WebEx Connect. Infrastructure as a Service (IaaS) is where compute, network, and storage are delivered over the network on a pay-as-you-go basis. Amazon pioneered this with AWS (Amazon Web Service), and now IBM and HP are entrants here also. The approach that Cisco is taking is to enable service providers to move into this area. Again using NIST as a baseline for our descriptions, NIST defines four cloud deployment models: Private cloud: The cloud infrastructure is operated solely for an organization. It may be managed by the
organization or a third party and may exist on premise or off premise. Community cloud: The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g.,mission, security requirements, policy, and compliance considerations).It may be managed by the organizations or a third party and may exist on premise or off premise. Public cloud : The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.
Due to involvement of many technologies including networks, databases, operating systems, resource scheduling, transaction management, concurrency control and memory management [3], various security issues arises in cloud computing. A. Cloud Computing Security Threats The Cloud Security Alliance has identified the following threats as top security threats for cloud computing in 2013[10]:
Data Breaches: In a data breach, an actor is intentionally accessing data for malicious reasons. to illustrate the potential magnitude of this threat, a virtual machine could use side- channel timing information to extract private cryptographic keys in use by other VMs on the same server; allowing an attacker to get at not just that client's data, but every other clients' data as well. The challenge is that the measures put in place to mitigate one of the threats can exacerbate another. You could encrypt your data to reduce the impact of a breach, but if you lose your encryption key, you'll lose your data.
Data Loss: data loss can be caused by employees who have no intention of causing a security incident; a loss can considerably introduce financial implications, legal ramifications, influence on trust between different actors related to a business and damage to reputation. Data Loss can occur due to malicious intent, accidental deletion by provider, or worse, a physical catastrophe leading to permanent loss. Account/Service and Traffic Hijacking: It is one of the major security threats to the cloud which leads to compromises on confidentiality, integrity and availability of deployed cloud services.
Hybrid cloud : The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for loadbalancing between clouds). Gartner predicts that cloud computing will surge to 150 billion dollars by 2013. Below is a partial list of companies that provide cloud computing services: Amazon , Google , Microsoft , Salesforce.com ,Citrix ,IBM ,Mozyhome , Sun , cohensiveFT , Icloud ,Nivanix , VMware ,Flexscale ,Joyent , Rackspace ,3tera..[14]. II.
SURVEY ON CLOUD COMPUTING SECURITY
Cloud is a technology that everyone would love to take full advantage of [13], it offers so much: Limitless Flexibility: With access to millions of different databases, and the ability to combine them into customized services. Better Reliability and Security: users no longer need to worry about their hardware failure, or hardware being stolen.
Enhanced Collaboration : By enabling online sharing of information and applications, the cloud offers users new ways of working together.
Insecure APIs : The security of general cloud services is dependent upon the security of these basic APIs
Portability: Users can access their data from anywhere.
Simpler devices: With data stored and processed in the cloud, users simply need an interface to access and use this data, play games, etc.
Cloud Providers expose a set of API for interacting customers to manage their data and interact with 3rd party applications for integrations.
Denial of Service: DoS has always been an Internet threat, but it resurging in frequency and sophistication in the cloud. It can effect on cloud performance in general and can cause financial losses[5] and can cause harmful effect in other servers in same cloud infrastructure as in [6].
Malicious Insiders: malicious insiders could render security controls useless. He can steal confidential data of the cloud user, so the user is mostly left with trusting the cloud provider. [7] .A malicious
Unlimited Storage. Access to lightning quick processing power. However, there are significant security concerns that need to be addressed when considering moving critical applications and sensitive data to public and shared cloud environments.
insider can be an administrator who can easily inspect the virtual machines of cloud users and retrieve sensitive information.
Abuse of Cloud Computing : an example might be a malicious hacker using cloud servers to break an encryption key too difficult to crack on a single computer, launch a DDoS attack, propagate malware, or share pirated software. The challenge here is for cloud providers to define what constitutes abuse and to determine the best processes to identify it.
Insufficient Due Diligence: this threat giving rise to operational and architectural issues, or contractual issues over liability and transparency.
Shared Technology Vulnerabilities: It can be duplicated across an environment where many virtual servers share the same configuration so understanding patch management and configuration management from the vendor becomes crucial.
B. Security Attacks in Cloud As more companies move to cloud computing, look for hackers to follow. Some of the potential attack vectors criminals may attempt include [9]:
Cloud malware injection attacks: This type of attack, an adversary attempts to inject malicious service or code, which appears as one of the valid instance. If the attack is successful, the cloud system automatically redirects valid user requests to the malicious service implementation, and the adversary’s code is executed.
Authentications attacks: Authentication is a weak point in hosted and virtual services and is frequently targeted. The mechanisms used to secure the authentication process and the methods used are a frequent target of attackers.
Side channel Attacks: This will be detailed in the next section
Man in the middle Cryptographic Attacks: This attack is carried out when an attacker places himself between two users. Anytime attackers can place themselves in the communication’s path, there is the possibility that they can intercept and modify communications.
Denial of service attacks: that we have already explained in the part of security threats
III.
SIDE CHANNELS ATTAKCS
As mentioned earlier, side channels is a security attacks in cloud computing. Traditional attacks on cryptographic algorithms use only the input and output of the algorithm, treating it like a monolithic black box. However, this does not reflect reality. Algorithms must be implemented in software and run on hardware, which have various properties (a physical quantity such as time, power consumption, electromagnetic radiation or sound...) that change as a result of the cryptographic algorithm’s execution. Side-channel attacks try to extract secret information based on some sidechannel. A. Problem Identification Side channel are discussed in many context like information that can be leaked .A study has shown that an attacker can place his VM on the same physical machine as another customer’s VM in Amazon EC2 [20], knowing that changes in web based applications has reached a stage where applications are delivered as a service (SaaS). Conceptually the architecture of SAAS needs that information (web flows) go through network, so they can be exposed to side channel attack despite using an HTTPS protection or if they are encrypted. Compared to desktop software, web application has all the advantages of the cloud (pay per use, no client installation side, ease of update and maintain…). But the distinct features of the web especially web 2.0 (stateful communication, low entropy , auto suggestion ,…), which may be considered as the main problem, coupled with side channel vulnerabilities are becoming a threat to the confidentiality of user data in different software that are delivered as a service (health care, …) [15]. In this web-based application, with the rise of the web 2.0, they are many problems which may cause side channel attack: Input by typing (auto suggestion): as the user type a list of suggestion may appear, which contain all items that have been taped before or it exists in database and the list is updated in response to every keystroke, and the attacker may disambiguate the user’s actual input after every keystroke and the communication become stateful because the each keystroke produce a web flow. In [16] the principal problems are : Massive parallelism : nowadays and with the multiprocessing and multithreading it becomes impossible to control timing channel Insider attackers become outsider attackers : Cloud provider may collocate VM on the same physical machine with no question asked, so on a private infrastructure an attacker may steal secret information without knowing the identity of co- resident and without leaving a trail .Cloud based timing attacks are unlikely to be caught : cloud customer can’t monitor other customers computations to protect themselves against timing attack and cloud provider couldn’t monitor customers to report attacks due to privacy .
Attacker my steal information via: Shared L1 data cache [17] Shared functional units [18]. B. Some Proposed Solutions Some solutions exist to address this problem as mitigation policies, but mitigation of such side- channel threats is much more difficult than it appear to be, because of their application-specific, developers need to analyses the application semantics and feature design to find the vulnerabilities and think of their remedies. But unfortunately there is no universal method because of the character of each application, and even if it does exist it will be hard to apply it to all software unlike some side-channel vulnerabilities studied in prior research which have universal mitigation for example song et al. suggested a simple mitigation for the SSH inter-keystroke timing issues[15]. Another solution exists, which is providing enforced deterministic execution instead of resources partitioning [16], this solutions is based on the use of a deterministic OS to separate job’s I/O which will depend only on jobs input and ensure that even malicious guest code can do nothing to makes it results depend on internal timing or other implicit inputs C. Our Approach : a mitigation method for internal side channel attacks Customer and provider must share responsibility for security and privacy in cloud environment, providers can’t monitor client computation and network traffic due to legislation problem. Also the mainstream problem is multi-tenancy, regardless of its advantages (managing resource utilization more efficiently …) but from a client perspective the notion of using a shared infrastructure could be a huge concern, because a study has shown that an attacker may intentionally place his VM in the same physical machine as another customer [20] and steal information through side channel attack, also because some solution that exists (data encryption, HTTPS …) are not enough to stop side channel attacks. An example for web applications that need to store and display user data (healthcare …) the solution is implementing service-like access based to the data layer [19] so it becomes possible to host an application anywhere in the world, while the data remains where it legally needs to be. But what about a customer who may have different solutions for different domain and don’t need to be geographically decoupled? The problem here is that this customer may be exposed to internal channel attack that goes out of control by the cloud provider and customer; encryption may be a solution but can’t stop the danger. Our proposition, combined to other solution that exists (encryption or deterministic OS…), may mitigate the risks of internal side channel attacks, and the customer may deal with the provider on a way to monitor his computation or
giving him the administrator privilege to do it. The approach consist on managing and categorizing physical server by clients, the cloud provider, each client or group of client that may reach agreements so all their instance will be placed on the same physical server, and allow him/them to monitor the computation .. Our approach seems to be hard to implement, because it needs that the cloud provider should make a study of all his customers and manage them, also VM are generated arbitrary and he have to manage them on a way that each client will have all his workload (VM) on the same physical server . Security architecture involves effective security management to realize the benefits of cloud computation. Proper cloud security management and administration should identify management issues in critical areas such as access control, vulnerability a n a l y s i s , change control, incident response, fault tolerance, and disaster recovery and business continuity planning [8]. A specific solution of our approach a cloud provider can offer is to gather customer needs security level (eg from level 1more security to 10 less security), for example the concept of classified information (public, sensitive, private or confidential) cloud provider may load level security on each physical machine like that if a customer needs a specific level (eg level 4) if another client needs the same level or higher (1, 2 or 3) then the two parties will be safe from an attacker who tries to place his VM for violating private or confidential information through side channel attack, and that without the need of monitoring or the need to know the technical specification of each computation. Figure1 illustrates the proposed approach.
Fig. 1. The approach to secure the cloud environment against internal side channel attacks
For isolation problem and resources partitioning, it’s well known that the resource partitioning lead to side or covert channel attacks, uncritical services can benefit the sustainability of cloud and its benefits, but for critical service it may not because of the lack of isolation which may be considered as a special sort of privacy where a service shouldn’t get in contact with each other’s, and cloud provider shouldn’t see what data are used in the service [21]. Our approach can reassure customers, because if a customer requests a specific security package (e.g level 4 or higher) the problem of isolation will not be a problem for all
instances, because their objective is the protection of data and elimination of the various hardware and software attacks to listen or disrupt their VM. IV.
CONCLUSION
Although Cloud computing can be seen as a new phenomenon which is set to revolutionize the way we use the Internet, the security is still considered as the major barrier to business adoption of the cloud .In this paper, firstly we give a general idea of cloud computing technology .In the second section, we survey the existing and potential security issues of the cloud computing to be aware of the potential attacks in this environment .Finally ,we analyze the side channels attacks and we propose our approach which we believe that it may change the cloud architecture and vision ,it will also be able to improve customer satisfaction to a great extent and will attract more investors in this cloud computation concept for industrial as well as future research farms. The goal is to enhance security in the cloud computing; especially for customer who didn’t decided to move to cloud environment due to security problem .It can be well studied in the future to make it easy to implement. REFERENCES [1]
Peter Mell, Tim Grance, The NIST Definition of Cloud Computing, Version 15, October 7, 2009, . [2] Cisco Cloud Computing -Data Center Strategy, Architecture, and Solutions Point of View White Paper for U.S. Public Sector1st Edition [3] Kevin Hemalen, Murat Kantarcioglu, Latifur Khan, and Bhavani Thuraisingham, The University of Texas at Dallas, USA, “Security Issues for cloud computing”, April-June 2010,international Journal of Information Security and Privacy. [4] EMC² , study presented by Mr. Mounir Soussi, French- speaking Africa Regional Director [5] Peng, T., C. Leckie, and K. Ramamohanarao, Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Computing Surveys (CSUR), 2007. 39(1): p. 3. [6] Subashini, S. and V. Kavitha, A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 2011. 34(1): p. 1-11. [7] Rocha, F., and Correia, M. Lucy in the sky without diamonds: Stealing confidential data in the cloud. In Proceedings of the 1st International Workshop on Dependability of Clouds, Data Centers and Virtual Computing Environments (DCDV, with DSN’11) (June2011). [8] Cloud security A comprehensive guide to secure cloud computing Ronald L. Krutz and Russel Dean Vines [9] A. Singh and M. Shrivastava, “Overview of Attacks on Cloud Computing” IJEIT, Vol. 1, Issue 4, pp. 321 323, April 2012. [10] Cloud Security Alliance, Top Threats Working Group, “The notorious nine: cloud computing top threats in 2013”. February 2013. [11] Qiasi Luo1 and Yunsi Fei2 “Algorithmic Collision Analysis for Evaluating Cryptographic System and Side Channel Attacks”, International Symposium on H/w- Oriented Security and Trust, 2011. [12] Y. Zhang, M. K. Reiter, T. Ristenpart, A. Juels, "Cross-VM side channels and their use to extract private keys", 2012.
[13] http://www.cleverlogic.net/articles/cloud-computing- security-issuesand-solutions [14] Expert Reference Series of White Papers , 10 Security Concerns for Cloud Computing ,p.3 [15] Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow [16] Determinating Timing channels in compute cloud [17] Z. Wang and R. B. Lee. Covert and side channels due to processor architecture. In 22nd ACSAC, Dec. 2006 [18] C. Percival. Cache missing for fun and profit. In BSDCan, May 2005 [19] :http://www.computer.org/portal/web/computingnow/cloud/content?g =53319&type=article&urlTitle=mitigating-cloud-security-andprivacy-risks [20] Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage “Hey you, Get off My Cloud: Exploring information leakage in third-party compute clouds”. Proceeding CCS ’09 Proceedings of the 16th ACM conference on Computer and communication security [21] Isolation in Cloud Computing and Privacy-Enhancing Technologies Prof. Dr. Noboru Sonehara, Prof. Dr. Isao Echizen, Dr. Sven Wohlgemuth
