Cloud SecurityChristoph Hechenblaikner

Johannes Innerbichler

Why Cloud Security?

CC + SP-Sec

• User: “App” = Whole package

• App + Web service

• Smartphone-Security:

• Protect assets on the device

• Cloud-Security

• Protect assets in the cloud

Agenda

• Basics of Cloud Computing

• Cloud Security Basics

• Cloud Services Analysis

• Virtualization Security

• Cloud Cryptography

Cloud Computing BasicsWhat is it about ?

Cloud Computing

• NIST

• On-demand self-service

• Broad network access

• Resource pooling

• Rapid elasticity

• Measured Service

Source: http://pre-developer.att.com/home/learn/enablingtechnologies/The_NIST_Definition_of_Cloud_Computing.pdf

Cloud Computing

• IDC CC-Forecast Nov 2012:

• 2012: $40 billion

• 2016: $100 billion

• AGR: 26,4% (2012 - 2016)

• 2016: 41% of total IT growth

Source: http://www.idc.com/getdoc.jsp?containerId=prUS23684912#.UOiFdYnjlgw

XaaS

SaaS

PaaS

End User

Developer

System Engineers /Developers

IaaS

user

val

ue

IaaS

• Cloud

• Hardware / Network

• OS (partly) / Virtualization

• User

• Applications / Data

• Runtime / Middleware

• OS (limited)

IaaS

User /Developer

Provider

Provider managed

Application

.

.

.

Provider managed

Application

www

Scaleability!

Server-VM

Server-VM

MMI

IaaS

• Pay as you use

• Own runtimes, ...

• Highly scaleable

• Dynamic application environment

• Application / Developer manages scaling

IaaS

PaaS

• Cloud

• Hardware / Network

• OS / Virtualization

• Runtime / Middleware

• User

• Applications / Data (APIs)

PaaS

User /Developer

www

ProviderApplication

Users API

Blobstore API

DataQueue API

SSL-access API

Images API

Security API

Memcache API

.

.

.

Framework

PaaSIDE

Application Application

Client Server

Platform Framework

Provider account

Deployment Tool

to platform

PaaS

• Developer focuses on application

• “native” application scaling

• Performance

• Pay as you use (CPU time, transferred data, ...)

PaaS

SaaS

• Cloud

• Provides the application

• User

• Uses it!

SaaS

• Application delivered through the cloud

• Access via different devices

• Access:

• Web Technology

• Client Applications

• Future Software Distribution Channel

SaaS

XaaSApplications

Data

Runtime

Middleware

OS

Virtualisation

Hardware

Storage

Networking

Applications

Data

Runtime

Middleware

OS

Virtualisation

Hardware

Storage

Networking

Applications

Data

Runtime

Middleware

OS

Virtualisation

Hardware

Storage

Networking

SaaS

PaaS

IaaS

Cloud Security BasicsWhat are we afraid of ?

Cloud Security Assets

• Sensitive user data

• Credentials, Keys, SSN

• Military / Business Information,

• Medical Health Records

• Control over Cloud-System

• Computational Power

Security Goals

• As usual:

• Confidentiality

• Integrity

• Availability

• Accountability

Cloud Security

0%

25,00%

50,00%

75,00%

100,00%

Regulatory requirements Availability Security

74,6%

63,1%59,2%

Source: IDC Enterprise Panel, August 2008 n=244 % responding 4 or 5

Security Threads

• CSA “Top threads to Cloud Computing”

• Alliance of Cloud-Computing companies

• Goal: Providing Guidelines

Source: cloudsecurityalliance.org/research/top-threats/

Security Threads

• #1 “Abuse and Nefarious Use of Cloud Computing”

• DDoS-Attacks, Botnets

• Cracking Hashes / Keys, Rainbow Tables

• CAPTCHA solving farms

• Solutions: User registration, Signatures, ...

Example

Source: http://www.zdnet.com/blog/security/zeus-crimeware-using-amazons-ec2-as-command-and-control-server/5110

• Amazon EC2 (AWS)

• 2009 - 2010

• The Botnet behind CrimeWare Zeus used Amazon E2 Service for “command and control” purposes.

• 3,600,000 bots (Bank of America, NASA, Cisco, Oracle, Amazon, ...)

Security Threads

• #2 “Insecure Interfaces and APIs”

• MMI of Cloud Providers

• APIs to additional services (layered API)

• Must prevent policy circumventions

Security Threads

• Twitter

• 2009

• Part of API-functions accessible via HTTP-Authentication

• MITM, CSRF, ...

• Lots of bad mashups!

Source: http://securitylabs.websense.com/content/Blogs/3402.aspx

Source: www.theprogrammableweb.com

Security Threads

• #3 “Malicious Insiders”

• Hobby hacker, corporate espionage, nation-state sponsored intrusion

• Transparency of providers

• Solutions: Contracts, Compliance monitoring, ...

Security Threads

Source: http://datalossdb.org/incidents/5883-firm-may-have-illegally-bought-and-sold-150-million-customers-information

• Roadway D&B (Shanghai)

• 03/2012

• Personal data bought and sold by D&B

• Income, family, car, ...

• 150,000,000 records from (IT) insiders at banks, issuance groups, real estates agencies, ...

Security Threads

• #4 “Shared Technology Issues”

• Hypervisor Mediated Architectures (VMs)

• Storage

• Network Security

• Solutions: Regular audits, Monitoring, ...

Security Threads

• VMware

• 2009

• VMware SVGA II exploit

• MMIO used to place and execute code at host OS

• Many products affected (Workstation, ESX-Server)

VMware exploitHost Guest

vmx-process

Frame Buffer

SVGA-FIFO

OS

Virtual Video Card

SVG_RECT_COPY

Source: http://www.blackhat.com/presentations/bh-usa-09/KORTCHINSKY/BHUSA09-Kortchinsky-Cloudburst-PAPER.pdf

SVGA_RECT_COPY

Figure 3: Normal behavior of the SVGA_RECT_COPY operation

Figure 4: Source rectangle is out of the frame buffer (leak memory)

10

Frame Buffer

Src

Dst

Frame Buffer

Src

Dst

Source: http://www.blackhat.com/presentations/bh-usa-09/KORTCHINSKY/BHUSA09-Kortchinsky-Cloudburst-PAPER.pdf

SVGA_RECT_COPYFigure 3: Normal behavior of the SVGA_RECT_COPY operation

Figure 4: Source rectangle is out of the frame buffer (leak memory)

10

Frame Buffer

Src

Dst

Frame Buffer

Src

Dst

Source: http://www.blackhat.com/presentations/bh-usa-09/KORTCHINSKY/BHUSA09-Kortchinsky-Cloudburst-PAPER.pdf

SVGA_RECT_COPY

Figure 5: Destination rectangle is out of the frame buffer (overwrite memory)

There are two obvious ways to abuse the command, either misplace the source rectangle or the destination rectangle, leading to two different types of bugs.

3.1.1 Memory Leak (Figure 4)If the source rectangle is located out of the frame buffer, the RECT_COPY

operation will copy the content of the memory range in the host process memory defined as the source into the frame buffer. Since the frame buffer is shared between the host and the guest, the guest can then read the content of the frame buffer and thus leak the host process memory.

Debug versions (and Beta/RC) of VMware products include additional ASSERTs lowering the extent of the memory one can leak, even though the bug is still there. In retail versions, this bug can be used to leak pretty much any part of the memory.

The leak is relative to the base address of the frame buffer in the host process memory. In order to leak any address content, you will HAVE to know or leak this address.

3.1.2 Memory Write (Figure 5)If the destination rectangle is abused in the RECT_COPY operation, it is

possible for someone to overwrite part of the memory of the host process. Since the

11

Frame Buffer

Src Dst

Source: http://www.blackhat.com/presentations/bh-usa-09/KORTCHINSKY/BHUSA09-Kortchinsky-Cloudburst-PAPER.pdf

VMware exploitHost Guest

vmx-process

Frame Buffer

SVGA-FIFO

OS

Virtual Video Card

Source: http://www.blackhat.com/presentations/bh-usa-09/KORTCHINSKY/BHUSA09-Kortchinsky-Cloudburst-PAPER.pdf

Security Threads

• #5 “Data Loss or Leakage”

• Deletion, Alteration, Storage System Failure

• Deleting encryption keys, weak keys

• Leakage of data to third parties

Security Threads

Source: http://datalossdb.org/incidents/1518-malicious-software-hack-compromises-unknown-number-of-credit-cards-at-fifth-largest-credit-card-processor

• Heartland Payment Systems

• May 2008

• 130,000,000 records ($2.5 Million damage)

• credit card numbers, ...

Security Threads

• United States Army

• December 28th 2012

• 36, 000 records

• SSN, names, dates of birth, ...

Source: http://datalossdb.org/incidents/8680-social-security-numbers-of-36-000-who-worked-at-or-visited-fort-monmouth-as-well-as-some-of-their-names-dates-and-places-of-birth-home-addresses-and-salaries-accessed-by-hacker

Security Threads

• #6 “Account or Service Hijacking”

• Getting control over account (without the user noticing it!)

• phishing, social engineering, tampered images, ...

• constant / hidden business manipulation

Security Threads

• #7 “Unknown Risk Profile”

• Versions of software, Security design, Intrusion attempts, ...

• Competitors using the service?

• Bad attempt: Security by obscurity

• Solutions: Disclosure of {infrastructure, software, logs,...}, Customer notification / alerts, ...

Security Threads

• Heartland Payment Systems

• Used known vulnerable software components (did not disclosure them)

• Did not provide their customers with appropriate logs / alerts

• Did inform their customers too late!

Cloud Service Analysis(How) is it done ?

SaaS

• Dropbox

• Ubuntu1

• iCloud

• Wuala

• GoogleDrive

• Spideroak

• MS SkyDrive

• Mozy

Google Drive• Initial free 5 GB

• Provides optional free two-factor authentication via SMS or Google Authenticator app

• Search functionality

• optical character recognition (OCR)

• Optional disabled automatic deletion

• Files are stored unencrypted. Transfer: SSL

• But who own the data after uploading?

GDrive: Terms of Service

"Your Content in our Services:

When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes that we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.

The rights that you grant in this license are for the limited purpose of operating, promoting and improving our Services, and to develop new ones. This license continues even if you stop using our Services (for example, for a business listing that you have added to Google Maps)."

http://www.google.co.uk/intl/en/policies/terms/regional.html

SkyDrive

• Initial free 7 GB

• Access of every file on that PC it is installed in.

• Microsoft Web Apps

• Privacy concerns

• No two-factor authentication offered

• Files are stored unencrypted Transfer: SSL

SkyDrive - Security

• “Secure Sockets Layer (SSL) to encrypt your files when you upload or download them.”

• “Sophisticated physical and electronic security measures on the servers to help keep your files safe.”

• “Multiple copies of each file saved on different servers and hard drives to help protect your data from hardware failure.”

http://windows.microsoft.com/en-US/skydrive/any-file-anywhere#1TC=t1

Security concerns in SkyDrive Hotmail

• Person A want to send a sensitive document to Person B.

• Now person A log in to his Hotmail account, types a brief email to person B and adds the file to be sent. The file is automatically added to the SkyDrive and the link is shared through the email to person B.

• Now, person B reads the email in a public computer, access the file from SkyDrive, Signs out from his mail and goes away.

• Now person C comes to the same computer. He simply checks the URLs accessed by the previous user in the browser and finds the links to the file in SkyDrive. He visit the file in SkyDrive, downloads it and sends to some business competitors.

Wuala

• Free 2 GB

• Upload by drag-and-drop into client application

• Versioning: 10 most recent versions

• Sharing Functionality

• with other subscribers

• with non-subscribers (https://www.wuala. com/username/folder/?key=value)

• with everybody

Wuala - Security

• No Email confirmation after registration

• Transport Security

• proprietary client/server communication

• no SSL / TLS

• no detailed Information

• Convergent file encryption

Wuala - Convergent Encryption I

Client

khash

encrypt

file

enck(file)

fname’hash

Server

filename on server hash(enck(file))

file content enck(file)

key for decryption encs(k)

filename on user’s disk encs(fname’)

• Symmetric root key r derived from user password• Random key s, can be accessed via r

Wuala - Convergent Encryption II

• Properties

• Identical clear texts are identical crypto texts (user independent)

• server can not decrypt crypto texts without copy of clear texts

• Drawbacks

• Check for a file possible

• Disclosure of connection between users

Mozy• Free 2 GB

• No specific drive

• Transport security: TLS and HTTPS

• File encryption:

• Encrypted on client

• 448-bit Blowfish (key provided by Mozy)

• 256-bit AES (personal key)

• Filenames and paths stored unencrypted

• Cross-user vs. single user deduplication

Dropbox

• Up to 2GB free space (but Spacerace, ...)

• Clients available for almost all OS

• Powerful versioning of files (free account 30 days)

• Sync based on 4MB chunks

Dropbox Security• Server-side AES-256 (their key)

• Server-side per user de-duplication (see later)

• Transfer: SSL (HTTPS)

• Account-lockdown: to many login attempts

• Registration: Email not verified

• Sharing: predictable URL’s for non registered (after some URLs)

De-duplication sharing

• earlier versions of DB:

• Client side de-duplication

• Based on hash of chunks

• Exploited to download illegal content (Dropship, ...)

De-duplication sharing

OpenSSL

Dropbox Client

Dropbox Server

. . .

File-Pool

User-Storage User-Storage

== ilinkreplace hash

De-duplication sharing

• thepiratebay.org top 100 torrents

• Downloaded copyright free content (.sfv, .nfo, ...)

• 97 % (n=368) retrievable

• 20% not older than 24 hours

Ubuntu 1

• 5GB free (Amazon EC2)

• Clients for Linux/Windows/Android/iOS

• Supports music streaming and contact synchronization

• Transfer: SSL (HTTPS)

• De-duplication on file base (not chunks) on server

• No encryption at all

iCloud

• 5GB for free

• Used for Contacts, Calendars, Bookmarks, Reminder, Mails, Photos, Documents, Backups, ...

• No Security Enhancement Tools

iCloud Security

• Server-side encryption (their key) - “At minimum AES-128”

• Transfer: SSL

• Backup-Keybag like in iTunes backups (ECC-class keys: Background backup)

• “One account to rule them all”

iCloud Security

Source: http://support.apple.com/kb/HT4865

Spideroak

• 2GB for free

• Clients for Mac/Linux/Windows

• Web-Access (security!!)

• “Zero Knowledge” Principle

• Versioning

Spideroak Security

• Client-Side AES-256 + Server-Side RSA-2048

• Key password derived:

• PBDF2 - 16384 rounds - sha256

• 32 Bytes salt

• Web-Access: Key stored in encrypted memory area, wiped afterwards

PaaS / IaaS

• AWS

• (Microsoft Azure)

Amazon Web Services (AWS)

• Flexible, scalable, low-cost cloud IaaS

• Several certifications and accreditations regarding security

AWS Architecture

Source: http://d36cz9buwru1tt.cloudfront.net/AWS_Cloud_Best_Practices.pdf

AWS Cloud Security ICertifications and Accreditations • SOC 2 Type II Security• ISO 27001 Certification• PCI DSS Level I Compliance• MIPAA compliant• MPAA compliant architecture• DIACAP MAC III-Sensitive• Audit, supporting SOX compliance• Aligned to CSA’S control matrix

Physical Security• Multi-level, multi-factor controlled access environment• Controlled, need-based access for AWS employees (least privilege)

Management Plane Administrative Access• Multi-factor, controlled access to administrative host• All access logged, monitored, and reviewed• AWS administrators DO NOT have logical access inside customers VM (including applications and data)

VM Security

• Multi-factor access to Amazon account• Instance Isolation

• Customer-controlled firewall at the hypervisor level

• Neighboring instances prevented access• Virtualized disk management layer ensure only

account owners can access storage disks• Support for SSL end point encryption for all API calls

Network Security

• Instance firewalls can be configured in security groups• The traffic may be restricted by protocol, by service port, as well as by source IP address (individual or CIDR)• Virtual Private Cloud (VPC) provides IPSec VPN

AWS Cloud Security II

• Network security

• DDoS attacks

• MITM attacks

• Port scanning

• Account security features

• Service specific security features

Identity and Access Management (IAM)

• Who?, What actions? Which resources?

• Additional granularity: When?, Where?, How?

• Distributed roles between instances (EC2)

Multi-Factor Authentication

• Two-factor authentication

• AWS MFA device

• Virtual MFA device (smartphone)

• Hardware MFA device ($12.99)

Amazon S3

• Online web storage service

• REST, SOAP, and BitTorrent

• Objects (files) are organized in buckets

• Free limited usage tier

• Afterwards pricing per storage, request, and datatransfer

Amazon S3 - Security

• HMAC-SHA1 signature

• Access Control List (ACL) of bucket and object

• Versioning

S3 - Server Side Encryption

Amazon Elastic Compute Cloud (EC2)

• Amazon Machine Image (Linux, Windows)

• Manually creating and terminated additional servers instances (elastic)

• Paying by the hour for active servers

• Control of geographic location

Amazon EC2 - Security I• Multiple Levels of Security:

• Host operating system

• Guest operating system

• Firewall

• Fully controlledby customer

Source: http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf

Amazon EC2 - Security II

• Hypervisor (Xen)

• Instance Isolation

Source: http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf

Windows Azure Platform

• Microsoft's application platform for the public cloud.

• Base for Microsoft Online Services

Windows Azure PlatformArchitecture

Fabric

Computation Storage

Web RoleInstance

Worker RoleInstance

Virtual MachineVirtual Machine

BLOBS Tables

Queries Drives

Fabric Controller

Windows Azure Platform Security

• Subscription via Windows LiveID grants full control to virtual machine and storage

• Programmatically through SMAPI

• Windows Azure storage is governed through an storage access key

• no SSE

Virtualization SecurityIsolation please !

Full Virtualization

Hardware

Host OS or Bootstrap

Hypervisor or Virtual Machine Manager

VMOS

App

VMOS

App

VMOS

App

Virtualization Security Threats

• Communication blind spots

• Inter-VM attacks and hypervisor compromises

• Mixed trust level VMs

• Instant-on gaps

ReactivatedOut of Date

Cloned

Imagesource: http://la.trendmicro.com/media/misc/virtualization-cloud-computing-threat-report-en.pdf

Virtualization - Security

• Guest OS isolation

• Mitigation of side-channel attacks

• Guest OS Monitoring

• Full auditing capabilities

• Image and Snapshot Management

• Forensic

Future Cloud CryptographyDue to the suspicious nature of crypto users I have a feeling DES will be with us forever, we will just keep adding keys and cycles...”Colin Dooley”

New Crypto Schemas for the Cloud

• Encrypted data is vulnerable while processing time

• Process encrypted data without encryption

• Searchable encryption

• Homomorphic encryption

• Proxy re-encryption

Searchable Encryption (SE)

• Server executes queries without decrypting data.

• Cryptographic primitives and trapdoors

• SE issues

• Data owner ship

• Trapdoor revocation

• Query type: single keywords, multiple keywords, conjunctive and ranked queries

query + trapdoor

query results

SE Schemes• Symmetric SE

• SSE assume that the data is encrypted with the same master key that will be used during searching and that the owner of the data is the one who triggers the queries.

• Multiple parties are able to search over data of a single user.

• Asymmetric SE

• Any party that knows the public key is able to encrypt and add data to the server, but only the party in possession of the private key can generate trapdoors.

Homomorphic Encryption (HE)

• Encrypted data is processes

• Limited operations available (yet)

Proxy Re-Encryption (PRE)

• Allows Bob to decrypt data from Alice without her secret key

• Use of semi-trusted server

• Bidirectional vs. unidirectional

• Single hop vs. multi hop

• Used in Digital Rights Management

Alice Proxy BobEA(M) EB(M)

rA-B

Thanks! Q&A