Claudia Eckert. Overview. 1. Cloud-Characteristics. 2. Security Implications. 3.
Some Attacks (real World). 4. Specific Challenge: ID-Management. 5. Summary.
2 ...
Cloud-Security: Show-Stopper or Enabling Technology?
Claudia Eckert Fraunhofer‐Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Claudia Eckert
Overview 1. Cloud‐Characteristics 2. Security Implications 3. Some Attacks (real World) 4. Specific Challenge: ID‐Management 5. Summary Claudia Eckert
2
1. Cloud-Computing Cloud: • Pool of networked IT‐components Cloud‐Characteristics • Resources will be provided on demand • User don’t have to maintain/operate an own infrastructure • An ‚unlimited‘ amount of resources: capacities can be dynamically added: • Scalability, flexibility, on‐demand usage, • Access to outsourced data: at anytime, from anywhere • Fast development of new web‐ applications offered as Cloud‐Services • Software as a Service Claudia Eckert
3
1. Cloud-Computing Economic forecast: Estimated Market Shares for Cloud‐Computing‐Services: – Merrill Lynch (2008): $169 Mrd. until 2011 – IDC (2009): $42 Mrd. until 2012 – Gartner (2009): $150 Mrd. until 2013 – BITKOM (2009): 564 Mio. € for Germany until 2011 Applications
Infratsrucure
Claudia Eckert
4
1. Cloud-Computing Main aspects forming the Cloud • Types • Features • Models/Modes • Stakeholders • Benefitss • And: legislation!
Claudia Eckert
5
1. Cloud-Computing:
SaaS
IaaS
PaaS
User / Customer
Software layer
Platform layer Infrastructure layer Virtualization
Typs
Infrastructure as a Service (IaaS) e.g.: Elastic Compute Cloud (Amazon): providing virtual Server Platform‐as‐a‐Service (PaaS) e.g.: Google App Engine: Framework for application development & upload Software as a Service (SaaS) (Mail, CRM, presentations, …) e.g.: Google Docs, GMail, gliffy
Claudia Eckert
6
1. Cloud-Computing: Show-Stopper Security?
Claudia Eckert
7
2. Security Implications • User: e.g. Enterprises • Change of paradigm from closed and supervised IT‐ infrastructures to outsourced services and remotely operated IT‐ infrastructures • Providers: e.g. • Who uses the offered services? Who is liable for abuse of resources? • General security implications • Loss of control over data, infrastructures, processes, etc. • Difficult Identity and Access management in the Cloud • Compliance with security guidelines and legal standards , privacy issues • Trustworthiness of service providers Claudia Eckert
8
2. Security implications: Scenario
Cloud-provider #1
social network
collaboration service
end user Backupservice
Cloud-provider #2
Claudia Eckert
enterprise
email-service
Cloud-provider #3 9
2. Security Implications Cloud‐Characteristics and their effects on security • Resources will be provided on demand: • Confidentiality? Where is ‘my’ data (in which country?), which crypto regulation rules apply, e.g. key‐escrow requirements? • „unlimited“ amount of resources: • Privacy? compliant with privacy legislation? • Development of new web‐ applications as services • Trustworthiness of Cloud‐Service ? How does the Cloud platform handle access rights, key‐management, certificate management, etc.? • Accesses to outsourced data: at anytime, from anywhere • Availability? Which measures against DoS, risk of Data‐Lock‐in, …. AND: Cloud‐Computing: Door‐opener for new kinds of attacks Claudia Eckert
10
2. Security Implication Top Threats in Cloud Computing: source: http://cloudsecurityalliance.org/topthreats.html • Abuse of Cloud Computing Resources • Shared Technology Vulnerabilities • Data Loss Leakage • Insecure Application Programmer Interface • Account, Service & Traffic Hijacking • Malicious Insiders • Unknown risk profile Some threats in more detail Claudia Eckert
2. Security Implication Abuse of Cloud Computing Resources Problem‐Statement: • IaaS provider offer ‘unlimited’ resource usages coupled with frictionless registration process, i.e. users might act relatively anonymously • Spammers, Malicous Code authors other attackers take advantage of that Attacks like DDoS, Passwort Cracking, controlling botnets, …. Remediations: e.g. • Improved initial registration and validation processes • Comprehensive introspection (if compliant with legislation) of customer network traffic Claudia Eckert
2. Security Implication Shared Technology Vulnerabilities Problem‐Statement: • IaaS vendors often share underlying infrastructure: cashes, storage, .. • Improper isolation concepts are used: vulnerable hypervisor levels, no isolation on network layer etc. • Attacks: information leakage, unauthorized data access Remediations: e.g. • Strong compartmentalization • Strong authentication and access controls • Monitoring of access, activities • Vulnerability scanning, configuration audits Claudia Eckert
2. Security Implication Data Loss Leakage Problem‐Statement: • Missing backup concepts: data loss due to alteration, deletion, … • improper access controls • Loss of encryption keys: data is lost • Missing audit controls • Attacks: Deletion or alteration of data, circumvent improper access controls, identity theft (leaked credentials, hijacking sessions etc.) Remediations: e.g. • Strong access control, proper redundancy, backup‐concepts • Data encryption and proper key management Claudia Eckert
2. Security Implication Insecure Application Programmer Interface Problem‐Statement: • Providers offer APIs for services provisioning, orchestration, monitoring etc. with improper or even missing security concepts: Authentication, Encryption, logging, access control are often missing • Third parties offer value‐added services using these APIs: e.g. credentials are forwarded to third parties using (insecure?) APIs • Attacks: exploiting weak authentication like clear‐text passwords, reusable tokens, improper authorization, ….. Remediations: e.g. • Security analysis of the providers API, model dependencies • Use strong authentication, encryption, logging concepts on‐top Claudia Eckert
3. Attacks
Quelle: http://wiki.cloudcommunity.org/wiki/CloudComputing:Incidents_Database
Claudia Eckert
16
3. Attacks Example: Virtualization layer • Vulnerable VMMonitor: access to all data Possible Attack Scenario • Distribution of virtual machines via public market places • Amazon Machine Image (AMI) market place for EC2: Amazon: “AMIs are launched at the user's own risk. Amazon cannot vouch for the integrity or security of AMIs shared by other users. […] Ideally, you should get the AMI ID from a trusted source (a web site, another user, etc). If you do not know the source of an AMI, we recommended that you search the forums for comments on the AMI before launching it.”
• Attack: Setup of Bot‐nets, information leakages, … Claudia Eckert
17
3. Attacks DDos‐ attack on Bitbucket.org (Amazon) • DDoS attack with UDP‐Flooding • Service was unavailable for storing data in persistent storage • Problem solution lasts 18 hours: • No detection of DDoS through Amazon Support • Isolation of Network traffic via QoS‐ guideline failed • Connection over external IP‐ address instead of internal addresses • Design flaws in architecture of Bitbucket • no Load‐balancing • no Redundancy over decentralized data centers, • no dynamic allocation of resources Claudia Eckert
18
3. Attacks Cracking keys in the Cloud (10/2009) • Costs for breaking a PGP‐ key with utilization of EDPR on Amazon EC2 Resources
Claudia Eckert
source: http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html 19
3. Attacks Misuse of Google App Engine for controlling Bot‐Nets (11/2009) • CPU‐time, storage, 500 MByte disc storage and up to 5 millions Page Views per month for free • Command & Control‐Server of Bot‐ net by using Google App Engine • Contacting Bot‐computers with the server, for receiving new orders • Google had to manually delete the application
sources: http://asert.arbornetworks.com/2009/11/malicious‐google‐appengine‐used‐as‐a‐cnc
Claudia Eckert
20
Risk Assessment Cloud‐Security‐Study from Fraunhofer SIT, See: http://www.sit.fraunhofer.de/EN/News1.jsp Aim: Framework and guidelines for risk assessments Classification Infrastructure
Application and Platform
Physical security
Administration
Data security
Host
Application security
Virtualization
Platform security
Network
Security as a service
Compliance
Interoperability and Portability Testing Identity and access management Key management
Data protection Risk management Legal framework Governance
Claudia Eckert
4. Identity Management in the Cloud Lesson learned so far: • There are still lots of Security Problems in Cloud‐Computing: show‐stopper! • Enabling technology: Strong Authentication spanning domains! The IdM Cloud ecosystem: • Identity Providers • Governments (e.g. in Germany via nPA), Enterprises • Large Internet Destinations (e.g. Google, Facebook, …) • Cloud Providers: May also be Identity Providers • SaaS/PaaS/IaaS (e.g. Amazon, Salesforce, Google, SAP, HP, IBM, ...) • Users • Consumers or Business • Individuals may have many Identities Claudia Eckert
4. Identity Management in the Cloud Core IdM Challenges • Identity provisioning and deprovisioning: • secure and timely management of on‐boarding (provisioning) and off‐boarding (deprovisioning) of users in the cloud. • Extend user management processes within an enterprise to cloud services. • Authorization & user profile management • Establishing trusted user profile and policy information to control access within the cloud service, and doing this in an auditable way. • Delegation and Federation • exchanging identity attributes surely and trustworthy, • Establishing a identity lifecycle management Claudia Eckert
4. Identity Management in the Cloud • Support for compliance • Enable customers to pull together information about accounts, access grants and segregation of duty enforcement in order to • satisfy an enterprise's audit and compliance reporting requirements. • Authentication • How to provide cross‐domain strong multi‐factor authentication ? • How to provide strict multi tenancy model: isolation on all levels? • How to identify, manage fine‐grained components, like Applications? • How to guarantee interoperability, • How to support multi tenancy Claudia Eckert
4. Identity Management in the Cloud Authentication: Scenario Strong Authentication?
SaaS
One Time Pad
Credentials Cloud-based Authentication Service e.g. FireID
„true/false“
Authenticatio n Service Provider
Request Strong Authentication?
Enterprise User A
SaaS
Cloud-based Service e.g. Mail-Servce
Service Provider
Claudia Eckert
6. Summary • Cloud‐Computing: Great Opportunities for enterprises and providers • Security, Privacy and Trust are still open issues: Show‐Stopper?! • Top threats: e.g. Abuse, Data Loss, Shared Technologies, Hijacking, … • Privacy and Compliance are still unsolved problems • Cloud‐Computing provides a valuable environment to launch attacks Spamming, Bot‐net setup, Password and Key cracking • Solved Security Problems will be Cloud‐Enablers! • Trustworthy Identity Management within Clouds is one main issue • Core Challenges and open research issues : Identity provisioning and deprovisioning, Authentication, Delegation and Federation, Authorization & user profile management, compliance • Standards and Reference‐Architectures, Best Practice Guides are required Claudia Eckert
26
Thank you for your kind attention
Contact: Claudia Eckert Fraunhofer Institute for Secure Information Technology Tel: +49 89 3 22 99 86-292 +49 6151 869-285 E-Mail:
[email protected] Internet: http://www.sit.fraunhofer.de
Claudia Eckert
27