Presentation is loading. Please wait.

Presentation is loading. Please wait.

Technical Security Issues in Cloud Computing By: Meiko Jensen, Jorg Schwenk, Nils Gruschka, Luigi Lo Lacono Presentation by: Winston Tong 2009 IEEE.

Published byBlake Daniels Modified over 8 years ago

Similar presentations

Presentation on theme: "Technical Security Issues in Cloud Computing By: Meiko Jensen, Jorg Schwenk, Nils Gruschka, Luigi Lo Lacono Presentation by: Winston Tong 2009 IEEE."— Presentation transcript:

1 Technical Security Issues in Cloud Computing By: Meiko Jensen, Jorg Schwenk, Nils Gruschka, Luigi Lo Lacono Presentation by: Winston Tong 2009 IEEE

2 Outline 1. Background 2. Cloud Technologies 1. Web Service Security 2. Transport Layer Security 3. Security related Issues 1. Wrapper Attacks 2. Browser Security 3. Metadata Attacks 4. Flooding Attacks

3 Background  Cloud layers of service  Software as a Service – Provides ready to use applications (Facebook)  Platform as a Service – Tailored hosting environments (Google App Engine)  Infrastructure as a Service – Provides raw resources (CPU, Storage, Memory)  Security concern – User’s data leaves the home protection of the user and provides trust to the foreign cloud.

4 Cloud Technologies – Web Service Security  Provide integrity, confidentiality and authentication for SOAP messages.  SOAP messages – Organized XML type message  Defines a SOAP header that carries WS-Security extensions.  Defines XML Signature/Encryption application to SOAP messages.  Hybrid Encryption  XML fragment is encrypted with a randomly generated symmetric key.  Key is encrypted with public key of recipient.  Encrypted key is inside security header.

5 Transport Layer Security  Handshake  Establishes encryption keys and algorithms  Authenticate server and client  Record Layer  Encrypts/decrypts TCP data streams using keys and algorithms from handshake.  Has different options for key agreement, encryption and authentication.  Popular  Certificate authentication of servers  User/Password authentication of clients

6 Cloud Security Issues – XML Signature  XML Signature Element Wrapping (Wrapping Attack)  Allows an outsider to freely use a victim’s cloud.  Example  Client sends SOAP message asking for “me.jpg” in the message “body”.  Client signature is in SOAP header and points to signed message for “body”.  Attacker can intercept the message and manipulate “body” in such a way that it asks for something else.  The message will still contain the valid signature.  2008, Amazon EC2 services were vulnerable to wrapping attacks.

7 Cloud Security Issues – XML Signature

8 Cloud Security Issues – Browser Security  Client usage of the browser as a tool to access his cloud leaves him vulnerable to browser attacks.  In response, Cloud services use Federated Identity Management (FIM) protocols.  Authentication through a third party. (With credentials)  When authenticated, Kerberos tokens are sent to the server.  These tokens are vulnerable.  Browsers unable to issue XML based security tokens itself.  FIM tokens are stored in the browser and are only protected by standard operating procedures.

9 Cloud integrity and Binding Issues  Clouds use metadata for identification of type of service that users want.  Malware Injection Attacks  Adversary creates his own service module and adds it to the cloud system  The cloud will then unknowingly service a user the malicious module.  Metadata Spoofing  Maliciously reengineering the Web Services’ metadata descriptions  Ex: deleteUser -> setAdminRights  These two attacks are weaker and avoidable

10 Flooding Attacks  Attacker sending a huge load of nonsense to service  Direct Denial of Service  Cloud wastes its resources on a flooded service.  Indirect Denial of Service  The flooded service affects the availability to other services  Accounting and Accountability  Economic loss from the computational power usage

11 Conclusion  Favor XML Signature and encryption security in browsers.  Strengthen security capabilities of browsers and Web Service frameworks.  Strengthen TLS to protect the SAML tokens  TLS session binding – the token will be protected by the same channel.  Strong Locked same origin policy – use server key as authentication as opposed to the insecure DNS system.

Download ppt "Technical Security Issues in Cloud Computing By: Meiko Jensen, Jorg Schwenk, Nils Gruschka, Luigi Lo Lacono Presentation by: Winston Tong 2009 IEEE."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.

SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
CSE 486/586, Spring 2014 CSE 486/586 Distributed Systems Security --- 2 Steve Ko Computer Sciences and Engineering University at Buffalo.

CSE 486/586, Spring 2014 CSE 486/586 Distributed Systems Security Steve Ko Computer Sciences and Engineering University at Buffalo.
A Public Web Services Security Framework Based on Current and Future Usage Scenarios J.Thelin, Chief Architect PJ.Murray, Product Manager Cape Clear Software.

A Public Web Services Security Framework Based on Current and Future Usage Scenarios J.Thelin, Chief Architect PJ.Murray, Product Manager Cape Clear Software.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
Security Prospects through Cloud Computing by Adopting Multiple Clouds Meiko Jensen, Jorg Schwenk Jens-Matthias Bohli, Nils Gruschka Luigi Lo Iacono Presented.

Security Prospects through Cloud Computing by Adopting Multiple Clouds Meiko Jensen, Jorg Schwenk Jens-Matthias Bohli, Nils Gruschka Luigi Lo Iacono Presented.
Integration Considerations Greg Thompson April 20 th, 2006 Copyright © 2006, Credentica Inc. All Rights Reserved.

Integration Considerations Greg Thompson April 20 th, 2006 Copyright © 2006, Credentica Inc. All Rights Reserved.
Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.

Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Similar presentations

Ads by Google