Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr. XiaoFeng Wang (Associate Professor, IUB) Cloud Security: New Challenges, New Opportunities.

Similar presentations


Presentation on theme: "Dr. XiaoFeng Wang (Associate Professor, IUB) Cloud Security: New Challenges, New Opportunities."— Presentation transcript:

1 Dr. XiaoFeng Wang (Associate Professor, IUB) Cloud Security: New Challenges, New Opportunities

2  The Cloud is the future  Ultra cost-effective computation  The only scalable platform for data- intensive computing Cloud Computing  The Cloud is not Secure  Security/Privacy is the main concern  Service providers avoid liability “…We strive to keep Your Content secure, but cannot guarantee that we will be successful at doing so, given the nature of the Internet.” - Amazon - Amazon

3 Cloud Security: Anything New?  Web Security  Virtual Machine Security  Secure Computing Outsourcing  Data Storage Security and Privacy  Decentralized Access Control and more

4 What We Believe New  The Cloud brings us New Challenges: E.g.,  Move applications into the Cloud   Applications change   New security problems emerge New  The Cloud brings us New Opportunities: E.g.,  Design for Data-Intensive Computing  Hybrid Cloud Infrastructure

5 What We Found  Surprising New Security Challenges in SaaS:  fundamental vulnerability to side-channel attacks  Susceptibility of API service integrations to logic flaws  Surprising New Solution:  Secure DNA Alignments can scale on the Cloud

6 Challenges in Making SaaS Right Joint Work with Rui Wang, Kehuan Zhang, Zhou Li (my students) and Dr. Shuo Chen, Dr. Shaz Qadeer (MSR) Related Publications: Oakland’10, CCS’10, Oakland’11

7 (1) split between client and server (2) state transitions driven by network traffic Desktop application Web application Worry about privacy? Let’s do encryption.

8 The Problem is serious High-profile Web Applications Serious information leaks: health records, family income, investment details, search queries The problem is fundamental stateful communication, low entropy input and significant traffic distinctions. Defense is non-trivial effective defense needs to be application specific. calls for a disciplined web programming methodology.

9 Impacts Your health, tax, and search data siphoned: Software-as-a-service springs SSL leak, The Register, 23 March 2010 Side-Channel Leaks in Web Applications, Freedom to Tinker, Ed Felten's blog, 23 March 2010 Researchers sound alarm on Web app "side channel" data leaks, Network World, 24 March 2010 Bruce Schneier commented on our work Someone wikied our work SaaS Apps May Leak Data Even When Encrypted, Study Says, darkReading, 26 March 2010 and more: Searching Google with “side-channel leaks in web applications”

10 Scenario: search using encrypted Wi-Fi WPA/WPA         1007 Query suggestion

11 tabs suggestions

12 Two most-popular online tax software. Design: a wizard-style questionnaire Tailor the conversation based on user’s previous input. Problem: Information Leaks from control flows E.g., Filing status, Number of children, Paid big medical bill, the adjusted gross income (AGI)

13 Entry page of Deductions & Credits Summary of Deductions & Credits Full credit Not eligible Partial credit All transitions have unique traffic patterns. $0 $110000$ Not eligible Full credit Partial credit (two children scenario)

14 Entry page of Deductions & Credits Summary of Deductions & Credits Full credit Not eligible Partial credit Enter your paid interest $0 $ $ Not eligible Full credit Partial credit

15 Disabled Credit $24999 Retirement Savings $53000 IRA Contribution $85000$ College Expense $ $ Student Loan Interest $ First-time Homebuyer credit $ $ Earned Income Credit $41646 Child credit * $ Adoption expense $ $ $ or $ or $ … $0 OnlineTax A can find more than 350 credits/deductions.

16 Funds you invested in? GIF image from MarketWatch. Just compare the image sizes! 3346 B 3312 B 3294 B Fund allocation Pie Charts

17 Inference of Fund Allocation  800 charts  80 charts  8 charts 1 chart Size of day 1 Size of day 2; Prices of the day Size of day 3; Prices of the day Size of day 4; Prices of the day  charts

18 Challenges in API Service Integrations  Examples:  Payment Services (PayPal, Amazon Payment, Google Checkout, etc.)  Login Services (Google ID, Facebook Connect, etc.)  Other cloud API services (Amazon EC2, Simple DB, etc.)  Hybrid Web Applications  Integrating API services from other parties  VERY, VERY HARD TO DO IT RIGHT

19 Our Study: Cashier-as-a-Service 3 rd -party cashiers e.g., PayPal, Amazon Payments, Google Checkout A decision to be made jointly The web store handles the order The CaaS handles the payment

20 T Pay Now Please confirm: shipping address: xxxxxxxxxxxxxxxxxxx billing address: xxxxxxxxxxxxxxxxxx total amount: $39.54 T Thank you for your order! Your order #12345 will be shipped. View the order PayPal (CaaS) Buy.com RT3.a.a RT3.a.b Shopper RT4.a RT4.b RT2.b RT2.a RT1.a RT1.b RT: HTTP round-trip : Web API RT3.b RT3.a Many other payment services (PayPal Standard, PayPal Express, Amazon Simple Pay, Checkout By Amazon, Google Checkout, etc.) Different integrations

21 Mom, can I do X ? Mom Dad Naughty kid Sounds reasonable, but ask Dad to call me. Dad, Mom is ok about X’, can you call her? Sounds like a wacky idea. I am not sure. What do you think? I think it is fine. OK.

22 Software powering web stores NopCommerce – popular open-source Interspire – ranked #1 by Top10Reviews.com Amazon SDKs – used by stores to integrate Amazon Payments Closed-source big stores JR.com Buy.com What We Studied

23 Note: the phone number is analogous to the returnURL field in Amazon Simple Pay Jeff, I want to buy this DVD.. Shopper Chuck Amazon Jeff Chuck, pay in Amazon with this signed letter: Dear Amazon, order#123 is $10, when it is paid, call me at [Jeff’s signature] Amazon, I want to pay with this letter Dear Amazon, order#123 is $10, when it is paid, call me at [Jeff’s signature] Hi, $10 has been paid for order#123. payee = [Amazon’s signature] Great, I will ship order#123! Amazon Simple Pay Integrated in NopCommerce

24 Register an Amazon Seller Account a $25 MasterCard gift card can work We registered it under the name “Mark Smith” with PayPal, Amazon and Google using the card. Pay to Mark but Check out from Jeff (and seller Mark) Jeff, I want to buy this DVD. Shopper Chuck Amazon (CaaS) Jeff Chuck, pay in Amazon with this signed letter: Dear Amazon, order#123 is $10, when it is paid, call me at [Jeff’s signature] Amazon, I want to pay with this letter Dear Amazon, order#123 is $10, when it is paid, call me at [Jeff’s signature] [Mark’s signature] Hi, $10 has been paid for order#123. payee = [Amazon’s signature] Great, I will ship order#123! How to Shop for Free

25 PayPal Express Integrated in Interspire

26 (RT3.b) redir to TStore.com/updateOrder? orderID1 T* Session1: pay for a cheap order (orderID1) in PayPal, but avoid the merchant from updating it status to PAID RT3.b RT4.a (RT4.a) call TStore.com/updateOrder? orderID1 T* orderID2 T* TStore.com Session 2: place an expensive order (orderID2), but skip the payment step in PayPal RT3.b (RT3.b) redir to TStore.com/updateOrder? orderID2 T* TStore.com PayPal Express Integrated in Interspire

27 The order is generated based on the cart at the payment time (RT3.a). The payment amount is calculated based on the cart at the moment when the shopper clicks “checkout” (RT2.a). Between RT2.a and RT3.a, the shopper can add more items to the cart. Google Checkout Integrated in Interspire

28 Logic flaws in 9 checkout scenarios scenariodescription NopCommerce with PayPal standardPay arbitrary amount to check out NopCommerce with Amazon Simple PayPay to the shopper himself, but check out from the victim store. Interspire with Amazon Simple PayNo need to pay Interspire with PayPal ExpressPay for a low-price order, check out a high-price one. Interspire with PayPal StandardPay for an order, check out an arbitrary number of orders of the same price. Interspire with Google CheckoutPay for only the least expensive item in the cart JR.com with Checkout-By-AmazonPay arbitrary amount to check out Buy.com with PayPal ExpressPay for an order, check out an arbitrary number of orders. Amazon Payments SDKNo need to pay What We Found

29 Dear Buy.com customer service, Last week I placed the two orders (Order Number: Order number: ) in buy.com. Both items were shipped recently, but I found that my paypal account has not been charged for the order (the alcohol tester). My credit card information is: [xxxxxxxxx] The total of the order is $5.99. Please charge my credit card. Thank you very much From: Buy.Com Support Date: Sun, Jun 13, 2010 at 3:32 PM Subject: Re: Other questions or comments (KMM I15977L0KM) To: Test Wang Thank you for contacting us at Buy.com. Buy.com will only bill your credit card only when a product has been shipped. We authorize payment on your credit card as soon as you place an order. Once an item has shipped, your credit card is billed for that item and for a portion of the shipping and/or tax charges (if applicable). If there are items on "Back Order" status, your credit card is re-authorized for the remaining amount and all previous authorizations are removed. This is the reason you may have multiple billings for your order. … A generic reply that misunderstood the situation Dear buy.com customer service, I am a Ph.D. student doing research on e-commerce security. I bumped into an unexpected technical issue in buy.com's mechanism for accepting the paypal payments. I appreciate if you can forward this to your engineering team. The finding is regarding the order I placed the order in an unconventional manner (by reusing a previous paypal token), which allowed me to check out the product without paying. I have received the product in the mail. Of course I need to pay for it. Here is my credit card information [xxxxxxxxxxxx]. Please charge my card. The total on the invoice is $5.99. Re: Other questions or comments (KMM I15977L0KM) Buy.Com Support Wed, Jun 16, 2010 at 6:25 PM To: Test Wang Hello Test, Thank you for contacting us at Buy.com. Based on our records you were billed on 6/10/2010 for $5.99. To confirm your billing information please contact PayPal at https://www.paypal.com/helpcenter or at After our refund–eligible period, we mailed the products back by a certified mail. We disclosed technical details to them.

30 What Do We Learn?  SaaS is different  Two party, multi-party applications  Openness and complexity of the web platform  Formal verification: how to build the model?  Need new development methodologies  Treat side channels seriously  Better integration supports

31 Defense is Nontrivial  Padding strategies  Rounding  Random padding  Challenges  Overheads (at least one-third bandwidth usage)  Implementation hurdles  Demand for the Change to the Web-app Development methodology

32 Sidebuster  Side-channel detection tool for web applications  Information flow analysis to locate where leaks happen 1.Sensitive data “taints” network traffic 2.Content of the data associated with different traffic features  Quantify the information being leaked

33 Secure and Scalable Read Mapping on Hybrid Clouds Joint work with Yangyi Chen, Bo Peng (my students) and Dr. Haixu Tang (bioinformatics expert) Related Publication: NDSS’12

34 Read Mapping  Align a short DNA (read) to a long one (reference genome)  Pre-requisites for all DNA analyses  Computation intensive (involving millions of reads)       A TCGC A GTCGC A T Reference Genome (about 6 billion bps) A TTGC Read (about 100 bps) A TTGC

35 Read Mapping on the Cloud  Technical Challenges  Millions of reads  a reference of billions of nucleotides  Edit-distance based alignment  Cloud solutions  Cost of sequencing < cost of mapping within organizaitons  Cloud computing is the only solution  Privacy  NIH disallows reads with human DNA to be given to the public Cloud

36 Secure Computation Outsourcing  Too heavyweight for data-intensive computations  E.g., align two sequences of 25  3 minutes via homomorphic encryption/oblivious transfer/secret sharing [Atallah03]  4 seconds via improved SMC [Jha07]  Problems with Secret Sharing  Communication overheads  Policy concerns

37 Data Anonymization  Data aggregation and noise adding  Vulnerable to re-identification attacks  Given a reference population and a DNA sample, a read donor could be identified from aggregate data

38 Can we find a Better Solution?  The Cloud is special  Design for simple, parallelizable tasks  Good at processing a large amount of data  Work in a hybrid way  The problem is special  Small edit distance (<= 6) Public Cloud Public Cloud Private Cloud

39 Seed and Extend  For a distance d, at least one of d +1 seeds of a read matches an l-mer on its alignment A TTGC T GATGCA A GAA TGC TGTGCA A TTGC TGATGCA G l-mer  Seeding: compare with l-mers to find possible positions of a read  Extension: extend from the positions to find the right alignments

40 A Surprisingly Simple Solution  Public Cloud does the seeding on encrypted data  Simple, parallelizable, data-intensive  Private Cloud does the extension  Complicated, yet involving relatively small amount of data  Goals  High security assurance  Outsourcing dominant portion of Workload  Scalability  Limited Inter-Cloud Communication

41 Our Design 1.Prepare encrypted reference sequences:  Extract from the reference subsequences (l-mers)  Encrypt unique l-mers  Send ciphertext to the public cloud 2.Public Cloud:  Match encrypted seeds to the encrypted references 3.Private Cloud:  Extend the reads according to the matches

42 Does This Approach Work?  Performance:  Can we move the most workload to the public cloud?  Security:  Can sensitive information be inferred from encrypted sequences?

43 Short Seeds  Problem:  When d >= 5, seeds are too short (< 20)  Short seeds  lots of matches  workload for the private cloud  Our idea: 2-seed combinations  E.g., given d=5, a read can be divided into 7 seeds, with 2-seed combination of 28 bps

44 Seed Combinations  2-combinations of Reference 12-mers: about 7 TB with SHA-1 TCGTACT A GTC A TCT A TAT ATCGCGACTTCAT  C G TCA G T CAAT … … …  CGCAT  2-combinations of seeds (12bps): about 2.8 GB for 10 M reads

45 Menace of Frequency Analysis  Performance gain comes with security threats  Public Cloud needs to know when matches happen  deterministic cryptosystem  the threat of frequency analysis  How serious the problem is?  Over 80% of 24-mers are unique  The rest 20% often carry little information

46 Security Analysis

47 Outcomes of the Analysis Test group: the individuals are not in case and reference Data: YRI population from HapMap and Reference Genome (40 cases, 40 for the test group)

48 Performance Evaluation  Implementation over Hadoop  Clouds  Public Cloud: 20 nodes on FutureGrid (8-core 2.93GHz Intel, 24 GB memory, 862 GB local disk)  Private Cloud: a single node  Data  10 million real human microbiome data with 4% human DNA, total 250 MB  Reference genome: Chromosome 1 (252.4 million bps), Chromosome 22 (52.3 million bps)

49 Preprocessing and Seeding

50 Workload on the Privacy Cloud

51 Conclusion

52 New Security Challenges, New Opportunities  Side-channel leaks and API integrations  Wouldn’t be such a serious problem without SaaS  Secure read mapping  Made possible by the cloud’s data processing capabilities  Made practical by the hybrid-cloud infrastructure  Key: features of the cloud and the problems it works on

53 What’s Next?  Hybrid Web Applications  Hybrid-Cloud Secure Data-Intensive Computing

54


Download ppt "Dr. XiaoFeng Wang (Associate Professor, IUB) Cloud Security: New Challenges, New Opportunities."

Similar presentations


Ads by Google