Cloud Security and Privacy

Cloud Security

Security issues and challenges threaten the survival of the cloud ecosystem. These include but are not limited to data breaches, data loss, network security, data locality, data access, system vulnerabilities, account hijacking, malicious insider, and advanced persistent threats among others. These challenges ae briefly discussed as follows.

Data Breaches

Data breach occurs when an unauthorized third-party maliciously gains access to data at rest in a cloud infrastructure or data in transit for compromising its integrity.

The attractive targets are the cloud data and file servers that hold massive volume of data. How  much severe the attack is depends on the confidentiality nature of the data being attacked.

However, the impact of the attack depends on the type of the compromised data. This could range from financial data (for example, credit card information), personal data, trade secrets, health information and government critical data to intellectual properties of a person or an organization.

Network Security

Network security problems often arise when an elastic cloud infrastructure is incorrectly configured or experience a malicious denial-of-service attack or unauthorized access leading to data leakage.

To mitigate against leakage of sensitive information, appropriate measures must be put in place to secure the data, the transmission medium and the network. Hence, a strong network traffic encryption can be implemented to secure the network against malicious intrusions and extrusions.

Data Locality

Cloud service consumers are not aware of where their data is stored due to virtualization. However, legal implications of using, sharing and storing of data exist and vary from one country to another based on relevant laws and policies regarding intellectual property.

Data Access

Data accessibility is the ability of cloud service customers to be able to gain authorized access to their subscribed services anywhere and at any time. However, strong identity management and access control schemes must be implemented for user authentication before the access to the massive cloud resources is granted.

System Vulnerabilities

Vulnerabilities of the system are exploitable program bugs in the operating system that can be exploited by attackers to gain full access to the host computer.

Vulnerable systems are prone to a denial-of-service attack, advanced persistent threat and malicious user’s attack.

When participating in a network, the attacker leverages on these vulnerabilities to distribute different kinds of network, thereby making real data, applications or other resources in cloud unavailable to legitimate users. To mitigate this, appropriate security fixes and overhauls should be periodically conducted.

Account Hijacking

This involves the stealing and using of the account details of a legitimate user for disreputable purposes using techniques like fraud and phishing. The credential hijackers could easily compromise the availability, integrity and confidentiality of the cloud services.

A multifactor authentication mechanism should be enabled to mitigate the sharing of account credentials between users and cloud services.

Malicious Insiders

These are past or present malicious insiders like system administrators, former employees, business partners or a third party contractors with high-level of access to potentially private, sensitive information and critical systems leading to a serious data breach.

The advanced persistent threats

This is a stealthy computer network attack in which multiple assault code are injected into a vulnerable system at entry points while participating in a targeted network such that certain malicious individuals gain unauthorized access and remain undetected over a long period of time.

Permanent data loss

This can be due to natural disaster, total hardware failure, unintentional cancellation by clients or support staff at the service provider’s end or psychology militant assault.

The cloud service provider must make adequate mitigation plans against data loss regardless of any form it takes. Regular backup routines to remote locales can help in this regard.

Shared technology, shared dangers

Vulnerability and misconfigured components or weak isolation properties of a cloud services’ component in a shared multi-tenant cloud system can be leveraged upon by attackers to cause data breach due to compromised cloud data security. Best practices should be employed for data management and client implementation to guide against shared technology vulnerabilities.

Compromised credentials and broken authentication

Many cloud applications are equipped towards clients’ collaborations, thereby releasing open cloud administrations to pernicious clients. These clients can use assault code, including email spam, DoS assaults and computerized click extortion, and so on to gain unauthorized access to critical data, control and management functionalities of the cloud services.

Attackers can inject malicious software to attack the cloud services, modify data and service management/control parameters or sniff data in transit.

Hacked interfaces and Application Programming Interface (API)

APIs and user interfaces are the fundamental backbones of cloud system connections and synergy among clients and the elastic computing systems.

Cloud API’s Internet Protocol (IP) addresses expose the association between clients and the cloud, so security APIs from corruption or human mistakes is pertinent to cloud security.

A special security requirement for the APIs needs to be designed to allow for access via encrypted keys, which are used to authenticate the API user so as to guide against accidental and malicious random attempts.

Cloud CIA Security Model

Due to the multi-tenancy structure of the cloud computing system, cloud data is highly vulnerable to a number of security threats. However, the level of vulnerability of the cloud resources depends on the cloud delivery model used by a cloud service consumer.

The major challenges of cloud resources are confidentiality, integrity and availability (CIA).

Dat confidentiality

Data confidentiality refers to the ability to share sensitive data between a number of users without violating the privileges granted by the data owner to each of the targeted user.

A streamlined concept of data confidentiality is data privacy. Data privacy means that the data owned by an individual will never be disclosed to any other.

However, privacy is much easier to manage than confidentiality because sharing is precluded. In public clouds, the cloud service provider is solely responsible for security the cloud service consumer’s data.

Confidentiality of data is enforced using virtualization, job scheduling and resource management. However, attackers can gain full access to the host and via cross-VN side-channel attacks; they can extract information from a target VM on the same machine.

Data integrity

Dat integrity refers to the process of ensuring that cloud users’ data is protected from unauthorized modification, thus assuming that the stored data has not been manipulated in any way by any unauthorized parties.

To maintain data integrity, the cloud service provider must ensure that access restriction to data in transit or data in storage is enforced against third parties.

Data availability

This characteristic indicates that rightful owners of data, in this case, cloud service consumers, can seamlessly gain access to their data, and they are not denied access erroneously or due to malicious attacks by an entity.

It could also refer to the cloud data server or virtual machine uptime and the capability to operate continuously. However, a DS (DoS) attack is the main threat to data availability.

The following table provides an overview of the CIA threats and their significance to the cloud service delivery models:

Cloud Computing Security Architecture

The security architecture of cloud computing is the most crucial and fundamental determinant of the level of security that would be experienced in the entire cloud computing ecosystem.

Currently, there is no globally accepted official standard for the cloud security architecture; however, reliable cloud security architecture must be designed to uphold optimal protection of the cloud ecosystem and the associated functionalities in an efficient manner.

A typical cloud security architecture is represented in the figure below.

Cloud computing security architecture

Cloud computing security architecture

It is a four-layered architecture which is made up of the user, the service provider, the virtual machine, and the datacenter.

The user layer consists of several components, including programming, cloud applications, tools, and environments. Examples of such cloud applications include Facebook, B2B, CDN, Aneka, Enterprise, Mashups, Web 2.0 Interfaces, Scientific and MapReduce, and so on.

However, common security implementations at the user layer include, but are not limited to, Browser Security, Authentication and Security-as-a-Service.

At the service provider layer, the important constituent components include resource provisioning, SLA Monitor, Scheduler & Dispatcher, Metering, Load Balancer, Accounting , Policy Management and Advance Resource Reservation Monitor.

Security concerns in the service provider layer include Data transmission, Privacy, People and Identity, Infrastructure management, Audit and Compliance, Cloud integrity and Biding Issues.

Furthermore, the virtual machine layer is composed of several instances of virtual machines, operating systems and monitoring applications.

Virtual machine layer security considerations include cloud legal and regulatory issues, VM Escape, VM Sprawl, Infrastructure, Identity and Access management as well as separation between customers and others.

Lastly, the data center which is the infrastructure layer is composed of the servers, storage, memory, the CPU and other cloud service resources, typically denoting an Infrastructure-as-a-Service (IaaS) layer.

However, key security concerns in this layer are physical security, Secure data at rest, and Security :  Network and Server.

User Layer Security

Security-as-a-service, browser security and authentication are discussed in this section.

Security-as-a-service

Security-as-a-service is a service-oriented security mechanism for protecting the user layer of the cloud computing ecosystem.

It consists of two broad approaches.

In the first approach, the consumer, the provider and established information security vendors can solicit or provision security-as-a-service when required.

With the second approach, security, is provided as a cloud service by the cloud service provider in conjunction with information security companies like the anti-malware vendors delivering SaaS to filer email messages.

Browser Security

A standard web browser is an application used by cloud consumers to access their subscribed services anywhere and at any time.

To ensure security of browsers, a number of policies have been proposed of which the most dominant ones are the Transport Layer Security (TLS) for host authentication and data encryption, and the Legacy Same Origin Policy (SOP) involving scripting of web pages for access and usage rights.

It makes read or write operations privileges for updates on content evolving from different origins.

By Origin, we mean ‘the same application’, which is easily identified by the domain name, protocol and port in a web. However, TLS offers the functionalities to protect data during transport and authenticate the server’s domain name in web applications.

Attacks on Browser-based Cloud Authentication is one of the security concerns with browser-based protocols in cloud computing which occurs when the browser is incapable of generating cryptographically-valid XML tokens.

To mitigate this, browser security APIs can be updated with recent enhancements of XML encryption and signature.

Authentication

In the cloud ecosystem, user authentication is the primary objective of an access control mechanism due to wide range of accessibility to cloud data via the internet.

This is because authentication is the most frequently targeted attack focal point in hosted and virtual services.

Until now, a number of mitigation strategies against authentication attacks have been developed. An example of the authentication standard adopted in the cloud is the Trusted Platform Module (TPM).

TPM is commonly available and a more reliable authentication scheme than the password login verification check. It uses an IF-MAP standard to authorize users in real-time communication between the cloud provider and the consumer.

This standard offers a means to revoke, modify and reassign the users’ cloud access while authenticating client nodes and other devices participating in the cloud’s active transaction.

Service provider security issues

It is the responsibility of the cloud service provider to ensure that the public cloud provisioned to a consumer meets all organization security and privacy requirements.

The cloud service provider is expected to provide safety standards required to protect the organization’s data, applications and other components as well as a presentation of a guarantee on the fail-safe potential and effectiveness of the safety standards provided to secure organizational data and applications into the cloud.

Identity and access management

Identity and access management (IAM) involves the Authentication, Authorization and Auditing (AAA) of users accessing cloud services.

To manage IAM, a static trust boundary is created, monitored and controlled in most organizations for applications make up the trust boundary in a private data center.

However, the private data center perimeter is secured via network security controls that include virtual private networks (VPNs), intrusion prevention system (IPSs), intrusion detection systems (IDSs) and multifactor authentication.

For a dynamic trust boundary, such as in the cloud, in which the organization’s application, system and network boundary extend into the service provider domain, application security, user’s access control mechanism, trusted sources with user activity monitoring, accurate attributes, strong authorization, authentication based on roles or claims, identity federation, single sign-on (SSO), and auditing must be put in place to enforce strict IAM.

Privacy

Privacy is a critical challenge in cloud computing. Regulations on storage, usage, management and access to individual information vary across the world and some stringent restrictions are enforced by a number of countries regardless of where the data is stored.

A cloud service provider must ensure strict compliance with service level agreement on data privacy concerns of the organization because non-compliance or a potential mistake made might come with very great consequences and the costs might be very huge to manage.

However, an effective assessment strategy must be formulated to cover identity management, data protection, secure operations, privacy, and other issues related to security and legal aspects.

Securing data in transmission

Encryption techniques are often employed to secure data in transmission. Securing data in transmission literally means that the data is sent to the correct destination only via authentication and integrity check, not intercepted or modified during transmission using secure socket layer (SSL)/TLS protocols to verify.

Integrity and confidentiality of data in transmission form/to the cloud provider can be enhanced by using access control mechanisms like authentication, authorization, auditing of accessed resources, and ensuring that internet-facing resources are available at the cloud provider’s end.

A possible attack during active data transmission is Man-in-the-middle attack. This is a cryptographic attack that occurs when an attacker is able to intercept the communication’s path between the users and attempts to interrupt and change communications.

User Identity

A cloud computing ecosystem supports large enterprises and diverse communities of users which make user identity a critical part of the cloud security architecture.

Most cloud service providers often hire privileged users as administrators.

A cloud service provider must ensure stringent requirements to monitor the activities of privileged users. This may include but not limited to background checking, physical monitoring and logging activities.

To synchronize and manage authentication and authorization with the enterprise back-end or third-party systems, identity federation and rapid on-board capabilities must be initiated.

This will provide the capability for the users to easily and efficiently use single sign-on logons for both the cloud and internally-hosted applications.

Audit and compliance

After a number of organization’s requirements have been mutually agreed upon by both the consumer and provider of a cloud service and reported in a SLA document, audit and compliance strategies must be established to ensure that the internal and external processes are duly executed based on the documented requirements and business objectives, laws and regulations and internal corporate policies.

These policies and procedures must be well checked and monitored for compliance reasons.

The cloud service providers (CSPs) are responsible for the monitoring, evaluation and demonstration of the degree of compliance with regulatory requirements, coordination and external auditing and internal policy requirements in addition to the customer’s business and organization’s objectives.

Cloud Integrity and Binding Issues

An important requirement in the cloud computing ecosystem is to coordinate and maintain instances of virtual machines (IaaS) or explicit service execution modules (PaaS). For any user request, the cloud system is responsible for determining a free-to-use instance of the implementation type for the requested service such that the new instance is accessed by communicating the address to the requesting user.

Cloud Malware Injection Attack is a typical attack aimed at injecting a malicious service performance module into a legitimate instance of a virtual machine.

This is mainly done to modify unauthorized data and gain full functionality changes or blockings. This attack is adaptive as it can create its own malicious service implementation module (PaaS or SaaS) or virtual machine instance (IaaS).

Flooding attacks

A cloud computing environment provides a dynamic adaptation of hardware requirements to the actual workload by using virtual machines.

However, a common security challenge to the availability and accessibility of the hardware resources is the DoS. A DoS attack occurs when a host is visited with heavy requests emanating from multiple computers to prevent it from responding to reasonable requests in a timely manner.

A flooding attack causes the server’s hardware resource to become completely exhausted such that the same hardware system is unable to perform any intended tasks. This can lead to non-availability of resources or  services in the cloud computing environment.

Accounting and accountability

Accounting and accountability is a significant cost-effective motivator to adopt cloud services.

As customers are charged based on the actual usage of cloud services, a flooding attack on a cloud service can drastically increase the bills of cloud usage.

As a result, the customer running the flooded service is additionally billed for the workload caused by the attacker.

Security issues in virtualization

A virtual machine (VM) is a software implementation of a physical machine that executes programs and processes users’ data. Extending virtual machines to public clouds can cause the enterprise network perimeter to grow.

Virtual machine escape

VM escape is a security situation which occurs when a total system failure is experiences due to improperly configured virtual machines.

The other potential risk associated with virtualization is Rogue Hypervisors.

A hypervisor is a component of the virtual machine that enables host isolation and resource sharing. It is a key component for managing risk in a VM.

However, Rouge hypervisors is the guest operating system running in a virtual environment like a traditional operating system and managing input/output processes to hardware and network traffic, hijacking the functions of the hypervisor.

Increased Denial of Service Risk : The threat of DoS attacks is no different in virtualized systems as being experienced in physical systems. The denial of service risks continues to grow tremendously in virtualized systems, the host or an external service because virtual machines share the host’s resources such as disk, processor, memory, I/O devices, and so on.

Best Practices Security Techniques

Hardening the Host Operating System involves moving the vulnerabilities from the operating system of the host system to the operating system of the virtual machine.

Limiting Physical Access to the Host is an attempt to use the physical host security to protect the hardware of the virtual machine to keep intruders away from attacking the hardware.

Using Encrypted Communications is to provide secure communications via cryptography techniques like Secure Shell (SSH), Transport Layer Security (TLS), Secure HTTPS (HTTPS), and encrypted Virtual Private Networks (VPNs), and so on between the client domain and host domain and/or from administrations to host domains.

Disabling Background Tasks is to schedule traditional server operating systems to execute after long hours with a number of low-priority processes.

Updating and Patching is the mechanism of  effective patching and updating of systems in standards’ organizations. The patching process is undermined by the creation of virtual machines.

Implementing File Integrity Checks is a verification process of the files for accurate consistency retention.

Securing VM Remote Access is the management of remote access to the VM systems located on a server. The use of strong authentication techniques, including one-time passwords, use of encrypted communications (SSH, MAC address, VPNs or IP address filtering only), public/private key pairs, strong passwords and two-factor authentication should be employed.

Separation between users

Separation between a cloud provider’s users to avoid intentional or inadvertent access to sensitive information is a great concern.

The cloud service provider must ensure to use strong virtual network separation technologies and conduct VM integrity and hardware-based verification of hypervisors.

Cloud legal issues

A cloud provider must be aware of strong policies that address regulatory and legal issues and each cloud consumer is expected to consider issues like legal discovery and compliance, data retention and destruction, data security and export, and auditing when preparing a service level agreement with a cloud service provider.

Datacenter security issues

It is pertinent to capture the datacenter security solutions and products as a constituent part of the complete cloud security architecture and not just deployed to be more effective.

Securing data-storage

Cloud data storage security concerns include the manner in which data is accessed and stored, notification requirements, audit requirements, compliance, issues involving the cost of data breaches and damage to brand value.

Sensitive and regulated data must be identified and properly segregated. Data privacy protection and compliance management are critical at the cloud service provider’s end.

This can be achieved via encryption. Extra caution must be made between the cloud consumer and the cloud service provider to share the encryption keys securely. With data-at-rest, the economics of cloud computing are such that PaaS-based applications and SaaS use a multi-tenancy architecture.

Data-at-rest can be secured via cryptographic encryption and self-encrypting. Self-encrypting provides automated encryption with minimal cost or performance impact.

Software encryption is less secure and slower because the encryption key is highly prone to being copied off the machine without detection.

Network and server

Server-side protection : Virtual servers and applications are required to be secured in IaaS clouds physically and logically. An example is the virtual firewalls which are often used to isolate teams of virtual machines from different hosted teams like production systems from development systems or development systems from different cloud-resident systems.

Securing the hybrid cloud

A hybrid cloud is a composite cloud infrastructure consisting of a private cloud composed with another organization’s public cloud or vice versa.

Both composite clouds are distinctive entities along the standardized or proprietary technology that fosters unified service delivery and interdependency.

However, possibility of leaks or holes between the hybrid infrastructures is a security issue that requires attention. Furthermore, the availability of the hybrid cloud computed by the supply levels for each of the distinct clouds also raises a concern.

If the availability level of either cloud system drops, the notion of hybrid tendency diminishes proportionately. Hybrid cloud service providers must ensure that each consumer’s virtual domains are properly isolated such that no probability exists for data or transactions to leak from one tenant domain into another.

This can be achieved by configuring trusted to policy-based security zones or virtual domains. Intrusions detection by configuring trusted policy based security zones or virtual domains.

Intrusion detection and prevention systems can also be designed to detect data leakages, intrusions and extrusions (the misuse of a client’s domain to mount attacks on third parties) into a client’s trusted virtual domains as data management gets out of the customer’s management window.