Cara cloud, ha chiamato l’utente, rivuole la sicurezza by Alessandro Manfredi
63
[email protected] Alessandro Manfredi Hey Cloud, it’s the user calling, he says he wants the security back
-
Upload
codemotion -
Category
Technology
-
view
220 -
download
0
description
Non si può rinunciare alla comodità ed alla convenienza di salvare i dati nel cloud, ma dov’è la sicurezza? FileRock, servizio di cloud storage sicuro, presenta le tecniche utilizzate nel suo client open source per fornire sicurezza indipendente dal provider: cifratura e controllo di integrità, completezza, in un’unica soluzione aperta ed integrabile in altre applicazioni.
Transcript of Cara cloud, ha chiamato l’utente, rivuole la sicurezza by Alessandro Manfredi
Alessandro Manfredi
Hey Cloud,it’s the user calling,he says he wants the security back
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
1. Cloud computing in a nutshell2. About cloud security
• Guarantees provided by cloud services• Assumptions customers might regret
3. Focus on data security• Data integrity check techniques• The FileRock solution• Demo
[email protected] Manfredi
Agenda
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
1. Cloud computing in a nutshell2. About cloud security
• Guarantees provided by cloud services• Assumptions customers might regret
3. Focus on data security• Data integrity check techniques• The FileRock solution• Demo
[email protected] Manfredi
Agenda
spoiler:not many
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Cloud Computing - What
Countless definitions and categories...
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Cloud Computing - What
On demand
Scalable
Cost-effective
etc. etc.
Countless definitions and categories...
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Cloud Computing - How
How?
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Cloud Computing - How
How?Shared infrastructure
Automatedprovisioning
Consolidated hardware
Remoteadministration
Hey, we manage these stuff from remote!
...
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
So what about security?
“The cloud is built on trust”-- random.choice(cloud_enthusiasts)
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
So what about security?
“The cloud is built on trust”-- random.choice(cloud_enthusiasts)
THE SERVICE OFFERINGS ARE PROVIDED “AS IS.” WE AND OUR AFFILIATES AND LICENSORS MAKE NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR
OTHERWISE REGARDING THE SERVICE OFFERINGS OR THE THIRD PARTY CONTENT, INCLUDING ANY
WARRANTY THAT THE SERVICE OFFERINGS OR THIRD PARTY CONTENT WILL BE UNINTERRUPTED, ERROR FREE OR FREE OF HARMFUL COMPONENTS, OR THAT
ANY CONTENT, INCLUDING YOUR CONTENT OR THE THIRD PARTY CONTENT, WILL BE SECURE
OR NOT OTHERWISE LOST OR DAMAGED. EXCEPT TO THE EXTENT PROHIBITED BY LAW, WE AND OUR AFFILIATES AND LICENSORS DISCLAIM ALL WARRANTIES [...]
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
So what about security?
“The cloud is built on trust”-- random.choice(cloud_enthusiasts)
THE SERVICE OFFERINGS ARE PROVIDED “AS IS.” WE AND OUR AFFILIATES AND LICENSORS MAKE NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR
OTHERWISE REGARDING THE SERVICE OFFERINGS OR THE THIRD PARTY CONTENT, INCLUDING ANY
WARRANTY THAT THE SERVICE OFFERINGS OR THIRD PARTY CONTENT WILL BE UNINTERRUPTED, ERROR FREE OR FREE OF HARMFUL COMPONENTS, OR THAT
ANY CONTENT, INCLUDING YOUR CONTENT OR THE THIRD PARTY CONTENT, WILL BE SECURE
OR NOT OTHERWISE LOST OR DAMAGED. EXCEPT TO THE EXTENT PROHIBITED BY LAW, WE AND OUR AFFILIATES AND LICENSORS DISCLAIM ALL WARRANTIES [...]
Source: https://aws.amazon.com/agreement/
..do not blame them, it’s common to the ToS of most of the service providers! E.g., see:
• https://www.rackspace.com/information/legal/cloud/tos
• https://developers.google.com/appengine/terms
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
So what about security?
“The big guys probably handle security better than how you could
do on premise”
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
So what about security?
“The big guys probably handle security better than how you could
do on premise”
To some extent, this actually makes sense• Operating on a large scale, they have more resources• Redundant networks, power sources, etc.• Good physical surveillance
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
However...
Betting on a lot of assumptions that the provider...
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Assuming that the provider...
... has no malicious intent ...
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Assuming that the provider...
... has complete control over employees ...
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Assuming that the provider...
... uses software that never fails ...
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Assuming that the provider...
... does not introduce security-critical bugs ...
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Assuming that the provider...
... never screws up ...
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Assuming that the provider...
... always takes good care of your resources,even if by ToS / SLA
they are not legally responsiblefor any error or damage.
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Wait, what can possibly go wrong with services used by hundreds of millions of
customers around the world?
[email protected] Manfredi
What can possibly go wrong?
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Mistakes happen
On June 2011, for few hours any Dropbox account was
accessible with any password
( not blaming them, these things can happen )
Screenshots of web pages can include contents whose license is defined by the relative publisher.
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Ok, but that’s just because it’s a consumer service...It will never happen in an enterprise-class service...Plus everyone now offers two factor authentication.
[email protected] Manfredi
What about enterprise services?
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Even big security firms have security breaches
Screenshots of web pages can include contents whose license is defined by the relative publisher.
Earlier in 2011, RSA was victim of a breach that
compromised customers protected by their SecurID
( again, not blaming them, these things can happen )
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Even when providers behave as you expect...
Cloud providers must obey the laws enforced in the country where they are
based.
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Even when providers behave as you expect...
Cloud providers must obey the laws enforced in the country where they are
based.
Authorities can access your data
Data might be intentionally tampered or made
unavailable
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Focus on data security
[email protected] Manfredi
Data security
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Three main concerns
[email protected] Manfredi
Data security
ConfidentialityC
IntegrityI
AvailabilityA
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Three main concerns
[email protected] Manfredi
Data security
ConfidentialityC
IntegrityI
AvailabilityA
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Why integrity matters
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Why integrity matters
1 Data is stored on the cloud
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Why integrity matters
2 The provider experiences a fault or a breach.Data gets corrupted.(possibly, a previous version of the data is restored from a backup)
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Why integrity matters
3 The user wants to recoverhis data from the cloud
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Why integrity matters
4 Corrupted data is retrieved by the user without any notice
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Why integrity matters
5 The corrupted data is used by the user in his own activity, unnoticed.
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Integrity check, from 10.000 ft
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Integrity check, from 10.000 ft
1 Data is stored on the cloud
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Integrity check, from 10.000 ft
2 A fingerprint of the whole data set,called basis, is efficiently recomputed
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Integrity check, from 10.000 ft
3 The user wants to recoverhis data from the cloud
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Integrity check, from 10.000 ft
4 The software retrieves the data together with a proof of integrity
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Integrity check, from 10.000 ft
5 The integrity of the data is checked by matching the proof with the last trusted basis.
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
How is that done?
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Authenticated Data Structures
A B C D
d e f g
a
b c
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Authenticated Data Structures
data
basis: a fingerprint of the whole data set
A B C D
d e f g
a
b c
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Authenticated Data Structures
data
basis: a fingerprint of the whole data set
kept safeclient side,updated on
any data modification
A B C D
d e f g
a
b c
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Example: Integrity check for “D"
A B C
d e f g
a
b c
D
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Example: Integrity check for “D"
A B C
d e f g
a
b c
D = data D
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Example: Integrity check for “D"
A B C
d e f g
a
b c
D = data
Integrity Proof
D
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
g = hash(D)
[email protected] Manfredi
Example: Integrity check for “D"
A B C
d e f g
a
b c
D = data D
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
c = hash(f, g)
g = hash(D)
[email protected] Manfredi
Example: Integrity check for “D"
A B C
d e f g
a
b c
D = data D
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
a = hash(b, c)
c = hash(f, g)
g = hash(D)
[email protected] Manfredi
Example: Integrity check for “D"
A B C
d e f g
a
b c
D = data D
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
a = hash(b, c)
c = hash(f, g)
g = hash(D)
[email protected] Manfredi
Example: Integrity check for “D"
A B C
d e f g
a
b c
D = data
must match the trusted basis
D
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
• Verify integrity of the whole dataset• ...including completeness
• Work in log(dataset_size) time• Only the basis needs to be stored locally
• ...small as the output of an hash function
[email protected] Manfredi
Integrity check capabilities
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
• Verify integrity of the whole dataset• ...including completeness
• Work in log(dataset_size) time• Only the basis needs to be stored locally
• ...small as the output of an hash function
[email protected] Manfredi
Integrity check capabilities
• Always work with correct data• Can be used for specific SLAs
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
By the way, if you look at the FileRock ToS...
As the other services,all warranties are disclaimed.
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
Your reaction...
Are you kidding me?
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
• Open source client• Client-side encryption
• Encryption keys never shared with the service
• Client-side integrity check• Data replication
• Local replication (synchronization)• Remote replication (cross-provider)*
[email protected] Manfredi
The FileRock Solution
*not implemented yet
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
• Open source client• Client-side encryption
• Encryption keys never shared with the service
• Client-side integrity check• Data replication
• Local replication (synchronization)• Remote replication (cross-provider)*
[email protected] Manfredi
The FileRock Solution
*not implemented yet
Available on
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
FileRock: how it looks now
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
FileRock Toolkit Demo
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
[email protected] Manfredi
FileRock - Try it
https://www.filerock.com/register
Alessandro Manfredi
Hey Cloud,it’s the user calling,he says he wants the security back
@n0on3 in/n0on3
End of the presentation
The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Images Licenses
Public Domain
See the owner note
Free for personal use
Free for commercial usedo not redistribute
Copyright belongs to the original authors and
publishers
