1. Cloudsweeper Safeguarding your cloud based storage By Harini.A CSE-Final Year SMVEC @harinianand

2. AGENDA Introduction to cloud computing Cloud storage Examples Concern for cloud storage Talk of the town Cloud sweeper Email Tools Authorization 2.0 Protocol Q.R Code Conclusion 3. INTRODUCTION TO CLOUD COMPUTING Cloud computing is actually a resource delivery and usage model. Network of providing resource is called cloud. It is an internet based computing where virtual shared servers provide Software,Infrastructure,Platform,Devices and other resources and hosting to customers on pay as you use basis. 4. CLOUD STORAGE Cloud storage is a model of networked enterprise storage where data is stored not only in the user's computer, but in virtualized pools of storage which are generally hosted by third parties. Hosting companies operate large data centers, and people who require their data to be hosted buy or lease storage capacity from them. Cloud storage services may be ccaccessed through a web service Application programming interface or any web based user interface 5. WORKING OF CLOUD STORAGE 6. WORKING OF CLOUD STORAGE It stores Web e-mail messages or digital pictures or any other digital data. The facilities that house cloud storage systems are called data centers. A cloud storage system needs just one data server connected to the Internet. A client (e.g., a computer user subscribing to a cloud storage service)sends copies of files over the Internet to the dataserver, which then records the information. 7. CONTD Cloud storage systems generally -rely on hundreds of data servers because computers occasionally require maintenance or repair, it's important to store the same information on multiple machines. This is called redundancy. Most systems store the same data on servers that use different power supplies. They use cloud storage as a way to create backups of data. If something happens to the client's computer system, the data survives off-site. 8. EXAMPLES Google Docs allows users to upload documents, spreadsheets and presentations to Google's data servers. Web e-mail providers like Gmail, Hotmail and Yahoo! Mail store e-mail messages on their own servers. Sites like Flickr and Picasa host millions of photographs YouTube hosts millions of user-uploaded video file. Social networking sites like Facebook and MySpace allow members to post pictures and other content. Services like Xdrive, MediaMax and Strongspace offer storage space for any kind of digital data. 9. CONCERNS ABOUT CLOUD STORAGE The two biggest concerns about cloud storage is security. To secure data, most systems use a combination of techniques, including: Encryption, which means they use a complex algorithm to encode information. To decode the encrypted files, a user needs the encryption key. Authentication processes, which require to create a user name and password. Authorization practices -- the client lists the people who are authorized to access information stored on the cloud system. Many corporations have multiple levels of authorization. 10. MY GMAIL IS PRICED $23FOR A HACKER To safeguard our personal data from falling into wrong hands a service called CLOUDSWEEPER was launched. This is done by putting price tag on our Gmail account. This is a research project conducted by Peter Snyder and Chris Kanich at the University of ILLINOIS at Chicago published in THE HINDU Newspaper on JULY 4th 2013. Cloudsweeper aims to help users understand the risks they face Online and how it works at a systemic level. 11. OAUTH 2 OAuth is an open standard for authorization. OAuth provides a method for clients to access Server resources on behalf of a resource owner. It also provides a process for end-users to authorize third-party access to their server resources without sharing their credentials (a username and password pair), using user-agent redirections. It allows the User, to grant access to your private resources on one site to another site . OpenID is all about using a single identity to sign into many sites. OAuth is about giving access to your stuff without sharing your identity (secret data). 12. HISTORY OF OAUTH2 OAuth began in November 2006 when Blaine Cook was developing the Twitter OpenID implementation. The OAuth 1.0 Protocol was published in April 2010, an informational request for Comments. Since August 31, 2010, all third party Twitter applications have been required to use OAuth. The OAuth 2.0 Framework published standards to track Requests for Comments, in October 2012. 13. WORKING OF OAUTH 2.0 14. PROTOCOL EXAMPLE Request Token URL: https://photos.example.net/request_token, using HTTP POST User Authorization URL: http://photos.example.net/authorize, using HTTP GET Access Token URL: https://photos.example.net/access_token, using HTTP POST Photo (Protected Resource) URL: http://photos.example.net/photo with required parameter file and optional parameter size Consumer Key :dpf43f3p2l4k3l03 Consumer Secret :kd94hf93k423kf44 15. Protected Resource All together, the Consumer request for the photo is: http://photos.example.net/photos?file=vacation.jpg&size=original Authorization: OAuth realm="http://photos.example.net/", oauth_consumer_key="dpf43f3p2l4k3l03", oauth_token ="nnch734d00sl2jdk", oauth_signature_method="HMAC-SHA1", oauth_signature ="tR3%2BTy81lMeYAr%2FFid0kMTYa%2FWM%3D", oauth_timestamp="1191242096", 16. ACCOUNT THEFT AUDITS The account theft audit places a hypothetical worth for accessing a Gmail account based on information gleaned from cybercriminal marketplaces. If you were to lose your phone, leave your computer logged in, or have your account hacked, the possible harm might extend far further than you expect. Account theft audit tool can help you get a handle on just how Much a cybercriminal could access were they to take over your Email account. This tool will scan your account and give you a visualization of how many of your accounts hackers could take over if they got access to your email account. 17. STEPS OF ACCOUNT THEFT AUDITS 1.Temporary Limited Access Cloudsweeper uses OAuth2 to connect to your GMail account, so that they never have to ask for your Google credentials. OAuth means you stay in control of your account, can revoke access anytime you'd like, and your username and password stay secure and private. 2. Scanning for Risks This system programtically checks your email archives, looking for the kinds of things that hackers are interested in. This includes things like access to other accounts, account credentials, and other things attackers are interested in stealing. Humans never see your data, and statistics about your account are only kept if you opt in. 18. 3. Threat Report Once the scan is complete, the audit will show what was found, and what other accounts you use an attacker could gain access to through your GMail account. Recent underground prices for these accounts will let you know a rough estimate of what your email account is worth to these attackers. 19. STEPS FOR CLEAR TEXT PASSWORD AUDITS 1. Temporary Gmail Access Cloudsweeper uses OAuth2 to connect to your GMail account, so that you never have to share your GMail credentials. OAuth means you stay in control of your account, can revoke access anytime you'd like, and your username and password stay secure and private. 2. Scanning for Passwords Our system programtically looks through your email to find plain text passwords in the same way a hacker or spy might. You'll then be presented with a list of found passwords that you can, optionally, redact from your account or encrypt. 20. 3. Encrypt or Redact If you choose, they will remove or encrypt any of the passwords found in your account. If you choose to encrypt the found passwords, they use strong encryption to secure these credentials, and then present you with a key and a QR code you can use to later decrypt this information. Only you will have the key, so only you will be able to access these credentials in the future, keeping your account safer from hackers, spys and malicious users. 21. How Does IT WORK? Considering the intersection between security and long-term cloud-based data storage the tool has been developed to help users identify and redact private information. You can log in with the following information: Username: chrisk Password: hunter3 By using this tool, you can preserve the useful but non-sensitive text of an email like that pictured above while removing the private information. After using this tool, the same email will still be in your archive Username: chrisk Password: [wImYDaM5DBJZqgLrSYekjQ== ZmwDVbzid7+7LQ6R3uDj+xPnDt1nuxEFDJTxhKPh5T0=] 22. Q.R CODE Quick Response Code is the trademark for a type of matrix barcode(or two-dimensional barcode) . First designed for the automotive industry in Japan; a barcode is an optically machine-readable label that is attached to an item and that records information related to that item The information encoded by a QR code may be made up of four standardized types of data namely numeric, alphanumeric, byte / binary, kanji (). 23. DECRYPT MESSAGES DECRYPT THE MESSAGE 24. REVIEW PERMISSIONS 25. REVOKE ACCESS