U-5
Cloud security
mechanisms
a set of fundamental mechanisms, several of which can be used to counter
the security threats like Traffic Eavesdropping, Malicious Intermediary,
Denial of Service, Insufficient Authorization, Virtualization Attack &
Overlapping Trust Boundaries
(Ref Security threats - Chap 6, Cloud computing Text book by Thomas Erl)
�Contents – Unit 5
• Encryption
• Hashing
• Digital Signature
• Public key Infrastructure
• Mobile computing
• Edge and Fog computing
�Encryption
• Data, by default, is coded in a readable format known as plaintext.
When transmitted over a network, plaintext is vulnerable to
unauthorized and potentially malicious access.
• The encryption mechanism is a digital coding system dedicated to
preserving the confidentiality and integrity of data. It is used for
encoding plaintext data into a protected and unreadable format.
• Encryption technology commonly relies on a standardized algorithm
called a cipher to transform original plaintext data into encrypted
data, referred to as ciphertext
�Encryption
• Access to ciphertext does not divulge the original plaintext data, apart
from some forms of metadata, such as message length and creation
date.
• When encryption is applied to plaintext data, the data is paired with a
string of characters called an encryption key, a secret message that is
established by and shared among authorized parties.
• The encryption key is used to decrypt the ciphertext back into its
original plaintext format.
�Malicious service agent
• A malicious service agent is
unable to retrieve data from an
encrypted message. The
retrieval attempt may
furthermore be revealed to the
cloud service consumer. (Note
the use of the lock symbol to
indicate that a security
mechanism has been applied to
the message contents.)
�Forms of Encryption
• Symmetric Encryption uses the same key for both encryption and decryption,
both of which are performed by authorized parties that use the one shared key.
Also known as secret key cryptography, messages that are encrypted with a
specific key can be decrypted by only that same key.
• Parties that rightfully decrypt the data are provided with evidence that the
original encryption was performed by parties that rightfully possess the key.
• A basic authentication check is always performed, because only authorized
parties that own the key can create messages. This maintains and verifies data
confidentiality. Note that symmetrical encryption does not have the
characteristic of nonrepudiation, since determining exactly which party
performed the message encryption or decryption is not possible if more than one
party is in possession of the key.
�Forms of Encryption
• Asymmetric encryption relies on the use of two different keys, namely a
private key and a public key.
• With asymmetric encryption (which is also referred to as public key
cryptography), the private key is known only to its owner while the public
key is commonly available.
• A document that was encrypted with a private key can only be correctly
decrypted with the corresponding public key. Conversely, a document that
was encrypted with a public key can be decrypted only using its private key
counterpart. As a result of two different keys being used instead of just the
one, asymmetric encryption is almost always computationally slower than
symmetric encryption.
�Forms of Encryption
• Asymmetric encryption The level of security that is achieved is dictated by whether
a private key or public key was used to encrypt the plaintext data. As every
asymmetrically encrypted message has its own private-public key pair, messages that
were encrypted with a private key can be correctly decrypted by any party with the
corresponding public key.
• This method of encryption does not offer any confidentiality protection, even though
successful decryption proves that the text was encrypted by the rightful public key
owner. Private key encryption therefore offers integrity protection in addition to
authenticity and non-repudiation.
• A message that was encrypted with a public key can only be decrypted by the rightful
private key owner, which provides confidentiality protection. However, any party that
has the public key can generate the ciphertext, meaning this method provides
neither message integrity nor authenticity protection due to the communal nature of
the public key.
�Case study: Innovartus portal
• The encryption mechanism is
added to the communication
channel between outside users
and Innovartus’ User
Registration Portal. This
safeguards message
confidentiality via the use of
HTTPS.
�Hashing
• The hashing mechanism is used when a one-way, non-reversible form of data
protection is required. Once hashing has been applied to a message, it is locked and
no key is provided for the message to be unlocked.
• A common application of this mechanism is the storage of passwords. Hashing
technology can be used to derive a hashing code or message digest from a message,
which is often of a fixed length and smaller than the original message.
• The message sender can then utilize the hashing mechanism to attach the message
digest to the message.
• The recipient applies the same hash function to the message to verify that the
produced message digest is identical to the one that accompanied the message. Any
alteration to the original data results in an entirely different message digest and
clearly indicates that tampering has occurred.
�Hashing
• In addition to its utilization for protecting
stored data, the cloud threats that can be
mitigated by the hashing mechanism
include malicious intermediary and
insufficient authorization. An example of
the latter is illustrated.
• A hashing function is applied to protect the
integrity of a message that is intercepted
and altered by a malicious service agent,
before it is forwarded. The firewall can be
configured to determine that the message
has been altered, thereby enabling it to
reject the message before it can proceed to
the cloud service.
�Hashing
• A hashing procedure is invoked
when the PaaS environment is
accessed (1). The applications
that were ported to this
environment are checked (2) and
their message digests are
calculated (3). The message
digests are stored in a secure on-
premise database (4), and a
notification is issued if any of
their values are not identical to
the ones in storage.
�Digital Signature
• The digital signature mechanism is a means of providing data authenticity and
integrity through authentication and non-repudiation
• A message is assigned a digital signature prior to transmission, which is then
rendered invalid if the message experiences any subsequent, unauthorized
modifications.
• A digital signature provides evidence that the message received is the same as
the one created by its rightful sender.
• Both hashing and asymmetrical encryption are involved in the creation of a digital
signature, which essentially exists as a message digest that was encrypted by a
private key and appended to the original message.
• The recipient verifies the signature validity and uses the corresponding public key
to decrypt the digital signature, which produces the message digest.
�Digital Signature
• The hashing mechanism can also be applied to the original message
to produce this message digest. Identical results from the two
different processes indicate that the message maintained its integrity.
• The digital signature mechanism helps mitigate the malicious
intermediary, insufficient authorization, and overlapping trust
boundaries security threats
�Digital signature verification within
the trust boundary
• Cloud Service Consumer B sends a
message that was digitally signed
but was altered by trusted attacker
Cloud Service Consumer A. Virtual
Server B is configured to verify
digital signatures before processing
incoming messages even if they are
within its trust boundary. The
message is revealed as illegitimate
due to its invalid digital signature,
and is therefore rejected by Virtual
Server B.
�E-signature vs Digital signature
• Image of your physical signature Encrypted data to verify signer’s
identity and the message
authenticity
Online version of a notarised
signature
�Digital Signature sample
�Public key Infrastructure
• A common approach for managing the issuance of asymmetric keys is
based on the public key infrastructure (PKI) mechanism, which exists as a
system of protocols, data formats, rules, and practices that enable large-
scale systems to securely use public key cryptography.
• This system is used to associate public keys with their corresponding key
owners (known as public key identification) while enabling the verification
of key validity.
• PKIs rely on the use of digital certificates, which are digitally signed data
structures that bind public keys to certificate owner identities, as well as to
related information, such as validity periods.
• Digital certificates are usually digitally signed by a third-party certificate
authority (CA)
�Public key Infrastructure – Steps
The common steps involved during the generation of certificates by a certificate
authority
�Public key Infrastructure
• Other methods of generating digital signatures can be employed, even though the
majority of digital certificates are issued by only a handful of trusted CAs like VeriSign
and Comodo.
• Larger organizations, such as Microsoft, can act as their own CA and issue certificates to
their clients and the public, since even individual users can generate certificates as long
as they have the appropriate software tools.
• Building up an acceptable level of trust for a CA is time-intensive but necessary. Rigorous
security measures, substantial infrastructure investments, and stringent operational
processes all contribute to establishing the credibility of a CA.
• The higher its level of trust and reliability, the more esteemed and reputable its
certificates. The PKI is a dependable method for implementing asymmetric encryption,
managing cloud consumer and cloud provider identity information, and helping to
defend against the malicious intermediary and insufficient authorization threats.
• The PKI mechanism is primarily used to counter the insufficient authorization threat.
�IAM - Identity and Access
Management
The identity and access management (IAM) mechanism encompasses the components
and policies necessary to control and track user identities and access privileges for IT
resources, environments, and systems.
Specifically, IAM mechanisms exist as systems comprised of four main components:
• Authentication – Username and password combinations remain the most common
forms of user authentication credentials managed by the IAM system, which also can
support digital signatures, digital certificates, biometric hardware (fingerprint readers),
specialized software (such as voice analysis programs), and locking user accounts to
registered IP or MAC addresses.
• Authorization – The authorization component defines the correct granularity for
access controls and oversees the relationships between identities, access control
rights, and IT resource availability.
�IAM - Identity and Access
Management
• User Management – Related to the administrative capabilities of the
system, the user management program is responsible for creating new
user identities and access groups, resetting passwords, defining password
policies, and managing privileges.
• Credential Management – The credential management system
establishes identities and access control rules for defined user accounts,
which mitigates the threat of insufficient authorization.
The IAM mechanism is primarily used to counter the insufficient
authorization, denial of service, and overlapping trust boundaries
threats
