Priya Metri, et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 5, Issue No. 1, 001 - 006
Privacy Issues and Challenges in Cloud computing Geeta Sarote Department of Computer Engineering MIT COE, Pune sarpategeeta8@gmail.com
Abstract -- Cloud computing emerges as a new computing paradigm which aims to provide reliable, customized and guaranteed computing dynamic environments for end-users. This paper reviews Cloud Computing, its architecture and Significance, identifies the concepts and characteristics of Clouds. Privacy is an important issue for cloud computing, both in terms of legal compliance and user trust. In this paper the privacy challenges that end user as well as the cloud provider faces during the access to the services provided by cloud. This paper discusses the issue of cloud computing and outlines its implications for the privacy of personal information as well as its implications for the confidentiality. In this paper we have represent a threat model to deal with privacy problems in cloud computing.
what you need and pay-as-you-go, this is often referred to as utility computing. A simple example of IaaS: you pay a monthly subscription or a per-megabyte/gigabyte fee to have a hosting company serve up files for your website from their servers.
ES
T
Priya Metri
Department of Computer Engineering MIT COE, Pune priyanakate@gmail.com
Keywords -- Cloud computing, Privacy, Threats, Spoofing, Information Disclosure, Denial of Service, Elevation of Privilege.
I. INTRODUCTION
A
Cloud computing is a technology which provide you a service through which you can use all the computer hardware and software sitting on your desktop, or somewhere inside your company's network but they are not actually installed on your computer ,it is provided for you as a service by another company and accessed over the Internet. Endusers can access these services available in the ― Internet cloud‖ without knowing how these resources are managing and where.
IJ
Various definitions and interpretations of ― clouds‖ and / or ― cloud computing‖ exist. With particular respect to the various usage scopes the term is employed to, we will try to give a representative (as opposed to complete) set of definitions as recommendation towards future usage in the cloud computing related research space. This report does not claim completeness with this respect, as it does not introduce a new terminology, but tries to capture an abstract term in a way that best represents the technological aspects and issues related to it. A.
Types of Services:
Depending on types of service cloud services are divided in three categories
Infrastructure as a Service (IaaS) :
Iaas is a service which provides an access to hardware resource such as storage or raw computing hardware .. Since you buy
ISSN: 2230-7818
Figure 1: Main aspect to form a Cloud Software as a Service (SaaS): As a name suggest Saas provides a software services to the end user. Web-based email and Google Documents are perhaps the best-known example of SaaS. End user gets the access to use the software utility but he has no rights to change or to modify it. Software is not installed on end user computer it is configured in cloud. End user has to pay for the service according to their requirements. Platform as a Service (PaaS): PasS is a service that provides an end user a facility to develop his own application which will run on the platform or environment provided by the cloud service of some other company. The end users may or may not know that the application is hosted on the cloud. The storage space for user data may be increased or decreased per the requirement of the applications. For example, you might develop your own ecommerce
@ 2011 http://www.ijaest.iserp.org. All rights Reserved.
Page 1
Priya Metri, et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 5, Issue No. 1, 001 - 006
II. ARCHITECTURE
website but have the whole thing, including the shopping cart, checkout, and payment mechanism running on a merchant's server. Force.com (from salesforce.com) and the Google App Engine are examples of PaaS. B.
Characteristics: On-demand self-service : A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service’s provider.
Broad network access :
T
Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).
Figure 2: General Cloud Computing Architecture
The architecture behind cloud computing, see Figure 2, is a massive network of ``cloud servers'' interconnected as in a Grid. Virtualization could be used to maximize the utilization of the computing power available per server, e.g. to better match the overall workload.
Resource pooling :
Rapid elasticity :
A
ES
The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, network bandwidth, and virtual machines.
IJ
Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time.
Measured Service :
Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service.
ISSN: 2230-7818
A front end interface such as a Portal allows a user to select a service from a catalogue. This request gets passed to the system management which finds the correct resources and then calls the provisioning services which allocates resources in the Cloud. The provisioning service may deploy the requested software stack or application as well, e.g. via licensing on-demand.
User interface (Portal or desktop) - this is how users of the cloud interface with the underlying Grid to request services; Services catalogue - this is the list of services that a user can request; System management - this is the piece which manages the computer resources available; Provisioning tool - this tool allocates the systems from the Grid to deliver on the requested service. It may also deploy the required software; Monitoring and metering - this optional piece tracks the usage of the Grid so the resources used can be attributed to a certain user; Servers - the servers are managed by the system management tool. They can be either virtual or real.
@ 2011 http://www.ijaest.iserp.org. All rights Reserved.
Page 2
Priya Metri, et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 5, Issue No. 1, 001 - 006
A. Types of cloud: Cloud computing is typically classified in the following three ways:
gracefully. A hybrid cloud environment consisting of multiple internal and/or external providers will be typical for most enterprises Community cloud : It involves sharing of computing infrastructure in between organizations of the same community. For example all Government organizations within the state of California may share computing infrastructure on the cloud to manage data related to citizens residing in California. III. THE IMPORTANCE OF CLOUD COMPUTING
Public cloud :
A
Private cloud :
IJ
The computing infrastructure is dedicated to a particular organization and not shared with other organizations. Some experts consider that private clouds are not real examples of cloud computing. Private clouds are more expensive and more secure when compared to public clouds. Private cloud and internal cloud are neologisms that some vendors have recently used to describe offerings that emulate cloud computing on private networks. Private clouds are of two types: On-premise private clouds and externally hosted private clouds. Externally hosted private clouds are also exclusively used by one organization, but are hosted by a third party specializing in cloud infrastructure. Externally hosted private clouds are cheaper than On-premise private clouds. Hybrid cloud : Organizations may host critical applications on private clouds and applications with relatively less security concerns on the public cloud. The usage of both private and public clouds together is called hybrid cloud. A related term is Cloud Bursting. In Cloud bursting organization use their own computing infrastructure for normal usage, but access the cloud for high/peak load requirements. This ensures that a sudden increase in computing requirement is handled ISSN: 2230-7818
Cloud computing is an efficient way to store and maintain databases, and is an especially helpful tool for businesses who do a lot of sales. Using a platform on the cloud for your business helps everyone who uses it by streamlining data and procedures into one central location. It’s an easy way to organize information in different departments while still allowing for company-wide collaboration. Services offered by cloud computing are actually software, but the software is never installed on a computer; this is what’s known as software-as-a-service, or SaaS. The software is accessed through the Internet, and provides storage, database creation, information management and many other business-related services.
ES
In Public cloud the computing infrastructure is hosted by the cloud vendor at the vendor’s premises. The customer has no visibility and control over where the computing infrastructure is hosted. The computing infrastructure is shared between any organizations. Public cloud or external cloud describes cloud computing in the traditional mainstream sense, whereby resources are dynamically provisioned on a fine-grained, self-service basis over the Internet, via web applications/web services, from an off-site third-party provider who shares resources and bills on a fine-grained utility computing basis
T
Figure 3. Types of Cloud
Legacy computing involves programs that are installed on a computer’s hard drive or a local server; cloud computing refers to software services and platforms that are offered through the Internet. An easy-to-understand example is e-mail; some people access e-mail from a program on their computer while others use e-mail services online such as Gmail or Yahoo! mail. Cloud computing services, while not as new as they may seem, are quickly becoming the standard of choice for businesses everywhere.
Cloud computing solutions are often less expensive than their software counterparts, another reason why they are a becoming a popular choice among businesses. Pricing is often offered on a per-user basis, so businesses pay a flat fee based on the number of people who use it. It also saves time and money when it comes time to upgrade; cloud services are updated by the provider, so everyone is always working on the latest platform. In addition to minimizing wasted computing resources as above, cloud computing can also reduce energy consumption significantly. Despite the high consumption of energy, the resources at the discrete data centers were underutilized. Additionally, government departments using their own data centers tended to operate independently, often re-inventing things that have already become fully operational elsewhere. An enterprise that use cloud computing services are freed of worrying about the technological issues related to IT installations. They can replace their complex installations of servers, workstations, networking and numerous applications with simple workstation computers and fast Internet connectivity. The cloud service providers will attend to the
@ 2011 http://www.ijaest.iserp.org. All rights Reserved.
Page 3
Priya Metri, et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 5, Issue No. 1, 001 - 006
IV. PRIVACY ISSUES AND CHALLENGES IN CLOUD COMPUTING A well configured cloud computing architecture is a hacker's worst nightmare. Conversely, a poorly configured cloud computing architecture is a hacker's best dream.
Cloud computing does raise a number of important policy questions concerning how people, organizations, and governments handle information and interactions in this environment. However, with regard to most data privacy questions as well as the perspective of typical users, cloud computing reflects the evolution of the Internet computing experiences we have long enjoyed, rather than a revolution. Security is an essential component of strong privacy safeguards in all online computing environments, but security alone is not sufficient. Consumers and businesses are willing to use online computing only if they trust that their data will remain private and secure. V. RELATED WORK
In this paper we present a technique for privacy in cloud computing. Here we develop a model with combination of different techniques to prevent threats and to keep data on cloud secure and private .The key characteristic of Cloud Computing is its shared, on-demand nature.
ES
Often, when the cloud computing discussion takes off, especially in relation to public clouds, one recurring issue soon emerges, namely, the issue of data privacy and responsibility. It seems clear that different legislations related to data privacy and, especially, cross-border transfer of data is causing a lot of uncertainty and retention by many IT managers considering cloud services. Especially does this relate to certain type of data, e.g. financial information, health records and personal identifiable information. With the global distribution of data centers and the opaque nature of data location in many cloud services – e.g. do you actually now where your Google Apps information is physically stored? – complicates matters further. Compliance with local regulatory issues can be a thorny and sensitive issue, especially for organizations. There are many questions that arise concerning data privacy, accessibility and administration, such as:
this demands several actions. Fundamentally, the Commission believes that we need further research to enhance the security features of these technologies.
T
infrastructure, platforms and even applications needed by the enterprises.
A
Data seizure due to legal investigation – organizations need to adhere to local legislation What is the accessibility of local authorities to data under investigation residing in a different jurisdiction Fear of infringement of data protection rights due to seizure of a server in the host jurisdiction Data losses caused by cloud provider and unauthorized disclosures in the cloud The cloud provider goes bankrupt – what happens to my data?
IJ
If an organization migrates data, application or processes to a cloud provider in another jurisdiction it is still fully responsible for that data and needs to apply to local data protection legislation and regulations when handling personal data. In a public cloud environment this can be difficult as the organization is unlikely to know if and when data is moved, where and how it is stored and, sometimes, who has access to it and what particular security measures are in place. Therefore, it is quite possible that a dispute can arise about who is actually responsible for data protection compliance. Organizations need to be particularly careful when selecting a third-party cloud provider with this in mind and should in all circumstances require a written declaration describing how the provider will address compliance with local legislation and provide assurance in the event of data losses or unauthorized disclosures.
Cloud computing is more than simply a technical challenge. By putting our personal data on remote servers, we risk losing control over that data. Because the right to the protection of personal data is a fundamental right in the EU, ISSN: 2230-7818
A. Threats in Cloud Computing
Abusive and Flagrant use of Cloud Computing The cloud environment offers several added utilities to the users including unlimited bandwidth and and storage capacity to run the applications smoothly. Some providers even allow other benefits like free limited trial periods and additional usage. These user models frequently come under the security threats and malicious attacks. The areas where these attacks could have the bigger impacts Future areas of concern includes decoding and cracking of the password, launching potential attack points and executing malicious commands. You may protect your application from the threat by: Applying stringent registration and validation processes Performing more deliberate monitoring and coordination throughout the computing platform Analyzing the customer network traffic. Monitoring network blocks Serious breach in interfaces and APIs Cloud computing users have smooth access of a comprehensive set of software interfaces or APIs manage and execute internal communication with cloud services. These APIs play an integral part during Provisioning, management, orchestration, and monitoring of the processes running in the cloud environment. It’s recommended to monitor the authentication and access control and other associated encryption and activity monitoring policies to prevent any malicious attack. There exists many ways in which you can prevent such breach: Security model analysis of cloud APIs Strong authentication and access controls
@ 2011 http://www.ijaest.iserp.org. All rights Reserved.
Page 4
Priya Metri, et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 5, Issue No. 1, 001 - 006
Insider threats and attacks These kind of attacks and breaches are done due to the lack of transparency into the cloud provider s delivery mechanism and procedure. Any superficial command over the level of access could lead to various adversaries like corporate hacking and organized business threats in the domain of business verticals. You can prevent such cloud computing threats by: Applying overall information security Full fledged compliance reporting Effective breach notification processes B. Our Approach In our research first we learn the cloud computing threats by examining the assets, vulnerabilities, entry points, and actors in a cloud and then apply different threat modeling schemes. Threat model
4. Information disclosure: Information disclosure threats involve the exposure of information to individuals who are not supposed to have access to it—for example, the ability of users to read a file that they were not granted access to, or the ability of an intruder to read data in transit between two computers. 5. Denial of service: Denial of service (DoS) attacks deny service to valid users—for example, by making a Web server temporarily unavailable or unusable. You must protect against certain types of DoS threats simply to improve system availability and reliability. 6. Elevation of privilege: In this type of threat, an unprivileged user gains privileged access and thereby has sufficient access to compromise or destroy the entire system. Elevation of privilege threats include those situations in which an attacker has effectively penetrated all system defenses and become part of the trusted system itself, a dangerous situation indeed
ES
“You cannot build secure systems until you understand your threats.”
who purchases an item might have to sign for the item upon receipt. The vendor can then use the signed receipt as evidence that the user did receive the package.
T
API dependency chain evaluation
A threat model helps in analyzing a security problem, design mitigation strategies, and evaluate solutions. It is a theorem which has a following step to evaluate and reach the solution to deal with the problem.
IJ
A
Steps 1: First we identify attackers, assets, threats and other components. I. Attacker may be insider like 1. Malicious employees at client 2. Malicious employees at Cloud provider 3. Cloud provider itself II. Or outsider like 1. Intruders 2. Network attackers Step 2: Then we prioritize threats according to their impact on the privacy of cloud user as well as cloud server. We prioritize threats as below using STRIDE Model
1. Spoofing identity: An attacker poses as another user or a machine poses as a valid/trusted machine. An example of identity spoofing is illegally accessing and then using another user's authentication information, such as username and password. 2. Tampering with data: Data tampering involves the malicious modification of data. Examples include unauthorized changes made to persistent data, such as that held in a database, and the alteration of data as it flows between two computers over an open network, such as the Internet. 3. Repudiation: Repudiation threats are associated with users who deny performing an action without other parties having any way to prove otherwise—for example, a user performs an illegal operation in a system that lacks the ability to trace the prohibited operations. Nonrepudiation refers to the ability of a system to counter repudiation threats. For example, a user ISSN: 2230-7818
To bring it all together, you can determine the threat targets from functional decomposition, determine types of threat to each component using STRIDE, use threat trees to determine how the threat can become a vulnerability, and apply a ranking mechanism to each threat. We tabularize it as given in Table 1. Threat Type
Affects Processes
S
Y
T
Y
Affect Data Stores
Affects Inter actors
Affects Data Flows
Y Y
R
Y
Y Y
Y
I
Y
Y
Y
D
Y
Y
Y
E
Y Table 1. Ranking of Threats
Step 3 : Select mitigation strategies for the threats considering previous solution along with new strategies to deal with the problem. Even we can use a combinational approach to get a solution as given in Table 2. Step 4: Build and Apply solutions based on the strategies.
@ 2011 http://www.ijaest.iserp.org. All rights Reserved.
Page 5
Priya Metri, et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 5, Issue No. 1, 001 - 006
Tampering with data
Repudiation
Information Disclosure
Denial of Service
Elevation of Privilege
1. Authentication 2. Protect Secretes 3. Avoid to store private information/secretes 1. Authorization 2. Hashes 3. Message authentication code 4. Digital Signature 5. Tamper-resistant Protocols. 1. Digital signatures 2. Timestamps 3. Secure logging 4. Audit Trails 1. Strong encryption and key management 2. Strong access techniques 3. Authorization 4. Privacy enhanced Protocol 5. Protect Secretes 6. Avoid to store private information/secretes 1. Strong authentication and authorization 2. Packet filtering 3. Throttling 4. Quality of Service 1. Don't run code as elevated accounts means run with least privilege
5.
A. Cavoukian and M. Crompton, ― Web Seals: A review of Online Privacy Programs‖, 22nd International Conference on Privacy and Data Protection, 2000. http://www.privacy.gov.au/publications/seals.pdf
6.
T. E. Elahi and S. Pearson, ― Privacy Assurance: Bridging the Gap Between Preference and Practice‖, C. Lambrinoudakis, G. Pernul, A.M. Tjoa (eds.), Proc. TrustBus 2007, LNCS 4657, Springer-Verlag Berlin Heidelberg, 2007, pp. 65-74.
7.
Security and Privacy in Cloud Computing Ragib Hasan Johns Hopkins Universityen.600.412 Spring 2010.
T
Spoofing Identity
Mitigation Technique
ES
Threat Type
A
Table 2. Types of Threats and Mitigation Techniques VI. CONCLUSION
IJ
This paper gives an idea about Cloud Computing, its architecture and Significance. Along with it we have discussed issues related to the privacy in Cloud computing environment. We represent the threat model to deal with privacy problem in clouds. The threat model contains different mitigation technique for privacy issues and threats for STRIDE Model. VII. REFERENCE
1.
Amazon Elastic Compute Cloud (EC2):http://www.amazon.com/gp/browse.html?node=201590011 , accessed Dec 2008
2.
Microsoft Corporation, ― Privacy Guidelines for Developing Software Products and Services‖, Version 2.1a, 26th April 2007. http://www.microsoft.com/Downloads/details.aspx?FamilyID=c4 8cf80f-6e87-48f5-83ec-a18d1ad2fc1f&displaylang=en
3.
J. B. Horrigan, ― Use of cloud computing applications and services‖, Pew Internet & American Life project memo, Sept 2008. http://www.pewinternet.org/pdfs/PIP_Cloud.Memo.pdf
4.
A. Greenberg, ― Cloud Computing’s Stormy Side‖,Forbes Magazine, 19 Feb 2008. http://www.forbes.com/2008/02/17/webapplication-cloudtech- intel-cx_ag_0219cloud.html
ISSN: 2230-7818
@ 2011 http://www.ijaest.iserp.org. All rights Reserved.
Page 6