Alessandro ManfrediHey Cloud,it’s the user calling,he says he wants the security backalessandro@filerock.com
Agenda            Alessandro Manfredi                                                                                     ...
Agenda            Alessandro Manfredi                                                                                     ...
Cloud Computing - What           Alessandro Manfredi                                                                      ...
Cloud Computing - What           Alessandro Manfredi                                                                      ...
Cloud Computing - How        Alessandro Manfredi                                                                          ...
Cloud Computing - How           Alessandro Manfredi                                                                       ...
So what about security?   Alessandro Manfredi                                                                             ...
So what about security?    Alessandro Manfredi                                                                            ...
So what about security?    Alessandro Manfredi                                                                            ...
So what about security?      Alessandro Manfredi                                                                          ...
So what about security?            Alessandro Manfredi                                                                    ...
However...         Alessandro Manfredi                                                                                    ...
Assuming that the provider...  Alessandro Manfredi                                                                        ...
Assuming that the provider...          Alessandro Manfredi                                                                ...
Assuming that the provider...       Alessandro Manfredi                                                                   ...
Assuming that the provider...             Alessandro Manfredi                                                             ...
Assuming that the provider... Alessandro Manfredi                                                                         ...
Assuming that the provider...         Alessandro Manfredi                                                                 ...
What can possibly go wrong?         Alessandro Manfredi                                                                   ...
Mistakes happen                   Alessandro Manfredi                                                                     ...
What about enterprise services?            Alessandro Manfredi                                                            ...
Even big security firms have security breaches                   Alessandro Manfredi                                      ...
Even when providers behave as you expect...         Alessandro Manfredi                                                   ...
Even when providers behave as you expect...                 Alessandro Manfredi                                           ...
Data security Alessandro Manfredi                                                                                      ale...
Data security            Alessandro Manfredi                                                                              ...
Data security            Alessandro Manfredi                                                                              ...
Why integrity matters Alessandro Manfredi                                                                                 ...
Why integrity matters                Alessandro Manfredi                                                                  ...
Why integrity matters Alessandro Manfredi                                                                                 ...
Why integrity matters Alessandro Manfredi                                                                                 ...
Why integrity matters Alessandro Manfredi                                                                                 ...
Why integrity matters Alessandro Manfredi                                                                                 ...
Integrity check, from 10.000 ft Alessandro Manfredi                                                                       ...
Integrity check, from 10.000 ft                Alessandro Manfredi                                                        ...
Integrity check, from 10.000 ft            Alessandro Manfredi                                                            ...
Integrity check, from 10.000 ft Alessandro Manfredi                                                                       ...
Integrity check, from 10.000 ft Alessandro Manfredi                                                                       ...
Integrity check, from 10.000 ft Alessandro Manfredi                                                                       ...
How is that done? Alessandro Manfredi                                                                                     ...
Authenticated Data Structures             Alessandro Manfredi                                                             ...
Authenticated Data Structures             Alessandro Manfredi                                                             ...
Authenticated Data Structures             Alessandro Manfredi                                                             ...
Example: Integrity check for “D"             Alessandro Manfredi                                                          ...
Example: Integrity check for “D"             Alessandro Manfredi                                                          ...
Example: Integrity check for “D"                       Alessandro Manfredi                                                ...
Example: Integrity check for “D"             Alessandro Manfredi                                                          ...
Example: Integrity check for “D"             Alessandro Manfredi                                                          ...
Example: Integrity check for “D"             Alessandro Manfredi                                                          ...
Example: Integrity check for “D"             Alessandro Manfredi                                                          ...
Integrity check capabilities             Alessandro Manfredi                                                              ...
Integrity check capabilities             Alessandro Manfredi                                                              ...
By the way, if you look at the FileRock ToS...  Alessandro Manfredi                                                       ...
Your reaction... Alessandro Manfredi                                                                                      ...
The FileRock Solution             Alessandro Manfredi                                                                     ...
The FileRock Solution             Alessandro Manfredi                                                                     ...
FileRock: how it looks now Alessandro Manfredi                                                                            ...
FileRock Toolkit Demo Alessandro Manfredi                                                                                 ...
FileRock - Try it     Alessandro Manfredi                                                                                 ...
Alessandro ManfrediHey Cloud,it’s the user calling,he says he wants the security backalessandro@filerock.com    @n0on3    ...
End of the presentation
Images Licenses                                                  Free for personal usePublic Domain                       ...
Upcoming SlideShare
Loading in...5
×

Cara cloud, ha chiamato l’utente, rivuole la sicurezza by Alessandro Manfredi

279

Published on

Non si può rinunciare alla comodità ed alla convenienza di salvare i dati nel cloud, ma dov’è la sicurezza?
FileRock, servizio di cloud storage sicuro, presenta le tecniche utilizzate nel suo client open source per fornire sicurezza indipendente dal provider: cifratura e controllo di integrità, completezza, in un’unica soluzione aperta ed integrabile in altre applicazioni.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
279
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cara cloud, ha chiamato l’utente, rivuole la sicurezza by Alessandro Manfredi

  1. 1. Alessandro ManfrediHey Cloud,it’s the user calling,he says he wants the security backalessandro@filerock.com
  2. 2. Agenda Alessandro Manfredi alessandro@filerock.com1. Cloud computing in a nutshell2. About cloud security • Guarantees provided by cloud services • Assumptions customers might regret3. Focus on data security • Data integrity check techniques • The FileRock solution • Demo The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  3. 3. Agenda Alessandro Manfredi alessandro@filerock.com1. Cloud computing in a nutshell spoiler:2. About cloud security not many • Guarantees provided by cloud services • Assumptions customers might regret3. Focus on data security • Data integrity check techniques • The FileRock solution • Demo The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  4. 4. Cloud Computing - What Alessandro Manfredi alessandro@filerock.comCountless definitions and categories... The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  5. 5. Cloud Computing - What Alessandro Manfredi alessandro@filerock.comCountless definitions and categories... On demand Cost-effective Scalable etc. etc. The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  6. 6. Cloud Computing - How Alessandro Manfredi alessandro@filerock.comHow? The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  7. 7. Cloud Computing - How Alessandro Manfredi alessandro@filerock.comHow? Consolidated hardware Shared infrastructure Automated provisioning ... Hey, we manage these Remote stuff from remote! administration The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  8. 8. So what about security? Alessandro Manfredi alessandro@filerock.com“The cloud is built on trust” -- random.choice(cloud_enthusiasts) The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  9. 9. So what about security? Alessandro Manfredi alessandro@filerock.com“The cloud is built on trust” -- random.choice(cloud_enthusiasts) WE AND OUR AFFILIATES AND LICENSORS MAKE NO THE SERVICE OFFERINGS ARE PROVIDED “AS IS.”REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE REGARDING THE SERVICE OFFERINGS OR THE THIRD PARTY CONTENT, INCLUDING ANY WARRANTY THAT THE SERVICE OFFERINGS OR THIRD PARTY CONTENT WILL BE UNINTERRUPTED, ERROR FREE OR FREE OF HARMFUL COMPONENTS, OR THATANY CONTENT, INCLUDING YOUR CONTENT OR THE THIRD PARTY CONTENT, WILL BE SECURE OR NOT OTHERWISE LOST OR DAMAGED. EXCEPT TO THE EXTENT PROHIBITED BY LAW, WE AND OUR AFFILIATES AND LICENSORS DISCLAIM ALL WARRANTIES [...] The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  10. 10. So what about security? Alessandro Manfredi alessandro@filerock.com“The cloud is built on trust” -- random.choice(cloud_enthusiasts) WE AND OUR AFFILIATES AND LICENSORS MAKE NO THE SERVICE OFFERINGS ARE PROVIDED “AS IS.”REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE REGARDING THE SERVICE OFFERINGS OR THE THIRD PARTY CONTENT, INCLUDING ANY WARRANTY THAT THE SERVICE OFFERINGS OR THIRD PARTY CONTENT WILL BE UNINTERRUPTED, ERROR FREE OR FREE OF HARMFUL COMPONENTS, OR THATANY CONTENT, INCLUDING YOUR CONTENT OR THE THIRD PARTY CONTENT, WILL BE SECURE OR NOT OTHERWISE LOST OR DAMAGED. EXCEPT TO THE EXTENT PROHIBITED BY LAW, WE AND OUR AFFILIATES AND LICENSORS DISCLAIM ALL WARRANTIES [...] Source: https://aws.amazon.com/agreement/ ..do not blame them, it’s common to the ToS of most of the service providers! E.g., see: • https://www.rackspace.com/information/legal/cloud/tos • https://developers.google.com/appengine/terms The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  11. 11. So what about security? Alessandro Manfredi alessandro@filerock.com “The big guys probably handlesecurity better than how you could do on premise” The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  12. 12. So what about security? Alessandro Manfredi alessandro@filerock.com “The big guys probably handle security better than how you could do on premise”To some extent, this actually makes sense • Operating on a large scale, they have more resources • Redundant networks, power sources, etc. • Good physical surveillance The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  13. 13. However... Alessandro Manfredi alessandro@filerock.comBetting on a lot of assumptions that the provider... The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  14. 14. Assuming that the provider... Alessandro Manfredi alessandro@filerock.com... has no malicious intent ... The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  15. 15. Assuming that the provider... Alessandro Manfredi alessandro@filerock.com... has complete control over employees ... The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  16. 16. Assuming that the provider... Alessandro Manfredi alessandro@filerock.com... uses software that never fails ... The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  17. 17. Assuming that the provider... Alessandro Manfredi alessandro@filerock.com... does not introduce security-critical bugs ... The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  18. 18. Assuming that the provider... Alessandro Manfredi alessandro@filerock.com ... never screws up ...The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  19. 19. Assuming that the provider... Alessandro Manfredi alessandro@filerock.com... always takes good care of your resources, even if by ToS / SLA they are not legally responsible for any error or damage. The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  20. 20. What can possibly go wrong? Alessandro Manfredi alessandro@filerock.comWait, what can possibly go wrong withservices used by hundreds of millions of customers around the world? The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  21. 21. Mistakes happen Alessandro Manfredi alessandro@filerock.comOn June 2011, for few hoursany Dropbox account was accessible with any password( not blaming them, these things can happen ) The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck. Screenshots of web pages can include contents whose license is defined by the relative publisher.
  22. 22. What about enterprise services? Alessandro Manfredi alessandro@filerock.comOk, but that’s just because it’s a consumer service...It will never happen in an enterprise-class service...Plus everyone now offers two factor authentication. The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  23. 23. Even big security firms have security breaches Alessandro Manfredi alessandro@filerock.com Earlier in 2011, RSA was victim of a breach thatcompromised customers protected by their SecurID( again, not blaming them, these things can happen ) The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck. Screenshots of web pages can include contents whose license is defined by the relative publisher.
  24. 24. Even when providers behave as you expect... Alessandro Manfredi alessandro@filerock.com Cloud providers must obey the lawsenforced in the country where they are based. The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  25. 25. Even when providers behave as you expect... Alessandro Manfredi alessandro@filerock.com Cloud providers must obey the laws enforced in the country where they are based.Authorities can access Data might be intentionally your data tampered or made unavailable The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  26. 26. Data security Alessandro Manfredi alessandro@filerock.comFocus on data securityThe images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  27. 27. Data security Alessandro Manfredi alessandro@filerock.com Three main concerns CConfidentiality Integrity I Availability A The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  28. 28. Data security Alessandro Manfredi alessandro@filerock.com Three main concerns CConfidentiality Integrity I Availability A The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  29. 29. Why integrity matters Alessandro Manfredi alessandro@filerock.comThe images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  30. 30. Why integrity matters Alessandro Manfredi alessandro@filerock.com1 Data is stored on the cloud The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  31. 31. Why integrity matters Alessandro Manfredi alessandro@filerock.com 2 The provider experiences a fault or a breach. Data gets corrupted. (possibly, a previous version of the data is restored from a backup)The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  32. 32. Why integrity matters Alessandro Manfredi alessandro@filerock.com 3 The user wants to recover his data from the cloudThe images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  33. 33. Why integrity matters Alessandro Manfredi alessandro@filerock.com 4 Corrupted data is retrieved by the user without any noticeThe images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  34. 34. Why integrity matters Alessandro Manfredi alessandro@filerock.com 5 The corrupted data is used by the user in his own activity, unnoticed.The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  35. 35. Integrity check, from 10.000 ft Alessandro Manfredi alessandro@filerock.comThe images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  36. 36. Integrity check, from 10.000 ft Alessandro Manfredi alessandro@filerock.com1 Data is stored on the cloud The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  37. 37. Integrity check, from 10.000 ft Alessandro Manfredi alessandro@filerock.com2 A fingerprint of the whole data set, called basis, is efficiently recomputed The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  38. 38. Integrity check, from 10.000 ft Alessandro Manfredi alessandro@filerock.com 3 The user wants to recover his data from the cloudThe images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  39. 39. Integrity check, from 10.000 ft Alessandro Manfredi alessandro@filerock.com 4 The software retrieves the data together with a proof of integrityThe images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  40. 40. Integrity check, from 10.000 ft Alessandro Manfredi alessandro@filerock.com 5 The integrity of the data is checked by matching the proof with the last trusted basis.The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  41. 41. How is that done? Alessandro Manfredi alessandro@filerock.comThe images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  42. 42. Authenticated Data Structures Alessandro Manfredi alessandro@filerock.com a b cd e f gA B C D The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  43. 43. Authenticated Data Structures Alessandro Manfredi alessandro@filerock.com a basis: a fingerprint of the whole data set b cd e f gA B C D data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  44. 44. Authenticated Data Structures Alessandro Manfredi alessandro@filerock.com a basis: a fingerprint of the whole data set b c kept safe client side,d e f g updated on any data modificationA B C D data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  45. 45. Example: Integrity check for “D" Alessandro Manfredi alessandro@filerock.com a b cd e f gA B C D The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  46. 46. Example: Integrity check for “D" Alessandro Manfredi alessandro@filerock.com a b cd e f gA B C D D = data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  47. 47. Example: Integrity check for “D" Alessandro Manfredi alessandro@filerock.comIntegrity Proof a b c d e f g A B C D D = data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  48. 48. Example: Integrity check for “D" Alessandro Manfredi alessandro@filerock.com a b cd e f g g = hash(D)A B C D D = data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  49. 49. Example: Integrity check for “D" Alessandro Manfredi alessandro@filerock.com a b c c = hash(f, g)d e f g g = hash(D)A B C D D = data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  50. 50. Example: Integrity check for “D" Alessandro Manfredi alessandro@filerock.com a a = hash(b, c) b c c = hash(f, g)d e f g g = hash(D)A B C D D = data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  51. 51. Example: Integrity check for “D" Alessandro Manfredi alessandro@filerock.com must match the trusted basis a a = hash(b, c) b c c = hash(f, g)d e f g g = hash(D)A B C D D = data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  52. 52. Integrity check capabilities Alessandro Manfredi alessandro@filerock.com• Verify integrity of the whole dataset • ...including completeness• Work in log(dataset_size) time• Only the basis needs to be stored locally • ...small as the output of an hash function The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  53. 53. Integrity check capabilities Alessandro Manfredi alessandro@filerock.com• Verify integrity of the whole dataset • ...including completeness• Work in log(dataset_size) time• Only the basis needs to be stored locally • ...small as the output of an hash function• Always work with correct data• Can be used for specific SLAs The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  54. 54. By the way, if you look at the FileRock ToS... Alessandro Manfredi alessandro@filerock.com As the other services,all warranties are disclaimed. The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  55. 55. Your reaction... Alessandro Manfredi alessandro@filerock.com Are you kidding me?The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  56. 56. The FileRock Solution Alessandro Manfredi alessandro@filerock.com• Open source client• Client-side encryption • Encryption keys never shared with the service• Client-side integrity check• Data replication • Local replication (synchronization) • Remote replication (cross-provider)* *not implemented yet The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  57. 57. The FileRock Solution Alessandro Manfredi alessandro@filerock.com• Open source client Available on• Client-side encryption • Encryption keys never shared with the service• Client-side integrity check• Data replication • Local replication (synchronization) • Remote replication (cross-provider)* *not implemented yet The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  58. 58. FileRock: how it looks now Alessandro Manfredi alessandro@filerock.comThe images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  59. 59. FileRock Toolkit Demo Alessandro Manfredi alessandro@filerock.comThe images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  60. 60. FileRock - Try it Alessandro Manfredi alessandro@filerock.comhttps://www.filerock.com/register The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  61. 61. Alessandro ManfrediHey Cloud,it’s the user calling,he says he wants the security backalessandro@filerock.com @n0on3 in/n0on3
  62. 62. End of the presentation
  63. 63. Images Licenses Free for personal usePublic Domain Free for commercial use do not redistribute See the owner note Copyright belongs to the original authors and publishers The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×