Cloud Computing Security
Upcoming SlideShare
Loading in...5
×
 

Cloud Computing Security

on

  • 16,293 views

Cloud Computing with Encryption & Key Management.

Cloud Computing with Encryption & Key Management.

Statistics

Views

Total Views
16,293
Views on SlideShare
16,147
Embed Views
146

Actions

Likes
32
Downloads
2,453
Comments
8

6 Embeds 146

http://www.cloud24by7.com 83
http://www.slideshare.net 47
http://www.itcloud.gr 11
http://www.linkedin.com 3
http://www.brijj.com 1
https://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

15 of 8 Post a comment

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Hello everybody, I am Ninh Nguyen, a CS student. My seminar topic today is Cloud Computing Security.
  • First of all, just take a look how people concern about cloud computing. As you can see in this graph, people has been searching a lot for cloud computing in Google since 2007 especially since the first months of 2009. And other kind of computing such as grid computing is falling and cluster computing is still the same for years.
  • At the same time, cloud computing also attracts a lot attention of media and news volume still growing over the time.
  • So what is cloud computing? I take a quote from Larry Ellison – CEO of Oracle: “What the hell is Cloud Computing?” Why did he say that? Actually, cloud computing is too new and has a standard.
  • Look at history, we can say Cloud Computing is the 5th generation of computing, after monolithic, client-server, web, service-oriented architecture and now it’s cloud service.
  • I have to say that there is not any formal definition and you can find out many different definitions of cloud computing out there. Here I took definitions on Wikipedia through out the time, since 12/2007. You can see people define cloud computing quite differently through the evolution of it.
  • Simply, I can summarize some characteristics of cloud computing. The first characters build up the word CLOUD and it’s very easy to remember. They’re Common, Location-independent, Online, Utility implies and Demand implies.The on-demand, self-service, pay-by-use modelInfrastructure is programmableApplications are composed and are built to be composableServices are delivered over the network
  • Then, I want to introduce about infrastructure models of cloud computing.
  • Basically there are three types of models. Public Cloud, Private Cloud and another type that mixes of public cloud and private cloud is hybrid cloud.Public clouds are run by third parties, and applications from different customers are likely to be mixed together on the cloud’s servers, storage systems, and networks. Public clouds are most often hosted away from customer premises, and they provide a way to reduce customer risk and cost by providing a flexible, even temporary extension to enterprise infrastructure.Private clouds are built for the exclusive use of one client, providing the utmost control over data, security, and quality of service. The company owns the infrastructure and has control over how applications are deployed on it. Private clouds may be deployed in an enterprise datacenter, and they also may be deployed at a co-location facility.Hybrid clouds combine both public and private cloud models. They can help to provide on-demand, externally provisioned scale. The ability to augment a private cloud with the resources of a public cloud can be used to maintain service levels in the face of rapid workload fluctuations.
  • Now I will talk about architectural layers of cloud computing. There are also 3 types SaaS, PaaS and IaaS.
  • Software as a service features a complete application offered as a service on demand. A single instance of the software runs on the cloud and services multiple end users or client organizations.
  • Platform as a service encapsulates a layer of software and provides it as a service that can be used to build higher-level services.Someone producing PaaS might produce a platform by integrating an OS,middleware, application software, and even a development environment that is then provided to a customer as a serviceSomeone using PaaS would see an encapsulated service that is presented to them through an API. The customer interacts with the platform through the API, and the platform does what is necessary to manage and scale itself to provide a given level of service.
  • Infrastructure as a service delivers basic storage and compute capabilities as standardized services over the network. Servers, storage systems, switches, routers, and other systems are pooled and made available to handle workloads that range from application components to high-performance computing applications.
  • To summarize, here is a diagram cover relationships among SaaS, PaaS, IaaS.
  • To clarify, I will talk about characteristics of cloud computing including of some comparisons, benefits – disadvantages and goal of cloud computing.
  • Grid computing has been used in environments where users make few but large allocation requestsCloud computing really is about lots of small allocation requests.
  • Diagram showing economics of cloud computing versus traditional IT, including capital expenditure (CapEx) and operational expenditure (OpEx)Cloud computing users can avoid capital expenditure (CapEx) on hardware, software, and services when they pay a provider only for what they use. Consumption is usually billed on a utility (e.g. resources consumed, like electricity) or subscription (e.g. time based, like a newspaper) basis with little or no upfront cost.
  • And now I can sum up pros and cons of cloud computing. One of cons is Security which I will talk about right now.
  • Now this is the second part of my talk: cloud computing security.
  • First of all, I will describe an overview about a cloud technology reference model. You never can control everything with cloud computing. There are always two problems, yours and theirs.
  • In SaaS, it’s your data.
  • In PaaS, it’s your whole application.
  • With IaaS, it’s a lot of things.
  • Now I will list here some security issues in cloud computing.
  • There’re two broad categories of issues: governing in the cloud and operating in the cloud.
  • Due to limit of time, I only choose 1 selected issue which has relations with my course: cryptography to present today. It’s encryption and Key Management.
  • Cloud computing changes the way we think about computing by removing the specifics of location from its resources. In other word, it abstracts all computing and networking resources. However, in divorcing components from location, this creates security issues that result from this lack of any perimeter. In such a world, there is only one way to secure the computing resources: strong encryption and scalable key management.From a risk management perspective, unencrypted data existent in the cloud may be considered “lost” by the customer. Application providers who are not controlling backend systems should assure that data is encrypted when being stored on the backend. Use encryption to separate data holding from data usage. Segregate the key management from the cloud provider hosting the data, creating a chain of separation. This protects both the cloud provider and customer from conflict when being compelled to provide data due to a legal mandate and can potentially solve some problems.When stipulating encryption in contract language, assure that the encryption is adhering to existing industry or government standards, as applicable.
  • Now I will talk about a case-study: Amazon Web Service or AWS. Amazon provides 2 kinds of service: Cloud Computing Service and Support Services.Amazon Simple Storage Service (S3)Amazon Elastic Compute Cloud (EC2)Amazon SimpleDBAmazon CloudFrontAmazon Simple Queue Service (SQS)Amazon Flexible Payments Service (FPS)Amazon Mechanical Turk
  • An X.509 Certificate consists of Public Key and a Private Key. The file containing the public key, the certificate file, must contain a base64-encoded DER certificate body. The file containing the private key, the Private Key file, must contain a base64-encoded PKCS#8 private key. The Private Key is used to authenticate requests to AWS.AWS accepts any syntactically and cryptographically valid X.509 certificates. They do not need to be from a formal Certificate Authority (CA).
  • Here is a diagram of SHA-1 HMAC Generation.In cryptography, a keyed-Hash Message Authentication Code (HMAC or KHMAC), is a type of message authentication code (MAC) calculated using a specific algorithm involving a cryptographic hash function in combination with a secret key. Any iterative cryptographic hash function, such as MD5 or SHA-1, may be used in the calculation of an HMAC.The SHA hash functions are a set of cryptographic hash functions designed by the National Security Agency (NSA) and published by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm.SHA-1 (as well as SHA-0) produces a 160-bit digest from a message with a maximum length of (264 − 1) bits. SHA-1 is based on principles similar to those used by Ronald L. Rivest of MIT in the design of the MD4 and MD5 message digest algorithms, but has a more conservative design.
  • To summary and predict, I take some quote here:Cloud Computing is more and more popular but Cloud Computing Security is a very important problem everybody or company going to use CC should be concern.

Cloud Computing Security Cloud Computing Security Presentation Transcript

  • Ninh V. Nguyen
    ninh.nv@gmail.com
  • The Hype
    Cluster Computing
    Cloud Computing
    Grid Computing 
  • “What the hell is Cloud Computing?”
    - Larry Ellison
  • 5th Generation of Computing
    1970s 1980s 1990s 2000s 2009+
    Monolithic Client-Server Web SOA Cloud Services
  • Wikipedia’s Definitions
    Cloud computing is a computing paradigm shift where computing is moved away
    from personal computers or an individual server to a “cloud” of computers.
    – 12/2007
    Cloud computing is Internet-based ("cloud") development and use of computer
    Technology ("computing"). The cloud is a metaphor for the Internet, based on how
    it is depicted in computer network diagrams, and is an abstraction for the complex
    infrastructure it conceals.
    – 12/2008
    Cloud computing is a style of computing in which dynamically scalable and often
    virtualized resources are provided as a service over the Internet.
    – 6/2009
    Cloud computing is an example of computing in which dynamically scalable and
    often virtualized resources are provided as a service over the Internet.
    - Now
  • Common implies multi-tenancy, not single or isolated tenancy
    Location-independent
    Online
    Utility implies pay-for-use pricing
    Demand implies ~infinite, ~immediate, ~invisible scalability
  • Cloud Computing Infrastructure Models
  • Public Cloud
    Public Cloud
    The Cloud Provider
    The Cloud Provider
    SME
    Hybrid Cloud
    Connectivity
    (Network Access)
    SME
    Enterprise
    Private Cloud
    Enterprise
    SME
    Private Cloud
  • Architectural Layers of Cloud Computing
  • Software as a Service (SaaS)
  • Platform as a Service (PaaS)
  • Infrastructure as a Service (IaaS)
  • Cloud Computing Characteristics
  • Comparisons
  • Cloud Computing Economics
    Traditional IT
    Variable Costs
    (OpEx)
    Cloud Computing
    Fixed Costs
    (CapEx)
    Costs
    Variable Costs
    (OpEx)
    Users
  • Pros and Cons
  • Cloud Computing Security
  • A Cloud Technology Reference Model
    Your Application
    Testing, Monitoring, Diagnostics and Verification
    Governance
    Architectural Views
    Your
    Problem
    Life Cycle
    (Birth, Growth, Failure, Recovery, Death)
    Web of Metadata
    Categories, Capabilities, Configuration and Dependencies
    Resource Management
    Basic Monitoring
    Facilities & Logistics
    Element Management
    (Split Responsibility)
    Their
    Problem
    Software & Hardware Infrastructure
  • Software as a Service
    Application
    Application
    Server
    Middleware
    Database
    Operating System
    Hypervisor
    CPU
    Networking
    Storage
    YOUR DATA
    Backup
    Datacenter (Power, Cooling, Physical Security)
    Your Problem
    Their Problem
  • Platform as a Service
    Your Application
    Application
    Server
    Middleware
    Database
    Operating System
    Hypervisor
    CPU
    Networking
    Storage
    Backup
    Datacenter (Power, Cooling, Physical Security)
    Your Problem
    Their Problem
  • Infrastructure as a Service
    Your Application
    Your
    Application
    Server
    Your
    Middleware
    Your
    Database
    Your Operating System
    Hypervisor
    CPU
    Networking
    Storage
    Backup
    Datacenter (Power, Cooling, Physical Security)
    Your Problem
    Their Problem
  • Security Issues
  • Overview
  • Selected Issues
  • Encryption & Key Management
    Encryption on Storage
    Storage
    Encryption on Transmission
    Key Management
    Internet
  • Case Study
    Amazon Web Services (AWS)
  • AWS Registration and Security
  • X.509 Certificate
  • Multi-Factor Authentication
    AWS Multi-Factor Authentication (AWS MFA)
  • Request Authentication
    with HMAC-SHA1 (1)
  • Request Authentication
    with HMAC-SHA1 (2)
  • HMAC-SHA1
  • Summary & Predictions
    .. We think everyone on the planet deserves to have their own
    virtual data center in the cloud ..
    - Lew Tucker
    ..Cloud Computing Will Be As Influential As E-business..
    - Gartner
    .. one of the most important transformations the federal
    government will go through in the next decade ..
    - Obama’s TIGR Team
    .. Who knew that the concept of security in cloud computing was
    even possible to imagine?..
    - Scott Bradner
  • Thank You