Towards trusted cloud computing

Towards Trusted Cloud Computing
Nuno Santos, Krishna P.Gummadi, Rodrigo Rodrigues

박승제
20111101171

Towards Trusted Cloud Computing?

BE305: Special Topics in Computer Systems

목차

 해결하고자 하는 문제점

 가정

 배경 설명

 기술적 상세 내용

 Review Comments


해결하고자 하는 문제점


Security concerns for Cloud computing

 Concerns
 Many companies can reduce cost using Cloud Computing services
 But, customers still concerned about security of data


Security Cornerstones (CIA)

 Confidentiality
 To prevent unauthorized reading of information

 Integrity
 To prevent unauthorized writing of information

 Availability
 To provide access to information whenever consumers want


Cloud Security Concerns

Cloud internal

administrator

Attacker

Client


Vulnerability of IaaS

 Vulnerability of IaaS
 Anyone with privileged access to the host can read or manipulate
a customer’s data
 Consequently, customers cannot protect their VMs on their own

admin with root
privileges


TCCP(Trusted Cloud Computing Platform)

 TCCP
 Guarantees the confidentiality and the integrity of a user’s VM
 Allows users to attest to the IaaS provider
 Determine whether the service is secure before they launch their VM


가정


Eucalyptus

 What is Eucalyptus?
 an open source IaaS platform that similar to Amazon’s EC2
 manages one or more clusters whose nodes run a virtual machine monitor
 For simplicity, a single cloud manager(CM) that handles a single cluster


Eucalyptus(cont.)

 From the perspective of users
 Eucalyptus provides a web service interface to launch, manage,
and terminate VMs
 A VM is launched from a virtual machine image(VMI) loaded from the CM
 Once a VM is launched, users can log in to it using normal tools
such as ssh


Cloud Provider


Attack model

 By enforcing a security perimeter
 the provider can prevent attacks that require physical access to the machine

 Sysadmins can login remotely to any machine with root privileges
at any point in time


배경 설명


Trusted Computing

 Trusted Computing Group(TCG)
 proposed a standard for the design of the trusted platform module(TPM)

 Trusted Platform Module(TPM)
 Secure boot
 Remote attestation


Remote Attestation

 Objective
 Verifier determines whether a remote system satisfies some property

 Example
 Is the remote system running the standard Ubuntu Linux v.2.6.18 kernel?

 Problem
 Can’t just ask the system, since it could lie!


Remote Attestation Process

 Three Phases

 Measurement
 machine to be attested must measure its properties locally

 Attestation
 transfer measurements from machine being attested to remote machine

 Verification
 Remote machine examines measurements transferred during attestation
 decide whether they are valid and acceptable


Hardware TTP for Remote attestation

 Pure software TTPs impose severe restrictions on remote attestation
assurances
 So, hardware solutions are an alternative
 Most popular: Trusted Platform Module(TPM)


TPM Interconnection


Trusted Platform Module

 TPM
 contains an endorsement private key that uniquely identifies the TPM
 and some cryptographic functions that cannot be modified
 Manufacturers sign the corresponding public key
 to guarantee the correctness of the chip and validity of the key


How does it get measured?

Program code: BIOS Bootloader Kernel Module Module App App

SH
Hash function:
A1

Hashes: BIOS Bootloader Kernel Module Module App App

SH
A1
SH
A1 … SH
A1

H1 H2 PCR


Attestation


Trusted Platform

 A trusted platform like Terra implements a VMM that enforces a closed
box execution environment

 Means that a guest VM cannot be inspected or modified by a user with
full privileges over the host

 However, this is insufficient
 a sysadmin can divert a customer’s VM to a node not running the platform
 either when the VM is launched (by manipulating the CM)
 or during the VM execution (using migration)


기술적 상세 내용


Trusted Cloud Computing Platform

 Trusted Cloud Computing Platform(TCCP)
 provides a closed box execution environment
 by extending the concept of trusted platform to an entire IaaS backend

 TCCP guarantees the confidentiality and the integrity of a user’s VM


TCCP

 Two components
 a trusted virtual machine monitor(TVMM)
 a trusted coordinator(TC)


TCCP

 External trusted entity (ETE)
 hosts the TC
 securely updates the information provided to the TC
 set of nodes deployed within the IaaS, configurations...


Protocols of TCCP

 Our proposal
 the TCCP protocols to secure the VM launch and migration

Message exchange during VM migrate

Message exchange during node registration

Message exchange during VM launch


Basic Communication Scenario

Encryption Key Decryption Key

plaintext ciphertext plaintext
Encrypt Decrypt

Enemy or
Eavesdropper


Symmetric-key Vs. Public-key

 Symmetric key
 Same key for encryption as for decryption

 Public key (asymmetric)
 require two separate keys, one to lock, one to unlock


Notation

 <Kp, KP>
 private-public keys of an asymmetric cryptography keypair

 {y}Kx
 the data y is encrypted with key Kx

 EKx
 endorsement keys

 TKx
 trusted keys

 Kx
 session keys

 nx
 Nonce, unique numbers generated by x


Node management

 Trusted Coordinator(TC)
 dynamically manages the set of trusted nodes by maintaining a directory

 Directory
 Each node id
P
 the public endorsement key EK N
 expected measurement list MLN

 TC available to the public
P P
TKTC MLTC EKTC


Node registration

 To be trusted, a node must register with the TC

1. nN to avoid an impersonation of the TC by an attacker

1.

N TC


Node registration


to guarantee the authenticity of the TC
1. nN
2. {MLTC , n N } EK p , nTC
TC

TC also attests to N
if this matches the expected configuration, it
means the TC is trusted

1.

2.
N TC


Node registration


1. nN make private-public key and send
its public key to the TC
TC

3. {{ MLN , nTC } EK p ,TK N } TK P
P
N TC

1.

2.
N 3.
TC


Node registration


If both peers mutually attest successfully,
1. nN P
the TC adds TK N to its node database
TC

3. {{ MLN , nTC } EK p ,TK N } TK P
P
N TC

4. {accepted } TK P
N

1.

2.
N 3.
TC

4.


Our protocol

 VM launch protocol
 VM migration protocol

 the initial VM state α
 contains the VM image(VMI)
 the user’s public key(used for ssh login)


VM launch

1. {α, # α} K VM , { nU , KVM } TK P
TC

user generates a session key KVM

1.
α
CM

U

N TC


VM launch

1. {α, # α} K , { nU , KVM } TK
VM
P
TC

2. {{{ nU , KVM } TK , n N } TK }, N } TK
P
TC
p
N
P
TC

the TC can verify whether N is trusted
1.
α
CM

U

2.
N TC


VM launch

1. {α, # α} K , { nU , KVM } TK
VM
P
TC

N is now available decrypt α,
2. {{{ nU , KVM } TK , n N } TK }, N } TK
P
TC
p
N
P
TC
and boot the VM
3. {{ n N , nU , KVM } TK } TK
p
N
p
TC

1.
α
CM

U

2.
N TC
3.


VM launch

1. {α, # α} K , { nU , KVM } TK
VM
P
TC

2. {{{ nU , KVM } TK , n N } TK }, N } TK
P
TC
p
N
P
TC

3. {{ n N , nU , KVM } TK } TK
p
N
p
TC

4. {nU , N} K VM

1.
α
CM 4.

U

2.
N TC
3.


VM migration

1. {{ Nd , n s } TK , N s } TK
p
N
P
TC

2. {{ ns 1,TKN } TK } TK
P
P p
d Ns TC CM
Nd

1 & 2, Ns asks TC to check
whether Nd is trusted
VM

1.
Ns TC
2.


VM migration

1. {{ Nd , n s } TK , N s } TK
p
N
P
TC

2. {{ ns 1,TKN } TK } TK
P
P p
d Ns TC CM
3. Nd
3. {{ K S , ns 2} TK , Ns } TK
p P
Ns Nd

Session key Ks that will be used
to secure the transfer of the VM
state VM

1.
Ns TC
2.


VM migration

1. {{ Nd , n s } TK , N s } TK
p
N
P
TC

2. {{ ns 1,TKN } TK } TK
P
P p
d Ns TC CM
3. Nd
3. {{ K S , ns 2} TK , Ns } TK
p P
Ns Nd

4. {{ Ns , nd } TK , Nd } TK
p P
Nd TC

5. {{ nd ,TKN } }
P 4. 5.
P p
TKsTK Nd TC

VM

1.
Ns TC
2.
before accepting the key,
Nd first verifies that Ns is trusted(4,5)


VM migration

1. {{ Nd , n s } TK , N s } TK
p
N
P
TC

2. {{ ns 1,TKN } TK } TK
P
P p
d Ns TC CM
3. Nd
3. {{ K S , ns 2} TK , Ns } TK
p P
Ns Nd

4. {{ Ns , nd } TK , Nd } TK
p P
Nd TC
6.

5. {{ nd ,TKN } }
P 4. 5.
P p
TKsTK Nd TC 7.
VM
6. {n }
d KS Ns 1.
TC
2.
7. {VMid , # VMid } KS


Review Comments


Review Comments

 표기법이 이해하는 데 힘들었다.
 소문자, 대문자로 구분 표기법

 군더더기 없는 논문

 이 프로토콜은 정말로 효율적인가?


Towards trusted cloud computing

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Towards trusted cloud computing

Similar to Towards trusted cloud computing (20)

Recently uploaded

Recently uploaded (20)

Towards trusted cloud computing