cloud security using information dispersal · cloud security using information dispersal julie...
TRANSCRIPT
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
Cloud Security Using Information Dispersal
Julie BellancaJason ReschCleversafe
September 2010
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
Agenda
Challenges in Securing Data in the Cloud Approaches for securing dataEncryption Secret sharingAdvanced secret sharing
Secure Information Dispersal – an approach for advanced secret sharing
Leveraging Information Dispersal for Cloud
2
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
Challenges for Securing Cloud Data
Cloud computing: Offered as a service Network enabled Shared resources Dynamically scalable
New approach presents new challenges Industry says “Encrypt it”
If end user is responsible for encryption… End user takes on burden of key management
If cloud provider is responsible for encryption… How are they protecting the encryption keys?
Industry standard of RAID & replication for data protection increases risk of data exposure
3
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
Verizon’s Security Breach Analysis
4
“The best defense against data breaches is, in theory, quite simple – don’t retain data.”- Verizon Investigative Response Team
One of Verizon’s recommendations:Clearly, knowing what information is present within the organization, its purpose within the business model, where it flows, and where it resides is foundational to its protection. Where not necessitated by valid business needs, a strong effort should be made to minimize the retention and replication of data.
900+ Breaches and 900 Million Records compromised 2003-2009
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
Assessing Security – CIA model
5
Objectives Requirements Example ThreatsConfidentiality Data is never
accessed by unauthorized parties
• Key or credential mismanagement.• Accidental loss of media or devices.• Malicious access.• Remote compromise or theft.• Interception of packets.
Integrity Data cannot be modified without authorization
• Bit errors in drives, memory, connections, or flash.
• Physical read and write errors.• Accidental data corruption.• Malicious data tampering.
Availability Data is always available to authorized parties
• Drive, location, server, and connection failures.• Maintenance operations.• Denial of service attacks.
Inherent conflict between Availability and Confidentiality
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
Approaches for data security
Keyed encryption Key and the encrypted data recreates data (2-of-2)
Secret Sharing Scheme Method for distributing a secret amongst a group of participants, each of
which is allocated a share of the secret The secret can be reconstructed only when a sufficient number of shares
(threshold) are combined together; individual shares are of no use on their own
Each share is the size of original data 10 of 16 with 1 PB of data = 16 PB raw storage required
Advanced Secret Sharing Schemes Benefits of secret sharing with lower cost overhead Each share (slice) is 1/threshold the size of the data
Example: 10 of 16 with 1 PB of data = 1.6 PB raw storage required6
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
Keyed Encryption & Replication CIA
7
Store 1
Site A – Chicago (Data Storage)
Store 2 Store 3
Site B – Denver (Replicated storage)
Store 4
Store 5
Site C – Tampa (Replicated Storage)
Store 6 Store 7
Site D – Omaha (Key Storage)
Store 8
Confidentiality Maintained Integrity Maintained Availability MaintainedConfidentiality Lost Integrity Lost Availability Lost
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
Secret Sharing CIA
8
Store 1
Site A - Chicago
Store 2 Store 3
Site B - Denver
Store 4
Store 5
Site C - Tampa
Store 6 Store 7
Site D - Omaha
Store 8
Confidentiality Maintained Integrity Maintained Availability MaintainedConfidentiality Lost Integrity Lost Availability Lost
1 2 3 4
5 6 7 8
Data
8 shares, 5 required
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
Secret Sharing vs Keyed Encryption
9
Secret Sharing Scheme Keyed Encryption System
Each segment of data is uniquely protected. One key may protect a large amount of data.
If someone leaves the organization, or if acredential is exposed: permissions can be changed instantly to restore security.
If someone with access or a key leaves the organization, many TB or perhaps PB would have to be re-encrypted with a new key.
There are no keys to be lost. Multiple simultaneous losses may occur yet data remains recoverable.
If key is lost, so is the data. Keys must be stored as reliably as the data. This requires storing copies in multiple locations.
Organization is in control of data. It is not possible for someone to leave with the key.
Individuals may be able to walk off with keys or passwords necessary to recover the data.
Secret sharing schemes don’t sacrifice confidentially for reliability. They achieve high levels for each. No critical locations exist.
Every copy of the key or data is a critical location which must not be compromised. Each copy is another attack vector and opportunity to be hacked or exposed.
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
Encryption Versus Secret Sharing
10
System# to Compromise
Confidentiality
# to Compromise
Integrity
# to Compromise
Availability
Encryption &
Replication
Always 2 Always 2 All Copies Or Key
2 2 3 or lost Key (1)
Secret SharingThreshold Threshold 1 + Width – Threshold
10 10 7
• Keyed Encryption + Replication - 3 data copies, and 1 encryption key• Limited Confidentiality and Integrity
• Attacker only needs to compromise two locations (key and data)• Increasing availability hurts confidentiality
• May make copies of keys or data, but this increases attack vectors• Secret Sharing - 16 shares, 10 needed (10 of 16)
• Offers arbitrarily high levels of confidentiality, integrity and availability
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
Storage efficiency
Model parameters: Encryption & Replication - 3 data copies, RAID 5 (4+1) Traditional Secret Sharing - 16 shares, 10 needed (10 of 16) Advanced Secret Sharing - 16 shares, 10 needed (10 of 16) 2 TB drives $300 / drive
11
System Storage Overhead Drives Needed / PB Drive Cost / PB
Encryption & Replication 275% 1,920 $576,000
Traditional Secret Sharing 1500% 8,192 $2,457,600
Advanced Secret Sharing 60% 820 $246,000
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
Secure Information Dispersal Approach
One approach to accomplish advanced secret sharing is to combine two established algorithms: Information Dispersal Algorithms (IDAs) Forward error correction (AKA Reed Solomon) that
forms data into n segments where k are needed to recreate data (k of n)
Store segments on separate storage nodes to increase availability & reliability
All Or Nothing Transform Encryption mode which allows data to be understood only
if all of it is known
12
Secu
rity
Ava
ilabi
lity
&
Rel
iabi
lity
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
Information Dispersal Introduction
13
Data
Site 1
Site 2
Site 3
Site 4
Real-time data retrieval is always bit-perfect as long as a threshold number of slices are available
8h$1 vD@- fMq& Z4$’ >hip )aj% l[au T0kQ %~fa Uh(k My)v 9hU6 >kiR &i@n pYvQ 4Wco
Digital Assets divided into slices using Information Dispersal Algorithms
8h$1 vD@- >hip )aj% l[au %~fa 9hU6 >kiR pYvQ 4Wco
IDA
IDA
Slices distributed to separate storage devices
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
1a - 3b + 8c + 2d - 5e = s1
4a + 1b - 9c + 6d - 2e = s2
6a - 7b - 4c + 2d + 7e = s3
2a + 2b - 3c + 1d - 6e = s4
8a - 5b + 1c - 6d + 1e = s5
5a - 6b + 5c - 2d + 2e = s6
7a - 8b + 6c - 7d + 4e = s7
2a - 2b + 3c - 4d + 3e = s8
• Solving for k variables requires knowing ksolutions (slices)
• Therefore we can lose (n-k) solutions (slices)
• Data overhead on the disk and on the wire is (n/k) (n slices stored, for input variables)
Access device
Storage nodes
The Math Behind Information DispersalInformation Dispersal Math Reed-Solomon is Linear Algebra - solving a system of equations Reed-Solomon as an FEC code Perfectly efficient in storage space Supports any desired fault tolerance Example encoding, k=5, n=8
14
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
AONT Introduction
15
AONTEncode
Data AONTPackage
AONTDecode
Data
When one has the entire AONT package, decoding is trivial
AONTEncode
Data AONTPackage
AONTDecode
If any part of the package is unknown or missing, decoding is not possible
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
difference
difference
Combining AONT & IDAs
16
random key
CipherData HashEncrypted Data
hash value
Encrypted Data IDA
Slice 1
Slice 2
Slice 3
Slice 4
Slice 5
Slice 6
XOR
AONTPackage
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
AONT & IDA Reconstruction
17
Encrypted DataIDA
Slice 1
CipherData HashEncrypted Data
Slice 1
difference
difference
random key hash valueXOR
Slice 3
Slice 4
Slice 6
AONTPackage
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
Access to storage nodes is over an authenticated and encrypted channel (SSL / TLS)
Secure Information Dispersal Architecture
18
SITE 1 SITE 2 SITE 3 SITE nStorage nodes
Access layer
AccessProtocols
NAS protocols
SoftwareSDK / API
Object Access
Info. Dispersal routers Direct application integration
Object Store
Dispersal (IDA + AONT)
Access Control mechanism may be used in conjunction with the access protocol
Dispersal fits in between access and storage protocols
REST/HTTP, FTP
File access
Block Store
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
Secure Information Dispersal for Cloud
Access device acts as gateway to cloud It’s only data where and when end users want it to
Disaster recovery are achieved without the overhead of replication Ideal for unstructured content Caching can be utilized to achieve higher performance at any site
19
DATA CENTER 1
DATA CENTER 2
DATA CENTER 3
DATA CENTER 4
Access device
Slices stored on each node – not copies of data
10 of 16 configuration
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
Security & Efficiency Advantages
20
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
Information Dispersal Conclusion
Information Dispersal is a fundamental building block in addressing key challenges of cloud storage:Don’t have to sacrifice confidentiality to gain availability
No replicated copies of encryption keys or data
No encryption keys to manage Enables people to gain the advantages of secret sharing
without the typical storage overhead Puts end users in control of their data since it only
exists where and when they want it to
21
Provides a solution for secure storage over the public internet
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
Thank you
Julie - [email protected] - [email protected]
22
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
Backup
23
2010 Storage Developer Conference. Cleversafe. All Rights Reserved.
Secret Sharing Advantages
Better Reliability – tolerates loss or unavailability of shares (n-k) Better Security – tolerates k compromises
24
5 stores needed to break Confidentiality or Integrity
5 stores needed to break Availability
5-of-9 Configuration126 combinations
10 stores needed to break Confidentiality or Integrity
7 stores needed to break Availability
10-of-16 Configuration8008 combinations