3. Motivation
• Data Security is vital
• Reputation and Trust + Business competitiveness
• Data Security ≠ App Security !
• Should App breach necessarily cause Data breach ?
• Data may be handled independently of App as well
• Cloud Computing broadens the Data Security puzzle
• Necessitates clearer appreciation and use of applied Crypto
• What Data Security assurances am I getting from the CSP ?
• Am I using the CSP’s service options most effectively and in an
up-to-date manner ?
• I am a CSP myself, and I am using other CSPs …
• … But I need to answer my customers on the end-to-end picture
Verisign Public 3
4. Agenda
• Basic Cryptographic Concepts and Applications
• 1-way hashes and digests
• Secure Credential Storage
• Symmetric Key Cryptography
• Data Confidentiality – in storage and in transit
• Asymmetric/Public Key Cryptography
• Authentication and Secure Communications
• Data Security Considerations for the Cloud
• Recent Trends in Cloud Data Security
• HSMs for Safe Key Storage
• Encryption Gateways into the Cloud
Verisign Public 4
6. Basic Conceptual Terms
• Security Goals
• Authentication, Confidentiality, Non Repudiation, Integrity
• Deals with making communications and storage secure
• Encryption/Decryption
• Encryption: clear-text message to cipher-text
• Decryption: cipher-text back to clear-text
• Types of encryption algorithms
• Symmetric Key
• Asymmetric Key
Verisign Public 6
7. Cryptographic Hashes: Overview
• Infeasible to reverse
• Variable-length input string
converted into a short fixed-length
binary sequence
• Efficient - easy to compute
• Infeasible to craft collisions
• Small change in input changes
the hash significantly
Clear Text
hello, world
MD5 Digest
e4d7f1b4ed2e42d1589
8f4b27b019da4
this is clear text
that anybody can
read easily
without key used
for encryption
128 bit
58dbbd848ced7f0f68e
280f0de8be1a8
this is a really
really long text
that we need to
digest, so that we
can verify the
integrity of this
data; and verify
that bad guys
don't temper with
this data. We are
sending millions
of dollars in cash
through this data
transmission.
128 bit
d4b2c6283175852673
5a357831e8f15b
hash
hash
hash
128 bit
Note: MD5 is not
considered secure today.
Only for illustration.
Verisign Public 7
8. Cryptographic Hashes: Security Goal
Cryptographic
Primitives =>
Security Goals
Hash MAC
HMAC
Symmetric
Key
Crypto
Asymmetric
Key
Crypto
Digital
Signature
Digital
Certificates
Data Integrity
Data Authentication
Non-Repudiation
Confidentiality
Trust
Verisign Public 8
9. Cryptographic Hashes: Uses
• Used for storage of credentials like
passwords
• 1-way encryption
• Not feasible to compute password from
the hash
• Not feasible to compute other
passwords producing same hash
• Also used in
• Digital Signatures, Digital Certificates
• Non-Crypto Hash:
• File integrity checks, Network Protocols
clear text
hash function
hashed
5f4dcc3b5aa765d61d832
7deb882cf99
Verisign Public 9
10. Cryptographic Hashes: Details
• Algorithms
• MD5 (128 bits), SHA-1(160 bits), SHA-256 (256 bits), SHA-512
(512 bits)
Attack Mitigation
• Pre-computed dictionary
attacks/ Rainbow attacks
• Hash Collision
• Use random salts
• Use stronger versions e.g.
SHA-256 upwards
• 2-Factor authentication
Verisign Public 10
12. HMAC: Overview
• Keyed Hash
• Hash created using the
message and the secret key
• Secret key is factored in when
creating the hash
• Described in RFC 2104
• Algorithms
• HMAC/SHA-1
• HMAC/SHA-256
Clear Text
hello, world
HMAC Function
HMAC Tag
Shared Key
secret_key
e4d7f1b4ed2e42d1589
8f4b27b019da4
Verisign Public 12
13. HMAC: Security Goal
Cryptographic
Primitives =>
Security Goals
Hash
Salted
Hash
MAC
HMAC
Symmetric
Key Crypto
Asymmetric
Key
Crypto
Digital
Signature
Digital
Certificates
Data Integrity
Data Authentication
Non-Repudiation
Confidentiality
Trust
Verisign Public 13
14. Symmetric Crypto: Overview
Secret Key
Cleartext Ciphertext Cleartext
Encryption
Decryption
• Same key is used for encryption and decryption
• Parties need a mechanism to exchange the shared
key securely
• Key must be secret and safely stored
Verisign Public 14
15. Symmetric Crypto: Security Goal
Cryptographic
Primitives =>
Security Goals
Hash
Salted
Hash
MAC
HMAC
Symmetric
Key
Crypto
Asymmetric
Key
Crypto
Digital
Signature
Digital
Certificates
Data Integrity
Data Authentication
Non-Repudiation
Confidentiality
Trust
Verisign Public 15
16. Symmetric Crypto: Uses
• Vital for secure storage and secure transmission
• Prevents attackers from being able to make sense of disk data or
network packets accessed illegitimately
• Symmetric key ciphers are efficient
• Relatively inexpensive to produce a strong key
• Smaller keys for the same level of protection
• Comparatively inexpensive encryption/decryption
Verisign Public 16
19. Asymmetric Crypto: Overview
Public Key Private Key
Cleartext Ciphertext Cleartext
Encryption Decryption
• Public Key is well-known and published to all
• Private Key is secret and must be stored safely by owner
• Encrypt with one Key, Decrypt with another Key
• Infeasible to compute Private Key from Public Key
Verisign Public 19
20. Asymmetric Crypto: Security Goal
Cryptographic
Primitives =>
Security Goals
Hash
Salted
Hash
MAC
HMAC
Symmetric
Key
Crypto
Asymmetric
Key
Crypto
Digital
Signature
Digital
Certificates
Data Integrity
Data Authentication
Non-Repudiation
Confidentiality *
Trust
* Public key can be used to encrypt data that can only be decrypted using Private key
Verisign Public 20
21. Comparing Crypto Strengths
• Smaller Keys are more
efficient
• Faster generation
• Faster encrypt/decrypt
• Smaller encrypted output
• Longer keys have higher
crypto strength
• For same algorithm
• Symmetric Keys are
smaller for same crypto
strength
Verisign Public 21
22. Asymmetric Crypto: Overview
• Key generation, encryption/decryption are expensive
compared to symmetric keys
• Used to encrypt small amounts of data, mostly for authentication
• Rarely used for encryption of regular data which is voluminous
• Private key must be securely stored similar to symmetric
keys
Verisign Public 22
23. Asymmetric Crypto: Uses
• Secure Communications
• Data origin authentication
• No interception/diversion aka Man-in-the-middle
• Symmetric Key exchange during session establishment
• SSL, PGP, SSH
• Mechanisms
• Digital Signatures
• Digital Certificates
Verisign Public 23
25. Digital Signatures: Overview
Transmitting Host
hashed
5f4dcc3b5aa765d61
d8327deb882cf99
encrypted
private key
n3eJrIzB3UvIbh01z61
bEPFDpbZXyzvLORB
C5spQLI8=
Receiving Host
hashed
5f4dcc3b5aa765d61
d8327deb882cf99
==
5f4dcc3b5aa765d61
d8327deb882cf99
decrypted
public key
n3eJrIzB3UvIbh01z61
bEPFDpbZXyzvLORB
C5spQLI8=
clear text data
Insecure Channel
encrypted hash
• Builds on Hashing and Asymmetric Crypto
• Actual data remains in cleartext but signature is attached
• Data origin authentication, Data integrity assurance
Verisign Public 25
26. Digital Signatures: Security Goal
Cryptographic
Primitives =>
Security Goals
Hash
Salted
Hash
MAC
HMAC
Symmetric
Key
Crypto
Asymmetric
Key
Crypto
Digital
Signature
Digital
Certificates
Data Integrity
Data Authentication
Non-Repudiation
Confidentiality *
Trust
* Public key can be used to encrypt data that can only be decrypted using Private key
Verisign Public 26
27. Digital Signatures: Details
• Algorithms
• RSA/SHA-x, DSA, ECDSA (Elliptic Curve)
• Applications
• PGP Signed Email, SSL Certificate Signatures, DNSSEC
Attack Mitigation
• Signature forgery by exploiting
weak hash functions
• Private key compromise
• Strong hashes and strong
encryption
• Secure private key storage
Verisign Public 27
28. Digital Certificates: Signatures + Chain of Trust
• Builds on Digital Signatures and PKI
• Certificate is a "Digitally Signed Public Key"
• Chain of Trust with Certificate Authorities
• DNSSEC also has Chain of Trust but no certs
Verisign Public 28
29. Digital Certificates: Details
• Certificate is public and valid for a
time interval (typically years)
• Certifies that Public Key identifies
Subject
• DNS hostname, Email address etc.
• Affixed with CA signature
• Verifier configures Trust Anchor
• a node in the Chain of Trust
• root always trusted
• Root CA is ultimate authority
• Self-signed certificate trusted by clients
Digital Certificate
• Version
• Serial Number
• Signature Algorithm
• Issuer Name
• Validity
• Not Before Date
• Not After Date
• Subject Name
• Subject Public Key
• Algorithm
• Key
• Extensions
• Signature
Verisign Public 29
30. Digital Certificates: Security Goal
Cryptographic
Primitives =>
Security Goals
Hash
Salted
Hash
MAC
HMAC
Symmetric
Key
Crypto
Asymmetric
Key
Crypto
Digital
Signature
Digital
Certificates
Data Integrity
Data Authentication
Non-Repudiation
Confidentiality *
Trust
* Public key can be used to encrypt data that can only be decrypted using Private key
Verisign Public 30
31. Digital Certificates: Details
Attack Mitigation
• Private key compromise
(anywhere in Trust Chain)
• Fraudulent yet
cryptographically valid certs,
typically via hash collisions
• Use reputed CAs
• Strong encryption and hash
functions
• Secure Key Storage
• Certificate Revocation
Verisign Public 31
33. Cloud Data Security: Context
• Data Security is crucial for Enterprises
• Data Protection is vital for Reputation
• Concerns on Data Security are a deterrent to broader
adoption of Cloud Computing
• Data moves out of Enterprise boundaries
• Trust on Cloud providers
• Shared infrastructure
• Yet benefits of Cloud Computing are compelling
• Need for comprehensive and non-intrusive data security
Verisign Public 33
34. Top Cloud Data Security Issues: Gartner
• Breach notification and data residency
• Data management at rest
• Data protection in motion
• Encryption key management
• Access controls
• Long-term resiliency of the encryption system
Verisign Public 34
35. Cloud Data Security: Who is responsible ?
“Encryption of sensitive data is generally a good security practice,
and AWS encourages you to encrypt your sensitive data via an
algorithm consistent with your applicable security policy.”
– Amazon Web Services: Overview of Security Processes
• Who is responsible for the overall security ?
• Different levels of providers
• Shared infrastructure can make extent of breach higher
• APIs allow many admin functions to be carried out
• Malicious entities can look for weaknesses in the API
• Can gain broad access to shared infrastructure
Verisign Public 35
36. Cloud Data Security: Encryption Layers
• Different Layers of Encryption
• Block Storage / Disks
• Filesystems
• Databases
• Applications
Applications
Databases
Filesystems
Disks
• Higher-level encryption can protect better but is harder
• Key question: Who has the key(s) ?
• They have access
• Disks encrypted by provider
• Provider can see disk content
• Filesystems encrypted by provider
• Provider can see file content
• … and so on
Verisign Public 36
37. Cloud Data Security: Broad Concerns
• Is server based encryption sufficient ?
• Encryption Gateways on the client/enterprise side
• How secure are the encryption keys ?
• Stored in the Cloud - Secured VM, HSM
• Stored by Client/enterprise (Encryption Gateways)
Verisign Public 37
38. 1-way Hashes: Upshot for Cloud
• If your cloud provider is able to send you your password
for Forgot Password, …
• Apps hosted by you on provider’s infra should use 1-
way hashes with salt for storing passwords in the
database
Verisign Public 38
39. Symmetric Crypto: Upshot for Cloud
• Secure way to store uploaded data, sensitive personal
information in databases, VM images, emails etc.
• Cloud service provider
• What is encrypted and using what mechanism?
• How and where are secret keys stored ? Are they rotated ?
• Is there a way that only I can use the secret key without the
provider having access to it ?
• Apps provided by you
• Are you encrypting sensitive data stored in databases, Text
Search indexes etc.
• How secure is your secret key ?
Verisign Public 39
40. Asymmetric Crypto: Upshot for Cloud
• Cloud Service Provider
• Are they using valid non-expired SSL certificates and strong
encryption ?
• Server certs and client certs (if applicable)
• Are their domains DNSSEC enabled ?
• Protection against DNS Cache Poisoning Attacks
• Do they renew certificates and roll over DNSSEC keys ?
• Apps provided by you
• Is HTTPS used for all confidential exchanges ?
• Are signed emails used especially for input emails that trigger
workflow actions ?
• Is certificate-based client authentication implemented properly ?
Verisign Public 40
42. Hardware Security Modules
• Secure and tamper-resistant storage for high-value keys
• Traditionally used for CAs, DNSSEC signers
• Now being considered for more uses in the Cloud
• Very difficult to access/steal keys from the device
• Various FIPS levels
• May Respond to tamper attempts
• Highly secure ones can self-destruct keys
• Often JCE KeyStore provider is supplied by vendor
• Can use JCE KeyStore abstraction directly from Java apps
• If not, need to use a JCE PKCS#11 Provider
• Uses JNI to invoke the native PKCS#11 API libraries
Verisign Public 42
43. Hardware Security Modules
• Key stays within the HSM
• Cryptographic operations
occur within the hardware
• signing
• encryption/decryption
• Cryptographic black box
• input data goes in
• cryptographically
transformed data comes out
Storage
Creation
Destruction
Usage Distribution
Verisign Public 43
44. Cloud Encryption Gateways
SaaS
PaaS
IaaS
Encryption
Gateway
SaaS forms
PaaS API
Cloud DB
JDBC
• Intercept and transform sensitive data before it goes out
• Replace it with a random token or strongly encrypted value
• Must be of same size and type, else things will break
• Do reverse operation for data coming back into premises
• Real-time crypto operation on every request/response
Verisign Public 44
45. Cloud Encryption Gateways
• Enterprise owns encryption key or token vault
• Data stored in Cloud provider’s datastores is mangled
• Data stores include databases, Text Search indexes
• Sensitive data not compromised
• Field-based operation
• Can specify the sensitive fields
• Only those will be transformed
• Cloud platform aware
• Gateway needs to do transformations specific to the SaaS, PaaS
involved in the interaction
• Not platform-agnostic
Verisign Public 45
46. Cloud Encryption Gateways – Format Preservation
• Format preserving encryption
• Usually encryption produces longer ciphertext than plain-text
• logical data type may change too
• e.g. 1234567812345670 (16 digit number) ->
lqRcvPnCqUJc3p4nSUjLZw==, (24 char base64 encoded string)
• Size and datatype mismatch in transformation will break things
• Database column type and length
• Application data types and length
• Ciphertext is in same format (type and length) as input plaintext
• Input: 10 digit numeric id, Output: a different 10 digit numeric id
• Input: 30 character address, Output: 30 character mangled string
Verisign Public 46
47. Cloud Encryption Gateways – Function Preservation
• Function preserving encryption
• Just format preservation may not be sufficient
• What about
• Wildcard matches
• Sort orders
• Need encryption/tokenization that is order-preserving
• More generally function-preserving
• Solutions implementing such encryption are now available
• Possibility of reduced encryption strength
• Not yet clear if strength is within acceptable limits
Verisign Public 47
48. Fully Homomorphic Encryption: Active research area
• Servers process data without decrypting and return (still-encrypted)
results
• Encryption + decryption only at client end
• only client has keys
• Data is stored in encrypted form as sent by client
• No encryption or decryption done by server
• Server operates in ciphertext space itself
• Server does not see any plaintext query or plaintext results
• General operations are theoretically possible
• Currently not practically efficient
• But major breakthroughs in the last few years
Verisign Public 48
49. Conventional vs Fully Homomorphic Encryption
Server
Processing Logic
Decrypt Encrypt
Encrypt Decrypt
Client
Server
Processing Logic
Encrypt Decrypt
Client
Verisign Public 49
50. Conclusion
• Many pieces to the Cloud Data Security puzzle
• Innovative solutions are emerging based on well-proven
(and also a few not-so-well-proven !) building
blocks
• Comprehensive approaches involving all parties are
the need
• News of breaches causes discomfort
• It may take a while before comfort levels are reached
Verisign Public 50
51. References
• NIST Special Publication 800-57 Recommendation for
KeyManagement – Part 1: General (Revision 3)
• MD5 considered harmful today: Creating a Rogue CA
Certificate
• Six security issues to tackle before encrypting cloud data
http://www.computerweekly.com/news/2240180087/Six-security-
issues-to-tackle-before-encrypting-cloud-data
Verisign Public 51