Threat In The Cloud Team Members Computer Science

Add: 22-11-2017, 18:39   /   Views: 119

Many people believe that cloud computing has a very huge scope in future. With the introduction of cloud computing the conventional way of using the hardware has changed and many of them prefer to use the servers online, but they involve data security issues. For instance consider a popular photo-sharing site Instagram they use Amazon EC2 computing service to provide services to their users, it provides privacy to the users data by using Secure Socket Layer and Secure Shell.

Most of the cloud users are not aware of the fact that the users tasks mingle in the shared hardware because the cloud providers individually isolate all the users in separate VM. The VM perform cryptography to protect the data from nosy users. But few researchers say that the existing level of protections might not be enough. The team of researchers from University of North Carolina, RSA Laboratories and the University of Wisconsin proved that the cryptographic keys of one VM can be extracted from another, even when all the cloud security features are perfectly enabled.[1] This has been made possible by the side channels which let the sensitive data go.

Side Channels:

The side channel attacks generally occur when an unexpected vector tries to get the internal operational details of a machine. These attacks play a very prominent role in the field of cryptography. The clouds are at a very high risk with these side channels because a numerous VM's share the hardware on a single computer and it is easy for an external program to track the behavior of the programs. These attacks are of a great concern to the cloud experts but the providers ignore it because it is very hard for an attacker to succeed. As the cloud providers run different VM on a single server they add noise and foil to the attempts of the attacker and even the VMM adds on more noise to stop the attacker. Also all the individual VM are swapped among the servers.

The New Attack:

The new research has been started which focuses on the XEN VMM, it is a software which is used to run the services provided by Amazon EC2. The attack is not directly implemented on EC2, it concentrates on services with similar hardware. Consider an instance where the victim and the attacker are residing on the same virtual machine and the victim is trying to decrypt the Elgamal ciphertext using libgcrypt v.1.5.0. The Elgamal encryption is very prone to side channel attacks because here the encryption is performed only on a part of cipher text. Consider 'X' as the cipher text, in this encryption technique we computer the Xemod N where e is the secret key and N is a prime number. It uses the square-and-multiply algorithm which depends on the bits of the secret key. Here if the ith bit of the secret key bits is 1 then the steps multiply (M) and modreduce (R) are executed. Side Channel attacks have been dated to the early 1990's [2] and they have been made effective with the advancements in the technology.

Square-and-Multiply Algorithm

SquareMult(X, e, N):

Let en,……, e1 be the bits of e

y  1

for i = n down to 1 {

y  Square(y) (S)

y  ModReduce(y, N) (R)

if ei = 1 then {

y  Mult(y, z) (M)

y  ModReduce(y, N) (R)


return y

So far no one tried to attack the Xen VMM as this application is a very challenging for reasons like

Frequency at which the attacking process is performed to make the precise decisions

Many virtual CPU's connected to one core

Noisy measurements that provide details only about the operations that have already occurred on the victim process.

Exploiting Cache Misses:

In this attack the attacker VM initially allocates continues memory locations to the L1 instruction cache [3]. It then starts the execution of series of instructions to load the cache with cache-lined-sized blocks it controls. Further the attacker stops the execution of instruction and hopes the victim to run on same core with square-and-multiply algorithm. If it happens a series of -lined-sized blocks are removed from the cache. In this attack the blocks that are evicted highly depends on the operations the attacker performs. Now the attacker has to regain the control as soon as possible to know which blocks have been removed. If the intended blocks are evicted the execution will result in an execution delay and the caches miss. By compiling the missing blocks the attacker gains information about which instruction were running on the victim. The biggest challenge is to obtain the control quickly, but few exceptions exist as Xen gives more priority to VCPU's that receive an interrupt.

Making Order out of Chaos:

Finding the solutions to these issues has made the research more interesting. Initially the researchers assumed that the device is constantly decrypting with only one key. Next they have applied a machine-learning technique which helps to learn the possible instruction sequences in the cache. For this they had to train the algorithm to attack a VCPU that is performing square-multiply and modular reduce calls, they have even processed the data to avoid errors. After so much of work the attacker was facing thousands of fragments containing errors and low confidence results. Figure 1 below explains this process with an example that constructs six fragments to obtain a spanning sequence

The Outcome:

The researchers have attacked a 4096bit Elgamal public key which has a private key with 457bits. After data collection they obtained 1000key related fragments out of which 330 can be used to reconstruct the key. With this attackers were able to obtain the key with few missing bits which could be obtained using brute force algorithm.

What Does This Mean for Cloud Cryptography:

The researchers have implemented libgcrypt and and Elgamal because their cryptographic equivalent to the 1984 Stanley Lawnmower engine. It uses square-and-multiply with no further optimizations. Moreover this attack works only for two VM's having identical hardware, but real cloud services do not use much identical softwares. Finally, to target any VM you must get the target code on the same hardware which is pretty challenging

This research allows us to think hard about these attacks and how to prepare more challenging cloud platforms.

Future Scope:

Cloud computing is a service which allows its consumers to store the sensitive data in the providers hardware. The service provider allows the users to store their data by creating a separate virtual machine for each individual customer, all these virtual machines reside on a single server or multicore servers. As these VM's reside on a single hardware they are prone to security attacks.

There are many kinds of attacks that try to affect the data in the cloud. Many risks in the clouds depends on the trust relationship between the cloud service providers and the customers. For example the customers have to trust the service providers to respect the integrity of their private computations. But the cloud infrastructures are in such a way that even a customer can introduce non-obvious malicious files into the cloud. There is a threat from the other users as all the resources are transparently shared among the virtual machines. This sharing of hardware in turn endangers a new threat called the side-channel attacks, here the attacker might penetrate isolation between virtual machines and violate customer confidentiality. These types of attacks are mainly performed in two steps replacement and extraction. Initially the attackers try to replace the existing virtual machines with malicious virtual machines. Now the next step the attacker does is to extract confidential information via a cross-VM attack.

In future there is a chance of having many cloud related insider threats that can be classified into three kinds, they are:

Rogue Administrator:

This is a kind of threat in which the sensitive data is lost. The insider is financially motivated to make the fraud or theft of the data i.e. where an employee seeks to harm the employer's IT infrastructure. This kind of threat can be further divided in to four types,

Hosting Company Administrators

Virtual Image Administrators

System Administrators

Application Administrators

So the cloud provider should also keep an eye on the employees in order to maintain the organizations name and to provide utmost data security for its users.

Exploit Weaknesses Introduced by Use of the Cloud:

This is another overlooked problems of the cloud computing. The employee in the organization tries to gain the access to the organization systems and data by exploiting the vulnerable areas in the use of cloud service. The data accessed can be sold or can be used for the future employment opportunities.

Using the Cloud to Conduct Nefarious Activity:

In this kind of threat, the cloud related insider itself caries out an attack on his own employer. The attacker uses the cloud as the tool in order to perform the attack on the data targeted that are not associated with the cloud based systems.


Cloud computing security is still crude and is open for many improvements in the field of security. The inside threats are persistent and increasing problem. The insiders make the opportunities broaden for the attackers to attack on the security of the cloud. The future research about the insider threats in the cloud should focus on the vulnerable threats by using cloud computing services has to be done. The following are the aspects that the researchers must work on for improvement in the security of cloud computing.

Socio-technical approach to insider threats

Predictive models

Identifying cloud-based indicators

Virtualization and hypervisors

Awareness and reporting

Normal user behavior analysis

Policy integration

Figure 1