In this project a solution for data confidentiality and integrity in cloud storage systems is examined. The available solutions in the market are studied, whereupon the possibilities for a solution based on cryptography is analysed, and as a result the cryptographic access control mechanism is proposed. In this security solution, cryptography is used to ensure confidentiality and integrity of the stored data. The main quality in this solution is that the security operations are performed at the client side, and thus the users do not need to trust the cloud servers. The only elements that make it possible to access the stored data are the corresponding keys, and thus file sharing between users can only happen by exchanging keys.
On the basis of the analysis, a design is developed for a system that should have the mentioned properties. According to this design, a prototype is implemented to demonstrate the security solution in practice.
This document starts with a description of the core element in the system, namely cryptography, followed by a discussion and comparison of the available security solutions for well-known cloud storage systems. This exploration shows that there is not any standard or a common agreement regarding the security solutions in the cloud. Various solutions are used by different providers, usually in a hybrid way. For instance, Amazon uses ACLs (Access Control Lists) as an access control mechanism, and SSL channel for data transfer, and besides they also use cryptography for data confidentiality. Most well-known cloud computing providers like Amazon, Google and Microsoft use security solutions at the server side. However there are some providers, such as Carbonite, Mozy, etc. that offers symmetric encryption at the client side, but what is common for most of the providers is that the presence of a trustworthy data integrity mechanism is missing. In contrast to the available security solutions, cryptographic access control ensures confidentiality and integrity of data at the client side.
In order to demonstrate the cryptographic access control mechanism, we needed a cloud storage system to apply our solution to it. For this purpose, we used Infinispan, which is an open source in-memory data grid platform that can be used to build a cloud storage system using multiple Infinispan cache nodes connected to each other. Infinispan provides primarily an in-memory storage, but it can also be configured to support data persistency. The prototype therefore contains two main parts, namely the cryptographic access control mechanism and its integration with the Infinispan data grid.
72 Conclusion We have accomplished an evaluation of the system, which gave us an idea about whether or not the system is usable in real-world. The evaluation process can be divided in three main parts: Performance evaluation of the Infinispan data grid, performance evaluation of the cryptographic access control mechanism and security evaluation of the whole system.
First of all, the Infinispan data grid with enabled data persistency was run in local mode, i.e.
running one instance of Infinispan on a local machine. The results showed that the performance of file transfer could be considered as being acceptable compared to the actions performed locally in the file system of Windows 7 OS. However Infinispan was about 3 times slower than Windows file system operations, but since it is implemented in Java, the result was not surprising. A more interesting situation was when we run Infinispan in distributed mode, i.e. running multiple instances of Infinispan cache in different machines. When we tested it in distributed mode, the performance was decreased remarkably, and sometimes the data transfer did not succeed in some of the cache nodes. We found out that this is because of the concurrency, which is used in writing data to the cache nodes. In this case a deadlock occurs, and after a predefined timeout, the operation is interrupted. As a result, in the current situation of Infinispan, it is not suitable to be used in practice.
The result of the test regarding the performance of cryptographic access control mechanism showed that actually this solution is on its way to be usable in practice. We compared the encryption process with a well-known and widely used software, called TrueCrypt. However the implementation of TrueCrypt was about 5 times faster than ours, but after some further revisions and developments, it can surely be used as a practical security solution for the cloud storage systems.
Regarding the security of cryptographic access control, we should mention that the only possible way to read or write the data is to have the corresponding keys, and the keys are only available on the authorised client’s machine. (It is of course assumed that the client’s machine is immune against unauthorised access.) On the other hand, the algorithms used for encryption and digital signature are fully tested and approved over many years, and as a result they are practically unbreakable with the current technology. Ergo we have to admit that the solution primarily guarantees data confidentiality and integrity.
There are many other threats against the security of network systems, and the cloud computing system is not an exception in this context. The well-known attacks are discussed in this document, which are DoS (Daniel-of-service) attack, man-in-the-middle attack and traffic analysis. Many of these kinds of attacks are mostly targeted towards the data availability and communication, but they do not threaten the cryptographic access control mechanism directly. However traffic analysis can be used to trace the client, and thus get access to the keys, but if clients use firewalls and other mechanisms that enable them to have anonymous interactions with the cloud storage, this threaten would be diminished.
All in all the system works as expected according to the results achieved by functional tests stated in appendix A. However storing data to Infinispan data grid in distributed mode is not
6.3 Further Improvements 73
fully consistent with what is expected, but it is a shortcoming in the Infinispan implementation.
Considering and applying a solution to this issue would be out the scope of this project.
74 Conclusion
75