Upload
akash-kamble
View
28
Download
2
Embed Size (px)
Citation preview
Cloud Computing and Security
Issues with Cloud and security
Principles of security
Confidentiality – only sender and receiver have access to data Authentication – who is who? Integrity – data/msg travels without alteration(Modification) Non-repudation – do not allow sender/r to deny the claim of not sending/r the
msg Availability – resource/service must be available to authentic users(DOS) Access Control – Role & Rule mgmt.
Types of attacks
Passive – doesn’t involve modification(traffic analysis) Active - modification happens in some way(Modification,DOS) Packet sniffing Packet spoofing Phishing – fraudal attempt to steal info. Socially engineered
Cryptography
Plain text – message – language easily understood Cipher text – encrypted message – language cannot be understood Cryptography – Art of hiding messages
Cryptos=hidden/secret Graphein=to write
Cryptography techniques
Substitution cipher – subs one alphabet with another (Caesar) Transposition cipher – changing the position/arrangement of
alphabets (Rail Fence)
Basic terms
Encryption – plain -> cipher Decryption – cipher -> plain Algorithm + key (algo=technique) Key size determines time to crack
Types of cryptography
Symmetric key Same key for enc. dec. very fast Key distribution prob
Asymmetric key Key pair Slow Exponentiation & Modulus RSA-(Rivest-Shamir-Adleman)
Hashing and Digital Sign.
Hash – unique representation of a message similar to human fingerprint Digital signature – Hashing algos – MD5(128),SHA-1(160),SHA-2
Data level security
SaaSApp
MiddlewareGuest OS
HypervisorStorage
H/WN/W
PaaSApp
MiddlewareGuest OS
HypervisorStorage
H/WN/W
IaaSApp
MiddlewareGuest OS
HypervisorStorage
H/WN/W
Data Security
Create Store Use Share Archive
Destroy
Fig.- Life cycle of data
Issues with Service Providers
Creation – What is confidential/can be shared? Rights & permissions while creation
Storage – Where is my data? How its separated from other users’ data? Which data will be encrypted & how? Key types and permissions? Is govt. Able to seize it? Backup & recovery
Issues with Service Providers
Usage and Sharing - Is the data intact? (auditing and accounting) Logs? Is it encrypted while in transit?
Achieving – Type of media used?
Destruction(Data Remanence) – Are all the redundant copies deleted? How to ensure that?
Fin.
Thank you!