Module - 6

Fundamental Cloud Security and

Mechanisms

1
Contents
• Basic terms and concepts
• Threat agents
• Cloud security threats
• Encryption
• Hashing
• Digital Signature
• Public Key Infrastructure (PKI)
• Identity and Access Management (IAM)
• Single Sign-On (SSO)
• Cloud Based Security Groups
• Hardened Virtual Server Machines
2
Basic terms and concepts
• Information security is a complex ensemble of technologies,
techniques regulations that collaboratively protect the integrity and
access to system and data.
• IT security measures aim is to defend against threats and interference
that arise from malicious and unintentional user error.
Confidentiality
Means only authorized persons can accessible. In cloud environment
confidentiality means restricting access to data while transmitting and
storage.

3
Contin..
Confidentiality
Means only authorized persons can accessible. In cloud environment
confidentiality means restricting access to data while transmitting and
storage.

Fig: The message issued by the cloud consumer to the cloud service is considered confidential
only if it is not accessed or read by an unauthorized party.

4
Integrity
The data can’t be altered by the third party. In cloud environment the
integrity issue is that whether the cloud consumer be guaranteed that
the data transmit to the cloud matches the data received by the cloud
service.

Fig: The message issued by the cloud consumer to the cloud service is considered to
have integrity if it has not been altered.

5
Authenticity
Authenticity is the characteristic of something having been provided
by an authorized source. Authentication in non-repudiable interactions
provides proof that these interactions are uniquely linked to an
authorized source.
Availability
Availability is the characteristic of being accessible and usable during a
specified time period.
In typical cloud environments, the availability of cloud services can be a
responsibility that is shared by the cloud provider and the cloud carrier.
The availability of a cloud –based solutions that extends to cloud
service consumers is further shared by the cloud consumer.

6
Threat
A threat is a potential security violation that can challenge defenses in an attempt to breach
privacy and/or cause harm.
A threat that is carried out results in an ATTACK.
Vulnerability
A vulnerability is a weakness that can be exploited either by insufficient security controls, or
because existing security controls are overcome by an attack.
IT resource vulnerabilities can have of causes ,including configuration deficiencies, security
policy weakness, user errors, hardware or firmware flaws, software bugs, and poor security
architecture.
Risk
Risk is the possibility of loss or harm arising from performing an activity. Risk is typically
measured according to its threat level and the number of possible or known vulnerabilities.
Two metrics can be used to determine risk for IT resources.
• The probability of a threat occurring to exploit vulnerabilities in the IT resource
• The expectation of loss upon the IT resource being compromised.
7
Security Controls
Security controls are countermeasures used to prevent or respond to
security threats and to reduce or avoid risk.
Security Mechanisms
Countermeasures are typically described in terms of security
mechanisms, which are components comprising a defensive framework
that protects IT resources, information, and services.
Security Policies
A security policy establishes a set of security rules and regulations.
For example, the positioning and usage of security controls and
mechanisms can be determined by security policies.

8
Threat Agents
• A threat agent is an entity that poses a threat because it is capable of
carrying out an attack.
• Cloud security threats can originate either internally or externally,
from humans or software programs.
• Security attacks are mainly aimed at Stealing, altering or destroying
personal and confidential information,stealing the hard drive space
and illegal accessing passwords.

9
The role a threat agent assumes in relation to vulnerabilities, threats, and risks, and the
safeguards established by security policies and security mechanisms.

10
Anonymous Attacker
• An anonymous attacker is a non-trusted cloud service consumer
without permissions in the cloud.
• It typically exists as an external software program that launches
network-level attacks through public networks.
• Anonymous attackers commits acts like bypassing user accounts or
stealing user credentials.
• When anonymous attackers have limited information on security
policies and defenses, it can inhibit their ability to formulate effective
attacks.

Fig: The notation used for an anonymous attacker.

11
Malicious Service Agent
• A malicious service agent is able to intercept and forward the network
traffic that flows within a cloud.
• It typically exits as a service agent with compromised or malicious
logic.
• It may also exist as an external program able to remotely intercept
and potentially corrupt message contents.

Fig: The notation used for a malicious service agent

12
Malicious Insider
• A malicious insider is a human that attempts to abuse access
privileges to cloud premises.
• They are typically current or former employees or third parties with
access to the cloud provider’s premises.
• These agents carries tremendous damage as they may have
administrative privileges.
• It attempts to exploits legitimate credentials to target cloud provides
and the cloud tenets with whom they share IT resources.

Fig: The notation used for an attack originating from a

workstation. The human symbol is optional. 13
Trusted Attacker
• A trusted attacker exists as an authorized cloud service consumer with
legitimate credentials that it uses to exploit access to cloud-based IT
resources.

Fig: The notation that is used for a trusted attacker.

14
Cloud Security Threats
The common threats and vulnerabilities in cloud based environment
are
• Traffic Eavesdropping
• Malicious Intermediary
• Denial of Service
• Insufficient Authorization
• Virtualization Attack
• Overlapping Trust Boundaries

15
Traffic Eavesdropping
Traffic eavesdropping occurs when data being transferred to or within a cloud (usually from the cloud consumer
to the cloud provider) is passively intercepted by a malicious service agent for illegitimate information gathering
purposes.
-The aim of this attack is to directly compromise the confidentiality of the data and confidentiality of
relationship between the cloud consumer and cloud provider.

Fig: An externally positioned malicious service agent carries out a traffic eavesdropping attack by intercepting a message
sent by the cloud service consumer to the cloud service. The service agent makes an unauthorized copy of the message
before it is sent along its original path to the cloud service.
16
Malicious Intermediary
• The malicious intermediary threat arises when messages are
intercepted and altered by a malicious service agent, thereby
potentially compromising the message’s confidentiality and/or
integrity.
• It may also insert harmful data into the message before forwarding it
to its destination
• Malicious intermediary attack can also be carried out by a malicious
cloud service consumer program.

17
Fig: The malicious service agent intercepts and modifies a message sent by a cloud
service consumer to a cloud service (not shown) being hosted on a virtual server.
Because harmful data is packaged into the message, the virtual server is compromised.

18
Denial of Service
• The objective of the denial of service (DoS) attack is to overload IT
resources to the point where they cannot function properly.
This form of attack is commonly launched in one of the following ways:
• The workload on cloud services is artificially increased with imitation
messages or repeated communication requests.
• The network is overloaded with traffic to reduce its responsiveness
and cripple its performance.
• Multiple cloud service requests are sent, each of which is designed to
consume excessive memory and processing resources.

19
Fig: Cloud Service Consumer A sends multiple messages to a cloud service (not shown) hosted
on Virtual Server A. This overloads the capacity of the underlying physical server, which causes
outages with Virtual Servers A and B. As a result, legitimate cloud service consumers, such as
Cloud Service Consumer B, become unable to communicate with any cloud services hosted on
Virtual Servers A and B.

20
Insufficient Authorization
The insufficient authorization attack occurs when access is granted to
an attacker erroneously or too broadly, resulting in the attacker getting
access to IT resources that are normally protected.
This is often a result of the attacker gaining direct access to IT resources
that were implemented under the assumption that they would only be
accessed by trusted consumer programs.

21
Fig: Cloud Service Consumer A gains access to a database that was implemented
under the assumption that it would only be accessed through a Web service with a
published service contract (as per Cloud Service Consumer B).

22
• A variation of this attack, known as weak authentication, can result
when weak passwords or shared accounts are used to protect IT
resources.
• Within cloud environments, these types of attacks can lead to
significant impacts depending on the range of IT resources and the
range of access to those IT resources the attacker gains

23
Fig: An attacker has cracked a weak
password used by Cloud Service Consumer
A. As a result, a malicious cloud service
consumer (owned by the attacker) is
designed to pose as Cloud Service
Consumer A in order to gain access to the
cloud-based virtual server.

24
Virtualization Attack
• A virtualization attack exploits vulnerabilities in the virtualization
platform to expose its confidentiality, integrity, and/or availability.

where a trusted attacker successfully accesses a virtual server to compromise its

underlying physical server. With public clouds, where a single physical IT resource may
be providing virtualized IT resources to multiple cloud consumers, such an attack can
have significant consequences.

25
Overlapping Trust Boundaries
• If physical IT resources within a cloud are shared by different cloud
service consumers, these cloud service consumers have overlapping
trust boundaries.
• Malicious cloud service consumers can target shared IT resources
with the intention of compromising cloud consumers or other IT
resources that share the same trust boundary.
• The consequence is that some or all of the other cloud service
consumers could be impacted by the attack and/or the attacker could
use virtual IT resources against others that happen to also share the
same trust boundary.

26
Cloud Service Consumer A is trusted by the cloud and therefore gains access to a
virtual server, which it then attacks with the intention of attacking the underlying
physical server and the virtual server used by Cloud Service Consumer B

27
Encryption
• Encryption technology commonly relies on a standardized algorithm
called a cipher to transform original plaintext data into encrypted
data, referred to as ciphertext.
• When encryption is applied to plaintext data, the data is paired with a
string of characters called an encryption key, a secret message that is
established by and shared among authorized parties.
• The encryption key is used to decrypt the ciphertext back into its
original plaintext format.
• The encryption mechanism can help counter the traffic
eavesdropping, malicious intermediary, insufficient authorization, and
overlapping trust boundaries security threats.
28
Fig: A malicious service agent is unable to retrieve data from an encrypted
message. The retrieval attempt may furthermore be revealed to the cloud
service consumer.

29
Types of encryption
There are two common forms of encryption
Symmetric Encryption
Asymmetric Encryption

30
Symmetric Encryption
• Symmetric encryption uses the same key for both encryption and
decryption, both of which are performed by authorized parties that
use the one shared key.
• Also known as secret key cryptography, messages that are encrypted
with a specific key can be decrypted by only that same key.
• A basic authentication check is always performed, because only
authorized parties that own the key can create messages. This
maintains and verifies data confidentiality.
• Note that symmetrical encryption does not have the characteristic of
non-repudiation, since determining exactly which party performed
the message encryption or decryption is not possible if more than
one party is in possession of the key
31
Asymmetric Encryption
• Asymmetric encryption relies uses two different keys, namely a
private key and a public key.
• With asymmetric encryption (which is also referred to as public key
cryptography), the private key is known only to its owner while the
public key is commonly available.
Example: A document that was encrypted with a private key can only
be correctly decrypted with the corresponding public key. Conversely,
a document that was encrypted with a public key can be decrypted
only using its private key counterpart.
• Asymmetric Encryption is slower than symmetric Encryption.

32
• Messages that were encrypted with a private key can be correctly
decrypted by any party with the corresponding public key. This
method of encryption does not offer any confidentiality protection,
even though successful decryption proves that the text was encrypted
by the rightful public key owner.
• A message that was encrypted with a public key can only be
decrypted by the rightful private key owner, which provides
confidentiality protection in addition to authenticity and non-
repudiation.

33
• The encryption mechanism, when used to secure Web-based data
transmissions, is most commonly applied via HTTPS, which refers to
the use of SSL/TLS as an underlying encryption protocol for HTTP.
• TLS (transport layer security) is the successor to the SSL (secure
sockets layer) technology. Because asymmetric encryption is usually
more time-consuming than symmetric encryption, TLS uses the
former only for its key exchange method. TLS systems then switch to
symmetric encryption once the keys have been exchanged.
• Most TLS implementations primarily support RSA as the chief
asymmetrical encryption cipher, while ciphers such as RC4, Triple-DES,
and AES are supported for symmetrical encryption.

34
Hashing
• The hashing mechanism is used when a one-way, non-reversible form of
data protection is required. Once hashing has been applied to a message, it
is locked and no key is provided for the message to be unlocked. A common
application of this mechanism is the storage of passwords.
• Hashing technology can be used to derive a hashing code or message digest
from a message, which is often of a fixed length and smaller than the
original message.
• The message sender can then utilize the hashing mechanism to attach the
message digest to the message. The recipient applies the same hash
function to the message to verify that the produced message digest is
identical to the one that accompanied the message.
• Any alteration to the original data results in an entirely different message
digest and clearly indicates that tampering has occurred.
35
In addition to its utilization for protecting stored data, the cloud threats that can be mitigated by the hashing
mechanism include malicious intermediary and insufficient authorization.

A hashing function is applied to protect the integrity of a message that is intercepted and
altered by a malicious service agent, before it is forwarded. The firewall can be configured to
determine that the message has been altered, thereby enabling it to reject the message
before it can proceed to the cloud service.
36
Digital Signature
• The digital signature mechanism is a means of providing data
authenticity and integrity through authentication and non-repudiation.
• A digital signature provides evidence that the message received is the
same as the one created by its rightful sender.
• Both hashing and asymmetrical encryption are involved in the creation
of a digital signature, which essentially exists as a message digest that
was encrypted by a private key and appended to the original message.
• The recipient verifies the signature validity and uses the corresponding
public key to decrypt the digital signature, which produces the message
digest.
• The hashing mechanism can also be applied to the original message to
produce this message digest.
37
• The digital signature mechanism helps mitigate the malicious intermediary, insufficient authorization,
and overlapping trust boundaries security threats.

Cloud Service Consumer B sends a message

that was digitally signed but was altered by
trusted attacker Cloud Service Consumer A.
Virtual Server B is configured to verify digital
signatures before processing incoming
messages even if they are within its trust
boundary. The message is revealed as
illegitimate due to its invalid digital signature,
and is therefore rejected by Virtual Server B.

38
Whenever a cloud consumer performs a management
action that is related to IT resources provisioned by
DTGOV, the cloud service consumer program must
include a digital signature in the message request to
prove the legitimacy of its user.

39
• Digital signatures provide DTGOV with the guarantee that every
action performed is linked to its legitimate originator.
• Unauthorized access is expected to become highly improbable, since
digital signatures are only accepted if the encryption key is identical to
the secret key held by the rightful owner.

40
Public Key Infrastructure (PKI)
• A common approach managing the issue of asymmetric keys is based on the
public key infrastructure(PKI) mechanism.
• Which exists as a system of protocols, data formats, rules and that provides
security for large scale systems using public key cryptography.
• This system is used to associate public keys with their corresponding key
owners known as public key identification used for verification key validity.
• PKI are used in digital certificates which are digitally signed data structures
that bind public keys to certificate owner identities and related information
such as validity periods.
• Digital certificate is a small file on computer its extension is .cer. It establish
a relationship between user and public key.
• Which are issued by Digital certificate authority.
41
• Digital certificate contains the following information like
Username: xyz
Public key: 2#4&5$
Serial no:12345
Other info: [email protected]
Valid from: 4-5-21
Valid to: 5-8-22
Issuer name: verifying
X.509 defines the standard of digital certificates.

42
 The common steps involved during the
generation of certificates by a certificate
authority.

REGISTRATION
AUTHORITY

Issue Certificate

Certificate Authority
43
Identity and Access Management
(IAM)
• The identity and access management (IAM) mechanism encompasses
the components and policies necessary to control and track user
identities and access privileges for IT resources, environments, and
systems.
• It consists of 4 components
1. Authentication.
2. Authorization.
3. User management.
4. Credential management.

44
Authentication: Username and password are the common form of
authentication credentials managed by the IAM system, which can also
supports digital signatures, digital certificates, biometric hardware(fingerprint),
specialized software(voice analysis) and locking user accounts registered to IP
or MAC addresses.
Authorization: It defines the access granularity control and oversees the
relationship between user identities, access control rights and IT resources
availability.
User Management: It is a program responsible for creating user identities,
access groups, resetting passwords, defining password policies, and managing
privileges.
Credential Management: It establishes identities and access control rules for
defined user accounts which mitigates the threat of insufficient authorization.
The IAM mechanism is primarily used to counter the insufficient authorization,
denial of service, and overlapping trust boundaries threats.
45
Single Sign-On (SSO)
• Propagating the authentication and authorization information for a cloud
service consumer across multiple cloud services can be a challenge.
• The single sign on mechanism enables one cloud service consumer to be
authenticated by security broker which establishes a security context that is
persisted while the cloud service consumer access other cloud services or
cloud based IT resources. Otherwise the consumer reauthenticate for each
subsequent request.
• The SSO mechanism essentially enables mutually independent cloud
services and IT resources to generate and circulate runtime authentication
and authorization credentials.
• The credentials initially provided by the cloud service consumer remain valid
for the duration of a session, while its security context information is shared.

46
A cloud service consumer provides the security broker with
login credentials (1). The security broker responds with an
authentication token (message with small lock symbol) upon
successful authentication, which contains cloud service
consumer identity information (2) that is used to automatically
authenticate the cloud service consumer across Cloud Services
A, B, and C (3)

47
The credentials received by the security broker are propagated to readymade
environments across two different clouds. The security broker is responsible for
selecting the appropriate security procedure with which to contact each cloud.

48
Cloud-Based Security Groups
• Cloud resource segmentation is a process by which separate physical
and virtual IT environments are created for different users and groups.
• For example, an organization’s WAN can be partitioned according to
individual network security requirements. One network can be
established with a resilient firewall for external Internet access, while a
second is deployed without a firewall because its users are internal
and unable to access the Internet.
• Resource segmentation is used to enable virtualization by allocating a
variety of physical IT resources to virtual machines. It needs to be
optimized for public cloud environments, since organizational trust
boundaries from different cloud consumers overlap when sharing the
same underlying physical IT resources.
49
• The cloud-based resource segmentation process creates cloud-based
security group mechanisms that are determined through security
policies.
• Networks are segmented into logical cloud-based security groups that
form logical network perimeters.
• Each cloud-based IT resource is assigned to at least one logical cloud-
based security group.
• Each logical cloud-based security group is assigned specific rules that
govern the communication between the security groups.
• Multiple virtual servers running on the same physical server can
become members of different logical cloud-based security groups
shown in the following fig.

50
Cloud-Based Security Group A encompasses Virtual Servers A
and D and is assigned to Cloud Consumer A. Cloud-Based
Security Group B is comprised of Virtual Servers B, C, and E and
is assigned to Cloud Consumer B. If Cloud Service Consumer A’s
credentials are compromised, the attacker would only be able
to access and damage the virtual servers in Cloud-Based
Security Group A, thereby protecting Virtual Servers B, C, and E

This mechanism can be used to help counter the denial of

service, insufficient authorization, and overlapping trust
boundaries threats, and is closely related to the logical network
perimeter mechanism.

51
Hardened Virtual Server Images
• A virtual server is created from a template configuration called a
virtual server image (or virtual machine image).
• Hardening is the process of stripping unnecessary software from a
system to limit potential vulnerabilities that can be exploited by
attackers. Removing redundant programs, closing unnecessary server
ports, and disabling unused services, internal root accounts, and
guest access are all examples of hardening.

52
A hardened virtual server image is a template for virtual service
instance creation that has been subjected to a hardening
process. This generally results in a virtual server template that
is significantly more secure than the original standard image.

Hardened virtual server images help counter the denial of

service, insufficient authorization, and overlapping trust
boundaries threats.

53