Encryption and Sealing for Data Processing in Clouds

Transcription

1 Encryption and Sealing for Data Processing in Clouds Privacy Conference 22. September 2016 Dr. Hubert Jäger CTO, Uniscon GmbH

2 Content Uniscon at a glance Trust Model and Key Challenges in Cloud Computing Encryption Technologies in Cloud Computing Sealing Technologies in Cloud Computing Summary & Application Examples

3 Uniscon at a Glance About Uniscon Founded 2009 (Munich Technology Center) Technology Leader Cloud Security Development and Data Centers in Germany 40 employees Milestones 2013 Development of idgard reaches first maturity, first large industry customers 2014 Uniscon is run acc. to BSI IT-Grundschutz 2015 PwC selects Uniscon as Technology Partner Cloud Computing 2016 idgard is certified acc. to Trusted Cloud Data Protection Profile (TCDP) based on ISO/IEC 27018/ and 27002

4 Trust Model in Cloud Computing Client Computer Remote Computer (Cloud) SW HW SW HW uses User with right for the sovereignty of personally identifiable information

5 Trust Model in Cloud Computing Client Computer Remote Computer (Cloud) SW SW HW uses Authors, builds, tests & releases HW Attacks require malicious coalition User with right for the sovereignty of personally identifiable information Hard- and software manufacturer Trust through brand & audits

6 Trust Model in Cloud Computing Client Computer Remote Computer (Cloud) SW SW HW uses Authors, builds, tests & releases HW runs Attacks require malicious coalition Attacks by individuals possible User with right for the sovereignty of personally identifiable information Hard- and software manufacturer Trust problematic Infrastructure operator The Remote Computing Problem Trust through brand & audits

7 Key Challenges in Cloud Computing Layers of a Cloud-Service User and Application Interface (API) Application Software & Business Logic e.g. Password-Reset via e.g. Logging of App-Data, Service-Access Platform-Software e.g. System Keys to Data Base Operational Framework e.g. Username and Password managed by provider Computing-Infrastructure (memory, computing and OS) e.g. Access to RAM possible (e.g. by a Dump) Network-Infrastructture Data Center Infrastructure

8 Key Challenges in Cloud Computing Layers of a Cloud-Service User and Application Interface (API) Application Software & Business Logic e.g. Password-Reset via e.g. Logging of App-Data, Service-Access Platform-Software e.g. System Keys to Data Base Operational Framework e.g. Username and Password managed by provider Computing-Infrastructure (memory, computing and OS) e.g. Access to RAM possible (e.g. by a Dump) Network-Infrastructure Data Center Infrastructure Provider Access Possible Technical & organizational measures not adequate to required level of protection (acc. to GDPR) Result: Unwanted disclosure as defined by law ( 203 StGB)

9 Sealed Cloud vs. E2E Encryption Sealing stronger than encryption Routing & Processing unprotected Traditional Cloud Transport Encryption e.g. Office365 or D Encryption of Data at Rest

10 Sealed Cloud vs. E2E Encryption Sealing stronger than encryption Routing & Processing unprotected Traditional Cloud Transport Encryption e.g. Office365 or D Encryption of Data at Rest No Processing possible End-to-end Encryption e.g. WhatsApp or PGP/PKI Routing unprotected

11 Traditional Cloud... In the traditional cloud organisational security measures can be violated. insider attacks

12 The Concept of the Sealed Cloud Along the firs line of defense, organizational measures are replaced by technical Segmentation of data center When planned or unplanned access is detected Data Clean-Up Client / user controlled key distribution no reading key with operator Full stack integrity check after each Data Clean-Up Static and dynamic audit

13 The Concept of the Sealed Cloud Along the firs line of defense, organizational measures are replaced by technical Segmentation of data center When planned or unplanned access is detected Data Clean-Up Client / user controlled key distribution no reading key with operator Full stack integrity check after each Data Clean-Up Static and dynamic audits No possibility for the operator or the administrator to access data Solution to the Remote Computing Problem

14 The complete stack needs to comply with the Sealed Cloud blue print The Concept of the Sealed Cloud User and Application Interface (API) a.o. fully automated self-service Application Software & Business Logic a.o. no user data logging, OWASP-rules Platform-Software a.o. no system keys Operational Framework Computing-Infrastructure (memory, computing and OS) a.o. key distribution such that no reader key with operator a.o. each access attempt triggers Data-Clean-Up process Network-Infrastructure Data Center Infrastructure No access, no privileged access -> data protection (GDPR) & professional secrecy protection ( 203 StGB)

15 Sealed Cloud vs. E2E Encryption Sealing stronger than encryption Routing & Processing unprotected Traditional Cloud Transport Encryption e.g. Office365 or D Encryption of Data at Rest No Processing possible End-to-end Encryption e.g. WhatsApp or PGP/PKI Routing unprotected End-to-end Security Total protection General purpose processing Sealed Cloud

16 Sealed Cloud vs. E2E Encryption Sealing stronger than encryption Security/Privacy Sealed Cloud End-to-end Encryption Traditional Cloud Input/Output De-correlation Data Clean-Up System Encryption of Data at Rest Transport Encryption Client/User Encryption of Content Encryption of Data at Rest Transport Encryption Client/User Encryption of Content Encryption of Data at Rest Transport Encryption e.g. Office 365 or D e.g. WhatsApp or PGP/PKI idgard.de ucloud.de

17 Trust Model in Sealed Cloud Computing Client Computer Remote Computer (Cloud) SW SW HW uses Authors, builds, tests & releases HW runs Attacks require malicious coalition User with right for the sovereignty of personally identifiable information Hard- and software manufacturer Infrastructure operator

18 Trust Model in Sealed Cloud Computing Client Computer Remote Computer (Cloud) SW SW HW Authors, builds, tests & releases HW Authors, builds, tests & releases uses runs Attacks require malicious coalition Attacks require malicious coalition User with right for the sovereignty of personally identifiable information Hard- and software manufacturer Infrastructure operator Sealing manufacturer Trust through brand & audits

19 Trust Model in Sealed Cloud Computing Client Computer Remote Computer (Cloud) SW SW HW Authors, builds, tests & releases HW Authors, builds, tests & releases uses runs Attacks require malicious coalition No attacks by operator possible Attacks require malicious coalition User with right for the sovereignty of personally identifiable information Hard- and software manufacturer Trust no issue any more Trust through brand & audits Infrastructure operator Sealing manufacturer Solution to the Remote Computing Problem

20 Encryption & Sealing Technologies in Cloud Computing Cloud Type No Privacy Cloud Traditional Cloud End-to-end Encryption / Edge Computing Classic Privacy Enhancing Technology (PET) End-to-end Security (Advanced PET) Fundamental Security/Privacy Characteristics Transport encryption Encryption of data at rest Organizational measures to protect data during processing Transport encryption Encryption of data at rest Organizational measures to protect data during processing Transport encryption from end-to-end No privileged access to content Transport encryption from end-to-end Anonymization of connectivity data Transport encryption Encryption of data at rest Sealing of processing (Solutions to the remote computing problem ) Fundamental Security/Privacy Deficiencies Digital sovereignty of user is not respected Privileged access protected by organizational measures only, misuse of data without malicious coalition feasible Access to connectivity data (meta data) still possible None Fundamental Functional Deficiencies None None No processing except routing feasible No processing except routing feasible Low Bandwidth Examples G-Drive O365, D PGP, WhatsApp TOR, FreenetProject None None Intel s SW Guard Ext., Sealed Cloud

21 Alternatives to solve the remote computing problem Ansatz Homomorphic Encryption HW-Key in Processor Encrypting Virtual Engines Sealed Cloud Functional Limitations yes no no no Computational Effort ~ x > x 2 > x 2 ~ x 1 Relationship Anonymity fundamentally feasible fundamentally feasible fundamentally feasible yes Open Approach

22 Application Examples Sealed Cloud Services (SaaS) Sealed Cloud Platform (PaaS) Collaboration & File Exchange e.g. Storage APIs Sealed Cloud Compliant Management of Sensitive Data Compliant Big Data Analysis

23 AES-256 AES-256 Example ( Alternative to File Sharing Cloud- User A Computer/device Browser, oder App IDGARD- Betreiber AES-256 Sealed Cloud Sealing Control Data Base Project- & Data Rooms Data Clean-Up Area Application Server 1 App-Software Secure Mobile Access Cloud- User B Computer/device AES-256 File System Secure Secure Chat Browser, oder App Cloud Control & Perimeter Security Secure Polling Secure Calendar

24 Summary Sealing stronger than encryption Routing & Processing unprotected Traditional Cloud Transport Encryption e.g. Office365 or D Encryption of Data at Rest No Processing possible End-to-end Encryption e.g. WhatsApp or PGP/PKI Routing unprotected End-to-end Security Total protection General purpose processing Sealed Cloud