A Cryptographic Analysis of Google s Cloud Service. Cody Jenkins Krystal Carlton ECE 646 Fall 2013

Transcription

1 A Cryptographic Analysis of Google s Cloud Service Cody Jenkins Krystal Carlton ECE 646 Fall 2013

2 Cloud CompuKng Threats Google Storage Google Key Management Google Access Control Conclusions OUTLINE 2

3 Cloud Security Alliance s Notorious Nine: Cloud CompuKng Threats in 2013 (ranked in order of severity) 1. Data Breaches 2. Data Loss 3. Account Hijacking 4. Insecure APIs 5. Denial of Service 6. Malicious Insiders 7. Abuse of Cloud Services 8. Insufficient Due Diligence 9. Shared Technology Issues 3

4 DATA STORAGE GOOGLE FILE SYSTEM 4

5 Google File System Architecture 5

6 Google File System GFS Client 6

7 TheoreKcal ImplementaKon m/t bytes in each chunk E[F](1) E[F](2) E[D](n) GFS Client Chunk Server Chunk Server Chunk Server App Data AES 128 EncrypKon Cipher- text Erasure Encoding m bytes m bytes InstrucKons to chunk server Key Control System Session Key for AES EncrypKon Key Server Storage Master Server 7

8 Erasure Codes Used to segment file into n shares that are stored separately in such a way that a subset of k shares can be used to retrieve the file UKlized to account for the possibility of disk failures Maximum Distance Separable codes can reconstruct k aber m disk failures where n = k + m Reed- Solomon is a common type of MDS erasure code File ReplicaKon EnKre file is copied to 3 disks for redundancy. EnKre file has to be copied aber disk failure File is chunked into smaller sizes, stored on n=5 disks. K = 3 file pieces required to recover file. Can tolerate m = 2 disk failures MDS(5,3) Erasure Code 8

9 GOOGLE KEY MANAGMENT 9

10 AES- 128 Data EncrypKon Owner has applicakon or data in the cloud to be encrypted Cloud storage API requests unique 128- bit AES key from key management system which sends unique key back Data is then encrypted by the storage API AES ENCRYPTION 10

11 EncrypKon of 128- bit AES Key Session key is encrypted using intermediate key The HMAC key of the intermediate key is used to create a MAC for the encrypted session key Intermediate HMAC KEY Intermediate AES Key MAC FuncKon MAC AES SESSION KEY EncrypKon Encrypted Session Key 11

12 EncrypKon of Intermediate AES Key Master HMAC Key Master AES Key Intermediate HMAC Key Intermediate AES Key ENCRYPTION ENCRYPTION MAC FuncKon MAC Encrypted Intermediate HMAC Key Encrypted Intermediate AES Key 12

13 Intermediate Key 1A MASTER KEY 1A Intermediate Key 2A Intermediate Key 3A Key RotaKon Session Key Session Key Session Key Master keys rotated on a regular basis for security Session Key Session Key Session Key When master key changed, each intermediate key encrypted with old master key is decrypted and re- encrypted with new master key Session key encrypkon not changed unless the actual intermediate keys are changed Intermediate Key 1B Session Key Session Key MASTER KEY 1B Intermediate Key 2B Session Key Session Key Intermediate Key 3AB Session Key Session Key 13

14 Master Key Storage Shamir s Secret Sharing Scheme Master keys can be broken into key shares Key shares stored in separate secure systems MathemaKcal system of t- out- of- n Key split into n shares Only t shares needed to re- create If all pieces stored on separate hardened devices, harder to gain access to master keys 14

15 Key Storage - - Secure Hardware Device Key Management Server Master keys stored here EncrypKon and decrypkon funckons housed here Database System - Intermediate and applicakon keys stored here Key Management Server Interface with the network In Google Automated Network, referred to as Key Control System Secure Hardware Device Physically isolated component Tamper- resistant Dedicated to only cryptologic funckons not used for any other type of programming Secure communicakons with all connected components Database System Encrypted applicakon and intermediate keys stored here 15

16 Google Key Management Server- Side EncrypKon Google managed keys Transparent to the user for both encrypkon and decrypkon Security of key is dependent on the security of where the master keys are housed AES- 128 versus Amazon s AES- 256 Client- Side EncrypKon Based on documentakon on Google, the alternakve to Google managing keys, is to encrypt all data before uploading to the cloud BoxCryptor TrueCrypt Owner is the only one with they key Sharing issue if data needs to be accessed by mulkple parkes 16

17 ACCESS CONTROL 17

18 Google Access Control Google Cloud Storage Bucket A Object 0 Object 1 Bucket B Object 0 Object 1 Signed URL Access Control Lists (ACLs)- Google User Signed URLs Non- Google Users usera@gmail.com userb@gmail.com 18

19 Access Control Google User AuthenKcaKon hnps://storage.cloud.google.com/travel- maps/europe/france/paris.jpg Browser to Google storage transackons are performed over SSL (HTTPS). Once user obtains cookie, they can download the object by providing cookie to Google Storage API 19

20 Access Control Member Management 20

21 Access Control for Non- Google Users Signed URL GeneraKon Distribute to Users Signed URL Process User A String GeneraKon RSA Signature URL Assembly User B User C Step DescripDon Construct the string to be signed. Sign string using the RSA Algorithm. Assemble the URL. 4 Distribute URL with users. 21

22 String Component HTTP_Verb Content_MD5 Access Control GeneraKng the string Description Required. The verb to be used with the signed URL. Signed URLs can be used with GET, HEAD, PUT, and DELETE Optional. Provides http request/ response body integrity Content_Type Optional. describes the data contained in the http request/ response body fully Expiration Required. Time in Unix Epoch format for resource access Canonicalized_Extension_Headers Optional. but should be used Specifies the permissions Example String GET rmydcnhkfxam78uct7xqlw== text/plain x-goog-foo:bar,baz x-goog-acl:public-read /testbucket.storage.googleapis.com/diagram.jpg Canonicalized_Resource Required. Specifies what object (data) 22

23 String Access Control Signing the String GET rmydcnhkfxam78uct7xqlw== text/plain x-goog-foo:bar,baz x-goog-acl:public-read /bucket/objectname SHA- 256 Hash Value 256 bits Private key generated at Google Cloud Console when registering your applicakon Key pair generated is RSA 1024 bit Google claims to not store a copy of the private key PR project 1024 bits RSA Algorithm Sample URL Encoded Signature BClz9e4UA2MRRDX62TPd8sNpUCxVsqUDG3YGPWvPcw N %2BmWBPqwgUYcOSszCPlgWREeF7oPGowkeKk7J4WA pzkzxerdoqmadrvshkszuhg8jqp1lw9tbijfe2exdooiojv mglodeagnfzcd4ftswclbal9sfpqxsqi8iqi1493mw%3d RSA SGN 1024 bits Base64 Encoding URL Encoding 23

24 Access Control URL Assembly Base URL Client ID ExpiraKon Timestamp (Same value used during string generakon) URL Encoded Signature Signed URL = baseurl + "?GoogleAccessId=" + GoogleAccessStorageId + "&Expires=" + ExpiraKon + "&Signature=" + UrlEncodedSignature Sample URL GoogleAccessId= @developer.gserviceaccount.com&Expires= &Signature=BClz9e4UA2MRRDX62TPd8sNpUCxVsqUDG3YGPWvPcwN %2BmWBPqwgUYcOSszCPlgWREeF7oPGowkeKk7J4WApzkzxERdOQmAdrvshKSzUHg8Jqp1lw9tbiJfE2ExdOOIoJVmGLoDeAGnfzCd4fTsWcLbal9sFpqXsQI8IQi1493mw%3D 24

25 Access Control Pro s and Con s Pro s Easy to obtain key pairs for use with your google project(s) Google provides own key generakon services ApplicaKons manage Google account holders easier than non- Google users. Con s Passphrase the same for all Google generated keys. Cannot provide your own key pairs to google Google generates your keys and claims to not keep a copy Signed URLs can be compromised by malicious users 25

26 Conclusions Data Breaches Data at Rest encrypted with AES- 128 Server- side encrypkon with vendor provided keys Public/private keys generated by vendor Data in MoKon secured using SSL/TLS Account and Service Hijacking No addikonal security other than username/password Insecure APIs Signed URLs treated as authenkcakon for access to data No addikonal login informakon required 26