Cloud computing is one of the most widely used and acceptable technique. Because of this it came into attention of various groups of people, so the security and maintenance of cloud is major issue. In this paper we have point out some of the major issues effecting the security and reliability of the cloud.
Keywords |
MFCSA, Microsoft Card Space, Privacy, Identity Management, Security. |
INTRODUCTION |
Service providers are using infrastructure which are provided by their respective cloud providers which have different aspects of security and privacy. Like using different cryptographic techniques for the security purpose to encrypt the data and maintain the confidentiality of the data, but there are various attacks developed which are starting resolving these algorithms very fast like Method of Formal Coding Side Channel Attack (MFCSA) [3] resolves XOR function which is major threat for algorithms using XOR function for computation purpose which is now a day almost all the cryptographic algorithms. |
There is a need for a solution for above problem either in form of modification in previous algorithm or to develop a new algorithm which does not use the XOR function for computation purpose. |
The data of the user are very sensitive in nature, so to provide privacy to them service providers provide username and password to authenticate the user and only use of the username/password security token for authentication leaves consumer vulnerable to phishing attack. The solution of the problem would be the use of a proper Identity Management (IDM) [20]. But there are various problems in existing IDM’s which leads to the breach in privacy of the consumer like one of the most acceptable IDM is Microsoft CardSpace [7] which also have several limitation (Section III) which are needed to be removed. |
SECURITY ISSUE IN CLOUD |
To maintain the confidentiality of the data of cloud various cryptographic techniques are used to ensure security of the data but recent attacks make this work much difficult, one of the major attack need to be resolved today is MFCSA which is used to resolve almost every cryptographic algorithms. |
A. Description of the Method of Formal Coding-Side Channel Attack (MFCSA) |
MFCSA is also said as extended version of Algebraic Side Channel Attack (ASCA) [4, 5]. Algebraic Side Channel has three Steps: |
1) Offline phase 1: algebraic description of the cryptosystem. |
2) Online measurement phase to obtain leaked information. |
3) Offline phase 2: equation system solving by SAT method.
MFCSA also have above three steps but step 1 and 2 of MFCSA is different from that of ASCA. |
In step 1) of ASCA, the algebraic description of a block cipher is done which consists of two parts: |
a) The equation system is following the idea of the algebraic side channel attack [13]. |
b) The equation system is generated from the leaked Hamming weight. |
In MFCSA, first the direct explicit representation of the outputs is given in terms of plain text and master key with the help of symbolic computation software like Mathematica [16]. Then the Hamming weight (mod 2) of the outputs is explicitly represented by the bits of plaintext and master key. |
In step 3) of ASCA, SAT solving technique [14] is used to find solution of equation system while in MFCSA, Gröbner basis based [15] methods are used to find solution of equation system. |
PRIVACY ISSUE IN CLOUD |
Privacy is an important and very crucial factor for cloud as a network there are many users which results a lot of sensitive data present in cloud so maintain the privacy of the data is very important. Cloud uses IDM to maintain the privacy of data one of the most famous IDM is Microsoft CardSpace which is able to help consumers to manage their various digital identities and various username/password which are associated with each service provider, centrally. |
A. Description of Microsoft CardSpace |
Microsoft CardSpace is an Identity-metasystem which
manages multiple digital identities of a user [7]. It is
claims based access platform/ architecture, which is
developed for windows XP. It uses a plug-in for Internet
explorer 7 browser [8] to provide services in cloud. |
The CardSpace is designed to comply with the seven
Laws of identities given by Kim Cameron of Microsoft
[9]. |
In CardSpace digital identities are transmitted on the
network containing some kind of security token. A
security token consists of various set of claims (Figure
1). These security tokens provide information in order to
prove that claimer and user is same person. |
|
Windows CardSpace model involve three parties: |
• Identity provider (Idp): It issues digital
identities (as trusted third-party) like, a credit
card provider might issue digital identities
(security tokens) enabling payment. |
• Relying Parties (RP): It requires identities to
provide a service to a user like, a web site. |
• Subjects (service requestor): They are
individuals and other entities about whom the
claims are made. |
|
FIGURE 2: CardSpace Model of Identity Management [7] |
B. Limitations of CardSpace Model |
We only discuss the two major limitations of CardSpace
[10]: |
1. Trust worthiness of Relying Parties (RP) |
As user is prompted for the selecting RP using a particular
InfoCard, the user has to select the RP. As user, generally
does not pay attention on the value of right selection or
unaware about the judgment factors this leads to a major
challenge or limitation for the IDM. |
2. Single Layer of Authentication |
As CardSpace authentication relies on the IdP so as in real
scenario number of RP is more than IdP so within a session
the authentication process will lead to a single layered
architecture which is also a limitation for the IDM. |
CONCLUSION |
In this paper we have mentioned a security related problem
and a privacy related problem in cloud. These problems have
to be solved to maintain the privacy and security in cloud. |
For the security issue the MFCSA is resolved by simply
modifying the previous algorithms to find a new operation in
against of the XOR operation or the alternative way is to
develop new algorithms without use of XOR operation
providing the security in equivalence to previous ones or
even more. |
For the privacy issue the Microsoft CardSpace is very
useful IDM but the limitation are decreasing its reliability in
order to remove these limitations we can develop new token
mechanism which are multi layered in nature use the
involvement of the third party the certification process will
have to be improved so that the authentication process
would become more reliable. |
References |
- Bogdanov, A., Kizhvatov, I., Pyshkin, A.: Algebraic Methods in Side-Channel Collision Attcks and Practical Collision Detection. In: Chowdhury, D.R., Rijmen, V., Das, A. (Eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 251-265. Springer, Heidelberg
- Dinur, I., Shamir, A.: Side Channel Cube Attacks on Block Ciphers. Cryptology ePrint Archive, Report 2009/127 (2009), http://eprint.iacr.org/2009/127
- Changyong Peng, Chuangying Zhu, Yuefei Zhu, Fei Kang ;” Improved side channel attack on the block cipher NOEKEON”.
- Mathieu Renauld and Frano¸is-Xavier Standaert. Algebraic Side-Channel Attacks. In Feng Bao, Moti Yung, Dongdai Lin, and Jiwu Jing, editors, Inscrypt, volume 6151 of Lecture Notes in Computer Science, pages 393-410. Springer, 2009.
- Mathieu Renauld, Frano¸is-Xavier Standaert, and Nicolas Veyrat- Charvillon. Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA. In Christophe Clavier and Kris Gaj, editors, CHES, volume 5747 of Lecture Notes in Computer Science, pages 97-111. Springer, 2009.
- Yang, L., Wang, M., Qiao, S.: Side Channel Cube Attack on PRESENT. In: Garay, J.A., Miyaji, A., Otsuka, A. (Eds.) CANS 2009. LNCS, vol. 5888, pp. 379-391. Springer, Heidelberg (2009)
- Introducing Windows CardSpace, http://msdn.microsoft.com
- CLAIMS-BASED IDENTITY FOR WINDOWS http://download.microsoft.com
- K. Cameron, M.B. Jones. Design Rationale behind the Identity Metasystem Architecture, http://research.microsoft.com
- W. A. Alrodhan, C. J. Mitchell, Improving the Security of CardSpace, EURASIP Journal on Information Security Vol. 2009
- B. Laurie. Selective Disclosure, http://research.google.com/pubs/author9639.html/ , 2007
- Zero knowledge example Fiat-Shamir proof of identity http://pages.swcp.com/~mccurley/talks/msri2/node24.html
- SAML Tokens and Claims -msdn http://msdn.microsoft.com/en-us/library/ms733083.aspx
- (2008) .S. F. Hubner, HCI work in PRIME, https://www.prime-project.eu/,
- (2011) Understanding WS-Federation http://msdn.microsoft.com
- E Biham, A Biryukov, \An Improvement of Davies' Attack on DES", in Journal of Cryptology v 10 no 3 (Summer 97) pp 195{205
|