nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

Graphene: A Secure Cloud Communication Architecture

verfasst von : Abu Faisal, Mohammad Zulkernine

Erschienen in: Applied Cryptography and Network Security Workshops

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Due to ubiquitous-elastic computing mechanism, platform independence and sustainable architecture, cloud computing emerged as the most dominant technology. However, security threats become the most blazing issue in adopting such a diversified and innovative approach. To address some of the shortcomings of traditional security protocols (e.g., SSL/TLS), we propose a cloud communication architecture (Graphene) that can provide security for data-in-transit and authenticity of cloud users (CUs) and cloud service providers (CSPs). Graphene also protects the communication channel against some most common attacks such as man-in-the-middle (MITM) (including eavesdropping, sniffing, identity spoofing, data tampering), sensitive information disclosure, replay, compromised-key, repudiation and session hijacking attacks. This work also involves the designing of a novel high-performance cloud focused security protocol. This protocol efficiently utilizes the strength and speed of symmetric block encryption with Galois/Counter mode (GCM), cryptographic hash, public key cryptography and ephemeral key-exchange. It provides faster reconnection facility for supporting frequent connectivity and dealing with connection trade-offs. The security analysis of Graphene shows promising protection against the above discussed attacks. Graphene also outperforms TLSv1.3 (the latest stable version among the SSL successors) in performance and bandwidth consumption significantly and shows reasonable memory usage at the server-side.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Using Honeypots in a Decentralized Framework to Defend Against Adversarial Machine-Learning Attacks

Nächstes Kapitel A Survey on Machine Learning Applications for Software Defined Network Security

BLAKE2 - fast secure hashing (2017). https://blake2.net/. Accessed 02 Sept 2018

Hybrid CryptoSystem (2017). https://en.wikipedia.org/wiki/Hybrid_cryptosystem. Accessed 02 Sept 2018

Weak Diffie-Hellman and the Logjam Attack (2017). https://weakdh.org/. Accessed 02 Sept 2018

CRIME (2018). https://en.wikipedia.org/wiki/CRIME. Accessed 02 Sept 2018

Transport Layer Security: Attacks against TLS/SSL (2018). https://en.wikipedia.org/wiki/Transport_Layer_Security#Attacks_against_TLS/SSL. Accessed 02 Sept 2018

Abdallah, E.G., Zulkernine, M., Gu, Y.X., Liem, C.: Trust-cap: a trust model for cloud-based applications. In: 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC), vol. 2, pp. 584–589, July 2017. https://doi.org/10.1109/COMPSAC.2017.256

Adrian, D., et al.: Imperfect forward secrecy: how Diffie-Hellman fails in practice. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, pp. 5–17. ACM, New York (2015). https://doi.org/10.1145/2810103.2813707

Amara, N., Zhiqui, H., Ali, A.: Cloud computing security threats and attacks with their mitigation techniques. In: 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), pp. 244–251, October 2017. https://doi.org/10.1109/CyberC.2017.37

Amazon Web Services: Amazon Web Services: Overview of Security Processes, May 2017. https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Whitepaper.pdf. Accessed 02 Sept 2018

10.

Aviram, N., et al.: Drown: breaking TLS using SSLv2. In: USENIX Security Symposium, pp. 689–706 (2016)

11.

Barker, E.B., Dang, Q.H.: SP 800-57 Pt3 R1. Recommendation for key management, part 3: application-specific key management guidance, January 2015. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf. Accessed 02 Sept 2018

12.

Barker, E.B., Roginsky, A.L.: SP 800-131A R1. Transitions: recommendation for transitioning the use of cryptographic algorithms and key lengths, November 2015. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf. Accessed 02 Sept 2018

13.

Böck, H., Somorovsky, J., Young, C.: Return of bleichenbacher’s oracle threat (ROBOT). In: Proceedings of the 27th USENIX Conference on Security Symposium, SEC 2018, pp. 817–832. USENIX Association, Berkeley (2018). http://dl.acm.org/citation.cfm?id=3277203.3277265. Accessed 02 Sept 2018

14.

Chandu, Y., Kumar, K.S.R., Prabhukhanolkar, N.V., Anish, A.N., Rawal, S.: Design and implementation of hybrid encryption for security of IoT data. In: 2017 International Conference On Smart Technologies For Smart Nation (SmartTechCon), pp. 1228–1231, August 2017. https://doi.org/10.1109/SmartTechCon.2017.8358562

15.

Cloud Security Aliance: the treacherous 12 - top threats to cloud computing + industry insights, October 2017. https://cloudsecurityalliance.org/download/artifacts/top-threats-cloud-computing-plus-industry-insights/. Accessed 02 Sept 2018

16.

Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167–226 (2004). https://doi.org/10.1137/S0097539702403773MathSciNetCrossRefMATH

17.

Duong, T., Rizzo, J.: Here come the XOR ninjas. White paper, Netifera (2011)

18.

Durumeric, Z., et al.: The matter of heartbleed. In: Proceedings of the 2014 Conference on Internet Measurement Conference, IMC 2014, pp. 475–488. ACM, New York (2014). https://doi.org/10.1145/2663716.2663755

19.

Fardan, N.J.A., Paterson, K.G.: Lucky thirteen: breaking the TLS and DTLS record protocols. In: 2013 IEEE Symposium on Security and Privacy, pp. 526–540, May 2013. https://doi.org/10.1109/SP.2013.42

20.

Google: Encryption at Rest in Google Cloud Platform, August 2016. https://cloud.google.com/security/encryption-at-rest/default-encryption/resources/encryption-whitepaper.pdf. Accessed 02 Sept 2018

21.

Google: Encryption in Transit in Google Cloud, November 2017. https://cloud.google.com/security/encryption-in-transit/resources/encryption-in-transit-whitepaper.pdf. Accessed 02 Sept 2018

22.

Google: Google Infrastructure Security Design Overview, January 2017. https://cloud.google.com/security/infrastructure/design/resources/google_infrastructure_whitepaper_fa.pdf. Accessed 02 Sept 2018

23.

Kaaniche, N., Laurent, M., Barbori, M.E.: CloudaSec: a novel public-key based framework to handle data sharing security in clouds. In: 2014 11th International Conference on Security and Cryptography (SECRYPT), pp. 1–14, August 2014

24.

Khanezaei, N., Hanapi, Z.M.: A framework based on RSA and AES encryption algorithms for cloud computing services. In: 2014 IEEE Conference on Systems, Process and Control (ICSPC 2014), pp. 58–62, December 2014. https://doi.org/10.1109/SPC.2014.7086230

25.

Kivinen, T., Kojo, M.: More modular exponential (MODP) Diffie-Hellman groups for internet key exchange (IKE) (2003). https://tools.ietf.org/html/rfc3526. Accessed 02 Sept 2018

26.

Liang, C., Ye, N., Malekian, R., Wang, R.: The hybrid encryption algorithm of lightweight data in cloud storage. In: 2016 2nd International Symposium on Agent, Multi-Agent Systems and Robotics (ISAMSR), pp. 160–166, August 2016. https://doi.org/10.1109/ISAMSR.2016.7810021

27.

Microsoft: Trusted Cloud: Microsoft Azure Security, Privacy and Compliance, April 2015. http://download.microsoft.com/download/1/6/0/160216AA-8445-480B-B60F-5C8EC8067FCA/WindowsAzure-SecurityPrivacyCompliance.pdf. Accessed 02 Sept 2018

28.

Möller, B., Duong, T., Kotowicz, K.: This POODLE bites: exploiting the SSL 3.0 fallback. Security Advisory, September 2014. Accessed 02 Sept 2018

29.

Neuman, D.C., Hartman, S., Raeburn, K., Yu, T.: The kerberos network authentication service (V5). RFC 4120, July 2005. https://doi.org/10.17487/RFC4120. https://rfc-editor.org/rfc/rfc4120.txt

30.

Rescorla, E.: The transport layer security (TLS) protocol version 1.3. RFC 8446, August 2018. https://doi.org/10.17487/RFC8446. https://rfc-editor.org/rfc/rfc8446.txt

31.

Rescorla, E., Dierks, T.: The transport layer security (TLS) protocol version 1.2. RFC 5246, August 2008. https://doi.org/10.17487/RFC5246. https://rfc-editor.org/rfc/rfc5246.txt

Titel: Graphene: A Secure Cloud Communication Architecture
verfasst von: Abu Faisal
Mohammad Zulkernine
Verlag: Springer International Publishing
Buch: Applied Cryptography and Network Security Workshops
Print ISBN: 978-3-030-29728-2

Electronic ISBN: 978-3-030-29729-9

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-29729-9_3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner