As anyone reading this site knows, I have been spending a ton of time looking at practical approaches to cloud security. An area of particular interest is infrastructure encryption. The cloud is actually spurring a resurgence in interest in data encryption (well, that and the NSA, but I won’t go there).
This paper is the culmination of over 2 years of research, including hands-on testing. Encrypting object and volume storage is a very effective way of protecting data in both public and private clouds. I use it myself.
From the paper:
Infrastructure as a Service (IaaS) is often thought of as merely a more efficient (outsourced) version of traditional infrastructure. On the surface we still manage things that look like traditional virtualized networks, computers, and storage. We ‘boot’ computers (launch instances), assign IP addresses, and connect (virtual) hard drives. But while the presentation of IaaS resembles traditional infrastructure, the reality underneath is decidedly not business as usual.
For both public and private clouds, the architecture of the physical infrastructure that comprises the cloud – as well as the connectivity and abstraction components used to provide it – dramatically alter how we need to manage security. The cloud is not inherently more or less secure than traditional infrastructure, but it is very different.
Protecting data in the cloud is a top priority for most organizations as they adopt cloud computing. In some cases this is due to moving onto a public cloud, with the standard concerns any time you allow someone else to access or hold your data. But private clouds pose the same risks, even if they don’t trigger the same gut reaction as outsourcing.
This paper will dig into ways to protect data stored in and used with Infrastructure as a Service. There are a few options, but we will show why the answer almost always comes down to encryption in the end – with a few twists.
The permanent home of the paper is here , and you can download the PDF directly
We would like to thank SafeNet and Thales e-Security for licensing the content in this paper. Obviously we wouldn’t be able to do the research we do, or offer it to you without cost, without companies supporting our research.
Reader interactions
One Reply to “New Paper: Defending Cloud Data with Infrastructure Encryption”
Rich, interesting paper!
However, I have a comment to make: the risk of a rogue cloud administrator is not mitigated at all by encryption, if you are required to process or serve unencrypted data from the cloud environment. No matter how sophisticated, far away and inaccessible your key management server is, if you are required to pull your private key from within the cloud environment in order to process and/or deliver unencrypted data, that key (and any other data that you decrypt) can be theoretically accessible to the cloud administrator with access to the VMM and/or underlying hardware (and I don’t even get started on the use of sideband attacks for key recovery, which seem to have relatively high feasibility.
Unfortunately, short of using homomorphic encryption for data processing (for example: https://github.com/shaih/HElib), which is not even practical from a performance standpoint, there are no other methods to effectively mitigate the risk of rogue cloud administrators.
I don’t think the paper stresses this point enough, and it could provide a sense of false security, which we both know is bad in our field.
Thanks,
Flavio