Secure Mechanisms for Key Shares in Cloud Computing

Secure Mechanisms for Key Shares in Cloud Computing

Amar Buchade (College of Engineering, Pune, India & Savitribai Phule Pune University, Pune, India) and Rajesh Ingle (College of Engineering, Pune, India & Pune Institute of Computer Technology, Savitribai Phule Pune University, Pune, India)
Copyright: © 2018 |Pages: 21
DOI: 10.4018/IJRSDA.2018070102
OnDemand PDF Download:
No Current Special Offers


The protection of the key is important due to the vulnerabilities which exist in cloud computing. In this article, algorithms and techniques for protection of the key in cloud computing are proposed. The algorithms to select the number of virtual machines is presented to protect the key. The existing key management algorithm is modified to address the key leakage issue. The novel techniques such as validation of key shares and key share resharing are introduced and analyzed for protection of the key. These techniques make the attackers incompetence to reconstruct the key. Further, for immediate access of protected resources, key reconstruction for key sizes of a cryptographic algorithm is also analyzed.
Article Preview

1. Introduction

The usage of public cloud based applications (Gartner 2017) such as Whatsapp, Twitter, Facebook and collaborative applications, Pay TV systems are increasing. The vulnerabilities such as credentials gain are also increasing. Security is the major concern over the usage of many cloud based applications. (Özkan, S. 2016) presents the data source of security vulnerabilities. During the year 2012–17, 75 credentials gain information vulnerabilities found in cloud computing environments such as VMware, Openstack and XEN. When sensitive data is stored in public cloud environment, client is not sure about existence of data in cloud. Figure 1 shows credentials gain vulnerabilities during 2012–16. The number of vulnerabilities found in year 2016 is more compared to previous year. Table 1 describes vulnerabilities information of the year 2017. It also indicates the need of securing the keys.

Cloud computing covers three basic service layers Software as a service (SaaS), Platform as a service (PaaS) and Infrastructure as a service (IaaS). At SaaS layer (Syed Hussain 2017), attacks on API’s, web interfaces cause unauthorized access of data and access of private keys. The attackers exploit cross site scripting on interfaces that leads to grab credentials. As per Ponemon 2014 SSH (Secure Shell) security Vulnerability Report (Ponemon. 2014), vulnerability of SSH also causes to extract key credentials to login into root access. Multitenancy (Hashizume, Rosado, Fernández-Medina, & Fernandez, 2013) also causes risks of sensitive information leakages.

In IaaS, the virtualization provides isolation among virtual machines. The attacker’s exploits side channels (Zhang, Juels, Reiter & Ristenpart, 2012) to extract private keys due to co-location of virtual machines on the same physical machine. The adversary places it’s VMs alongside the victim VM and acquires important information. Side channels include execution time, power consumption, heat, electromagnetic radiation, or even sound level emanating from a device. Flush + Reload (Irazoqui, Inci, Eisenbarth & Sunar. 2014) cache attack used to grab ELGamal, RSA, AES Keys. Timing attack (Paul Kocher.1996), causes to extract key by monitoring the time it takes for cryptographic operation. VM-cross channel attack, memory disclosure attack, cache attack and Row Hammer attack (Thomas Ristenpart, Eran Tromer, Hovav Shacham & Stefan Savage. 2009), (Rui Qiao & Mark Seaborn. 2016) presents key leakages in collocated VMs in a single physical host. Row Hammer (Kaveh Razavi, Ben Gras, Erik Bosman, Bart Preneel, Cristiano Giuffrida & Herbert Bos 2016), (Rui Qiao & Mark Seaborn 2016) is one of the cross virtual attacks that modifies the bits in the key and steal the cryptographic key contained in the victim virtual machine from co-resident virtual machine. (Leonid Domnitser, Aamer Jaleel, Jason Loew, Nael Abu-Ghazaleh & Dmitry Ponomarev 2012), Jingfei Kong, Onur Aciicmez, Jean-Pierre Seifert, & Huiyang Zhou 2008) proposes solution to prevent cache attack at hardware level which is expensive.

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 8: 4 Issues (2021): Forthcoming, Available for Pre-Order
Volume 7: 4 Issues (2020): Forthcoming, Available for Pre-Order
Volume 6: 4 Issues (2019): 3 Released, 1 Forthcoming
Volume 5: 4 Issues (2018)
Volume 4: 4 Issues (2017)
Volume 3: 4 Issues (2016)
Volume 2: 2 Issues (2015)
Volume 1: 2 Issues (2014)
View Complete Journal Contents Listing