Network Working Group C. Jennings
Internet-Draft S. Nandakumar
Intended status: Informational January 15, 2014
Expires: July 19, 2014
Trustable Cloud Systems - Strategies and Recommendations
draft-jennings-perpass-secure-rai-cloud-01
Abstract
The Internet technical community is looking at ways to address
pervasive attacks as described in several other internet drafts.
[I-D.barnes-pervasive-problem] describes threat model to characterize
various pervasive attacks on the Internet communications. There are
many systems that need to be secured against such attacks but this
paper considers one possible way to secure cloud based collaborations
systems. At a high level, this paper sugests that users or
enterprises could run a key server that manages the keys to access
their content. The cloud service provider would not have access to
decrypt the data stored in the cloud but various users of the cloud
service could get the keys to encrypt and decrypt the contents of
collaboration sessions facilitated by the cloud service. This does
not protect the meta data of who is talking to who but can help
protect the content of the conversations.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 19, 2014.
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
Jennings & Nandakumar Expires July 19, 2014 [Page 1]
Internet-Draft Trustable Cloud January 2014
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Jennings & Nandakumar Expires July 19, 2014 [Page 2]
Internet-Draft Trustable Cloud January 2014
1. Introduction
The problem with today's cloud services is that a whole bunch of data
is kept by the cloud service providers and that provides a target for
attackers to collect and analyze the data. The strategy laid out in
this document is to minimize the amount of data exposed to service
providers by combining encryption and anonymization techniques. A
user trusted Identity Provider (IdP) facilitates user key access and
key management between devices. Such a solution must meet the
following criteria to be usable at a larger scale.
o Housley Criteria: Be able to detect if your communications have
been compromised
o Support voice, video, instant message, stored messages, file
sharing and more
Jennings & Nandakumar Expires July 19, 2014 [Page 3]
Internet-Draft Trustable Cloud January 2014
2. Trustable Cloud Services
The basic approach can be described as the following:
o Cloud Service sees only the encrypted data and envelope
information.
o All users have public/private key.
o The user's Identity Provider manages the user's private keys and
provides public keys to others.
o Identity providers authenticate to others using Certificate from
the Certificate Authority.
o Content is encrypted by clients and the information to decrypt it
is encrypted with the public keys of all the users authorized to
view it.
Jennings & Nandakumar Expires July 19, 2014 [Page 4]
Internet-Draft Trustable Cloud January 2014
3. Data Protection
The approach to stop the attacker from obtaining user data from
service provider are:
o Each piece of content belongs to a group. Each group has one
content owner.
o Data touched by the cloud is encrypted.
o The content encryptions keys are encrypted using the public keys
of all users authorized to read this content.
o If others user can modify this data, the signature key for this
content is encrypted with the public key of all users authorized
to write this content.
o The content is encrypted and signed and bundled with all the
relevant meta data.
o List of authorized users to read/write a piece of given content is
managed by identity server for the content owner.
The goal is to encrypt as much as of the information as possible and
then try to anonymizing un-encrypted data as much as possible.
o Encryption: TLS Everywhere
o Anonymization: Overlay routing (eg. TOR, P2P with RELOAD)
Jennings & Nandakumar Expires July 19, 2014 [Page 5]
Internet-Draft Trustable Cloud January 2014
4. Trust - Roles of IdP and CA
This section outlines the guiding principles that define the roles of
Identity Providers and Certificate Authorities in establishing end to
end trust relationship and key management issues.
Its very hard to design systems where you do not trust your Identity
Provider (IdP). The approach here is to separate the Identity
Provider from the cloud provider and allow the Identity Provider to
be run by someone you can trust. For example, an enterprise may run
it's own IdP for it's employees.
o One has to trust their Identity Provider.
o Each user's device authenticates to IdP to get that users' private
key.
o IdP provides public keys to others.
o IdP authenticates by having certificate for domain it serves.
o IdP for a user is discovered using domain name of the user
identity.
o Each device talks to IdP to find out list of public keys for any
groups that users owns.
o IdP provides API to manage group membership.
The security of the IdP discovery relies on having Certificate
Authority (CA) that we can trust. The CA
o Provides TLS style certificates.
o Provides an audit log enabling list of certificates generated by a
CA.
o If the CA creates bad certificates, which it can, the security of
the whole system can be compromised but the goal is to be able to
detect this.
Things do go wrong, devices get lost, and any practical system need
to be able to deal with this. The approach for Key Revocation is:
o Relies on the Identity Providers and Cloud Service cooperating to
get rid of the old key
Jennings & Nandakumar Expires July 19, 2014 [Page 6]
Internet-Draft Trustable Cloud January 2014
o If a private key for a user is compromised, it is replaced with a
new key by the IdP and the Cloud Service is informed to deprecate
old key
o For any content that the old compromised private key could access,
the Cloud Service asks the Identity Provider that owns that
content to provide new meta data for that content with the new
private key.
There is also the ability to check Key Continuity as follows:
o Any times a client detects a key has changed for a user, it can
inform the user, Identity Provider, and Cloud Service to try and
detect compromises
o Any time the Certificate changes for an Identity Provider or Cloud
Service the Client can inform the user and the Identity provider.
Jennings & Nandakumar Expires July 19, 2014 [Page 7]
Internet-Draft Trustable Cloud January 2014
5. Content Freshness
A common problem for encrypted cloud system is around how to find
current content.
o Any time that the Cloud Service gets new content, it provides that
content to all the Identity providers for users that can read that
content along with an URL to be associated with the content.
o Each Identity Provider can index that content for future search as
it has the private keys to decode it.
o Clients can perform a search using their Identity Provider based
on the URI matching to retrieve set of Cloud Service URIs that
matches the search.
Jennings & Nandakumar Expires July 19, 2014 [Page 8]
Internet-Draft Trustable Cloud January 2014
6. Summary
Thus the proposed recommendation can be considered as guidelines to
build a more elaborate architecture for building cloud services that
are trustable based on the ideas of
o End to End Encryption Techniques based on Strong Cryptographic
Algorithms
o Anonymization of metadata and un-encrypted data
o IdP and CA based Trust Certificate chain establishment
6.1. Possible Standardization
Following are some of the areas where more work needs to be done as
far as standardization is concerned:
o Verification of all CA certifications issued
o IdP Discovery
o IdP Authentication of Client
o IdP API for management of IdP
o IdP API for public/private keys
o IdP API for search
o KeyRevocation API
o Key Continuity API
o Formats for encrypted objects and metadata
o Crypto Recommendations
Jennings & Nandakumar Expires July 19, 2014 [Page 9]
Internet-Draft Trustable Cloud January 2014
7. Acknowledgements
o Design motivated by SiRiUS (Goh, Shacham, Modadugu & Boneh)
o Thanks to Eric Rescorla, Richard Barnes
Jennings & Nandakumar Expires July 19, 2014 [Page 10]
Internet-Draft Trustable Cloud January 2014
8. Informative References
[I-D.barnes-pervasive-problem]
Barnes, R., Schneier, B., Jennings, C., and T. Hardie,
"Pervasive Attack: A Threat Model and Problem Statement",
draft-barnes-pervasive-problem-00 (work in progress),
January 2014.
Jennings & Nandakumar Expires July 19, 2014 [Page 11]
Internet-Draft Trustable Cloud January 2014
Authors' Addresses
Cullen Jennings
Email: fluffy@cisco.com
Suhas Nandakumar
Email: snandaku@cisco.com
Jennings & Nandakumar Expires July 19, 2014 [Page 12]