in course materials: Dr. Caloyannides' book "Computer
Privacy and Forensics"
Cloud Computing Security Topics to be discussed
(These are in addition to the larger issues on protecting networks and workstations)
- First of all, what is to be in the “cloud”?
- Data storage
- Application software
- Security concerns depend on “which kind of cloud”?
- Private cloud (lives within secured customer facilities) Public cloud (vendor provided; may be in a foreign country)
- Security (especially for this customer) has many independent dimensions, all of which must be satisfied
- Confidentiality (easily fixed with potent encryption). Concern: Secure Key Distribution
- Issue: CIC needs to see even if not explicitly listed as an authorized recipient. This is the equivalent of crypts and slugs of DO traffic, and CIC workarounds.Data segregation for compartmented data. (Physical or encryption-based segregation)
- Data segregation for multi-level security. Lower levels must be unaware of the existence of higher levels and the data in such higher levels.
- Integrity of data and applications
- Access control to prevent unauthorized data manipulation or insertion, malware, etc.
- Availability where and when needed. This is a huge issue when you become dependent on a third party (in the case of a public “cloud”). Fixes:
- Redundant cloudsRedundant telecom lines. (Must be true redundancy; leasing lines from two telecom vendors is pointless when one such vendor piggybacks on the other vendor’s fiber optic lines).
- Must be scalable so as to accommodate large bursts of usage when needed.
- Prevention of Traffic Analysis. If using a public cloud, third parties could make inferences from traffic volume and times (easily fixed by using bogus traffic when no real traffic exists).Accountability. Who did what and when. Important to CIC and OS.Cloud security management. Need to train a cadre of customer people in it.
- Who selects and buys (or builds) application software? Who debugs it? What process will be in place to report bugs? How about reporting a “wish list” of desired new features?
- Security must not be vendor-specific so that customer does not become hostage to that vendor. Since security information must be shared across many vendors, security should rely on crypto keys and NOT on algorithms (security by obscurity is a bad idea).Customer-business continuity issues in the event of outages due to any reason.
- Backup plans, and backups to backups
- Data recovery must be assured under all conditions
- Unique requirements for this customer must be met during system design, not as an afterthought.
- How will undercover employees access the cloud without compromising their cover?
- Various types of cover have their own unique needs and constraints
- Must think of and eliminate all possible single points of failure to the cloud-using architecture. MUST exercise those contingency plans regularly, just like fire drills.
- Intentional (malicious) attackAccidental failureAct of God (hurricane, solar flares, etc.)
- War (EMP attack in particular).
- Aim for Survivability, not for perfection. The system will “hiccup” on occasion, but such hiccups must not cause an outage but a graceful degradation in performance.
- Anticipate possible problems with a lot of “what if…” planning sessions.
- Do not use “security” people for this, as their mind set is usually to prevent a recurrence of last year’s war. Use people with a hacker’s mentality for such exercises.
- What if all cloud vendors used went bankrupt?What if the communications lines got congested during a national emergency and the cloud is unuseably slow?What if the sysadmin was compromised?What if a solar flare wiped out power distribution to the facility housing the cloud(s)?What if the public cloud’s owner was bought out by a foreign company?What if the public cloud is migrated to a foreign country by its owner?
- What if..
Shortly after the 9/11 tragedy, US Today quoted government
sources alleging that terrorists have been using the Internet
to communicate covertly with each other, even hiding messages
in pornographic web pages. Indeed, the Internet can easily facilitate
worldwide covert communications using any one of a multitude
of means such as steganographically hiding any message, including
graphics and imagery, in web pages, in Usenet newsgroup postings,
in spam emails, etc. Unlike the microdot of World War II fame, today’s networks
offer a vast collection of ways for individuals to communicate
covertly. There is even a very reputable academic discipline,
“Covert Channels”, with its own yearly conference and very
reputable academics furthering new techniques for establishing
covert communications across networks.
- Is steganography really
detectable, as some claim? (Some is, but most isn’t). How can terrorists get
around steganalysis (means for detecting steganographically
hidden messages)? (Lots of ways). What are the many ways
whereby terrorists can use the Internet to communicate covertly
with each other right under the nose of US law enforcement? Do Internet Cafes and
library Internet terminals provide ways to anonymize terrorists
over the Internet? (Yes, they do, and this is unlikely to
change). Does the rapid proliferation
of Wi-Fi “hotspots” worldwide provide ways for terrorists
to become anonymous over the Internet? (It does). How does “war driving”
and “war chalking” facilitate covert terrorist communications? Can other global networks,
such as ATM terminals, airline reservations, and others,
be used for covert communications? (They can.) Can all of these avenues
be closed to terrorists? (They cannot). Given all of the foregoing,
what could be indicators of suspects’ likely usage of covert
channels through the Internet? How can such indicators
be detected remotely and unobtrusively?
- What forensic techniques
can be used on suspected terrorists’ computers and service
providers’ records to confirm covert communications?
1. To provide attendees with detailed information about the
numerous ways that the Internet can be used by terrorists,
(and also by narcotraffickers and others) to communicate in
a manner that totally defeats any large scale interception
2. To provide attendees with detailed information about ways
whereby US officials can themselves use the Internet to communicate
in a manner that will defeat hostile foreign efforts to intercept
3. To provide attendees with detailed information on ways
whereby the use of personal computers by US officials can
negate hostile foreign computer forensics, whether or not
such computers are connected to the Internet.
WHO SHOULD ATTEND
1. US officials tasked with identifying terrorist communications
to the extent this can be done.
2. US officials whose official capacity makes them likely
targets of adversaries who would have an interest in these
officials use of their computers (official or personal).
3. US officials whose official capacity requires them to communicate
through the Internet and through other commercial networks
in a manner which is not alerting to foreign adversaries nor
interceptable by them.
COVERT INTERNET COMMUNICATIONS
A. Offline use of computers
a) What computer forensics
can do, how and why.
b) How to defeat
B. Communicating over the
Internet in an undetectable manner.
a) The shortcomings of
current interception practices.
b) Specific ways
of using the Internet to communicate despite hostile interception
c) Possible advanced
approaches to identifying terrorist communications over
d) Extending the
above to commercial networks other than the Internet.
Course Coordinator and Lecturer
Dr. Michael Caloyannides
Michael Caloyannides is Chief Scientist for Ideal Innovations, Inc., the second fastest growing company in the Washington, D.C. metro area, which provides technological and operational support to U.S. forces. He earned his PhD in electrical engineering,
applied mathematics and philosophy from Caltech in '72. He
has worked at the highest technical levels in Industry (15
years), Academia, and Government (14 years); additionally
he has consulted for numerous US corporations as well as for
NASA. He is the author of a book, "Computer Privacy and Forensics"
published by Artech House, has just finished writing another
on "Effective Personal Computer Encryption" for John Wiley
Publishers, and has numerous other technical publications.
Directions to AFCEA Headquarters Restaurants Near AFCEA AFCEA Travel Info