Cloud Service Provider (Csp) internal threats
Download as PPT, PDF2 likes605 views
This document discusses internal threats to cloud service providers from both the provider and client perspectives. It proposes using a combination of security intelligence systems, including data loss prevention, multi-layer encryption, digital rights management, multi-factor authentication, security architecture segmentation, risk assessments, third-party audits, and policy enforcement to mitigate these threats. However, it notes that increasing security comes at the cost of things like privacy, trust, and technical limitations of current solutions.
Cloud Service Provider (Csp) internal threats
- 1. CSP Internal Threats Hussein Mahgoob Ahmed Ali El-Kosairy
- 2. Introduction ➢CERN (1) defines an insider threat as such: A malicious insider threat == ➢Organization ➢+ ➢(current or former employee, contractor, or other business partner) ➢+ ➢(Authorized access to an Organization's system )
- 3. Impact Area
- 4. Introduction ➢Example Edward Snowden (2) PRISM (2007) Right or Wrong ?!! ➢Something such as Watergate scandal(3)
- 5. Objective ➢How to protect your self from internal threats from Cloud Service provider (CSP) perspective ➢How to protect your self from Internal threats (CSP) from user perspective
- 6. Objective ●As a Client we are looking for privacy (please check previous Presentation <Ahmed Nour >) ●As a CSP we are looking for defense in Depth. ➢What is DID ? -Multilayer and technology of Security
- 7. Related Approaches ●Encryption ●Privilege and Authentication ●Security Policy
- 8. Our Approach Using Combination of Security Intelligence systems such as :
- 9. Data Loss Prevention ●Host level ●Network Level ●Formatted Based ●For CSP
- 10. Encryption ●For CSP and Client ●Try to use Multi layer of Encryption such as SFS for Linux and EFS for Windows with any 3rd party(4).
- 11. DRM ●For CSP and Client. ●Data Right Management (DRM) based on PKI. ●Examples: ●Snap Chat ●Related News (5): ●Facebook Tried To Buy Snap chat For $3B. ●Snap chat may have rejected a $4 billion offer from Google. ●Microsoft DRM. ●Apple Fair Play.
- 12. Apple Fair Play
- 13. Can We Trust CA,DRM,Security Algorithms!!
- 14. User Access Authentication ●For CSP and Client. ●Use Multi-factor authentication : ➢Something you know. ➢Something you have. ➢Something you are. ➢Two-man rule 0r Two-person integrity (TPI) ➢Examples : Nuke Bomb
- 15. And ●Security Architecture – Segmentation. ●Risk Management – Assessments (CSP perspective ). ➢Check on vacations. ➢Controls. ➢Mitigate Risk. ●Third Party Audits. ●Policy Enforcement.
- 16. Again Can We Trust CA,DRM,Security Algorithms !!!
- 17. Sony BMG DRM • 2000 Napster Issue Shawn Fanning • Music Companies “We will revenge” • Sony BMG copy protection • When inserted into a computer: ➢ the CDs installed one of two pieces of software ➢ which provided a form of digital rights management (DRM) by modifying the operating system. ➢ Both programs could not be easily uninstalled. ➢ And they unintentionally created vulnerabilities that were exploited by unrelated malware (6). • rootkit scandal 2007 :)
- 18. ANSSI_CA ➢ANSSI: Rogue digital certificates that had been issued by French certificate authority ANSSI, who closely work with the French Defense agency(7).
- 20. RSA 4096-bit Crypto Analysis (8) Send Encrypted mails to you (He already know Plain text and cipher text ) ➢listen to frequency of your CPU by Microphone ➢Use low- and high-pass filters ➢Called acoustic signal Attack ➢ RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis(9)
- 21. Conclusion We Need to apply DID on Client Level and Provider Level
- 22. Conclusion ●Using Combination of Security Intelligence systems such as : ➢DLP ➢Encryption (Multi layer of Encryption) ➢DRM ➢User Access ➢Security Architecture - Segmentation ➢Risk Management - Assessments ➢Third Party Audits ➢Policy Enforcement ➢And (FDM), etc. …......
- 23. But Remember everything came with a price
- 24. References (1)Cloud Security, The Notorious Nine Cloud Computing Top Threats in 2013 Alliance , https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf (2)Edward Snowden a 'hero' for NSA disclosures, Wikipedia founder says | World news. The Guardian (2013-11-25)., http://www.theguardian.com/world/2013/nov/25/edward-snowden-nsa-wikipedia-founder, http://en.wikipedia.org/wiki/Edward_Snowden (3)Watergate scandal, http://en.wikipedia.org/wiki/Watergate_scandal (4)Rajesh Kumar Pal, Indranil Sengupta, Enhancing File Data Security in Linux Operating System, Computational Intelligence in Cyber Security, 2009. CICS '09. IEEE Symposium on, http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=4925089&queryText %3DEnhancing+File+Data+Security+in+Linux+Operating+System+by+Integrating+Secure+File+System (5)forbes, maybe snapchat is crazy to turn down 3b but was facebook nuts to offer it http://www.forbes.com/sites/markrogowsky/2013/11/14/maybe-snapchat-is-crazy-to-turn-down-3b-but-was-facebook-nuts-to-offer-it/ (6)Halderman, J. Alex, and Felten, Edward. "Lessons from the Sony CD DRM Episode" , Center for Information Technology Policy, Department of Computer Science, Princeton University, 2006-02-14., http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal, http://www.copyright.gov/1201/2006/hearings/sonydrm-ext.pdf, http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal (7)The hacker news, fake google ssl certificates made in, http://thehackernews.com/2013/12/fake-google-ssl-certificates-made-in.html (8)Extremetech, researchers crack the worlds toughest encryption by listening to the tiny sounds made by your computers cpu, http://www.extremetech.com/extreme/173108-researchers-crack-the-worlds-toughest-encryption-by-listening-to-the-tiny-sounds-made-by-yourcomputers-cpu (9)RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysisdt@infootnoteThe authors thank Lev Pachmanov for programming and experiment support during the course of this research.dt@infootnote - acoustic-20131218.pdf, http://www.cs.tau.ac.il/~tromer/acoustic/