Today’s focus in our blog series will cover large-scale environments: Cryptography in Cloud environments and Network Automation. Since these topics will only become more important over time stay tuned for our TROOPERS16’s developing agenda to see what new talks will be available (or submit your own talk during our Call for Papers starting in August via our new CFP Submission tool!)
“Crypto in the Cloud” talk created and given by Frederik Armknecht
Though cloud computing is a buzzword, it’s quite important these days as, for example, 90% of U.S. companies use cloud computing in some way. The problem however, is cloud security. As many industries struggle with the question of security in the cloud, data breaches and data losses are the main concerns.
As it is already challenging for a provider to secure the cloud against outside attackers, how does one defend themselves from bad or careless providers? Frederik talks about the cryptographic building blocks to secure your data against a mistrusted cloud provider.
One classical approach is to just use encryption to protect your data and only put encrypted data in the cloud. But normally you wouldn’t just like to outsource a big junk of data and get all the data back if you need something. Sometimes you like to do some cloud calculation or perform a (search-) request on that data.
Frederik focuses on two things: searchable encryption schemes and Homomorphic encryption schemes. To solve the problem with searching on encrypted data, the user also provides a secure index, which is used by the cloud to provide an encrypted search.
Homomorphic encryption provides the possibility to perform operations on the encrypted data, like calculating the product of encrypted data. We already know a popular encryption scheme, which is homomorphic: textbook RSA. The basic idea is that you can multiply two ciphers with each other to get the encrypted product of the clear text: c1 * c2 = m1 ^ e * m2 ^ e = (m1 * m2)^e. Note here: Normally this is not desired, as it means that a cipher text can easily be changed.
A great result came in 2009: Gentry provided a fully homomorphic crypto scheme, which means e.g. multiplication and addition is possible. The problem with a (fully) homomorphic encryption scheme is the fact that they are mostly not very efficient and according to Frederik it is unlikely we will ever see an efficient one.
Next, we look to the prevention of data loss. Proof of Retrievability is cryptographic protocols, which checks whether all data is still available or not. There is a challenge and response, which the storage provider can only answer correctly if all the data is still there. The same idea goes for Proof of Redundancy and also Proof of Location (where is my data stored?)
Altogether this talk was quit theoretically, but also gave an overview of the current state of research on this topic.
Check out the slides here
“Automating Network Security” talk created and given by Ivan Pepelnjak
The talk focuses on the subject of software-defined networks and automation. Ivan speaks about the products that are being advertised as some wonderful solution to all the issues that may occur in a network (and in securing it). The basic rule set to make networks safer is to simplify, standardize, automate and abstract them. Simplification makes maintenance of the network a more manageable process, as well as standardization. Tools to automate deployment of rules and settings are needed to eradicate errors and simplify maintenance. Last, but not least, abstraction helps to be able to adapt the concept in case of a shrinking or growing network.
Conceptually, it is useful to operate a multi-tenant isolation of applications with each of them having their own firewall. By doing so, the developers of the software are able to configure the firewall to their own needs. This also hands over the responsibility to the customers/developers of the application.
Another mentioned topic is typical roadblocks for rolling out (new) network structures. These roadblocks can be separated in two different categories: Internal (from within the company) and external. Typical internal roadblocks for a good and secure network structure are mindset differences of the admins, security policies, processes and procedures (which are already in place). On the other hand there are licensing fees, contracts, or even auditing and management tools (which have to be reconfigured/replaced).
The final conclusion is, that there is no perfect (automation) solution for networks yet. Vendors make promises while relabeling their old tools to go with the hype of software-defined networking. But if you stick to the four given tips (simplify, standardize, automate and abstract), it will be much easier and efficient to set up a good network structure.
Click here for the slides
Now we move onto the world of IPv6! See you soon!