Abstract
Due to ubiquitous-elastic computing mechanism, platform independence and sustainable architecture, cloud computing emerged as the most dominant technology. However, security threats become the most blazing issue in adopting such a diversified and innovative approach. To address some of the shortcomings of traditional security protocols (e.g., SSL/TLS), we propose a cloud communication architecture (Graphene) that can provide security for data-in-transit and authenticity of cloud users (CUs) and cloud service providers (CSPs). Graphene also protects the communication channel against some most common attacks such as man-in-the-middle (MITM) (including eavesdropping, sniffing, identity spoofing, data tampering), sensitive information disclosure, replay, compromised-key, repudiation and session hijacking attacks. This work also involves the designing of a novel high-performance cloud focused security protocol. This protocol efficiently utilizes the strength and speed of symmetric block encryption with Galois/Counter mode (GCM), cryptographic hash, public key cryptography and ephemeral key-exchange. It provides faster reconnection facility for supporting frequent connectivity and dealing with connection trade-offs. The security analysis of Graphene shows promising protection against the above discussed attacks. Graphene also outperforms TLSv1.3 (the latest stable version among the SSL successors) in performance and bandwidth consumption significantly and shows reasonable memory usage at the server-side.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
BLAKE2 - fast secure hashing (2017). https://blake2.net/. Accessed 02 Sept 2018
Hybrid CryptoSystem (2017). https://en.wikipedia.org/wiki/Hybrid_cryptosystem. Accessed 02 Sept 2018
Weak Diffie-Hellman and the Logjam Attack (2017). https://weakdh.org/. Accessed 02 Sept 2018
CRIME (2018). https://en.wikipedia.org/wiki/CRIME. Accessed 02 Sept 2018
Transport Layer Security: Attacks against TLS/SSL (2018). https://en.wikipedia.org/wiki/Transport_Layer_Security#Attacks_against_TLS/SSL. Accessed 02 Sept 2018
Abdallah, E.G., Zulkernine, M., Gu, Y.X., Liem, C.: Trust-cap: a trust model for cloud-based applications. In: 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC), vol. 2, pp. 584–589, July 2017. https://doi.org/10.1109/COMPSAC.2017.256
Adrian, D., et al.: Imperfect forward secrecy: how Diffie-Hellman fails in practice. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, pp. 5–17. ACM, New York (2015). https://doi.org/10.1145/2810103.2813707
Amara, N., Zhiqui, H., Ali, A.: Cloud computing security threats and attacks with their mitigation techniques. In: 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), pp. 244–251, October 2017. https://doi.org/10.1109/CyberC.2017.37
Amazon Web Services: Amazon Web Services: Overview of Security Processes, May 2017. https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Whitepaper.pdf. Accessed 02 Sept 2018
Aviram, N., et al.: Drown: breaking TLS using SSLv2. In: USENIX Security Symposium, pp. 689–706 (2016)
Barker, E.B., Dang, Q.H.: SP 800-57 Pt3 R1. Recommendation for key management, part 3: application-specific key management guidance, January 2015. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf. Accessed 02 Sept 2018
Barker, E.B., Roginsky, A.L.: SP 800-131A R1. Transitions: recommendation for transitioning the use of cryptographic algorithms and key lengths, November 2015. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf. Accessed 02 Sept 2018
Böck, H., Somorovsky, J., Young, C.: Return of bleichenbacher’s oracle threat (ROBOT). In: Proceedings of the 27th USENIX Conference on Security Symposium, SEC 2018, pp. 817–832. USENIX Association, Berkeley (2018). http://dl.acm.org/citation.cfm?id=3277203.3277265. Accessed 02 Sept 2018
Chandu, Y., Kumar, K.S.R., Prabhukhanolkar, N.V., Anish, A.N., Rawal, S.: Design and implementation of hybrid encryption for security of IoT data. In: 2017 International Conference On Smart Technologies For Smart Nation (SmartTechCon), pp. 1228–1231, August 2017. https://doi.org/10.1109/SmartTechCon.2017.8358562
Cloud Security Aliance: the treacherous 12 - top threats to cloud computing + industry insights, October 2017. https://cloudsecurityalliance.org/download/artifacts/top-threats-cloud-computing-plus-industry-insights/. Accessed 02 Sept 2018
Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167–226 (2004). https://doi.org/10.1137/S0097539702403773
Duong, T., Rizzo, J.: Here come the XOR ninjas. White paper, Netifera (2011)
Durumeric, Z., et al.: The matter of heartbleed. In: Proceedings of the 2014 Conference on Internet Measurement Conference, IMC 2014, pp. 475–488. ACM, New York (2014). https://doi.org/10.1145/2663716.2663755
Fardan, N.J.A., Paterson, K.G.: Lucky thirteen: breaking the TLS and DTLS record protocols. In: 2013 IEEE Symposium on Security and Privacy, pp. 526–540, May 2013. https://doi.org/10.1109/SP.2013.42
Google: Encryption at Rest in Google Cloud Platform, August 2016. https://cloud.google.com/security/encryption-at-rest/default-encryption/resources/encryption-whitepaper.pdf. Accessed 02 Sept 2018
Google: Encryption in Transit in Google Cloud, November 2017. https://cloud.google.com/security/encryption-in-transit/resources/encryption-in-transit-whitepaper.pdf. Accessed 02 Sept 2018
Google: Google Infrastructure Security Design Overview, January 2017. https://cloud.google.com/security/infrastructure/design/resources/google_infrastructure_whitepaper_fa.pdf. Accessed 02 Sept 2018
Kaaniche, N., Laurent, M., Barbori, M.E.: CloudaSec: a novel public-key based framework to handle data sharing security in clouds. In: 2014 11th International Conference on Security and Cryptography (SECRYPT), pp. 1–14, August 2014
Khanezaei, N., Hanapi, Z.M.: A framework based on RSA and AES encryption algorithms for cloud computing services. In: 2014 IEEE Conference on Systems, Process and Control (ICSPC 2014), pp. 58–62, December 2014. https://doi.org/10.1109/SPC.2014.7086230
Kivinen, T., Kojo, M.: More modular exponential (MODP) Diffie-Hellman groups for internet key exchange (IKE) (2003). https://tools.ietf.org/html/rfc3526. Accessed 02 Sept 2018
Liang, C., Ye, N., Malekian, R., Wang, R.: The hybrid encryption algorithm of lightweight data in cloud storage. In: 2016 2nd International Symposium on Agent, Multi-Agent Systems and Robotics (ISAMSR), pp. 160–166, August 2016. https://doi.org/10.1109/ISAMSR.2016.7810021
Microsoft: Trusted Cloud: Microsoft Azure Security, Privacy and Compliance, April 2015. http://download.microsoft.com/download/1/6/0/160216AA-8445-480B-B60F-5C8EC8067FCA/WindowsAzure-SecurityPrivacyCompliance.pdf. Accessed 02 Sept 2018
Möller, B., Duong, T., Kotowicz, K.: This POODLE bites: exploiting the SSL 3.0 fallback. Security Advisory, September 2014. Accessed 02 Sept 2018
Neuman, D.C., Hartman, S., Raeburn, K., Yu, T.: The kerberos network authentication service (V5). RFC 4120, July 2005. https://doi.org/10.17487/RFC4120. https://rfc-editor.org/rfc/rfc4120.txt
Rescorla, E.: The transport layer security (TLS) protocol version 1.3. RFC 8446, August 2018. https://doi.org/10.17487/RFC8446. https://rfc-editor.org/rfc/rfc8446.txt
Rescorla, E., Dierks, T.: The transport layer security (TLS) protocol version 1.2. RFC 5246, August 2008. https://doi.org/10.17487/RFC5246. https://rfc-editor.org/rfc/rfc5246.txt
Acknowledgment
This work is partially supported by the Natural Sciences and Engineering Research Council of Canada (NSERC) and the Canada Research Chairs (CRC) program. We would also like to convey special thanks to Mohima Hossain from the TRL Lab at Queen’s University for the fruitful discussion and her critics during this research work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Faisal, A., Zulkernine, M. (2019). Graphene: A Secure Cloud Communication Architecture. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2019. Lecture Notes in Computer Science(), vol 11605. Springer, Cham. https://doi.org/10.1007/978-3-030-29729-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-29729-9_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-29728-2
Online ISBN: 978-3-030-29729-9
eBook Packages: Computer ScienceComputer Science (R0)