19-07-2014, 02:33 PM
Fog Computing: Mitigating Insider Data Theft Attacks in
the Cloud
Fog Computing.pdf (Size: 755.35 KB / Downloads: 28)
ABSTRACT
Cloud computing promises to significantly change the
way we use computers and access and store our
personal and business information. With these new
computing and communications paradigms arise new
data security challenges. Existing data protection
mechanisms such as encryption have failed in
preventing data theft attacks, especially those
perpetrated by an insider to the cloud provider.
We propose a different approach for securing data in the
cloud using offensive decoy technology. We monitor
data access in the cloud and detect abnormal data access
patterns. When unauthorized access is suspected and
then verified using challenge questions, we launch a
disinformation attack by returning large amounts of
decoy information to the attacker. This protects against
the misuse of the user’s real data. Experiments
conducted in a local file setting provide evidence that
this approach may provide unprecedented levels of user
data security in a Cloud environment.
INTRODUCTION
Businesses, especially startups, small and medium
businesses (SMBs), are increasingly opting for
outsourcing data and computation to the Cloud. This
obviously supports better operational efficiency, but
comes with greater risks, perhaps the most serious of
which are data theft attacks.
Data theft attacks are amplified if the attacker is a
malicious insider. This is considered as one of the top
threats to cloud computing by the Cloud Security
Alliance [1]. While most Cloud computing customers
are well-aware of this threat, they are left only with
trusting the service provider when it comes to protecting
their data. The lack of transparency into, let alone
control over, the Cloud provider’s authentication,
authorization, and audit controls only exacerbates this
threat.
SECURING CLOUDS WITH FOG
Numerous proposals for cloud-based services describe
methods to store documents, files, and media in a
remote service that may be accessed wherever a user
may connect to the Internet. A particularly vexing
problem before such services are broadly accepted
concerns guarantees for securing a user’s data in a
manner where that guarantees only the user and no one
else can gain access to that data. The problem of
providing security of confidential information remains a
core security problem that, to date has not provided the
levels of assurance most people desire.
Many proposals have been made to secure remote data
in the Cloud using encryption and standard access
controls. It is fair to say all of the standard approaches
have been demonstrated to fail from time to time for a
variety of reasons, including in-sider attacks,
misconfigured services, faulty implementations, buggy
code, and the creative construction of effective and
sophisticated attacks not envisioned by the
implementers of security procedures [8]. Building a
trustworthy cloud computing environment is not
enough, because accidents continue to happen, and
when they do, and information gets lost, there is no way
to get it back. One needs to prepare for such accidents.
The basic idea is that we can limit the damage of stolen
data if we decrease the value of that stolen information
to the attacker. We can achieve this through a
‘preventive’ disinformation attack. We posit that secure
Cloud services can be implemented given two
additional security features:
CONCLUSION
In this position paper, we present a novel approach to
securing personal and business data in the Cloud. We
propose monitoring data access patterns by profiling
user behavior to determine if and when a malicious
insider illegitimately accesses someone’s documents in
a Cloud service. Decoy documents stored in the Cloud
alongside the user’s real data also serve as sensors to
detect illegitimate access. Once unauthorized data
access or exposure is suspected, and later verified, with
challenge questions for instance, we inundate the
malicious insider with bogus information in order to
dilute the user’s real data. Such preventive attacks that
rely on disinformation technology could provide
unprecedented levels of security in the Cloud and in
social networks.