Upload
diego-kreutz
View
69
Download
0
Tags:
Embed Size (px)
Citation preview
Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and opportunities
Diego Kreutz and Eduardo Feitosa
FedCSIS/SODIS 2014, Warsaw, Poland
Outline
Resilient & Secure IdPs
Motivation & Goals
Deployments & Trade Offs
Open Roads & Opportunities
Experimental Evaluations
Common Threats and Challenges
Cyber Crimes/Attacks!
Software Bugs & Vulnerabilities
Logical Failures
3
4
Vulnerabilities and Treats in IdPs
Vulnerability/Support RADIUS OpenID Tolerates crash faults (e.g., back-end clusters) YES YES Tolerates arbitrary faults NO NO Tolerates infrastructure outages NO NO Tolerates DDoS attacks NO NO Risk of common vulnerabilities HIGH HIGH Risk of sensitive data leakage HIGH HIGH Diverse security-related vulnerabilities YES YES Susceptible to resource depletion attacks YES YES
7
What can we do about it?
Approach 2: increase the system’s resilience and
trustworthiness
Hybrid system architectures, specialized components, clouds, …
Goals
9
Develop new hybrid system architectures.
Use cloud and multi-cloud environments to increase the
resilience and trustworthiness of critical systems.
Reduce costs and foster new business models.
Cloud: some benefits
10
Ø Elasticity of resources"
Ø Cost-effectiveness"§ Reduce CAPEX and OPEX for business"
Ø Efficient and productive tools and systems"
Ø Protection against high scale attacks"
Cloud: some challenges
11
Ø Failures: are still high"
Ø Performance"§ Hard to measure"§ Not yet enough for HPC apps"
Ø Price models"§ No standards"§ No easy way to measure and compare"
Ø Confidentiality & Privacy"§ Cloud provider has access to your data"
Multi-Cloud: some benefits
12
Ø Increasing reliability"§ Up to three nines"
Ø Lower costs"
Ø No vendor lock-in"
Ø Better privacy and confidentiality"§ Multi-cloud storage crypto solutions"
Ø Improved performance"
Ø Diversity of attack defenses"
Multi-Cloud: challenges
13
Ø Inter-cloud high network latency"
Ø Network performance, reliability and costs"
Ø Privacy and confidentiality"§ Yet, still easier to solve than in a single cloud"
Ø Deployment and management costs"§ Different technologies"§ Diversity of tools"§ Lack of standardized interoperability"
Multi-DCs/Cloud Trade Offs
14
Phy
Mac
hine
1!
Hypervisor 1!
VM1!
Resilient Service!
Overall System
Performance
!High
Ava
ilabi
lity (t
owar
ds 3
nin
es)!
Resis
tanc
e to
Atta
cks
and
Vuln
erab
ilitie
s!Single Data Center (Multiple Physical Machines)
Susceptibility to Physical and Logical Failures!
Phy
Mac
hine
2!
Hypervisor 2!
VM2!
Resilient Service!
Phy
Mac
hine
3!
Hypervisor 3!
VM3!
Resilient Service!
Phy
Mac
hine
1!
Hypervisor 1!
VM1!
Resilient Service!
Multiple Data Centers (Single Cloud Provider)
Phy
Mac
hine
2!
Hypervisor 2!
VM2!
Resilient Service!
Phy
Mac
hine
3!
Hypervisor 3!
VM3!
Resilient Service!
Phy
Mac
hine
1!
Hypervisor 1!
VM1!
Resilient Service!
Multiple Cloud Providers
Phy
Mac
hine
2!
Hypervisor 2!
VM2!
Resilient Service!
Phy
Mac
hine
3!
Hypervisor 3!
VM3!
Resilient Service!
Outline
Resilient & Secure IdPs
Motivation & Goals
Deployments & Trade Offs
Open Roads & Opportunities
Experimental Evaluations
16
OpenID: traditional architecture
Client / Web Browser!
Service Provider!(Relying Party)!
OpenID server!
steps 4 and 5!
OpenID! Backends!
SQL$
LDAP$
17
ROpenID Architecture
User Browser / !
Certificate / Attributes!
IdP Service Replicas!
Service Providers (SPs) / Relying Parties (RPs)!
IdP Gateways!
Resilient and Secue IdP!
Secure Authentication!(confidentiality)!
Alternative Path!
Default Path!
Ø Arbitrary faults: § Between the
CIS and gateway
18
Clie
nt!
Cx!
CIS!
Cx!
Serv
ice
!Sx!
Gat
eway
!G
x!
Timeout A! Timeout B!
Corrupted response !from replica Sx!
Corrupted response !from replica Gx!
Byzantine behavior!from replica Cx!
ROpenID Fault Detection Mechanisms
Ø Timeouts:"§ Between client and service"§ Between service and gateway"
Ø Corrupted messages detection"§ Between service and client"§ Between gateway and service"
19
Main Building Blocks 1. Virtual Machines"2. Trusted Computing Base"
§ e.g. hypervisors"
3. Trusted Components"§ e.g. smart cards, TPMs, isolated VMs, secured PCs"
4. Replication & Recovery Protocols"§ e.g. BFT-SMaRt and ITVM"
5. Diversity"§ e.g. different operating systems"
6. Strong mutual authentication"§ e.g. EAP-TLS"
20
What is a TC in our model?
A trusted/secure component can be “any” device capable of ensuring !the data and operation confidentiality of the target system/environment.!
Smart Cards" TPM" Tamper Resistant a FPGA"
A Highly Secured (shielded) Computer"
Virtual TPM"(e.g. vTPM)"
Secure Hypervisor (e.g. sHyper)"
Outline
Resilient & Secure IdPs
Motivation & Goals
Deployments & Trade Offs
Open Roads & Opportunities
Experimental Evaluations
24
Deployments & Trade Offs
Phy
Mac
hine
1!
Hypervisor 1!
VM1!
Resilient Service!
VM2!
Resilient Service!
VM3!
Resilient Service!
Phy
Mac
hine
1!
Hypervisor 1!
VM1!
Resilient Service!
Adm
inis
trativ
e D
omai
n 1!
Adm
inis
trativ
e D
omai
n 1!
Adm
inis
trativ
e D
omai
n 1!
Performance
!
Avai
labi
lity!
Phy
Mac
hine
2!
Hypervisor 2!
VM2!
Resilient Service!
Phy
Mac
hine
3!
Hypervisor 3!
VM3!
Resilient Service!
Phy
Mac
hine
1!
Hypervisor 1!
VM1!
Resilient Service!
Adm
inis
trativ
e D
omai
n 3!
Adm
inis
trativ
e D
omai
n 2!
Phy
Mac
hine
2!
Hypervisor 2!
VM2!
Resilient Service!
Phy
Mac
hine
3!
Hypervisor 3!
VM3!
Resilient Service!
Susceptible to depletion attacks!
(a)!
(b)!
(c)!
25
Deployments & Trade Offs
Phy
Mac
hine
1!
Hypervisor 1!
VM1!
Resilient Service!
Overall System
Performance
!High
Ava
ilabi
lity (t
owar
ds 3
nin
es)!
Resis
tanc
e to
Atta
cks
and
Vuln
erab
ilitie
s!Single Data Center (Multiple Physical Machines)
Susceptibility to Physical and Logical Failures!
Phy
Mac
hine
2!
Hypervisor 2!
VM2!
Resilient Service!
Phy
Mac
hine
3!
Hypervisor 3!
VM3!
Resilient Service!
Phy
Mac
hine
1!
Hypervisor 1!
VM1!
Resilient Service!
Multiple Data Centers (Single Cloud Provider)
Phy
Mac
hine
2!
Hypervisor 2!
VM2!
Resilient Service!
Phy
Mac
hine
3!
Hypervisor 3!
VM3!
Resilient Service!
Phy
Mac
hine
1!
Hypervisor 1!
VM1!
Resilient Service!
Multiple Cloud Providers
Phy
Mac
hine
2!
Hypervisor 2!
VM2!
Resilient Service!
Phy
Mac
hine
3!
Hypervisor 3!
VM3!
Resilient Service!
Wait! What about resource depletion
attacks?
In virtualized environments, how malicious VMs can
affect the execution of non-malicious VMs?
27
Resource Depletion Attacks
200
400
600
800
1000
1200
1400
1600
10 20 40 80 100
Number of authentications/s
Number of OpenID clients
ROpenID throughput under CPU depletion attacks
FF-Exec
3vCPUs-Attack
6vCPUs-Attack
12vCPUs-Attack
28
Resource Depletion Attacks
200
400
600
800
1000
1200
1400
1600
10 20 40 80 100
Number of authentications/s
Number of OpenID clients
ROpenID throughput under attacks
QuintaVMs
TCP-ACK-A
TCP-SYN-A
TCP-SYN-ACK-A
TCP-SSH-A
Outline
Resilient & Secure IdPs
Motivation & Goals
Deployments & Trade Offs
Open Roads & Opportunities
Experimental Evaluations
30
ROpenID Evaluation
Average Latency: 78.360ms!
Average Latency: 87.343ms!
Average Latency: 32.103ms!
Environment vCPU ECUs MEM Disk Network UFAM-VMs 2 --- 2GB 20GB Gigabit Amazon-EC2 4 13 15GB 2x40 SSD High Speed Amazon-DCs 4 13 15GB 2x40 SSD Public WAN
31
ROpenID Evaluation
Average Latency: 78.360ms!
Average Latency: 87.343ms!
Average Latency: 32.103ms!
# of clients UFAM-VMs Amazon-EC2 Amazon-DCs 20 867.73 1969.17 26.66 40 984.59 2166.58 50.72 80 995.12 2244.30 92.42
100 960.11 2244.04 114.05
Outline
Resilient & Secure IdPs
Motivation & Goals
Deployments & Trade Offs
Open Roads & Opportunities
Experimental Evaluations
34
Scaling up ROpenID
Environment 20 clients 40 clients 80 clients 100 clients UFAM-VMs 867 984 995 960 Amazon-EC2 1969 2166 2244 2444 Amazon-DCs 26 50 92 114
Environment 10k users 100k users 500k users 1M users UFAM-VMs 4.16% 41.66% 208.30% 416.61% Amazon-EC2 1.78% 17.82% 89.11% 178.22% Amazon-DCs 35.07% 350.72% 1753.61% 3507.23%
35
Scaling up ROpenID
Cost/Users 10k users 100k users 500k users 1M users IaaS $350.40 $3,507.65 $17,531.90 $35,083.80 Service $550.37 $5,503.70 $27,518.50 $55,037.00 Total cost/y $900.77 $9,011.35 $45,060.40 $90,120.80
Environment 10k users 100k users 500k users 1M users UFAM-VMs 4.16% 41.66% 208.30% 416.61% Amazon-EC2 1.78% 17.82% 89.11% 178.22% Amazon-DCs 35.07% 350.72% 1753.61% 3507.23%
Technical and Business Challenges
36
Ø Efficient networks"§ Low latency"§ High throughput"
Ø Cost-effective three nines"§ Combined multi-cloud solutions"
Ø Confidentiality and Privacy"§ Combined multi-cloud solutions"
38
Final remarks on multi-cloud IdPs
Ø New business opportunities for"§ Cloud providers"§ Startups"
Ø Research open reads & challenges"§ Efficient WANs"§ Telco Clouds"§ Multi-cloud elasticity "§ Multi-cloud interoperability"§ Confidentiality & Privacy"