Article details

Title: Cloud Computing in Cyberwarfare
Author(s): Alecsandru Pătraşcu   Diana Maimuţ   Emil Simion         

Abstract: Although the Internet may be seen as a relatively new technology, there is no doubt that it has quickly become a part of our lives, starting from the way we are doing business and to the end-users home. Together with it, new threats have developed: cyberthreats. Cybersecurity and cyberwarfare emerge also as new vectors because individuals, governments, and businesses are under attack from other governments, hackers, and cybercriminals. The Cloud Computing paradigm plays an important role in this cyber equation as new malware uses own computer networks to infect, spread, or update itself, in a way which was previously designed and developed only for the Cloud environments. The main goal of our paper is to inform the reader about these new threats, as we explain the new directions in Cloud Computing especially by highlighting the involved security issues. We describe modern capabilities that any Cloud provider should support, together with a cryptographic side of future Cloud services – (fully) homomorphic encryption. We present the details of a completely new malware, stressing the ways it works and infects together with the way it spreads to victims computers’ using a Cloud-like infrastructure – Flame.

Keywords: cloud computing, security, cybersecurity, malware, reliable computing, homomorphic encryption, homomorphic operations, semantic security.

References:

[1]http://www.nist.gov/itl/cloud/index.cfm
[2] R.A. CLARKE, R.K. KNAKE – Cyber War: The Next Threat to National Security and What to Do About It, Ecco, New York, NY, 2010
[3] A. PĂTRAŞCU, C. LEORDEANU, C. DOBRE, V. CRISTEA – ReC2S: Reliable Cloud Computing System, Proc. of the European Concurrent Engineering Conference, ECEC 2012, pp. 54-60, Bucharest, Romania, Apr. 18-20, 2012
[4] M. ARMBRUST, A. FOX, R. GRIFFITH, A.D. JOSEPH, R.H. KATZ, A. KONWINSKI, G. LEE, D.A. PATTERSON, A. RABKIN, I. STOICA, M. ZAHARIA – Abov! e the Cl ouds: A Berkeley View of Cloud Computing, Technical Report No. UCB/EECS-2009-28, University of California, Berkeley, CA, Feb. 10, 2009
[5] Security Guidance for Critical Areas of Focus in Cloud Computing V.30, Cloud Security Alliance, https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf, Nov. 14, 2011
[6] R. CHOW, P. GOLLE, M. JAKOBSSON, E. SHI, J. STADDON, R. MASUOKA, J. MOLINA – Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control, Proc. of the ACM Workshop on Cloud Computing Security, CCSW 2009, pp. 85-90, Chicago, IL, Nov. 13, 2009
[7] http://www.vmware.com/
[8] http://www.citrix.com/lang/English/home.asp
[9] http://www.microsoft.com/en-us/server-cloud/windows-server/hyper-v.aspx
[10] http://wiki.openvz.org/Main_Page
[11] T. RISTENPART, E. TROMER, H. SHACHAM, S. SAVAGE – Hey, You, Get off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, Proc. of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 199-212, Chicago, IL, Nov. 9-13, 2009
[12] http://cloudcomputing.sys-con.com/
[13] http://cloudcomputing.sys-con.com/node/2154641
[14] C. GENTRY – A Fully Homomorphic Encryption Scheme, Ph.D. Thesis, Stanford University, Stanford, CA, Sep. 2009
[15] B. CHOR, O. GOLDREICH, E. KUSHILEVITZ, M. SUDAN – Private Information Retrieval, Journal of the ACM, Vol. 45, No. 6, pp. 965-982, Nov. 1998
[16] R.L. RIVEST, L. ADLEMAN, M.L. DERTOUZOS – On Data Banks and Privacy Homomorphisms, In R.A. DeMillo et al. (Eds.), “Foundations of Secure Computation”, pp. 169-179, Academic Press, New York, NY, 1978
[17] D. MAIMUŢ, A. PĂTRAŞCU, E. SIMION – Homomorphic Encryption: Schemes and Applications, Proc. of the 5th International Conference on Security for Information Technology and Communications, SECITC 2012, pp. 117-124, Bucharest, Romania, May 31-Jun. 1, 2012
[18] http://e! n.wikipe dia.org/wiki/Homomorphicencryption
[19] R. RIVEST – Lecture Notes 15: Voting, Homomorphic Encryption, http://web.mit.edu/6.857/OldStuff/Fall02/handouts/L15-voting.pdf, Oct. 29, 2002
[20] M. NAEHRIG, K. LAUTER, V. VAIKUNTANATHAN – Can Homomorphic Encryption Be Practical?, Proc. of the 3rd ACM Workshop on Cloud Computing Security, CCSW 2011, pp. 113-124, Chicago, IL, Oct. 21, 2011
[21] D. MICCIANCIO – A First Glimpse of Cryptography’s Holy Grail, Communications of the ACM, Vol. 53, No. 3, p. 96, Mar. 2010
[22] C. GENTRY – Fully Homomorphic Encryption Using Ideal Lattices, Proc. of the 41st ACM Symposium on Theory of Computing, STOC 2009, pp. 169-178, Bethesda, MD, May 31-Jun. 2, 2009
[23] http://www-03.ibm.com/press/us/en/pressrelease/27840.wss
[24] M. COONEY – IBM Touts Encryption Innovation, http://www.computerworld.com/s/article/9134823/IBM_touts_encryption_innovation, Jun. 25, 2009
[25] D. STEHLÉ, R. STEINFELD – Faster Fully Homomorphic Encryption, In M. Abe (Ed.), “Advances in Cryptology – ASIACRYPT 2010: 16th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 5-9, 2010: Proceedings”, pp. 377-394, Springer, New York, NY, 2010
[26] C. GENTRY – Computing Arbitrary Functions of Encrypted Data, Communications of the ACM, Vol. 53, No. 3, pp. 97-105, Mar. 2010
[27] M. van DIJK, C. GENTRY, S. HALEVI, V. VAIKUNTANATHAN – Fully Homomorphic Encryption over the Integers, In H. Gilbert (Ed.), “Advances in Cryptology – EUROCRYPT 2010: 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, French Riviera, May 30-Jun. 3, 2010: Proceedings”, pp. 24-43, Springer, New York, NY, 2010
[28] É. LEVIEIL, D. NACCACHE – Cryptographic Test Correction, In R. Cramer (Ed.), “Public Key Cryptography – PKC 2008: 11th International Workshop on Practice and Theo! ry in Pu blic-Key Cryptography, Barcelona, Spain, March 9-12, 2008: Proceedings”, pp. 85-100, Springer, New York, NY, 2008
[29] B. COHEN – Simple Public Key Encryption, http://bramcohen.com/simple_public_key.html
[30] N.P. SMART, F. VERCAUTEREN – Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes, In P.Q. Nguyen, D. Pointcheval (Eds.), “Public Key Cryptography – PKC 2010: 13th International Conference on Practice and Theory in Public Key Cryptography, Paris, France, May 26-28, 2010: Proceedings”, pp. 420-443, Springer, New York, NY, 2010
[31] C. GENTRY, S. HALEVI – A Working Implementation of Fully Homomorphic Encryption, http://eurocrypt2010rump.cr.yp.to/9854ad3cab48983f7c2c5a2258e27717.pdf, 2010
[32] J.-S. CORON, D. NACCACHE, M. TIBOUCHI – Public Key Compression and Modulus Switching for Fully Homomorphic Encryption over the Integers, In D. Pointcheval, T. Johansson (Eds.), “Advances in Cryptology – EUROCRYPT 2012: 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cambridge, UK, April 15-19, 2012: Proceedings, pp. 446-464, Springer, New York, NY, 2012
[33] C. GENTRY, S. HALEVI, N.P. SMART – Better Bootstrapping in Fully Homomorphic Encryption, http://eprint.iacr.org/2011/680.pdf, Dec. 15, 2011
[34] R.J. HARKNETT – Information Warfare & Deterrence, http://ics-www.leeds.ac.uk/papers/vp01.cfm?outfit=pmt&folder=66&paper=79, 1996
[35] F.Y. RASHID – PayPal, PostFinance Hit by DoS Attacks, Counter-Attack in Progress, http://www.eweek.com/c/a/Security/PayPal-PostFinance-Hit-by-DoS-Attacks-CounterAttack-in-Progress-860335/, Dec. 6, 2010
[36] http://www.kaspersky.com/about/press/duqu
[37] http://www.kaspersky.com/about/news/virus/2012/Kaspersky_Lab_and_ITU_Discover_Gauss_A_New_Complex_Cyber_Threat_Designed_to_Monitor_Online_Banking_Accounts