Network-Based Secret Communication in Clouds: A Survey

The cloud concept promises computing as a utility. More and more functions are moved to cloud environments. But this transition comes at a cost: security and privacy solutions have to be adapted to new challenges in cloud environments. We investigate secret communication possibilities—data transmission concealing its mere existence or some of its characteristics—in clouds. The ability to establish such secret communication provides a powerful instrument to adversaries and can be used to gather information for attack preparation, to conceal the coordination of malicious instances or to leak sensitive data. In this paper, we investigate potentials for secret communication in cloud environments and show possible application scenarios. We survey current approaches of different kinds of secret communication including covert channels, side channels, and obfuscation techniques. While most existing work focuses on covert and side channels within a physical server (cross-VM channels), we place emphasis on network-based covert and side channels, which are rarely addressed in current literature about cloud security. We then discuss secret communication techniques with respect to the application scenarios and show their advantages and limitations.

[1]  J. Alex Halderman,et al.  Internet Censorship in Iran: A First Look , 2013, FOCI.

[2]  Rajkumar Buyya,et al.  Cloud-Based Augmentation for Mobile Devices: Motivation, Taxonomies, and Open Challenges , 2013, IEEE Communications Surveys & Tutorials.

[3]  Song Guo,et al.  Can We Beat DDoS Attacks in Clouds? , 2014, IEEE Transactions on Parallel and Distributed Systems.

[4]  Marin Litoiu,et al.  Partitioning applications for hybrid and federated clouds , 2012, CASCON.

[5]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[6]  Rajkumar Buyya,et al.  Heterogeneity in Mobile Cloud Computing: Taxonomy and Open Challenges , 2014, IEEE Communications Surveys & Tutorials.

[7]  E. J. Koops,et al.  Crypto Law Survey , 2004 .

[8]  Helmut Krcmar,et al.  THE BUSINESS PERSPECTIVE OF CLOUD COMPUTING: ACTORS, ROLES, AND VALUE NETWORKS , 2010, ECIS 2010.

[9]  Steven B. Lipner,et al.  Trusted Computer System Evaluation Criteria ( Orange Book ) December , 2001 .

[10]  Andrei V. Gurtov,et al.  Security in Software Defined Networks: A Survey , 2015, IEEE Communications Surveys & Tutorials.

[11]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[12]  Rui Wang,et al.  Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow , 2010, 2010 IEEE Symposium on Security and Privacy.

[13]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[14]  Lori M. Kaufman,et al.  Can Public-Cloud Security Meet Its Unique Challenges? , 2010, IEEE Security & Privacy.

[15]  Nick Feamster,et al.  Examining How the Great Firewall Discovers Hidden Circumvention Servers , 2015, Internet Measurement Conference.

[16]  Raouf Boutaba,et al.  Cloud computing: state-of-the-art and research challenges , 2010, Journal of Internet Services and Applications.

[17]  Mark Ryan,et al.  Cloud computing security: The scientific challenge, and a survey of solutions , 2013, J. Syst. Softw..

[18]  Rob Johnson,et al.  Games without Frontiers: Investigating Video Games as a Covert Channel , 2015, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[19]  Adi Shamir,et al.  RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis , 2014, CRYPTO.

[20]  Tim Mather,et al.  Cloud Security and Privacy - An Enterprise Perspective on Risks and Compliance , 2009, Theory in practice.

[21]  Nicolas Christin,et al.  Traveling the silk road: a measurement analysis of a large anonymous online marketplace , 2012, WWW.

[22]  Frank Teuteberg,et al.  Costing of Cloud Computing Services: A Total Cost of Ownership Approach , 2012, 2012 45th Hawaii International Conference on System Sciences.

[23]  Ronald L. Krutz,et al.  Cloud Security: A Comprehensive Guide to Secure Cloud Computing , 2010 .

[24]  Biswanath Mukherjee,et al.  A Survey on Resiliency Techniques in Cloud Computing Infrastructures and Applications , 2016, IEEE Communications Surveys & Tutorials.

[25]  Levente Buttyán,et al.  A survey of security issues in hardware virtualization , 2013, CSUR.

[26]  Bo Yuan,et al.  Covert Channel in the BitTorrent Tracker Protocol , 2012 .

[27]  Derek Gordon Murray,et al.  Using Dust Clouds to Enhance Anonymous Communication , 2010, Security Protocols Workshop.

[28]  Jon Postel,et al.  Internet Protocol , 1981, RFC.

[29]  Anees Shaikh,et al.  Performance Isolation and Fairness for Multi-Tenant Cloud Storage , 2012, OSDI.

[30]  Parv Venkitasubramaniam,et al.  Mitigating timing based information leakage in shared schedulers , 2012, 2012 Proceedings IEEE INFOCOM.

[31]  Ronaldo M. Salles,et al.  Botnets: A survey , 2013, Comput. Networks.

[32]  Dmitry Namiot,et al.  Local messages for smartphones , 2013, 2013 Conference on Future Internet Communications (CFIC).

[33]  Yuval Elovici,et al.  Social Networks : Threats and Solutions , 2013 .

[34]  Antti Ylä-Jääski,et al.  Exploiting Hardware Heterogeneity within the Same Instance Type of Amazon EC2 , 2012, HotCloud.

[35]  Mohsen Guizani,et al.  Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications , 2015, IEEE Communications Surveys & Tutorials.

[36]  Zhifeng Xiao,et al.  Security and Privacy in Cloud Computing , 2013, IEEE Communications Surveys & Tutorials.

[37]  Tom Caddy,et al.  Side-Channel Attacks , 2016 .

[38]  Josep Domingo-Ferrer,et al.  Privacy and Data Protection by Design - from policy to engineering , 2014, ArXiv.

[39]  Peter B. Jubb Whistleblowing: A Restrictive Definition and Interpretation , 1999 .

[40]  Ahmed Toumanari,et al.  Survey of Security in Software-Defined Network , 2017 .

[41]  Siani Pearson,et al.  A Privacy Manager for Cloud Computing , 2009, CloudCom.

[42]  Antti Ylä-Jääski,et al.  Is the Same Instance Type Created Equal? Exploiting Heterogeneity of Public Clouds , 2013, IEEE Transactions on Cloud Computing.

[43]  Benny Pinkas,et al.  Side Channels in Cloud Services: Deduplication in Cloud Storage , 2010, IEEE Security & Privacy.

[44]  Michael K. Reiter,et al.  HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis , 2011, 2011 IEEE Symposium on Security and Privacy.

[45]  Dmitry Namiot,et al.  Spotique: A New Approach to Local Messaging , 2013, WWIC.

[46]  Carla E. Brodley,et al.  IP Covert Channel Detection , 2009, TSEC.

[47]  Benjamin Farley,et al.  Resource-freeing attacks: improve your cloud performance (at your neighbor's expense) , 2012, CCS.

[48]  Sebastian Zander,et al.  A survey of covert channels and countermeasures in computer network protocols , 2007, IEEE Communications Surveys & Tutorials.

[49]  Jorge Sá Silva,et al.  Security for the Internet of Things: A Survey of Existing Protocols and Open Research Issues , 2015, IEEE Communications Surveys & Tutorials.

[50]  Danda B. Rawat,et al.  Software Defined Networking Architecture, Security and Energy Efficiency: A Survey , 2017, IEEE Communications Surveys & Tutorials.

[51]  Ronald L. Rivest,et al.  How to tell if your cloud files are vulnerable to drive crashes , 2011, CCS '11.

[52]  Shouhuai Xu,et al.  Social Network-Based Botnet Command-and-Control: Emerging Threats and Countermeasures , 2010, ACNS.

[53]  Rajkumar Buyya,et al.  Interconnected Cloud Computing Environments , 2014, ACM Comput. Surv..

[54]  Qinglei Zhang,et al.  On the Necessary Conditions for Covert Channel Existence: A State-of-the-Art Survey , 2012, ANT/MobiWIS.

[55]  Subhajyoti Bandyopadhyay,et al.  Cloud Computing - The Business Perspective , 2011, 2011 44th Hawaii International Conference on System Sciences.

[56]  Edgar R. Weippl,et al.  Guess Who's Texting You? Evaluating the Security of Smartphone Messaging Applications , 2012, NDSS.

[57]  S. O. Kuyoro,et al.  Cloud computing security issues and challenges , 2011 .

[58]  Michael Weyrich,et al.  Machine-to-Machine Communication , 2014, IEEE Software.

[59]  Arpan Roy,et al.  Secure the Cloud , 2015, ACM Comput. Surv..

[60]  Vern Paxson,et al.  Blocking-resistant communication through domain fronting , 2015, Proc. Priv. Enhancing Technol..

[61]  Jennifer Rexford,et al.  Eliminating the hypervisor attack surface for a more secure cloud , 2011, CCS '11.

[62]  I. S. Moskowitz,et al.  Covert channels-here to stay? , 1994, Proceedings of COMPASS'94 - 1994 IEEE 9th Annual Conference on Computer Assurance.

[63]  Zhou Li,et al.  Sidebuster: automated detection and quantification of side-channel leaks in web application development , 2010, CCS '10.

[64]  Mohammad Iftekhar Husain,et al.  Covert Botnet Command and Control Using Twitter , 2015, ACSAC.

[65]  Ian Sommerville,et al.  Cloud Migration: A Case Study of Migrating an Enterprise IT System to IaaS , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[66]  Brent Byunghoon Kang,et al.  SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment , 2015, NDSS.

[67]  Dimosthenis Kyriazis,et al.  Migrating Legacy Software to the Cloud with ARTIST , 2013, 2013 17th European Conference on Software Maintenance and Reengineering.

[68]  Emiliano De Cristofaro,et al.  Censorship in the Wild: Analyzing Internet Filtering in Syria , 2014, Internet Measurement Conference.

[69]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[70]  Guevara Noubir,et al.  Return of the Covert Channel, Data Center Style , 2015, CCSW '15.

[71]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[72]  Edgar R. Weippl,et al.  Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space , 2011, USENIX Security Symposium.

[73]  João Paulo,et al.  A Survey and Classification of Storage Deduplication Systems , 2014, ACM Comput. Surv..

[74]  Gary Scott Malkin,et al.  Internet Users' Glossary , 1996, RFC.

[75]  A. Leite,et al.  Commentary: Cloud computing - A security problem or solution? , 2011, Inf. Secur. Tech. Rep..

[76]  Vitaly Shmatikov,et al.  CloudTransport: Using Cloud Storage for Censorship-Resistant Networking , 2014, Privacy Enhancing Technologies.

[77]  Alexander S. Szalay,et al.  Migrating a (large) science database to the cloud , 2010, HPDC '10.

[78]  Edgar R. Weippl,et al.  What's new with WhatsApp & Co.? Revisiting the Security of Smartphone Messaging Applications , 2014, iiWAS.

[79]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[80]  Robert Beverly A Robust Classifier for Passive TCP/IP Fingerprinting , 2004, PAM.

[81]  Edgar R. Weippl,et al.  Cloudoscopy: services discovery and topology mapping , 2013, CCSW.

[82]  Chris Rose,et al.  A Break in the Clouds: Towards a Cloud Definition , 2011 .

[83]  Yanpei Chen,et al.  What's New About Cloud Computing Security? , 2010 .

[84]  Yunhao Liu,et al.  Towards Network-level Efficiency for Cloud Storage Services , 2014, Internet Measurement Conference.

[85]  Xiao Han,et al.  The Role of Cloud Services in Malicious Software: Trends and Insights , 2015, DIMVA.

[86]  Vern Paxson,et al.  Automated packet trace analysis of TCP implementations , 1997, SIGCOMM '97.

[87]  Mohsen Guizani,et al.  Topology Discovery in Software Defined Networks: Threats, Taxonomy, and State-of-the-Art , 2017, IEEE Communications Surveys & Tutorials.

[88]  R. Kálmán On the general theory of control systems , 1959 .

[89]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[90]  Hovav Shacham,et al.  Do you know where your cloud files are? , 2011, CCSW '11.

[91]  Kevin R. B. Butler,et al.  On detecting co-resident cloud instances using network flow watermarking techniques , 2014, International Journal of Information Security.

[92]  Michael J. Freedman,et al.  Hiding Amongst the Clouds: A Proposal for Cloud-based Onion Routing , 2011, FOCI.

[93]  Wanlei Zhou,et al.  Modeling malicious activities in cyber space , 2015, IEEE Network.

[94]  John Langford,et al.  Telling humans and computers apart automatically , 2004, CACM.

[95]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[96]  Heng Yin,et al.  Multi-Aspect, Robust, and Memory Exclusive Guest OS Fingerprinting , 2014, IEEE Transactions on Cloud Computing.

[97]  Edgar R. Weippl,et al.  Appinspect: large-scale evaluation of social networking apps , 2013, COSN '13.

[98]  Ridha Khédri,et al.  Exploring Covert Channels , 2011, 2011 44th Hawaii International Conference on System Sciences.

[99]  Benjamin Hindman,et al.  Dominant Resource Fairness: Fair Allocation of Multiple Resource Types , 2011, NSDI.

[100]  Xiaorui Wang,et al.  Power Attack: An Increasing Threat to Data Centers , 2014, NDSS.

[101]  F. Richard Yu,et al.  Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges , 2016, IEEE Communications Surveys & Tutorials.

[102]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[103]  Mazliza Othman,et al.  A Survey of Mobile Cloud Computing Application Models , 2014, IEEE Communications Surveys & Tutorials.

[104]  Pin Zhou,et al.  Demystifying data deduplication , 2008, Companion '08.

[105]  Ali Sunyaev,et al.  Cloud services certification , 2013, CACM.

[106]  Thomas Engel,et al.  Website fingerprinting in onion routing based anonymization networks , 2011, WPES.

[107]  Kim-Kwang Raymond Choo,et al.  Security, Privacy, and Anonymity in Computation, Communication, and Storage , 2017, Lecture Notes in Computer Science.

[108]  Rajkumar Buyya,et al.  Article in Press Future Generation Computer Systems ( ) – Future Generation Computer Systems Cloud Computing and Emerging It Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility , 2022 .

[109]  Michael K. Reiter,et al.  Cross-Tenant Side-Channel Attacks in PaaS Clouds , 2014, CCS.

[110]  Kevin R. B. Butler,et al.  Detecting co-residency with active traffic analysis techniques , 2012, CCSW '12.

[111]  Jaehyuk Huh,et al.  Architectural support for secure virtualization under a vulnerable hypervisor , 2011, 2011 44th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[112]  Robert P. Goldberg,et al.  Formal requirements for virtualizable third generation architectures , 1973, SOSP 1973.

[113]  Jörg Schwenk,et al.  On Technical Security Issues in Cloud Computing , 2009, 2009 IEEE International Conference on Cloud Computing.

[114]  Carla E. Brodley,et al.  IP covert timing channels: design and detection , 2004, CCS '04.

[115]  Heng Yin,et al.  OS-Sommelier: memory-only operating system fingerprinting in the cloud , 2012, SoCC '12.

[116]  Marin Litoiu,et al.  An architecture for overlaying private clouds on public providers , 2012, 2012 8th international conference on network and service management (cnsm) and 2012 workshop on systems virtualiztion management (svm).

[117]  Lori M. Kaufman,et al.  Data Security in the World of Cloud Computing , 2009, IEEE Security & Privacy.

[118]  Edgar R. Weippl,et al.  Protection through isolation: Virtues and pitfalls , 2015, The Cloud Security Ecosystem.

[119]  Jing Tao,et al.  Cloud-based push-styled mobile botnets: a case study of exploiting the cloud to device messaging service , 2012, ACSAC '12.

[120]  Ahmad-Reza Sadeghi,et al.  AmazonIA: when elasticity snaps back , 2011, CCS '11.

[121]  Muhammad Ali Babar,et al.  Migrating Service-Oriented System to Cloud Computing: An Experience Report , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[122]  Ramakrishna Gummadi,et al.  Determinating timing channels in compute clouds , 2010, CCSW '10.

[123]  Matti A. Hiltunen,et al.  An exploration of L2 cache covert channels in virtualized environments , 2011, CCSW '11.

[124]  Douglas Comer,et al.  Probing TCP Implementations , 1994, USENIX Summer.

[125]  Zhenyu Wu,et al.  A Measurement Study on Co-residence Threat inside the Cloud , 2015, USENIX Security Symposium.

[126]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[127]  Michael M. Swift,et al.  A Placement Vulnerability Study in Multi-Tenant Public Clouds , 2015, USENIX Security Symposium.

[128]  Song Guo,et al.  Fool Me If You Can: Mimicking Attacks and Anti-Attacks in Cyberspace , 2015, IEEE Transactions on Computers.

[129]  Antonio Pescapè,et al.  Cloud monitoring: A survey , 2013, Comput. Networks.

[130]  Sotiris Ioannidis,et al.  Outsourcing Malicious Infrastructure to the Cloud , 2011, 2011 First SysSec Workshop.

[131]  Benjamin Farley,et al.  More for your money: exploiting performance heterogeneity in public clouds , 2012, SoCC '12.

[132]  Guy Pujolle,et al.  A Survey of Network Isolation Solutions for Multi-Tenant Data Centers , 2016, IEEE Communications Surveys & Tutorials.

[133]  Hannes Federrath,et al.  Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier , 2009, CCSW '09.

[134]  Xun Gong,et al.  Low-Cost Side Channel Remote Traffic Analysis Attack in Packet Networks , 2010, 2010 IEEE International Conference on Communications.

[135]  Yoshihiro Oyama,et al.  Load-based covert channels between Xen virtual machines , 2010, SAC '10.

[136]  Sebastian Zander,et al.  Pattern-Based Survey and Categorization of Network Covert Channel Techniques , 2014, ACM Comput. Surv..

[137]  Martin Gilje Jaatun,et al.  Beyond lightning: A survey on security challenges in cloud computing , 2013, Comput. Electr. Eng..