Secure Migration of VM in Cloud Federation using Enhanced Key Management

1
Secure Migration of VM in Cloud Federation using
Enhanced Key Management
2
Agenda

• Introduction
• Cloud Computing
• Virtualization
• VM migration
• Key Management in Cloud
• Literature Survey
• Survey Findings
• Industry Survey
• Community Response
• Problem Statement
• Proposed Architecture Design
• Technology and standards
• Future Milestones
• References

3
Cloud Computing

• Cloud Services Model
• SaaS
• PaaS
• IaaS
• Cloud Federation
• Federation Benefits
• Cloud Burst
• Load Balancing

4
Virtualization

• Virtualization
• Types of Virtualization
• Virtual Machine (VM)

5
VM Migration

• VM Migration
• Live Migration (only shared storage)
• Suspend/Pause and Transfer
• Benefits of Migration
• Load balancing
• Disaster recovery
• Hardware maintenance

6
Key Management in Cloud

• Service Side Encryption (SSE) with KMS provides
• Data protection
• Hardware Encryption (AES-NI)
• Reduce client maintenance effort
• Amazon /Googles provides transparent encryption.
  
• VM images (object), Volume, Data encryption
• Creating, Storing, Protecting, and Providing
  access to keys.

7
Literature Survey

• Problem
• Insecure VM migration in Xen/VMware/KVM.
• Solution
• Categorized Attack on VM migration into
• Control plane (Unauthorized migration
  operation)
• Data plane (insecure channel)
• Migration Module (buffer overflow issues)
• Developed Xensploit Tool for exploitation

Reference J. Oberheide, E. Cooke and F.
Jahanian, Empirical exploitation of live Virtual
Machine migration, Proc. of BlackHat DC
convention.
8
Literature Survey

• Problem
• Inter Cloud VM mobility for cloud bursting and
  load balancing
• Solution
• Inter Cloud Proxies
• Secure Channel between Proxies using SSH
• Analysis
• Tunnel does not provide host to host secure
  channel during migration.
• Port forwarding on firewalls between the clouds
• No Authorization mechanism.

Reference K. Nagin, D. Hadas, Z. Dubitzky, A.
Glikson, I. Loy, B. Rochwerger and L. Schour,
Inter-cloud mobility of virtual machines,
International Conference on Systems and Storage,
May 30-June 01, 2011, Haifa, Israel.
9
Literature Survey

• Problem
• Trusted channel and remote attestation in VM
  migration
• Solution
• vTPM based migration proposed provides
• Authentication, confidentiality, Integrity,
• Reply Resistance, source non-repudiation
• Two phases
• Trusted channel establishment
• VM and vTPM migration
• Analysis
• Authorization is not supported.
• Dependency on TPM hardware .
• Suspension of vTPM instance
• Complex Key hierarchy from TPM to vTPM.

Reference X. Wan, X. Zhang, L. Chen and J. Zhu,
An improved vTPM migration protocol based
trusted channel, International Conference on
Systems and Informatics, 2012, pp. 871-875
10
Literature Survey

• Problem
• VM migration is insecure process
• Solution.
• Load calculation on physical host
• RSA with SSL protocol for authentication and
  encryption
• Pre-copy or Post-copy migration techniques
• Analysis.
• Authorization is not supported
• Neglected the affects of migration in cloud
  environment.

Reference V. P. Patil and G.A. Patil, Migrating
process and virtual machine in the cloud load
balancing and security perspectives,
International Journal of Advanced Computer
Science and Information Technology 2012, vol. 1,
pp. 11-19.
11
Literature Survey

• Problem
• Security and Reliability in VM migration
• Solution.
• Policy/Role based Migration approach
• Consists of attestation service, seal storage,
  policy service, migration service and secure
  hypervisor components
• Analysis.
• Authentication is not supported
• Dependency on TPM and Seal storage hardware.

Reference W. Wang, Y. Zhang, B. Lin, X. Wu and
K. Miao, Secured and reliable VM migration in
personal cloud, 2nd International Conference on
Computer Engineering and Technology, 2010
12
Literature Survey

• Problem
• Resource Optimization in Federated Cloud using
  VM migration.
• Solution.
• Monitor the current workload of the physical
  servers
• Detect the overloaded servers efficiently
• VM replacement considering the federated
  environment
• Analysis.
• No security feature is supported

Reference Y. Xu, Y. Sekiya , Scheme of Resource
Optimization using VM Migration for Federated
Cloud Proceedings of the Asia-Pacific Advanced
Network 2011 v. 32, p. 36-44
13
Survey Findings Analysis of Existing
Solutions and Approaches
Security Requirements/IDs 1 3 4 5 6 7 8 9 10
Isolate migration network V LAN6 Role based Migration 9 Secure VM-vTPM 10 Improved vTMP based Migration 7 VM mobility using SSH tunnel 11 TCSL 12 Secure Migration using RSA with SSL 13 Trust Token Based migration 14 PALM 17
Integrity Verification of platform
Authentication of platform Isolate migration Traffic
Authorization (Access control policies )
Confidentiality and Integrity of VM during migration Isolate migration traffic
Replay Resistance Isolate migration traffic
Source Non-Repudiation
14
Survey Findings Identified Limitations

• Security
• Insufficient Access Control
• Lack of Mutual Authentication
• Lack of Confidentiality
• Lack of Integrity
• Implementation
• Dependency on TPM/Seal Storage module
• TPM is bottleneck
• Leakage of information in vTPM.
• Port forwarding on intermediate firewall

15
Industrial Survey

• http//searchservervirtualization.techtarget.com/f
  eature/Virtual-machine-migration-FAQ-Live-migratio
  n-P2V-and-more

16
Cont..

• http//www.net-security.org/secworld.php?id11825

17
Community Response

• https//launchpad.net/harlowja

18
Problem Statement

• This research work is intended to propose a
  secure migration of Encrypted Images of VM and
  their keys between CSPs. Furthermore, we also
  propose enhanced key management which securely
  handle migrated keys.

19
Cont..
A
Dashboard/CLI
B
Load Monitoring
Dashboard/CLI
Load Monitoring
Insecure channel
3
1
2
1
2
4
5
Encrypted Image Store, (Windows8, Ubuntu,
Centos,Suse )
Xen/KVM
Encrypted Images Store, (Windows8, Ubuntu,
Centos,Suse)
Xen/KVM
Authentication/ Authorization Module
Authentication/ Authorization Module
Key Manager
Key Manager
Can not store migration keys
20
Requirements for VM migrationProcess

• Security
• Role based access control
• Mutual Authentication (source non-repudiation
  and trust)
• Confidentiality during migration process
• Integrity of VM and Keys
• Key Management
• Migrated Keys of Encrypted VM Images must be
  included in Key Manager of receiver CSP.

21
Proposed Architecture Design
2. Auth/Autz
2. Auth/Autz
A
B
Dashboard/CLI
Dashboard/CLI
Load Monitoring
4. Migration Request
8 b). Migrated VM.
1
2
3
3. Run VM Instance
3. Run VM instance
2
2
4
5
1
2
Xen/KVM
Encrypted Images Store, Windows8, Ubuntu,
Centos,Suse
Encrypted Image Store, Windows8, Ubuntu,
Centos,Suse
Xen/KVM
Authentication/ Authorization Module
Authentication/ Authorization Module
Key Manager
Key Manager
8a). Decrypt Update Key Manager
22
Technologies and Standards

• Libvirt
• KVM/XEN
• Python
• OpenStack Cloud OS
• Key Manager (OpenStack )
• PKI (DogTag)
• M2Crypt/pyopenssl

23
Future Milestones
Milestones Duration
Preliminary study and Research Done
Implementation
Cloud Configuration , PKI setup Done
Key Manager setup 1 week
Implementation of security features Authorization, Authentication, confidentiality and integrity 3 month
Enchantment in Key manager 1 month
Testing and Evaluation 1.5 month
Final Documentation 1.5 month
24
THANKS

25
References

• 1 K. Hashizume, D. G. Rosado, E.
  Fernández-Medina, and E. B. Fernandez, An
  analysis of security issues for cloud computing,
  Journal of Internet Services and Applications
  2013.
• 2 P. Mell, T. Grance, 'The NIST definition of
  cloud computing". NIST,Special Publication
  800145, Gaithersburg, MD.
• 3 J. Oberheide, E. Cooke and F. Jahanian,
  Empirical exploitation of live Virtual Machine
  migration, Proc. of BlackHat DC convention 2008.
  
• 4 V. Vaidya, "Virtualization vulnerabilities
  and threats a solution white paper", RedCannon
  Security Inc, 2009.
• http//www.redcannon.com/vDefense/VM_security_wp.p
  df.
• 5 Steve Orrin, Virtualization Security
  Challenges and Solutions, 2010.
• http//365.rsaconference.com/servlet/JiveServlet/p
  reviewBody/2555-102-2-3214/STAR-303.pdf.
• 6 J. Shetty, Anala M. R, Shobha G, A survey on
  techniques of secure live migration of virtual
  machine, International Journal of Computer
  Applications (0975 8887), vol. 39, no.12,
  February 2012.
• 7 X. Wan, X. Zhang, L. Chen and J. Zhu, An
  improved vTPM migration protocol based trusted
  channel, International Conference on Systems and
  Informatics, 2012, pp. 871-875.
• 8 OpenStack Security Guide, 2013.
• http//docs.openstack.org/security-guide/security-
  guide.pdf.
• 9 W. Wang, Y. Zhang, B. Lin, X. Wu and K. Miao,
  Secured and reliable VM migration in personal
  cloud, 2nd International Conference on Computer
  Engineering and Technology, 2010.

26
References

• 10 B. Danev, R. J. Masti, G. O. Karame and S.
  Capkun,Enabling secure VM-vTPM migration in
  private clouds, Proceedings of the 27th Annual
  Computer Security Applications Conference,
  December 05-09, 2011, Orlando, Florida.
• 11 K. Nagin, D. Hadas, Z. Dubitzky, A. Glikson,
  I. Loy, B. Rochwerger and L. Schour, Inter-cloud
  mobility of virtual machines, International
  Conference on Systems and Storage, May 30-June
  01, 2011, Haifa, Israel.
• 12 Y. Chen, Q. Shen, P. Sun, Y. Li, Z. Chen and
  S. Qing, Reliable migration module in trusted
  cloud based on security level - design and
  implementation, International Parallel and
  Distributed Processing Symposium Workshops PhD
  Forum 2012.
• 13. V. P. Patil and G.A. Patil, Migrating
  process and virtual machine in the cloud load
  balancing and security perspectives,
  International Journal of Advanced Computer
  Science and Information Technology 2012, vol. 1,
  pp. 11-19
• 14. M. Aslam, C. Gehrmann, M. Bjorkman
  Security and trust preserving VM migrations in
  public clouds, International Conference on
  Trust, Security and Privacy in Computing and
  Communications 2012.
• 15 P. Botero, Diego A brief tutorial on live
  virtual machine migration from a security
  perspective, University of Princeton, USA.
• 16. A. Rehman, S. Alqahtani, A. Altameem and T.
  Saba, Virtual machine security challenges case
  studies, International Journal of Machine
  Learning and Cybernetics 1-14, April 2013.
• 17. F. Zhang, Y. Huang, H. Wang, H. Chen, B.
  Zang, PALM security preserving VM live
  migration for systems with VMM-enforced
  protection, Third Asia-Pacific Trusted
  Infrastructure Technologies Conference, 2008.