DOCSLIB.ORG

The Cost of Confiden Ality in Cloud Storage

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
The Cost of Confiden Ality in Cloud Storage Linköping University | Department of Computer and Information Science Master thesis, 30 ECTS | Software Engineering 2018 | LIU-IDA/LITH-EX-A--18/016--SE The Cost of Confidenality in Cloud Storage Eric Henziger Supervisor : Niklas Carlsson Examiner : Niklas Carlsson Linköpings universitet SE–581 83 Linköping +46 13 28 10 00 , www.liu.se Upphovsrä Dea dokument hålls llgängligt på Internet – eller dess framda ersäare – under 25 år från publicerings- datum under förutsäning a inga extraordinära omständigheter uppstår. Tillgång ll dokumentet innebär llstånd för var och en a läsa, ladda ner, skriva ut enstaka kopior för enskilt bruk och a använda det oförändrat för ickekommersiell forskning och för undervisning. Överföring av upphovsräen vid en senare dpunkt kan inte upphäva dea llstånd. All annan användning av dokumentet kräver upphovsmannens medgivande. För a garantera äktheten, säkerheten och llgängligheten finns lösningar av teknisk och administrav art. Upphovsmannens ideella rä innefaar rä a bli nämnd som upphovsman i den om- faning som god sed kräver vid användning av dokumentet på ovan beskrivna sä samt skydd mot a dokumentet ändras eller presenteras i sådan form eller i sådant sammanhang som är kränkande för up- phovsmannens lierära eller konstnärliga anseende eller egenart. För yerligare informaon om Linköping University Electronic Press se förlagets hemsida hp://www.ep.liu.se/. Copyright The publishers will keep this document online on the Internet – or its possible replacement – for a period of 25 years starng from the date of publicaon barring exceponal circumstances. The online availabil- ity of the document implies permanent permission for anyone to read, to download, or to print out single copies for his/hers own use and to use it unchanged for non-commercial research and educaonal purpose. Subsequent transfers of copyright cannot revoke this permission. All other uses of the document are con- dional upon the consent of the copyright owner. The publisher has taken technical and administrave measures to assure authencity, security and accessibility. According to intellectual property law the au- thor has the right to be menoned when his/her work is accessed as described above and to be protected against infringement. For addional informaon about the Linköping University Electronic Press and its procedures for publicaon and for assurance of document integrity, please refer to its www home page: hp://www.ep.liu.se/. © Eric Henziger Abstract Cloud storage services allow users to store and access data in a secure and flexible manner. In recent years, cloud storage services have seen rapid growth in popularity as well as in technological progress and hundreds of millions of users use these services to store thousands of petabytes of data. Additionally, the synchronization of data that is essential for these types of services stands for a significant amount of the total internet traffic. In this thesis, seven cloud storage applications were tested under controlled experiments during the synchronization process to determine feature support and measure performance metrics. Special focus was put on comparing applications that perform client side encryption of user data to applications that do not. The results show a great variation in feature support and performance between the different applications and that client side encryption introduces some limitations toother features but that it does not necessarily impact performance negatively. The results provide insights and enhances the understanding of the advantages and disadvantages that come with certain design choices of cloud storage applications. These insights will help future technological development of cloud storage services. Acknowledgments Even though I am the sole author for this thesis, my journey has been far from lonely and I have many people to thank for reaching the completion of my thesis. First and foremost, thanks to Associate Professor Niklas Carlsson for his work as examiner and supervisor. Niklas has been generous in sharing his vast knowledge and helped me get back on track when I was lost and things felt hopeless. Thanks to my dear friend Erik Areström who I also had the pleasure to have as my opponent for this thesis. Erik’s warmth and positive attitude have been a source of motivation and I’m happy to get to share this final challenge as a Linköping University student with you. Thanks to my fellow thesis students with whom I’ve spent numerous lunches, fika breaks, and foosball games with: Cristian Torrusio, Edward Nsolo, Jonatan Pålsson and Sara Bergman. You guys have turned even the dullest of work days into days of joy with interesting discussions and many laughs. Special thanks to my good friend Tomas Öhberg who, in addition to participating in the previously mentioned activities, have been the greatest of bollplanks when discussing our theses as well as life in general. Thanks to Natanael Log and Victor Tranell for their valuable feedback on early drafts of this thesis. I wish you all good fortune in your future endeavors and I hope that our paths may cross again sometime. This thesis concludes my five years at Linköping University. It has been an adventurous time during which I have learned immensely and had the privilege to get to know many great people. Thanks to all my fellow course mates, especially Henrik Adolfsson, Simon Delvert and Raymond Leow, for being with me through tough and challenging exams, laboratory work and projects. Thanks to all examiners at the university departments IDA, MAI and ISY for pushing me to learn stuff that I would not have been disciplined enough to learn on my own. I would also like to thank my colleagues at Westermo R&D for being great role models in the software industry and for inspiring and motivating me for what’s to come in my professional life. Thanks to my awesome friends back in Hallstahammar, I don’t have space to thank you all, but the three families Brandt, Joannisson and Tejnung include the very strong core part. While spending time with you have been limited during these years, it has always been of highest quality. Finally, my warmest thanks to my mom and dad, Aina and Bosse, and my sister, Annelie, for your endless support and raising me to who I am. Great work! ♡ This thesis was written using LATEX together with PGFPlots for plot generation. The support from random strangers across the internet has been of great use in making this thesis into what it is. iv Contents Abstract iii Acknowledgments iv Contents v List of Figures vii List of Tables viii List of Code Listings ix 1 Introduction 1 1.1 Aim ................................................. 2 1.2 Research Questions ....................................... 2 1.3 Contributions ........................................... 2 1.4 Delimitations ........................................... 3 2 Theory 4 2.1 Cloud Infrastructure and Cloud Storage ........................... 4 2.2 File Encryption .......................................... 5 2.3 Cloud Storage User Behavior .................................. 6 2.4 Cloud Storage Features ..................................... 7 2.5 Personal Cloud Storage Applications ............................. 11 2.6 Related Work ........................................... 13 3 Method 15 3.1 Test Environment ........................................ 15 3.2 Testing Personal Cloud Storage Capabilities ........................ 17 3.3 Advanced Delta Encoding Tests ................................ 18 3.4 CPU Measurements ....................................... 21 3.5 Disk Utilization .......................................... 24 3.6 Memory Measurements ..................................... 24 3.7 Security in Transit ........................................ 25 3.8 Cloud Storage Traffic Identification .............................. 26 v 4 Results 28 4.1 Compression ............................................ 28 4.2 Deduplication ........................................... 29 4.3 Delta Encoding .......................................... 30 4.4 CPU Utilization ......................................... 32 4.5 Disk Utilization .......................................... 38 4.6 Memory Utilization ....................................... 39 4.7 Security in Transit ........................................ 41 5 Discussion 43 5.1 Results ............................................... 43 5.2 Method ............................................... 46 5.3 The Work in a Wider Context ................................. 47 6 Conclusion 49 6.1 Future Work ........................................... 50 Bibliography 51 A Appendices 57 A.1 Cloud Storage Application Changelogs ............................ 57 A.2 Packet Size Distributions .................................... 61 A.3 CPU Utilization ......................................... 62 A.4 Disk Utilization .......................................... 64 vi List of Figures 2.1 Two files sharing the same cloud storage space for two chunks. ............... 8 2.2 Attack scenario in a cross-user deduplicated cloud. ....................... 9 3.1 The testbed setup used for the cloud storage measurements. 16 3.2 Visualization of the update patterns used in the delta encoding tests. 19 3.3 The different phases and their transitions during the sync process. 22 3.4 Screenshot of MEGAsync preferences with HTTP disabled. 24 3.5 Screenshot of Wireshark during TLS analysis. ......................... 25 4.1 Compression test results for the different PCS applications. 29 4.2 Bytes uploaded with sprinkled updates
Load more

Recommended publications
  • Uila Supported Apps
    Uila Supported Applications and Protocols updated Oct 2020 Application/Protocol Name Full Description 01net.com 01net website, a French high-tech news site. 050 plus is a Japanese embedded smartphone application dedicated to 050 plus audio-conferencing. 0zz0.com 0zz0 is an online solution to store, send and share files 10050.net China Railcom group web portal. This protocol plug-in classifies the http traffic to the host 10086.cn. It also 10086.cn classifies the ssl traffic to the Common Name 10086.cn. 104.com Web site dedicated to job research. 1111.com.tw Website dedicated to job research in Taiwan. 114la.com Chinese web portal operated by YLMF Computer Technology Co. Chinese cloud storing system of the 115 website. It is operated by YLMF 115.com Computer Technology Co. 118114.cn Chinese booking and reservation portal. 11st.co.kr Korean shopping website 11st. It is operated by SK Planet Co. 1337x.org Bittorrent tracker search engine 139mail 139mail is a chinese webmail powered by China Mobile. 15min.lt Lithuanian news portal Chinese web portal 163. It is operated by NetEase, a company which 163.com pioneered the development of Internet in China. 17173.com Website distributing Chinese games. 17u.com Chinese online travel booking website. 20 minutes is a free, daily newspaper available in France, Spain and 20minutes Switzerland. This plugin classifies websites. 24h.com.vn Vietnamese news portal 24ora.com Aruban news portal 24sata.hr Croatian news portal 24SevenOffice 24SevenOffice is a web-based Enterprise resource planning (ERP) systems. 24ur.com Slovenian news portal 2ch.net Japanese adult videos web site 2Shared 2shared is an online space for sharing and storage.
    [Show full text]
  • Compress/Decompress Encrypt/Decrypt
    Windows Compress/Decompress WinZip Standard WinZip Pro Compressed Folders Zip and unzip files instantly with 64-bit, best-in-class software ENHANCED! Compress MP3 files by 15 - 20 % on average Open and extract Zipx, RAR, 7Z, LHA, BZ2, IMG, ISO and all other major compression file formats Open more files types as a Zip, including DOCX, XLSX, PPTX, XPS, ODT, ODS, ODP, ODG,WMZ, WSZ, YFS, XPI, XAP, CRX, EPUB, and C4Z Use the super picker to unzip locally or to the cloud Open CAB, Zip and Zip 2.0 Methods Convert other major compressed file formats to Zip format Apply 'Best Compression' method to maximize efficiency automatically based on file type Reduce JPEG image files by 20 - 25% with no loss of photo quality or data integrity Compress using BZip2, LZMA, PPMD and Enhanced Deflate methods Compress using Zip 2.0 compatible methods 'Auto Open' a zipped Microsoft Office file by simply double-clicking the Zip file icon Employ advanced 'Unzip and Try' functionality to review interrelated components contained within a Zip file (such as an HTML page and its associated graphics). Windows Encrypt/Decrypt WinZip Standard WinZip Pro Compressed Folders Apply encryption and conversion options, including PDF conversion, watermarking and photo resizing, before, during or after creating your zip Apply separate conversion options to individual files in your zip Take advantage of hardware support in certain Intel-based computers for even faster AES encryption Administrative lockdown of encryption methods and password policies Check 'Encrypt' to password protect your files using banking-level encryption and keep them completely secure Secure sensitive data with strong, FIPS-197 certified AES encryption (128- and 256- bit) Auto-wipe ('shred') temporarily extracted copies of encrypted files using the U.S.
    [Show full text]
  • How to Download Mega Files for Free How to Download Mega Files for Free
    how to download mega files for free How to download mega files for free. MegaDownloader is a unique online tool that allows users to download files directly in their devices from Mega.nz. As we all know that Mega is quite popular for storing heavy files on its cloud storage space but unfortunately it’s quite hard to download files directly in any device due to certain limitations. You can avoid all this lengthy process by simply using our MegaDownloader that will automatically grab the relevant files for you. Steps to use Mega Downloader. It won’t take more than a minute to download any customized file using MegaDownloader, All you need to do is just follow these simple and easy steps in a proper sequence as described below. Open the Mega URL and go to Mega.nz from your web browser. Open the file location in the Mega Dashboard and then Copy the link to the clipboard. Now Paste the download link in our Megadownloader by D4down and wait for few seconds of the file download. After some time, the automated download process will be initiated in your browser. You’re Done and Downloaded file in your Folder. Why choose Downloader for Mega? These are the following basic reasons that you should also consider wisely while choosing any Downloader for Mega. It offers a Superfast download speed that will save a lot of your precious time. You can avoid all the restrictions such as download limit using our online MegaDownloader. It doesn’t require any account access while downloading directly from Mega requires an active Mega account otherwise you won’t be able to download it.
    [Show full text]
  • Inside Dropbox: Understanding Personal Cloud Storage Services
    Inside Dropbox: Understanding Personal Cloud Storage Services → Idilio Drago → Marco Mellia → Maurizio M. Munafo` → Anna Sperotto → Ramin Sadre → Aiko Pras IRTF – Vancouver Motivation and goals 1 Personal cloud storage services are already popular Dropbox in 2012 “the largest deployed networked file system in history” “over 50 million users – one billion files every 48 hours” Little public information about the system How does Dropbox work? What are the potential performance bottlenecks? Are there typical usage scenarios? Methodology – How does Dropbox work? 2 Public information Native client, Web interface, LAN-Sync etc. Files are split in chunks of up to 4 MB Delta encoding, deduplication, encrypted communication To understand the client protocol MITM against our own client Squid proxy, SSL-bump and a self-signed CA certificate Replace a trusted CA certificate in the heap at run-time Proxy logs and decrypted packet traces How does Dropbox (v1.2.52) work? 3 Clear separation between storage and meta-data/client control Sub-domains identifying parts of the service sub-domain Data-center Description client-lb/clientX Dropbox Meta-data notifyX Dropbox Notifications api Dropbox API control www Dropbox Web servers d Dropbox Event logs dl Amazon Direct links dl-clientX Amazon Client storage dl-debugX Amazon Back-traces dl-web Amazon Web storage api-content Amazon API Storage HTTP/HTTPs in all functionalities How does Dropbox (v1.2.52) work? 4 Notification Kept open Not encrypted Device ID Folder IDs How does Dropbox (v1.2.52) work? 4 Client control Login File hash Meta-data How does Dropbox (v1.2.52) work? 4 Storage Amazon EC2 Retrieve vs.
    [Show full text]
  • Secure Data Sharing in the Cloud
    Eivind Nordal Gran Secure data sharing in the cloud Eivind Nordal Gran Eivind Nordal Master’s thesis in Communication Technology Supervisor: Colin Alexander Boyd, Gareth Thomas Davies & Clementine Gritti June 2019 Master’s thesis Master’s Secure data sharing in the cloud data Secure NTNU Engineering Communication Technology Communication Department of Information Security and Department of Information Faculty of Information Technology and Electrical Technology of Information Faculty Norwegian University of Science and Technology of Science University Norwegian Eivind Nordal Gran Secure data sharing in the cloud Master’s thesis in Communication Technology Supervisor: Colin Alexander Boyd, Gareth Thomas Davies & Clementine Gritti June 2019 Norwegian University of Science and Technology Faculty of Information Technology and Electrical Engineering Department of Information Security and Communication Technology Problem description: Data sharing using cloud platforms has become increasingly more popular over the last few years. With the increase in use comes a heightened demand for security and privacy. This project will conduct a thorough study of a key transport proto- col developed at NTNU, which targets strong security as its preeminent property, including a form of forward secrecy. More specifically, it will investigate how this escalation in security level affects the performance and usability of the protocol. How will the new protocol designed with security as its primary concern compare against other already established schemes when it comes to efficiency and practicality? Abstract Cloud sharing security is an important topic in today’s society. The majority of the most common cloud sharing solutions require that the user trust the Cloud Service Provider (CSP) to protect and conceal uploaded data.
    [Show full text]
  • Is Cloud Storage Secure? What Do the Providers Offer Concerning Security
    Step 3 Step 4 Check Your Provider's Stance on Privacy Audit Your Files and Remove or Encrypt and Encryption Sensitive Data Is Cloud Storage If there's anything you'd hate to lose, or any- Secure? Next, do a little digging to see how your thing you're worried an overzealous algo- cloud storage service handles privacy, and rithm may close your account over, it's time how committed they are to protecting your to either remove it from the cloud and store data. We touched on this a while ago for it locally, or encrypt it. some of the most popular services, but not Encrypting those files and archives with a all of them. password may make it more of a hassle to Check what access your provider gives itself access on other devices, especially on your to your data. Review the security they claim smartphone or tablet, but it's a huge security to offer as well. Some companies encrypt boost, especially if you use your cloud ser- your data at rest on their servers, and note vice for things like financial documents, that even they have no idea what you're stor- contracts, or...anything else. ing with them. Others reserve the right to access your data Step 5 whenever they choose, and use vague, hand- Consider Diversifying with Privacy- and wavy terms like "bank level security" when Security-Conscious Services they talk about encryption. Those are all bad signs, and generally mean Spread out your critical data to different ser- that they either don't take security seriously, vices so if one of them gets hacked, loses or don't think you're smart enough to.
    [Show full text]
  • Forescout Counteract® Endpoint Support Compatibility Matrix Updated: October 2018
    ForeScout CounterACT® Endpoint Support Compatibility Matrix Updated: October 2018 ForeScout CounterACT Endpoint Support Compatibility Matrix 2 Table of Contents About Endpoint Support Compatibility ......................................................... 3 Operating Systems ....................................................................................... 3 Microsoft Windows (32 & 64 BIT Versions) ...................................................... 3 MAC OS X / MACOS ...................................................................................... 5 Linux .......................................................................................................... 6 Web Browsers .............................................................................................. 8 Microsoft Windows Applications ...................................................................... 9 Antivirus ................................................................................................. 9 Peer-to-Peer .......................................................................................... 25 Instant Messaging .................................................................................. 31 Anti-Spyware ......................................................................................... 34 Personal Firewall .................................................................................... 36 Hard Drive Encryption ............................................................................. 38 Cloud Sync ...........................................................................................
    [Show full text]
  • Photos Copied" Box
    Our photos have never been as scattered as they are now... Do you know where your photos are? Digital Photo Roundup Checklist www.theswedishorganizer.com Online Storage Edition Let's Play Digital Photo Roundup! Congrats on making the decision to start organizing your digital photos! I know the task can seem daunting, so hopefully this handy checklist will help get your moving in the right direction. LET'S ORGANIZE! To start organizing your digital photos, you must first gather them all into one place, so that you'll be able to sort and edit your collection. Use this checklist to document your family's online storage accounts (i.e. where you have photos saved online), and whether they are copied onto your Master hub (the place where you are saving EVERYTHING). It'll make the gathering process a whole lot easier if you keep a record of what you have already copied and what is still to be done. HERE'S HOW The services in this checklist are categorized, so that you only need to print out what applies to you. If you have an account with the service listed, simply check the "Have Account" box. When you have copied all the photos, check the "Photos Copied" box. Enter your login credentials under the line between the boxes for easy retrieval. If you don't see your favorite service on the list, just add it to one of the blank lines provided after each category. Once you are done, you should find yourself with all your digital images in ONE place, and when you do, check back on the blog for tools to help you with the next step in the organizing process.
    [Show full text]
  • Online Backup & Sync
    Online Backup & Sync Access all your Tresorit folders and files securely in your computer’s file browser, regardless of whether you synced it or not. Store & backup your files securely in the cloud Tresorit's end-to-end encrypted online storage solution extends the space on your local drive and protects your files in the cloud. Only you and those who you share with can access the content. • Extend your hard drive: Integrate Tresorit Drive to your local file manager to upload and access files without storing them locally. • Selective sync: Define which subfolders you want to keep synced on your device. Keep control how much space you use on your local drive. • Version recovery: Store and roll back to any previous version of your files. “Tresorit integrates very well into the system. You don't really have to do much about it. It simply works.” - Christian Zeyer, Co-Managing Director at Swisscleantech Upload your existing folder Upload & Sync Recover older versions of structure automatically files Keep the way you organize your Tresorit updates your files in Keep track of changes by your files when you upload them to the real-time and automatically adds collaborators, solve version cloud. No need to change what is any edits you make to the cloud. conflicts and use unlimited file already on your computer. Backup You can access the latest version versioning to roll back to any & Sync only takes a few clicks. of your data from any device. previous version. “After a partner's Dropbox account “Documents we place into Tresorit “Our most sensitive data are the ideas was compromised, switching to appear immediately on the client’s of our clients, so solving version Tresorit couldn't have been simpler laptop.
    [Show full text]
  • 4-BAY RACKMOUNT NAS Technical Specifications
    4-BAY RACKMOUNT NAS Technical Specifications Operating System Seagate® NAS OS (embedded Linux) Number of Drive Bays 4 hot-swappable 3.5-inch SATA II/SATA III Processor Dual-core 2.13GHz Intel® 64-bit Atom™ processor Memory 2GB DDR III Networking Two (2) 10/100/1000 Base-TX (Gigabit Ethernet) • Two (2) USB 3.0 (rear) • Two (2) USB 2.0 (rear) External Ports • One (1) eSATA (rear) • One (1) USB 2.0 (front) Hard Drive Capacity Seagate NAS HDD 2TB, 3TB, 4TB for preconfigured models Total Capacity 4TB, 8TB, 12TB, 16TB Compatible Drives 3.5-inch SATA II or SATA III (see NAS Certified Drive list PDF for more details) Power 100V to 240V AC, 50/60Hz, 180W Power Supply and • Sleep mode for power saving • Scheduled power on/off Power Management • Wake-on-LAN Cooling Management Two (2) fans Transfer Rate 200MB/s reads and writes1 Network Protocols CIFS/SMB, NFS v3, AFP, HTTP(s), FTP, sFTP, iSCSI, Print serve, failover and load balancing and Services (LACP 802.3ad), Wuala file system integration (W:/ network drive), Active Directory™ • RAID 0, 1, 5, 6, 10 RAID • Hot spare • SimplyRAID™ technology with mixed capacity support, volume expansion and migration • Web-based interface through http/https • Hardware monitoring (S.M.A.R.T., casing cooling and temperature, CPU and RAM load) Management • Log management and email notification • NAS OS Installer for diskless setup, data recovery and restore to factory settings • Product discovery with Seagate Network Assistant 1 Tested in RAID 5 configuration utilizing load balancing for Ethernet ports. Actual performance may vary depending on system environment.
    [Show full text]
  • The Application Usage and Risk Report an Analysis of End User Application Trends in the Enterprise
    The Application Usage and Risk Report An Analysis of End User Application Trends in the Enterprise 8th Edition, December 2011 Palo Alto Networks 3300 Olcott Street Santa Clara, CA 94089 www.paloaltonetworks.com Table of Contents Executive Summary ........................................................................................................ 3 Demographics ............................................................................................................................................. 4 Social Networking Use Becomes More Active ................................................................ 5 Facebook Applications Bandwidth Consumption Triples .......................................................................... 5 Twitter Bandwidth Consumption Increases 7-Fold ................................................................................... 6 Some Perspective On Bandwidth Consumption .................................................................................... 7 Managing the Risks .................................................................................................................................... 7 Browser-based Filesharing: Work vs. Entertainment .................................................... 8 Infrastructure- or Productivity-Oriented Browser-based Filesharing ..................................................... 9 Entertainment Oriented Browser-based Filesharing .............................................................................. 10 Comparing Frequency and Volume of Use
    [Show full text]
  • Full-Text (PDF)
    Vol. 10(14), pp. 2043-2050, 23 July, 2015 DOI: 10.5897/ERR2015.2297 Article Number: 6B548DF54295 Educational Research and Reviews ISSN 1990-3839 Copyright © 2015 Author(s) retain the copyright of this article http://www.academicjournals.org/ERR Full Length Research Paper Computer education and instructional technology teacher trainees’ opinions about cloud computing technology Ay şen Karamete Balikesir University, Necatibey Education Faculty, Department of Computer Education and Instructional Technology, Turkey. Received 15 May, 2015; Accepted 13 July, 2015 This study aims to show the present conditions about the usage of cloud computing in the department of Computer Education and Instructional Technology (CEIT) amongst teacher trainees in School of Necatibey Education, Balikesir University, Turkey. In this study, a questionnaire with open-ended questions was used. 17 CEIT teacher trainees participated in the study. The aim of this qualitative study was to determine trends about cloud technology. The cloud technology under study included “Dropbox”, “SpiderOak”, “Google Drive”, “IDrive”, “pCloud”, “OpenDrive”, “Bitcasa”, “OneDrive”, “Tresorit”, “Box” and “Yandex.Disk. The CEIT teacher trainees’ opinions about cloud storage and its purposes; their opinions about types of cloud storage and the level of importance of cloud storage were investigated. The reliability and validity were taken. The advantages and disadvantages of cloud computing were examined. The study found that CEIT teacher trainees’ had used cloud storages such as Dropbox
    [Show full text]