Accessing Cloud through API in a More Secure and Usable Way
HongQian Karen Lu
2011
Abstract
A common method for accessing and managing cloud computing resources is through an Application Programming Interface (API). Each API request from an application must include a client authentication to the cloud service, which proves the possession of a secret key. Securing such keys is critical to the confidentiality, integrity, and availability of the data and services hosted in the cloud. Currently users manually handle these keys; a process that is neither secure nor user-friendly. Where to store the keys and how to access them are still security challenges especially for those applications that reside in the cloud themselves. Furthermore, keys are in clear text at least in a computer’s memory. Attackers can find ways to recover them. This paper presents a solution to these problems by using portable security devices. The device securely exchanges keys with the cloud serve, securely stores the keys, and performs cryptographic computations using these keys for the client authentication. The user must have the device and authenticate to it in order use it. The solution enables a two-factor hierarchical security protection of the cloud computing resources. It not only enhances the security but also improves the usability.
References
- Amazon Web Services. 2006. The AWS Home Page. [Online] Available from: http://aws. amazon.com/.
- Amazon Web Services. 2009. AWS Multi-Factor Authentication, [Online] Available from: http://aws.amazon.com/mfa/.
- Cloud Identity Summit. 2010. [Online] Available from: http://www.cloudidentitysummit.com/.
- Cloud Security Alliance (CSA). The CSA Home Page. [Online] Available from: www.cloudsecurityalliance.org/.
- Cloud Security Alliance. 2009. Security Guidance for Critical Areas of Focus in Cloud Computing, v2.1. [Online] Available from: www.cloudsecurityalliance.org/csaguide.pdf.
- Cloud Security Alliance, 2010. Top Threats to Cloud Computing, v1.0. [Online] Available from: www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf.
- Distributed Management Task Force, Inc., 1992. The DMTF Home Page. [Online] Available from: http://www.dmtf.org/.
- EMVCo, 2009. The EMVCo Home Page. [Online] Available from: http://www.emvco.com/,
- EvilPacket.net, 2009. Theft of a Rackspace Cloud API Key. [Online] Available from: http://evilpacket.net/2009/jul/9/theft-rackspace-cloud-api-key/.
- Garnaat, M. 2009. Managing Your AWS Credentials (Part 2). [Online] Available from: http://www.elastician.com/2009/06/managing-your-aws-credentials-part-2.html.
- Gemalto. 2006. .NET Card, [Online] Available from: http://www.gemalto.com/ products/dotnet_card/.
- Jurgensen, T.M. and Guthery, S.B. 2002. Smart Cards - The Developer's Toolkit. Prentice Hall PTR, Upper Saddle River, NJ 07458.
- Microsoft. 2010. Windows Azure Platform. [Online] Available from: http://www.microsoft.com/windowsazure/.
- M'Raihi, D. et al, 2005. HOTP: An HMAC-Based One-Time Password Algorithm. IETF RFC 4226. [Online] Available from: http://www.ietf.org/rfc/rfc4226.txt.
- Open Cloud Computing Interface. 2011. The OCCI Home Page. [Online] Available from: http://occi-wg.org/.
- Oracle. 2010. Oracle Cloud Resource Model API, version 1.0. [Online] Available from: http://www.oracle.com/technetwork/topics/cloud/oracle-cloud-resource-model-api-154279.pdf.
- Project Kenai. 2009. The Sun Cloud API. [Online] Available from: http://kenai.com/projects/suncloudapis/pages/Home.
- Rackspace. 2006. The Rackspace Cloud. [Online] Available from: http://www.rackspacecloud.com/
- Sachdeva, K., Lu, H.K. and Krishna, K. 2009. A Browser-Based Approach to Smart Card Connectivity. IEEE Workshop on Web 2.0 Security and Privacy, Oakland, California, May 21.
- SOAtothecloud.com, 2010. Cloud Security Podcast - The question of API Keys. [Online] Available from: http://www.soatothecloud.com/2010/09/cloud-security-podcast-questionof-api.html.
- Swidler, S. 2009. How to Keep Your AWS Credentials on an EC2 Instance Securely. [Online] Available from: http://shlomoswidler.com/2009/08/how-to-keep-your-awscredentials-on-ec2.html.
- Terremark. 2011. Enterprise Cloud Computing from Terremark. [Online] Available from: http://www.terremark.com/services/cloudcomputing.aspx.
- Vordel. 2009. Cloud Service Broker. [Online] Available from: http://www.vordel.com/products/cloud_service_broker/.
- Witteman, M. 2002. Advances in Smartcard Security. Information Security Bulletin, July, page 11-22.
Paper Citation
in Harvard Style
Karen Lu H. (2011). Accessing Cloud through API in a More Secure and Usable Way . In Proceedings of the 8th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2011) ISBN 978-989-8425-61-4, pages 25-38. DOI: 10.5220/0003559100250038
in Bibtex Style
@conference{wosis11,
author={HongQian Karen Lu},
title={Accessing Cloud through API in a More Secure and Usable Way
},
booktitle={Proceedings of the 8th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2011)},
year={2011},
pages={25-38},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003559100250038},
isbn={978-989-8425-61-4},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 8th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2011)
TI - Accessing Cloud through API in a More Secure and Usable Way
SN - 978-989-8425-61-4
AU - Karen Lu H.
PY - 2011
SP - 25
EP - 38
DO - 10.5220/0003559100250038