TY  - GEN
A1  - Sukmana, Muhammad Ihsan Haikal
A1  - Torkura, Kennedy A.
A1  - Cheng, Feng
A1  - Meinel, Christoph
A1  - Graupner, Hendrik
T1  - Unified logging system for monitoring multiple cloud storage providers in cloud storage broker
T2  - 32ND International Conference on Information Networking (ICOIN)
N2  - With the increasing demand for personal and enterprise data storage service, Cloud Storage Broker (CSB) provides cloud storage service using multiple Cloud Service Providers (CSPs) with guaranteed Quality of Service (QoS), such as data availability and security. However monitoring cloud storage usage in multiple CSPs has become a challenge for CSB due to lack of standardized logging format for cloud services that causes each CSP to implement its own format. In this paper we propose a unified logging system that can be used by CSB to monitor cloud storage usage across multiple CSPs. We gather cloud storage log files from three different CSPs and normalise these into our proposed log format that can be used for further analysis process. We show that our work enables a coherent view suitable for data navigation, monitoring, and analytics.
KW  - Unified logging system
KW  - Cloud Service Provider
KW  - cloud monitoring
KW  - data integration
KW  - security analytics
Y1  - 2018
SN  - 978-1-5386-2290-2
U6  - https://doi.org/10.1109/ICOIN.2018.8343081
SP  - 44
EP  - 49
PB  - IEEE
CY  - New York
ER  - 
TY  - GEN
A1  - Sukmana, Muhammad Ihsan Haikal
A1  - Torkura, Kennedy A.
A1  - Graupner, Hendrik
A1  - Cheng, Feng
A1  - Meinel, Christoph
T1  - Unified Cloud Access Control Model for Cloud Storage Broker
T2  - 33rd International Conference on Information Networking (ICOIN 2019)
N2  - Cloud Storage Broker (CSB) provides value-added cloud storage service for enterprise usage by leveraging multi-cloud storage architecture. However, it raises several challenges for managing resources and its access control in multiple Cloud Service Providers (CSPs) for authorized CSB stakeholders. In this paper we propose unified cloud access control model that provides the abstraction of CSP's services for centralized and automated cloud resource and access control management in multiple CSPs. Our proposal offers role-based access control for CSB stakeholders to access cloud resources by assigning necessary privileges and access control list for cloud resources and CSB stakeholders, respectively, following privilege separation concept and least privilege principle. We implement our unified model in a CSB system called CloudRAID for Business (CfB) with the evaluation result shows it provides system-and-cloud level security service for cfB and centralized resource and access control management in multiple CSPs.
KW  - Cloud Storage Broker
KW  - Cloud access control and resource management
KW  - Unified cloud model
KW  - Privilege separation concept
KW  - Least privilege principle
KW  - Role-based access control
Y1  - 2019
SN  - 978-1-5386-8350-7
U6  - https://doi.org/10.1109/ICOIN.2019.8717982
SN  - 1976-7684
SP  - 60
EP  - 65
PB  - IEEE
CY  - Los Alamitos
ER  - 
TY  - GEN
A1  - Torkura, Kennedy A.
A1  - Sukmana, Muhammad Ihsan Haikal
A1  - Meinig, Michael
A1  - Kayem, Anne V. D. M.
A1  - Cheng, Feng
A1  - Meinel, Christoph
A1  - Graupner, Hendrik
T1  - Securing cloud storage brokerage systems through threat models
T2  - Proceedings IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA)
N2  - Cloud storage brokerage is an abstraction aimed at providing value-added services. However, Cloud Service Brokers are challenged by several security issues including enlarged attack surfaces due to integration of disparate components and API interoperability issues. Therefore, appropriate security risk assessment methods are required to identify and evaluate these security issues, and examine the efficiency of countermeasures. A possible approach for satisfying these requirements is employment of threat modeling concepts, which have been successfully applied in traditional paradigms. In this work, we employ threat models including attack trees, attack graphs and Data Flow Diagrams against a Cloud Service Broker (CloudRAID) and analyze these security threats and risks. Furthermore, we propose an innovative technique for combining Common Vulnerability Scoring System (CVSS) and Common Configuration Scoring System (CCSS) base scores in probabilistic attack graphs to cater for configuration-based vulnerabilities which are typically leveraged for attacking cloud storage systems. This approach is necessary since existing schemes do not provide sufficient security metrics, which are imperatives for comprehensive risk assessments. We demonstrate the efficiency of our proposal by devising CCSS base scores for two common attacks against cloud storage: Cloud Storage Enumeration Attack and Cloud Storage Exploitation Attack. These metrics are then used in Attack Graph Metric-based risk assessment. Our experimental evaluation shows that our approach caters for the aforementioned gaps and provides efficient security hardening options. Therefore, our proposals can be employed to improve cloud security.
KW  - Cloud-Security
KW  - Threat Models
KW  - Security Metrics
KW  - Security Risk Assessment
KW  - Secure Configuration
Y1  - 2018
SN  - 978-1-5386-2195-0
U6  - https://doi.org/10.1109/AINA.2018.00114
SN  - 1550-445X
SP  - 759
EP  - 768
PB  - IEEE
CY  - New York
ER  - 
TY  - GEN
A1  - Krentz, Konrad-Felix
A1  - Meinel, Christoph
A1  - Graupner, Hendrik
T1  - More Lightweight, yet Stronger 802.15.4 Security Through an Intra-layer Optimization
T2  - Foundations and Practice of Security
N2  - 802.15.4 security protects against the replay, injection, and eavesdropping of 802.15.4 frames. A core concept of 802.15.4 security is the use of frame counters for both nonce generation and anti-replay protection. While being functional, frame counters (i) cause an increased energy consumption as they incur a per-frame overhead of 4 bytes and (ii) only provide sequential freshness. The Last Bits (LB) optimization does reduce the per-frame overhead of frame counters, yet at the cost of an increased RAM consumption and occasional energy-and time-consuming resynchronization actions. Alternatively, the timeslotted channel hopping (TSCH) media access control (MAC) protocol of 802.15.4 avoids the drawbacks of frame counters by replacing them with timeslot indices, but findings of Yang et al. question the security of TSCH in general. In this paper, we assume the use of ContikiMAC, which is a popular asynchronous MAC protocol for 802.15.4 networks. Under this assumption, we propose an Intra-Layer Optimization for 802.15.4 Security (ILOS), which intertwines 802.15.4 security and ContikiMAC. In effect, ILOS reduces the security-related per-frame overhead even more than the LB optimization, as well as achieves strong freshness. Furthermore, unlike the LB optimization, ILOS neither incurs an increased RAM consumption nor requires resynchronization actions. Beyond that, ILOS integrates with and advances other security supplements to ContikiMAC. We implemented ILOS using OpenMotes and the Contiki operating system.
Y1  - 2018
SN  - 978-3-319-75650-9
SN  - 978-3-319-75649-3
U6  - https://doi.org/10.1007/978-3-319-75650-9_12
SN  - 0302-9743
SN  - 1611-3349
VL  - 10723
SP  - 173
EP  - 188
PB  - Springer
CY  - Cham
ER  - 
TY  - JOUR
A1  - Jaeger, David
A1  - Graupner, Hendrik
A1  - Pelchen, Chris
A1  - Cheng, Feng
A1  - Meinel, Christoph
T1  - Fast Automated Processing and Evaluation of Identity Leaks
JF  - International journal of parallel programming
N2  - The relevance of identity data leaks on the Internet is more present than ever. Almost every week we read about leakage of databases with more than a million users in the news. Smaller but not less dangerous leaks happen even multiple times a day. The public availability of such leaked data is a major threat to the victims, but also creates the opportunity to learn not only about security of service providers but also the behavior of users when choosing passwords. Our goal is to analyze this data and generate knowledge that can be used to increase security awareness and security, respectively. This paper presents a novel approach to the processing and analysis of a vast majority of bigger and smaller leaks. We evolved from a semi-manual to a fully automated process that requires a minimum of human interaction. Our contribution is the concept and a prototype implementation of a leak processing workflow that includes the extraction of digital identities from structured and unstructured leak-files, the identification of hash routines and a quality control to ensure leak authenticity. By making use of parallel and distributed programming, we are able to make leaks almost immediately available for analysis and notification after they have been published. Based on the data collected, this paper reveals how easy it is for criminals to collect lots of passwords, which are plain text or only weakly hashed. We publish those results and hope to increase not only security awareness of Internet users but also security on a technical level on the service provider side.
KW  - Identity leak
KW  - Data breach
KW  - Automated parsing
KW  - Parallel processing
Y1  - 2018
U6  - https://doi.org/10.1007/s10766-016-0478-6
SN  - 0885-7458
SN  - 1573-7640
VL  - 46
IS  - 2
SP  - 441
EP  - 470
PB  - Springer
CY  - New York
ER  - 
TY  - GEN
A1  - Torkura, Kennedy A.
A1  - Sukmana, Muhammad Ihsan Haikal
A1  - Strauss, Tim
A1  - Graupner, Hendrik
A1  - Cheng, Feng
A1  - Meinel, Christoph
T1  - CSBAuditor
BT  - proactive security risk analysis for cloud storage broker systems
T2  - 17th International Symposium on Network Computing and Applications (NCA)
N2  - Cloud Storage Brokers (CSB) provide seamless and concurrent access to multiple Cloud Storage Services (CSS) while abstracting cloud complexities from end-users. However, this multi-cloud strategy faces several security challenges including enlarged attack surfaces, malicious insider threats, security complexities due to integration of disparate components and API interoperability issues. Novel security approaches are imperative to tackle these security issues. Therefore, this paper proposes CSBAuditor, a novel cloud security system that continuously audits CSB resources, to detect malicious activities and unauthorized changes e.g. bucket policy misconfigurations, and remediates these anomalies. The cloud state is maintained via a continuous snapshotting mechanism thereby ensuring fault tolerance. We adopt the principles of chaos engineering by integrating Broker Monkey, a component that continuously injects failure into our reference CSB system, Cloud RAID. Hence, CSBAuditor is continuously tested for efficiency i.e. its ability to detect the changes injected by Broker Monkey. CSBAuditor employs security metrics for risk analysis by computing severity scores for detected vulnerabilities using the Common Configuration Scoring System, thereby overcoming the limitation of insufficient security metrics in existing cloud auditing schemes. CSBAuditor has been tested using various strategies including chaos engineering failure injection strategies. Our experimental evaluation validates the efficiency of our approach against the aforementioned security issues with a detection and recovery rate of over 96 %.
KW  - Cloud-Security
KW  - Cloud Audit
KW  - Security Metrics
KW  - Security Risk Assessment
KW  - Secure Configuration
Y1  - 2018
SN  - 978-1-5386-7659-2
U6  - https://doi.org/10.1109/NCA.2018.8548329
PB  - IEEE
CY  - New York
ER  -