Hubert A. Jäger, Arnold Monitzer, Ralf O. G. Rieken, and Edmund Ernst
Uniscon universal identity control GmbH, Agnes Pockels-Bogen 1, 80992 Munich, Germany
Security and privacy have turned out to be major challenges of the further Internet evolution in general and cloud computing, in particular. This paper proposes a novel approach to safeguard against previously unimpeded insider attacks, referred to as Sealed Cloud. A canonical set of technical measures is described, which, in conjunction, suﬃciently complicate and thus economically prevent insider access to unencrypted data. This paper shows the advantages versus end-to-end encryption relative to communication services. Another application of the Sealed Cloud, referred to as Sealed Freeze, provides a seminal solution to privacy issues pertaining to data retention.
For a long time, IT security concerns have focused on perimeter security, assuming the providers of software as a service (SaaS), clouds and cloudbased services to be trustworthy. However, data theft and privacy violation statistics ,  reveal that at least every fourth harmful attack originates from within providing organizations. This data only conﬁrms what many potential customers of SaaS and cloud-based oﬀers already sense regarding the data’s security. Therefore, mission critical applications are not outsourced to cloud resources, and privacy preserving services have not been established on a signiﬁcant scale, to date . In other words, integrated security is absolutely essential as recently postulated by many IT security experts, e.g. . The demand for a technical breakthrough protecting user data processed by providers is high.
The present proposal was elaborated within the framework of development of a Web privacy service , where, in a SaaS architecture, the data security exigence was extended to also consistently embrace the server components. Once this condition precedent was fulﬁlled, the resulting technical measures proved to equally solve the issue in general computing infrastructure.
Outline The remainder of this article is subdivided as follows. Section 2 gives account of previous work. The Sealed Cloud proposal is presented in Section 3. The advantages of the novel concept for communications and web privacy services as well as data retention technologies is elaborated in Section 4. Finally, Section 5 presents the conclusion.
In literature, there are several approaches as to how to secure computing infrastructure by employing Trusted Platform Modules (TPM), e.g.  or  for improved software integrity. In , a closed-box execution environment is used to protect the virtual machines against an unauthorized access by an administrator. According to , this method has not been implemented, yet.
These approaches secure the software’s integrity and thus substantially restrict administrators’ liberty to abuse infrastructure and data but do not fundamentally prevent access to unencrypted user data during processing. E.g., if the operation kernel of a processor fails or is provoked to fail, unencryped data is written to core dumps.
Similar ideas to clean up data as the ones presented in this paper, when perimeter security is surpassed, may be found in literature on tamper-proof hardware, e.g. .
The sole alternative to Sealed Cloud known to the authors to date is homomorphic encryption , , an enabling technology still in stage of research. In this case, data is processed in encrypted form and can therefore not be converted into legible form during processing by an operator or service administrator. However, in communications services, all end-to-end client encrypting services, including those employing homomorphic encryption, disclose all connection data (i.e., who communicates with whom, how much and when) to the operators of these services. Thus, these alternatives do not match secure cloud computing requirements to a suﬃcient level.
The following proposal is a set of innovative technical measures and employs oﬀ-the-shelf physical components only. It has been implemented for a concrete Web privacy service, and prototype development for generic use is ongoing.
A processing infrastructure is assumed, hosting applications that process sensitive, critical or personal data.
Sensitive, critical or personal data is considered any data related to users or subject matter the users deal with using such applications and deemed worthy of protection against unauthorized access.
Unauthorized access is speciﬁed as any access of a party having no business directly related to the business logic of an application nor a legally justiﬁed access right.
Unauthorized parties are external attackers but may also be internal service or infrastructure operator staﬀ, provided that no human interaction is needed for an application’s business logic. Often, the user of an application and a legal entity are the only persons to have authorized access within the narrow scope of applicable law.
The following proposes a set of technical measures, aimed at protecting sensitive, critical or personal data from unauthorized access. It is essential that said protection of sensitive and mission critical application data be sufﬁciently eﬀective by technical means only, i.e., it is paramount that potential impact of human deviance be minimized.
Basic Idea Due to the fact that current computing is normally only secured via state-of-the-art perimeter protection, in crucial cases, it is additionally protected by a comprehensive set of measures insuring software integrity, infrastructure administrators and the administrators of the hosted applications still have access to unencrypted sensitive, critical or personal data as illustrated in Figure 1. Of course, operators of such infrastructure and re-
Figure 1: Classical set of technical measures safeguarding against insider attacks.
spectively implemented services are well aware of this weakness and tend to complement protection of unencrypted processing data via organizational, non-technical means, i.e., respectively deﬁned processes and staﬃng with upright personell they deem trustworthy, as illustrated in Figure 2.
A good example of named full set of procedures is described in . The aforementioned elaborates the best combination of technical, formal and informal measures, to maximize security.
In contrast, our proposal replaces this non-technical makeshift by commensurate key distribution and tailored data clean-up procedures, as indicated in Figure 3. The latter measures, when combined with perimeter security and software integrity, can close contemplated gaps. Hence, with Sealed Cloud, no unencrypted processing data is easily accessible to unauthorized parties.
Key Distribution Let’s assume that all data stored on persistent memory is encrypted. In order to avoid that this encrypted data is accessed by the operator of the infrastructure or the operator of the services in unencrypted
Figure 2: Conventional set of technical and organizational measures, to avert insider attacks.
form, it is necessary to either (a) use an encryption method, in which the operator (once the data is encrypted) is not able, in turn, to decrypt the information, i.e., asymmetric encryption, or (b) delete the encryption key, as soon as encryption is completed. The latter method is appropriate if the encrypted information is to be again used at a later point in time in unencrypted form.
These methods allow to distribution of power among the various parties involved in an application’s business logic.
The most straightforward use case consists of user data encryption in the database of the service deployed in Sealed Cloud, with a key provided by the client of the application. If the data is again to be used in the cloud at a later point of time, no asymmetric key is used, and, consequently, the application has to delete the key, once the session or another unit representing the interaction with named data is completed.
A further use case comprises an application, which needs to provide access to speciﬁc data for a third party, e.g., when access of a business partner of the client is intentional, to ensure data access needed for partnership with the client organization. Such data can be encrypted in the Sealed Cloud with a business partner’s public key, exported in encrypted form to the partner, and, once there, safely decrypted with the partner’s private key.
Figure 3: Canonical set of technical measures safeguarding against insider attacks.
Data Clean-up The database of the Sealed Cloud contains no unecrypted data. Pursuant to business logic, the key to said data is only available for the party owning it. However, unencrypted data is found in the persistent and volatile memory of the processing infrastructure alike. Planned access,
i.e. planned maintenance to said memory, is inevitable, if one is to keep processing upright from an operational perspective. Unplanned access cannot be excluded either, since perimeter security can, in most cases, set oﬀ an alarm when intrusion is detected but not always prevent it eﬀectively.
Data clean-up, as proposed here, implies that planned or unplanned access to the persistent or volatile memory is not possible until sensitive, critical or personal data has been deleted or reliably overwritten. This requires appropriate trigger signals, indicating to the data clean-up procedure, that planned access is requested, or unplanned access is immanent. Planned access postulates the creation of new trigger signals, whereas unplanned access can rely on perimeter security alarms as signals.
Implementation Figure 4 illustrates a sample implementation of the described set of measures. The cloud user’s personal computers or other electronic devices are connected to Sealed Cloud, which is run by the cloud operator. The application software executed in Sealed Cloud was developed and produced by the application operator and has been examined and cer
tiﬁed by one or multiple external auditors, before it was deployed in Sealed Cloud. All players’ domains of control are indicated in Figure 4 with dashed lines, respectively. The structure of Sealed Cloud in this sample implemen-
Figure 4: A sample implementation of the canonical set of measures for a Sealed Cloud infrastructure.
tation is depicted in Figure 4 within the domain of the cloud operator. It consists of a so-called data clean-up area in the center (emphasized by two boldly printed “sealing” bows at the bottom and the top of the area) and the database and encrypted ﬁle system, as well as the peripheral seal and cloud control.
When the user connects to Sealed Cloud, an encrypted communication channel from the browser or any other application running on the user’s personal computer or device is established to one of the application servers in the data clean-up area, pursuant to well-known standard procedures, e.g., secure socket layer protocol. The selection of the actual application server is performed by load distributing mechanisms, implemented within the routers and servers of the cloud control unit, which also hosts the state-of-the-art mechanisms for perimeter security, such as ﬁrewall and intrusion detection and prevention. It is worthy of mention that the necessary shared secret or certiﬁcate for this encrypted connection is (for the purposes of the Sealed Cloud) not known to the cloud operator but under the control of the external auditor, who deployed a non-reverse-engineerable software agent on each application server. For practial purposes, this can be approximated by code obfuscation . Furthermore, each of these agents is individually produced for each respective application server, so that its execution is possible only on the individual server with the server’s concrete TPM secrets.
The sensitive, critical or personal data is then processed in unencrypted form in the application server. For persistent storage, the data is encrypted with a key derived from the user’s login credentials at the beginning of the session. The application software deletes these login credentials the instant the storage key is generated. External auditors focus on this deletion procedure, in particular. The data is then stored in the database in encrypted form. In the next session, the necessary key to read the data back from the database, the application software generates the key from the login credentials anew. At the end of each session, this derived key is also deleted. This procedure is also a main focus of examination through external auditors. The data encryption keys in the mass storage may be stored in the encrypted data, which, in turn, is stored in the database.
Access to the unencrypted data during processing within the data clean-up area is prevented by the data clean-up method. The following illustrates this method as per implementation example in Figure 4: The sealing control unit monitors a comprehensive set of sensors and agents running on all system components, to detect an access attempt to the Sealed Cloud infrastructure. In the event the data clean-up area is accessed without authorization, the aﬀected application servers immediately stop operation and delete any unencrypted data. For the purpose of simpliﬁcation, the data clean-up area of this implementation example contains volatile memory only. The deletion procedure is, e.g., brute forced by power-down of the aﬀected application servers. This applies to both logical and physical attempts to access the data clean-up area. The seminal new priorities, that privacy is ranked even higher than high availability requirements, lead to such system behavior. In the event of authorized access, e.g. for maintenance purposes, the same data clean-up mechanism is triggered only once access rights (authorization, system availability requirements, et al.) are been conﬁrmed by a state-of-the-art access control system.
When starting or restarting the application servers or other components of the Sealed Cloud system, the integrity of the system must be veriﬁed. A chain of trust must be established, embracing the full stack, from the server hardware to the highest application software layers, e.g., employing, in this implementation example, the TPMs as roots for the chains of trust.
Organizational Measures and Audit The user must be able to trust the Sealed Cloud operator and the application provider, i.e. that the system behaves as claimed and that both hardware and software in the system are trustworthy and execute only the speciﬁed functions. The implementation complexity needs to be limited by hierarchic structuring and encapsulation of the system modules, so that external auditors are able to understand and examine all components and, in particular, the critical focal points of an audit. Only then can external auditors issue certiﬁcates, thus providing the user an expert opinion, to justify trust in the operating parties. To further im-
Figure 5: Organizational measures are shifted to the second line of defence.
prove the coverage of examination by external auditors, they employ software agents, to dynamically observe system behavior and issue dynamic system
integrity attestation for the user. Hence, despite the fact that the technical measures ‘key distribution’ and ‘data-clean-up’ suﬃciently complicate insider access to unencrypted processing data and therefore protect against insider attacks, organizational measures are needed, to secure a proper auditing and certiﬁcation process by external auditors. That means that human integrity and processes are still important for the operation of the overall Sealed Cloud. However, this set of measures is, as illustrated in Figure 5, shifted to the second line of defence.
Core Principle The core principle underlying present proposal, is to implement a set of appropriate technical measures, to enforce the distribution of power between various parties. Such distribution of power (concerning the access to data), of course, only works, as long as no malicious coalitions are built between the various parties. The probability of such coalitions decreases, the less the external auditors depend on the operators, and the more they depend on the users. This stipulates that no monopoly, neither for the operator nor for the auditor, is acceptable.
Canonical Set of Measures The presented set of measures is classiﬁed as canonical, because the entirety of technical measures, serving the purpose of protecting the unencrypted processing data, can be mapped into the presented four categories “perimeter security”, “software integrity”, “key distribution” and “data-clean-up”. Despite the various measures’ dependency, each technical measure can be unambiguously categorized into one of the given groups of measures.
As mentioned in Section 1, the Sealed Cloud concept was elaborated, to develop a Web service designed to protect user privacy. The properties and a fundamental privacy advantage of such a service, in paricular, compared to end-to-end-encryption, is described as a ﬁrst application example in this section. The second application example was also developed in this connection. For cases with an obligation to court-ordered disclosure of data, e.g. connection data in telecommunications systems, stipulated the design of Sealed Freeze.
Web Privacy Services Web privacy services empower the user to enjoy the opportunities of modern networking technology, while pro-actively maintaining user privacy alike. Sealed Cloud is an enabling technology, generating trust in web privacy services. The Web Privacy Service IDGARD
Figure 6: Sealed cloud also ensures connection data privacy
 is the ﬁrst privacy service to oﬀer Sealed Cloud infrastructure. With a proxy function and additional measures as part of the application on the application servers, the source address and other identifying parameters of the user device can be disguised, to allow the user pseudonymous visits of websites. A certain number of users of such a service is necessary, for the individual user to be hidden among numerous fellow users. Further, Sealed Cloud can securely host user names and passwords safely, to provide for convenient and secure online authentication. Finally, shared storage allows a full range of communication services, such as e-mail, chat, ﬁle sharing, etc. The latter use case is illustrated in Figure 6. On the left-hand side of the ﬁgure, communication is depicted between users A-D via standard communication services. The connection data, i.e., who is connected with whom, when, and how much data is traﬃcked, is visible to the operator of the standard communication service. In contrast, a Sealed Cloud based communication service, as depicted on the right-hand side of Figure 6, does not disclose any of this connection data to the service operator.
Sealed Freeze Vis-a-vis legal philosophy, aforementioned web privacy services ultimately ensure free democratic order. However, to prevent these ser-
Figure 7: Sealed Freeze based on Sealed Cloud technology: An approach to resolve privacy issues regarding data retention.
vices from degenerating to hiding places for criminals or terrorists, a method for authorized persons to be able to access connection data within a very restricted constitutional framework is imperative. Yet, the property that the operators, technically, have no access to this data, has to be held upright. Moreover, the strict rules of the tight constitutional framework of justiﬁed access should be enforced, technically.
Figure 7 depicts the basic concept of Sealed Freeze. Any relevant data acquisition and processing system, e.g. telecommunications networks, social networks or video surveillance systems, to name only a few, feature data acquisition devices and a system to transport the data to a storage area. With Sealed Freeze, a key store generates pairs of assymmetric keys, keeps them in volatile memory only, and provides the public key to the data acquisition devices. These encrypt the data to be retained block by block, each with a speciﬁc public key, respectively, and then forward the encrypted data to the storage area. In case court-ordered or other authorized persons are legally obliged to access the retained data, they can request the matching private keys from Sealed Freeze. The policy gate in Sealed Freeze will disclose the matching private keys only if the request fulﬁls the policy rules, as deﬁned by lawmakers in advance and as programmed into the policy gate. The policy cannot be changed with retroactive eﬀect, since all keys are deleted during deployment of a new policy. The policy can contain rules regarding a four-eyes principle, maximum storage duration, volume of disclosure, ﬂows of disclosure within a given period of time, et al. The rule set within the policy can be chosen in a manner that no dragnet investigation is possible, because the number of private keys to be disclosed is limited. Through the rule deﬁning that private keys be deleted after a speciﬁc amount of time, deadlines can be enforced, technically. Here, too, Sealed Cloud is the enabling technology that resolves privacy issues.
The present proposal is a good example of an integrated security approach in information technology. By technical means, unauthorized access of any kind is eﬀectually complicated and thus prevented eﬃciently. Unauthorized parties include the service amd infrastructure operators. The resultant Sealed Cloud therefore constitutes an unrivaled, trustworthy processing infrastructure for clients of hosted applications.
Present paper is a proposal, opening a ﬁeld of research regarding the suggested measures’ implementation options. Fields of interest are, in particular, software integrity in environments with virtual engines and approaches to reliable data clean-up in standard cloud application interfaces.
The Sealed Cloud prototype infrastructure is pursued by Uniscon GmbH, Fraunhofer Institute of Applied and Integrated Security, and SecureNet GmbH, and is co-funded by the German Ministry of Economy and Technology within the framework of the so-called Trusted Cloud initiative .
 M. Keeney, E. Kowalski, D. Cappelli, A. Moore, T. Shimeall, and
S. Rogers. Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors. Carnegie Mellon University, Software Engineering Institute,CERTProgram, 2005.
 L. Holmlund, D. Mucisko, K. Kimberland, and J. Freyre. 2010 cybersecurity watch survey: Cybercrime increasing faster than some company defenses. Carnegie Mellon University, Software Engineering Institute, CERT Program, 2010.
 D. Catteddu, G. Hogben, A. Perilli, A. Manieri, A. Algom, J. Rhoton,
M. Rohr, O. Biran, and R. Samani. Cloud computing: Beneﬁts, risks and recommendations for information security.EuropeanNetworkandInformationSecurityAgency(ENISA), 2009.
 Claudia Eckert. ITK-Kompendium 2010, chapter IT-Sicherheit der nächsten Generation – Herausforderungen und Entwicklungen. FAZ-Institut, September 2009.
 H. A. Jaeger and A. Monitzer. Device for generating a virtual network user. Patentapplication WO2010/084017, January 22nd 2009.
 W. Dawoud, I. Takouna, and C. Meinel. Infrastructure as a service security: Challenges and solutions. in informatics and systems (infos). In Informatics and Systems(INFOS),2010 The 7th International Conference on Informatics and Systems(INFOS), page 1 to 8, 2010.
 N. Santos, K. P. Gummadi, and R. Rodrigues. Infrastructure as a service security: Challenges and solutions. in informatics and systems (infos).
In Proceedings of the 2009 conference on Hottopics in cloud computing,Hot Cloud 09, Berkeley, CA.
 T. Garﬁnkel, B. Pfaﬀ, J. Chow, M. Rosenblum, and D. Boneh. Terra: a virtual machinebased platform for trusted computing. In Proceedings of the nineteenth ACM symposiumon Operating systems principles, SOSP03, page 193 to 206, 2003.
 G. Brunette, R. Mogull, and editors. Security guidance for critical areas of focus in cloud computing v2.1. Cloud Security Alliance, 2009.
 Rosario Gennaro, Anna Lysyanskaya, Tal Malkin, Silvio Micali, and Tal Rabin. Algorithmic tamper-proof (ATP) security: Theoretical foundations for security against hardware tampering. Springer, 2004.
 P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. in advances in cryptology. EUROCRYPT99, LNCS, Volume 1592, page 223 to 238, 1999.
 N. P. Smart and F. Vercauteren. Fully homomorphic encryption with relatively small key and ciphertext sizes.In Proceedings of the Conference on Practice and Theory in Public Key Cryptography, 2010.
 S. Mishra and G. Dhillon. Deﬁning Internal Control Objectives for Information Systems Security: A Value Focused Assessment. In W. Golden,
T. Acton, K. Conboy, H. van der Heijden, and V. K. Tuunainen, editors,16th European Conference on Information Systems, pages 1334–1345, Galway, Ireland, 2008.
 B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan, and K. Yang. On the (im)possibility of obfuscating programs. In
J. Kilian, editor, Advances in Cryptology CRYPTO01, volume 2139 o fLecture Notes in Computer Science, page 118. Springer, 2001.
 Bundesministerium für Wirtschaft und Technologie (BMWi) Referat Entwicklung konvergenter IKT Deutsches Zentrum für Luft-und Raumfahrt e. V. Projekttrger im DLR. Sichere Internet-Dienste Sicheres Cloud Computing für Mittelstand und öﬀentlichen Sektor (Trusted Cloud). Ein Technologiewettbewerb des Bundesministeriums für Wirtschaft und Technologie, http://www.bmwi.de, 2010.