Laboratory staff develop new cybersecurity solutions for cloud computing
"With all of the attacks and data leaks that we constantly hear about in the news, it is important to ensure that the security and privacy of data and applications can be assured if they are running in the cloud," said Nabil Schear, a member of the Secure Resilient Systems and Technology Group at Lincoln Laboratory. One common form of cloud computing is called Infrastructure-as-a-Service; it allows any organization, or cloud customer, to rent computing resources from a cloud provider. The cloud provider handles the management, maintenance, and security of those rented machines, while the cloud customer’s system administrator configures and maintains their applications and data. A real-world example is Netflix; while end users would interact directly with Netflix and might consider their data to be in Netflix's cloud, the company’s system administrators rents their computer space from Amazon. Although the rented machines are usually secure, there's currently no way for the system administrators to check the cloud's security, so organizations with sensitive data are reluctant to reap the benefits of flexibility and low cost that the cloud offers.
"The way security in the cloud works today is either through 'black box' technology, whereby one has to take their provider’s word that they are doing everything correctly and that their machine is in a good or uncompromised state, or through certifications and contracts, which do not directly prove the integrity state of the cloud system," added Charles Munson, another member of the Secure Resilient Systems and Technology Group.
Together, Schear and Munson are leading the development of a technology called Keylime. The open-source Keylime software aims to allow system administrators to check for themselves that the cloud storing their data is as secure as the cloud computer owners say it is. Keylime doesn't interfere with the operation of the hosting computer, but allowing system administrators to see whether the computer has been compromised gives a level of reliability to cloud computing that makes it a more realistic option for system administrators who need to maintain the security of their data. Keylime also enables organizations like banks, technology firms, and government agencies to store secrets, such as cryptographic keys, passwords, and certificates, on the cloud without divulging them to their cloud provider.
To achieve this heightened level of security, Keylime leverages a piece of hardware called the Trusted Platform Module, or TPM, an industry-standard and widely-used hardware security chip. It generates a hash, which is a short string of numbers that securely represents a much larger amount of data. If the data change even slightly, the hash will change significantly, making it an ideal way to determine whether a dataset has been tampered with or to check whether their applications are secure. Thanks to these hashes, Keylime can detect and react to security violations in under a second.
Invented more than a decade ago, the TPM is not a new or revolutionary technology — in fact, it is an international standard. However, it had yet to be applied to cloud technology, because it was not initially designed with the cloud in mind, has limited software support, and runs very slowly. For example, a TPM typically takes about one second to perform one cryptographic operation, while the average laptop can perform thousands of the same operation in a second. Keylime as a piece of intermediary software allows users to leverage the security benefits of the TPM without having to make all their software compatible with the module or deal with the extreme slowdown that it introduces. When operating correctly, Keylime requires minimal engagement from either the intermediary system administrator (for whom Keylime is directed) or the end, individual user. "This is a technology that works behind the scenes in the cloud," Schear said. "It's not something the average [person] would see or even know is there."
Recently Schear and Munson began working with the company Red Hat, one of the world's leading open-source software companies. The company aggregates open-source software (such as Keylime) with the Linux Operating System and sells subscriptions to companies that want the power and innovation of such software without the headache of programming it to fit their systems and keeping it updated. Partnering with Red Hat means that the Keylime technology will likely see widespread use rather than gathering dust on Github. Ultimately, the team is planning for Keylime to be integrated into Red Hat's infrastructure and deployment management tools to make it as user-friendly and maintainable as possible. "This is the Linux equivalent of having your software licensed and used in Microsoft Windows," Schear said.
Even though integration with Red Hat is still in its early stages, the Keylime technology is already seeing use. Keylime is helping to secure the Massachusetts Open Cloud (MOC) project, which is a government-funded collaboration among Boston University, Northeastern University, Harvard University, University of Massachusetts, and MIT to provide a public, Massachusetts alternative to commercial cloud services such as Microsoft's Azure or Amazon Web Services. Munson described Keylime as a core security tool in MOC's infrastructure.
Although Schear and Munson still have tweaks and updates that they want to make — such as making the software easier to install — the Keylime product is ready to fill a difficult niche in cybersecurity. The next steps, with the help of Red Hat, are connecting these security benefits with potential users. "A big challenge for us is to help people understand what they're missing," Schear said. "The cloud provider gives you a nice secure machine — and you should be able check that yourself. Keylime makes that easy." More information on their project is available on their website: https://keylime.dev/.