Skip to main content
SpringerLink
Log in

Graphene: A Secure Cloud Communication Architecture

  • Conference paper
  • First Online:
Book cover Applied Cryptography and Network Security Workshops (ACNS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11605))

Included in the following conference series:

Abstract

Due to ubiquitous-elastic computing mechanism, platform independence and sustainable architecture, cloud computing emerged as the most dominant technology. However, security threats become the most blazing issue in adopting such a diversified and innovative approach. To address some of the shortcomings of traditional security protocols (e.g., SSL/TLS), we propose a cloud communication architecture (Graphene) that can provide security for data-in-transit and authenticity of cloud users (CUs) and cloud service providers (CSPs). Graphene also protects the communication channel against some most common attacks such as man-in-the-middle (MITM) (including eavesdropping, sniffing, identity spoofing, data tampering), sensitive information disclosure, replay, compromised-key, repudiation and session hijacking attacks. This work also involves the designing of a novel high-performance cloud focused security protocol. This protocol efficiently utilizes the strength and speed of symmetric block encryption with Galois/Counter mode (GCM), cryptographic hash, public key cryptography and ephemeral key-exchange. It provides faster reconnection facility for supporting frequent connectivity and dealing with connection trade-offs. The security analysis of Graphene shows promising protection against the above discussed attacks. Graphene also outperforms TLSv1.3 (the latest stable version among the SSL successors) in performance and bandwidth consumption significantly and shows reasonable memory usage at the server-side.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. BLAKE2 - fast secure hashing (2017). https://blake2.net/. Accessed 02 Sept 2018

  2. Hybrid CryptoSystem (2017). https://en.wikipedia.org/wiki/Hybrid_cryptosystem. Accessed 02 Sept 2018

  3. Weak Diffie-Hellman and the Logjam Attack (2017). https://weakdh.org/. Accessed 02 Sept 2018

  4. CRIME (2018). https://en.wikipedia.org/wiki/CRIME. Accessed 02 Sept 2018

  5. Transport Layer Security: Attacks against TLS/SSL (2018). https://en.wikipedia.org/wiki/Transport_Layer_Security#Attacks_against_TLS/SSL. Accessed 02 Sept 2018

  6. Abdallah, E.G., Zulkernine, M., Gu, Y.X., Liem, C.: Trust-cap: a trust model for cloud-based applications. In: 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC), vol. 2, pp. 584–589, July 2017. https://doi.org/10.1109/COMPSAC.2017.256

  7. Adrian, D., et al.: Imperfect forward secrecy: how Diffie-Hellman fails in practice. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, pp. 5–17. ACM, New York (2015). https://doi.org/10.1145/2810103.2813707

  8. Amara, N., Zhiqui, H., Ali, A.: Cloud computing security threats and attacks with their mitigation techniques. In: 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), pp. 244–251, October 2017. https://doi.org/10.1109/CyberC.2017.37

  9. Amazon Web Services: Amazon Web Services: Overview of Security Processes, May 2017. https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Whitepaper.pdf. Accessed 02 Sept 2018

  10. Aviram, N., et al.: Drown: breaking TLS using SSLv2. In: USENIX Security Symposium, pp. 689–706 (2016)

    Google Scholar 

  11. Barker, E.B., Dang, Q.H.: SP 800-57 Pt3 R1. Recommendation for key management, part 3: application-specific key management guidance, January 2015. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf. Accessed 02 Sept 2018

  12. Barker, E.B., Roginsky, A.L.: SP 800-131A R1. Transitions: recommendation for transitioning the use of cryptographic algorithms and key lengths, November 2015. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf. Accessed 02 Sept 2018

  13. Böck, H., Somorovsky, J., Young, C.: Return of bleichenbacher’s oracle threat (ROBOT). In: Proceedings of the 27th USENIX Conference on Security Symposium, SEC 2018, pp. 817–832. USENIX Association, Berkeley (2018). http://dl.acm.org/citation.cfm?id=3277203.3277265. Accessed 02 Sept 2018

  14. Chandu, Y., Kumar, K.S.R., Prabhukhanolkar, N.V., Anish, A.N., Rawal, S.: Design and implementation of hybrid encryption for security of IoT data. In: 2017 International Conference On Smart Technologies For Smart Nation (SmartTechCon), pp. 1228–1231, August 2017. https://doi.org/10.1109/SmartTechCon.2017.8358562

  15. Cloud Security Aliance: the treacherous 12 - top threats to cloud computing + industry insights, October 2017. https://cloudsecurityalliance.org/download/artifacts/top-threats-cloud-computing-plus-industry-insights/. Accessed 02 Sept 2018

  16. Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167–226 (2004). https://doi.org/10.1137/S0097539702403773

    Article  MathSciNet  MATH  Google Scholar 

  17. Duong, T., Rizzo, J.: Here come the XOR ninjas. White paper, Netifera (2011)

    Google Scholar 

  18. Durumeric, Z., et al.: The matter of heartbleed. In: Proceedings of the 2014 Conference on Internet Measurement Conference, IMC 2014, pp. 475–488. ACM, New York (2014). https://doi.org/10.1145/2663716.2663755

  19. Fardan, N.J.A., Paterson, K.G.: Lucky thirteen: breaking the TLS and DTLS record protocols. In: 2013 IEEE Symposium on Security and Privacy, pp. 526–540, May 2013. https://doi.org/10.1109/SP.2013.42

  20. Google: Encryption at Rest in Google Cloud Platform, August 2016. https://cloud.google.com/security/encryption-at-rest/default-encryption/resources/encryption-whitepaper.pdf. Accessed 02 Sept 2018

  21. Google: Encryption in Transit in Google Cloud, November 2017. https://cloud.google.com/security/encryption-in-transit/resources/encryption-in-transit-whitepaper.pdf. Accessed 02 Sept 2018

  22. Google: Google Infrastructure Security Design Overview, January 2017. https://cloud.google.com/security/infrastructure/design/resources/google_infrastructure_whitepaper_fa.pdf. Accessed 02 Sept 2018

  23. Kaaniche, N., Laurent, M., Barbori, M.E.: CloudaSec: a novel public-key based framework to handle data sharing security in clouds. In: 2014 11th International Conference on Security and Cryptography (SECRYPT), pp. 1–14, August 2014

    Google Scholar 

  24. Khanezaei, N., Hanapi, Z.M.: A framework based on RSA and AES encryption algorithms for cloud computing services. In: 2014 IEEE Conference on Systems, Process and Control (ICSPC 2014), pp. 58–62, December 2014. https://doi.org/10.1109/SPC.2014.7086230

  25. Kivinen, T., Kojo, M.: More modular exponential (MODP) Diffie-Hellman groups for internet key exchange (IKE) (2003). https://tools.ietf.org/html/rfc3526. Accessed 02 Sept 2018

  26. Liang, C., Ye, N., Malekian, R., Wang, R.: The hybrid encryption algorithm of lightweight data in cloud storage. In: 2016 2nd International Symposium on Agent, Multi-Agent Systems and Robotics (ISAMSR), pp. 160–166, August 2016. https://doi.org/10.1109/ISAMSR.2016.7810021

  27. Microsoft: Trusted Cloud: Microsoft Azure Security, Privacy and Compliance, April 2015. http://download.microsoft.com/download/1/6/0/160216AA-8445-480B-B60F-5C8EC8067FCA/WindowsAzure-SecurityPrivacyCompliance.pdf. Accessed 02 Sept 2018

  28. Möller, B., Duong, T., Kotowicz, K.: This POODLE bites: exploiting the SSL 3.0 fallback. Security Advisory, September 2014. Accessed 02 Sept 2018

    Google Scholar 

  29. Neuman, D.C., Hartman, S., Raeburn, K., Yu, T.: The kerberos network authentication service (V5). RFC 4120, July 2005. https://doi.org/10.17487/RFC4120. https://rfc-editor.org/rfc/rfc4120.txt

  30. Rescorla, E.: The transport layer security (TLS) protocol version 1.3. RFC 8446, August 2018. https://doi.org/10.17487/RFC8446. https://rfc-editor.org/rfc/rfc8446.txt

  31. Rescorla, E., Dierks, T.: The transport layer security (TLS) protocol version 1.2. RFC 5246, August 2008. https://doi.org/10.17487/RFC5246. https://rfc-editor.org/rfc/rfc5246.txt

Download references

Acknowledgment

This work is partially supported by the Natural Sciences and Engineering Research Council of Canada (NSERC) and the Canada Research Chairs (CRC) program. We would also like to convey special thanks to Mohima Hossain from the TRL Lab at Queen’s University for the fruitful discussion and her critics during this research work.

Author information

Authors and Affiliations

  1. School of Computing, Queen’s University, Kingston, ON, Canada

    Abu Faisal & Mohammad Zulkernine

Authors
  1. Abu Faisal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammad Zulkernine
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Abu Faisal .

Editor information

Editors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

  2. Singapore Management University, Singapore, Singapore

    Robert Deng

  3. University of California, Irvine, USA

    Zhou Li

  4. Massry Center for Business, University at Albany-SUNY, Albany, NY, USA

    Suryadipta Majumdar

  5. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  6. Concordia University, Montreal, QC, Canada

    Lingyu Wang

  7. Chinese University of Hong Kong, Shatin, Hong Kong

    Kehuan Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Faisal, A., Zulkernine, M. (2019). Graphene: A Secure Cloud Communication Architecture. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2019. Lecture Notes in Computer Science(), vol 11605. Springer, Cham. https://doi.org/10.1007/978-3-030-29729-9_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-29729-9_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-29728-2

  • Online ISBN: 978-3-030-29729-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation