When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero...
Transcript of When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero...
![Page 1: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/1.jpg)
When the Clouds Disperse Data Confidentiality and Privacy in Cloud
Computing
C. Kauba, S. Mayer Seminar aus Informatik - SS2013
24.05.2013
![Page 2: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/2.jpg)
When the Clouds Disperse – Kauba, Mayer
Introduction
Cloud computing security issues
Legal aspects
Threats and attacks
User attitudes and beliefs
Countermeasures
Summary
Outline
2
![Page 3: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/3.jpg)
When the Clouds Disperse – Kauba, Mayer
• Use of hardware, storage and systems software located in large
data centers worldwide
• Main characteristics:
• On-demand self-service
• Broad network access
• Resource pooling
• Rapid elasticity
• Measured service
• Public and private clouds
Cloud Computing
3
![Page 4: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/4.jpg)
When the Clouds Disperse – Kauba, Mayer
• SaaS (Software as a Service)
• Common delivery model for business applications
• Extends the idea of the ASP model
• Examples: Google Docs, Webmail, Office Software, DBMS
• PaaS (Platform as a Service)
• Provides a computing platform and a solution stack as a service
• Tools and libraries from the provider can be used
• Network, server and storage are provided
• User does not manage nor control the underlying cloud
infrastructure
• Examples: Windows Azure, Amazon EC2
Cloud Computing Service Model (1)
4
![Page 5: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/5.jpg)
When the Clouds Disperse – Kauba, Mayer
• IaaS (Infrastructure as a Service)
• Providing processing
power, storage,
networks and other
computing services
• User has control
over operating systems,
storage, network,
deployed applications
• Example: Amazon EC2
Cloud Computing Service Model (2)
5
IaaS
PaaS
SaaS
Cloud Client Web browser, mobile app
![Page 6: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/6.jpg)
When the Clouds Disperse – Kauba, Mayer
• Service Provider
• No more software piracy issues
• Protection from reverse engineering
• Vendor lock-in
• Higher revenues than one-time purchases
• Carefully targeted advertising, data mining
• Customer
• Cost savings
• Increased flexibility
• Data can be accessed from anywhere
Cloud Computing Benefits
6
![Page 7: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/7.jpg)
When the Clouds Disperse – Kauba, Mayer
• Surveillance at near zero marginal cost, significantly reduced
manpower, elimination of physical risk
• No need for physical surveillance, to install wiretaps, to do a black
bag job or to steam open mails
• No raid and data extraction of data from a suspects PC
• Request to the cloud service provider is sufficient
• Deleted data is also stored
• Legal compliance departments
• Providers may charge for surveillance (paper-trail)
Cloud Computing Benefits for
Governments 7
![Page 8: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/8.jpg)
When the Clouds Disperse – Kauba, Mayer
• Data is no longer stored locally, no direct control
• Internet connection needed to use the software
• Data confidentiality threats:
• Data is in transmission
• Stored data
• Problems for companies due to different laws
• Europe’s safe harbour convention
• Exact storage location of the data not known
• Data stored on the web is treated differently by legislation than if
stored locally
• Many users have no choice or are not aware that they are actually
using cloud software
Cloud Computing Issues
8
![Page 9: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/9.jpg)
When the Clouds Disperse – Kauba, Mayer
• Third persons (Hackers)
• Making profit (credit card numbers, financial records, bank login
details)
• Governments
• Surveillance
• Fighting crime and terrorism
• Cloud Service Provider
• Achieving profit (personalised ads)
• Data and user profile marketing
Attackers and their Interests in User Data
9
![Page 10: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/10.jpg)
When the Clouds Disperse – Kauba, Mayer
• Personal data
• Any information relating to an identified or identifiable individual
(data subject)
• Legal authority to order firms to turn their own technology against
their customers as long as there is no complete disruption of the
service and to circumvent any privacy enhancing technology
• Stored communications act, Fourth Amendment, Third-party
doctrine, USA Patriot Act, FISA, Wiretap Act, ToS
• Subpoena (no court order needed)
• Search warrant
• USA Patriot Act, §215 court order
• Emergency voluntary disclosure (disclosure without delay)
Government’s legal possibilities to
access personal data 10
![Page 11: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/11.jpg)
When the Clouds Disperse – Kauba, Mayer
• No guarantee that data will be kept confidential
• Right to manipulate, disclose and delete user data without notice
• No liability for service interruption, data loss, errors, inaccurate or
untimely results
• ToS may change without any notification
• Capitalizing lack of knowledge about privacy issues in the cloud
Terms of Service Agreement
11
![Page 12: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/12.jpg)
When the Clouds Disperse – Kauba, Mayer
• Google’s advertising system relies on customers’ data
• Google Terms of Service, supra note 126, § 8.3.
“Google reserves the right . . . to prescreen, review, flag, filter,
modify, refuse or remove any or all Content from any [Google]
Service.” [5]
• Google Privacy Center: Advertising and Privacy, supra note 130.
“[t]he Gmail filtering system also scans for keywords in users’ e-
mails which are then used to match and serve ads. When a user
opens an e-mail message, computers scan the text and then
instantaneously display relevant information that is matched to
the text of the message.” [5]
ToS Examples of Cloud Services (1)
12
![Page 13: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/13.jpg)
When the Clouds Disperse – Kauba, Mayer
• Yahoo! reserves the right to “pre-screen” content on its service
• Yahoo! Mail Privacy Policy,
http://info.yahoo.com/privacy/us/yahoo/mail/details.html (May. 17,
2013) (emphasis added).
“Yahoo!’s practice is not to use the content of messages stored in
your Yahoo! Mail account for marketing purposes.” [5]
• Mozy (a cloud service provider) assure customers about the privacy
of their content
• Mozy: Decho Corporation Privacy Policy (May. 17, 2013),
http://mozy.com/privacy.
“We will not view the files that you backup using the Service.” [5]
ToS Examples of Cloud Services (2)
13
![Page 14: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/14.jpg)
When the Clouds Disperse – Kauba, Mayer
• Hackers
• Session hijacking
• Man-in-the-Middle attack
• User interface attacks
• TLS Null-prefix attack
• Governments
• Bypassing storage encryption
• SSL interception attack
• Hidden backdoors and unnoticeable software changes
• Service Providers
• Exploiting user data
• Data leaks through employees of service provider
Threats and Attacks
14
![Page 15: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/15.jpg)
When the Clouds Disperse – Kauba, Mayer
• Most providers are offering HTTPS / TLS only for login
• After the login an attacker can intercept the traffic, capture session
cookies and also transferred data
• Attacker has full access as long as the user is logged in
• Economic issue: HTTPS needs more processing power, additional
hardware to maintain service quality
• No demand for HTTPS due to a lack of information
Session Hijacking
15
Cloud
Service
Provider
Eve
Alice
1) Authentification using HTTPS
2) Sending session ID or Cookie via HTTP
3) Session information
intercepted
4) Data transfer via HTTP
5) Data transfer
intercepted 6) Eve impersonating Alice
![Page 16: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/16.jpg)
When the Clouds Disperse – Kauba, Mayer
• Login page is plain HTTP, only login data is transferred via HTTPS
• Attacker can intercept and redirect traffic and show the user a
different login page
• Forging DNS packets, DNS cache poisoning, ARP spoofing
• Attacker then gets the plaintext login data without notice of the user
(it is only http) and establishes a https connection with the service
• Attacker decrypts the data from the service and sends it to the user
Man-in-the-Middle Attack
16
Cloud
Service
Provider Eve
Alice
2) Attacker intercepts DNS request,
sends wrong IP information
DNS Server
4) Attacker relays user data
3) User communicates
with attacker
![Page 17: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/17.jpg)
When the Clouds Disperse – Kauba, Mayer
• Cloud applications are accessed using a web browser
• Browsers tend to store user data including browsing history,
passwords and other sensitive information
• Exploiting browser software vulnerabilities
• Tricking browser to show a fake URL
• Reading browser cache
• Tricking browser to insert auto-complete data
• Fooling users to think a fake website is the real one
• Faking https lock icon
• Homographic attacks with international characters looking like
national ones
User Interface Attacks
17
![Page 18: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/18.jpg)
When the Clouds Disperse – Kauba, Mayer
• Provides a certain protection against insider attacks
• Not widely used because no consumer demand
• Different options where to store the key
• Only the user has the encryption key
• Only the service provider or both have the key
• In the second case the service provider can decrypt the users data
• Can be forced by the government to hand over the key, also without
informing the user
• Key entered on a web interface or software provided by the service
provider might get to know the key
Bypassing Storage Encryption
18
![Page 19: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/19.jpg)
When the Clouds Disperse – Kauba, Mayer
• Providing a secure, encrypted mail service (PGP)
• Offering server-side and client-side encryption
• Law enforcement wanted to look at a drug dealer’s emails who used
server-side encryption
• Ordered Hush to record the passphrase after the dealer entered it
on the web interface
• Also client-side version would not have helped him provide an
applet containing a back door
Case Study - Hushmail
19
1) User logs in
with his private
key
2) Key is stored in RAM and used for
encryption / decryption
3) Plaintext of messages is transferred from/to the user
user
pass
Login
1) User logs in
with his private
key
2) Key is logged to HDD and used for
encryption / decryption
3) Plaintext of messages is transferred from/to the user
user
pass
Login
![Page 20: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/20.jpg)
When the Clouds Disperse – Kauba, Mayer
• SSL/TLS relies on a chain-of-trust involving several CAs (Certificate
Authorities) verifying a servers certificate
• Browser vendors trust the root-CAs
• Compelled certificate creation attack
• Technically it is possible for a CA to issue a certificate for a site
which has already obtained a valid certificate
• Governments either own CAs or force them to issue false
certificates (also intermediate certificates)
• Users traffic is redirected using DNS or ARP spoofing
• Enables silently and covertly intercepting traffic and reading user’s
data
• Specific devices exists, e.g. Packet Forensics 5-Series
SSL Interception Attack
20
![Page 21: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/21.jpg)
When the Clouds Disperse – Kauba, Mayer
• Firefox plugin CertLock[7]
• Caching certificates and comparing the current certificate with
cached one on country level changes
• If no country change, attack is not detected
• Most certificates are issued from US CAs
• Attacks from US government cannot be discovered
SSL Interception Countermeasures
21
Cloud
Service
Provider
Eve
Alice
2) Government server sends
own DNS information
DNS Server
4) Traffic is decrypted,
re-encrypted and
relayed using HTTPS 3) Traffic over HTTPS is
redirected using the false
certificate without noticing
![Page 22: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/22.jpg)
When the Clouds Disperse – Kauba, Mayer
• Website hostname specified in Common Name (CN) field
• CAs verify ownership of the domain name specified in the CN field
• CN field is a Pascal string, different from a \0 terminated C string,
TLS implementations are in C
• CN: www.website.com\0.attacker.org
• Will be signed by CA (ignoring the \0)
• Browser implementation of string compare only compares until it
reaches \0, so validates the certificate for www.website.com
TLS Null-Prefix Attack
22
w w w . w e b s i t e . c o m \0 . a t t a o r g \0
w w w . w e b s i t e . c o m \0 char *currentURL
char *commonName
char *currentURL = getDomainWeAreConnectingTo();
char *commonName = getCommonNameFromCertificte();
bool verificationOK = (strcmp(destination, commonName) == 0);
c k e r .
![Page 23: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/23.jpg)
When the Clouds Disperse – Kauba, Mayer
• Regular software products require updates to be installed manually
slow adoption rates
• At least the user is able to check if an update has been performed
• Cloud software can be updated without anyone noticing
• Installation of hidden backdoors is much easier
• In addition a specific user can be provided with a specific version of
the product while all other users still use the original one
• If only one user has the compromised version the chance that
someone notices is very low
Hidden Backdoors
23
![Page 24: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/24.jpg)
When the Clouds Disperse – Kauba, Mayer
• JAP – Java Anonymous Proxy
• German government forced developers to introduce a hidden
backdoor which logs accesses to illegal web sites
• As it is open source, a user discovered the change
• Open-source software cannot be easily modified without someone
noticing
• No technology exists to protect a company from executing a lawful
order compelling to insert a backdoor into its product
Case Study - JAP
24
![Page 25: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/25.jpg)
When the Clouds Disperse – Kauba, Mayer
• Most providers offering a free service are earning money by
showing highly personalised ads
• Mining users private data, searching for keywords, provide these to
third party companies which then place ads on the web interface
• Statistics and behaviour predictions
• Storage encryption is against their business model (monetizing
user’s private data)
• Users would not even pay for enhanced privacy
Cloud Service Provider scanning data
25
![Page 26: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/26.jpg)
When the Clouds Disperse – Kauba, Mayer
• Users expectation of privacy
• Misconceptions about the rights and guarantees the service
provider offers
• Users still consider local storage safer than the cloud
• Physical protection is considered more secure than encryption
• Users do not use the cloud as main storage
• Storing only less “sensitive” data
• Different perception of “sensitive” data
• Loss of control over their data
• Agree to pay more for better privacy
User attitudes and beliefs
26
![Page 27: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/27.jpg)
When the Clouds Disperse – Kauba, Mayer
• Understanding of cloud infrastructure is rather limited
• Users do not read privacy policies
• Assuming higher availability, integrity, ownership guarantees and
privacy protection
• Unaware of unauthorized modification, delayed deletion, arbitrary
account disabling and data loss liability
• Users consider the internet as highly insecure
• Easy for hackers to access their data
• Storage provider and governments might access their data
• Data is not interesting so the practical risk is only minimal
• Unaware of the actual privacy risks they are exposed to
Perceived Privacy and ToS
27
![Page 28: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/28.jpg)
When the Clouds Disperse – Kauba, Mayer
• Switzerland
• Privacy is guaranteed by the constitution
• Government monitoring is considered as a fundamental privacy
infringement
• Swiss are more privacy aware than Indians
• Everybody should have the right of privacy, including terrorists
• India
• Privacy is not explicitly recognized
• Regard surveillance as necessary in combating terrorism
• Tap-proof technology should not exist because it would be
misused
National differences
28
![Page 29: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/29.jpg)
When the Clouds Disperse – Kauba, Mayer
• Using HTTPS/TLS by default
• Providers should be required by law to use HTTPS
• Using DNSSEC
• Homomorphic encryption
• Encrypted data can be processed
• Encryption done independently by the user
• Single Site Browser
• Web Browser just for a single cloud application
• Web application fingerprinting
• Using open-source software
Countermeasures
29
![Page 30: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/30.jpg)
When the Clouds Disperse – Kauba, Mayer
• Data stored in the cloud has a higher risk of being accessed by
unauthorized individuals
• Providers have no incentives to provide better security and privacy
for economic reasons
• Governments also have a legitimate need to access data
• Governments around the globe have several legal ways forcing
cloud providers to disclose users personal data
• Compelled backdoors are a serious problem
• Storage encryption is no magic bullet
Summary
30
![Page 31: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/31.jpg)
When the Clouds Disperse – Kauba, Mayer
Thank you for your attention
Questions?
“Cryptography is typically bypassed, not penetrated.”, Adi Shamir
End
31
![Page 32: When the Clouds Disperse · When the Clouds Disperse – Kauba, Mayer •Surveillance at near zero marginal cost, significantly reduced manpower, elimination of physical risk •No](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8dae9fde58b554b0742dc8/html5/thumbnails/32.jpg)
When the Clouds Disperse – Kauba, Mayer
(1) SOGHOIAN, Christopher. Caught in the cloud: Privacy, encryption, and government back doors in the web 2.0 era. J. on Telecomm. & High Tech. L., 2010, 8. Jg., S. 359.
(2) ION, Iulia, et al. Home is safer than the cloud!: privacy concerns for consumer cloud storage. In: Proceedings of the Seventh Symposium on Usable Privacy and Security. ACM, 2011. S. 13.
(3) BORGMANN, Moritz, et al. On the Security of Cloud Storage Services. Fraunhofer Institute for Secure Information Technology-SIT, Tech. Rep. SIT-TR-001, 2012.
(4) SOGHOIAN, Christopher. THE SPIES WE TRUST: THIRD PARTY SERVICE PROVIDERS AND LAW ENFORCEMENT SURVEILLANCE. 2012. Doctoral Dissertation. Indiana University.
(5) ROBISON, William Jeremy. Free at What Cost: Cloud Computing Privacy under the Stored Communications Act. Geo. LJ, 2009, 98. Jg., S. 1195.
(6) KATZAN JR, Harry, et al. On the privacy of cloud computing. International Journal of Management & Information Systems (IJMIS), 2011, 14. Jg., Nr. 2.
(7) SOGHOIAN, Christopher; STAMM, Sid. Certified lies: Detecting and defeating government interception attacks against ssl (short paper). In: Financial Cryptography and Data Security. Springer Berlin Heidelberg, 2012. S. 250-259.
Literature
32