Attack tree analysis of Man in the Cloud attacks on client device synchronization in cloud computing

摘要

Cloud computing has many irrefutable advantages and one of the most attractive benefits thereof that is seeing users migrate to the cloud is the ability to synchronize each of their devices with the cloud. A user can be in a different locality with a different device altogether but with the advent of cloud synchronization, he is able to access and replicate data changes to all of his synchronized devices. However, this convenience comes at a cost. The framework that is implemented to actualize this adorable functionality leaves much to be desired in that authorization to synchronize with the cloud only requires a synchronization token offered to the user upon his one-time authentication. This entails that whoever presents this synchronization token is able to synchronize with the user's data both locally and on the cloud without the need to provide any login credentials. The task of the attacker therefore is to acquire this synchronization token which is always stored locally on the cloud user's device and this task is actualized via a Man in the Cloud (MITC) attack. This paper employs attack trees to analyze the constituents of a MITC attack process in the synchronization of client devices in cloud computing. We further propose from the analysis, areas of concentration when deploying preventative measures.