Site Loader

INTRODUCTION

 

Cloud computing is a model for enabling ubiquitous, convenient, on-demand
network access to a shared pool of configurable computing resources (e.g.,
networks, servers, storage, applications, and services) that can be rapidly
provisioned and released with minimal management effort or service provider
interaction. In addition it has some other advantages like providing low cost
infrastructure ,flexibility ,scalability, collaboration and ease of use and
also on-demand access   from
anywhere   through the internet is being
used by commercial entities and  also by conventional
users.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

 

Characteristics
of cloud computing

According to the definition of NIST ,the cloud computing services have some
characteristics: on demand self service, broad network access , resource
pooling , rapid elasticity and measure service.1

 

As per NIST cloud computing  is described
using  three service models and four Deployment
models

Deployment
models :There are
four Deployment models in cloud11

·       Private cloud is deployed inside the boundary of the organization and its data
and  services cannot be accessed from
outside of an organization

·       Public cloud  has mega scalable infrastructure.
Is owned and managed by academic, business or government organizations
which  provides cloud services for open
use to the public.

·       Hybrid cloud is a combination of  both private
and public cloud usually private for sensitive data and strategic applications

·       Community cloud has a infrastructure and services that are provisioned for use by the
specific community of the customers.

 

                                                        

                                                          
Figure 1: Cloud deployment model

  

Cloud service
models

There are three types of service models in he cloud environment. User can select any one this three services based on their need 10
They are:

 

SaaS(Software as Service):
It is giving the ability to use the software and its functions on demand
remotely through the internet.It  removes
the huge responsibility of organizations such as set up, handling the
installations, maintenance , and daily preservations. Ex: Face book, Whatsapp,
Gmail etc.

PaaS (Platform as Service):
it can be described as application development environments offered by the
cloud provider as a service. It gives the user ability to deploy his
application on to the clouds infrastructure of provider. The development
execution environment should be programming language, operating system and
database. Example: Google App Engine.

IaaS(Infrastructure as Service):It provides the infrastructure such as servers, hardware, storage,
router and other networking modules to the users.

                                     

                                 Figure  2 : Cloud Service models

 

2. CLOUD ARCHITECTURE:

Cloud computing is a collection of resources
which can be availed on demand based. It is available over the internet in a
self service model with no interaction with the service provider. 

Cloud provides various products and services
with innovative , technical and pricing opportunities. As per NIST’s cloud
computing reference  architecture there
are five important actors that can influence and are impacted by cloud computing
along with its security implications.

1.    
Cloud
consumer – A person or organization that maintains a business relationship with ,
uses services from cloud providers

2.    
Cloud
provider – A person , organization or entity responsible for making a service available
to interested parties.

3.    
Cloud
auditor- A party that can conduct independent assessment of cloud services.
information system operations , security and performance of cloud
implementation

4.    
Cloud
broker – An entity that manages the use, performance and delivery of cloud
services and negotiates relationship between cloud consumers and providers.

5.    
Cloud
carrier- An intermediary  that provides
connectivity and transport of cloud services from cloud providers to cloud
consumers 2

 

            

              
Figure 3: NIST reference cloud architecture2

3. SECURITY OPEN ISSUES AND THREATS

 

The adaption of cloud has been reached to the
peak point and it is expected that more workloads will move from traditional
local storage to cloud,  ranging from
internet users  to commercial
organizations. While there are many security problems to be identified and
analysed in various aspects like  1)
Privileged  User Access Management  2) Regulatory 
Compliance 3) Data Location 4) Data 
Segregation 6) Data protection and recovery support 7)Investigative
support and 8) Long Term Viability.

 

Cloud computing  provides many benefits on other side  it suffers from security issues which cannot
be ignored.  In the  recent report of ENISA ,  thirteen technical risks were identified   

As per NIST’s report cloud computing is
facing some security challenges which are resulting from the cloud’s wide range
of outsourcing , Network Dependency, 
multi tenancy ,and scalability.

Fernandes et al.3 6provided thorough review
of the research literature to define cloud security open issues and challenges.

Main security challenges are

·      
Shared technologies vulnerabilities

·      
Data breach

·      
Account or service traffic hijacking

·      
Denial of service (DOS)

·      
Malicious insiders

                         

                                Figure 4: cloud
platform attack vectors6

 

The above mentioned open issues can be
caused by three main vectors of attack : Network, Hypervisor and Computing
Hardware and the various attackers are 
internal users, External users and cloud provider itself(malicious
employee)

Network is one of the most important
vector in cloud platform with which the application can run

Hypervisor: It is a program that would enable you to host
several different virtual machines on a single hardware. The Hypervisor is also
known as Virtual Machine Monitor(VMM).The Hypervisor presents the guest
operating Systems with a virtual operating platform and it manages the
execution of the guest operating systems. Hypervisor is the fundamental part
that guarantee the multi tenancy feature in the cloud computing, The  memory bus, disk bus,   data and instruction caches and other VM
instances  are some of the physical
recourses.

External users can attack against the
cloud infrastructure through the network. 
They can effect data integrity , confidentiality by tampering  the communication channels. They can effect
the availability of cloud provider data centres.

Internal Users  (owners of VM instance) can exploit the
hypervisor to attack another VM 
instance   which is by the multi
tenancy feature ie both the attacker and victim share the same host. It may
lead to breaches of confidentiality of sensitive information6

The Cloud provider itself might be an
attacker. The employees could exploit their privileged position  to steal the sensitive user information either
by physical or logical manipulation of hardware platform .

Table 1: 4  Cloud threats and attacks

 

TYPES

EFFECTS

SOLUTIONS

Threats

Different service
delivery/receiving model

Loss of control over the
infrastructure of the cloud

Offering services under the
control and monitoring

Abusive use of cloud computing

 validation loss, fraud service , stronger
attack due to unidentified sign-up

Observe the network status,
provide robust registration and authentication technique

Insecure interface and API

Improper authentication and
authorization, wrong transmission of the content

Data transmission is in encrypted
form, strong access control and authentication mechanism

Malicious insiders

Penetrate organizations resources,
damage assets, loss of productivity, affect an operation

Use agreement reporting and breach
notifications, transparent security and management process

Shared technology issues

Interfere one user services to
other user services by compromising hypervisor

Audit configuration and
vulnerability, for administrative task use strong authentication and access
control mechanisms

Data loss and leakage

Personal sensitive data can be
deleted, destructed, corrupted or modified

Provide data storage and backup
mechanisms

Service/Account hijacking

Stolen user account credentials,
access the critical area of the cloud, allowing the attacker to compromise
the security of the services

Adoption  of 
strong  authentication  mechanisms, 
security policies, and secure communication channel

Risk profiling

Internal security operations,
security policies, configuration breach, patching, auditing and logging

Acknowledge partial logs, data and
infrastructure aspect, to secure data use monitoring and altering system

Identity theft

An aggressor can get identity of a
valid user to access that user resources and take credits or other benefits
in that user name

Use strong multi-tier passwords
and authentication mechanisms

Attacks

Zombie attack(DoS/DDoS attack)

Service  availability  affected, 
may  be create a fake service

Strong  authentication  and 
authorization

Service injection attack

Service integrity distressed,
Malicious service provided to users instead of valid service

Strong  isolation 
mechanisms  between VMs, use
hash function to check service integrity, Web service  security, 
adopt  secure  web browsers and API

Attack on
virtualization/hypervisor

Access  the credentials  and control to another user

Need a hypervisor security
solutions, monitor hypervisor activities, VM isolation required

User to root attacks

Affect  the 
privacy  of  user’s 
sensitive information and services

Use  strong 
password,  better  authentication mechanism

Port scanning

Abnormal behaviour of the service,
affect service availability

Required strong port security

Man-in-middle attack

Penetrate the data privacy and
security

Required a proper secure Secure
Socket Layer (SSL) architecture

Metadata spoofing attack

Abnormal behaviour of the service,
affect privacy of the service

Service functionality and other
details should be kept in encrypted form, to access the file required a
strong authentication mechanism

Phishing attack

Affect the privacy of the user
credentials that should not be revealed

Use secure web link (HTTPS)
 

Backdoor channel attack

Affect the service availability
and data privacy, provides rights for gaining valid user’s resources

Required strong authentication, and
isolation mechanisms

Table 2:
classification of the cloud computing security issues

Cloud
security issues
 

Data
storage and
computing
security issues

Data storage issue

Un-trusted computing

Data and service availability

Cryptography

Cloud data recycling

Malware

Virtualization
security issues
 

VMs image management

Virtual machine monitor

Network virtualization

Mobility

Issues in virtual machine

Malware

Internet
and services related security issues
 

Advanced repeated threats
and venomous outsiders

Internet Protocols

Web services

Web technologies

Service availability

Network
security issues
 

Mobile platforms

Circumference security

 
Access
control issues
 

Physical
access

User credentials

Entity authentication

Authorization

Management of user identity

Anonymization

Software
security issues
 

Platform and frameworks

User frontend

Trust
management issues
 
 

Cloud to cloud trust

Human aspect

Reputation

Trust on the auditability reports

Anonymization

Compliance
and legal aspects
 

Forensics

Acts

Legal problems

Incorrect resource usage metering

Governance

 

 

 

Table 3:Security
challenges and risks

Threats

Risk Description

DoS

In Denial-of-Service attack, the attacker
flooding the server with traffic in order to make services or resources
unavailable to cloud users.

DDoS

A Distributed Denial of Service attack is
an attempt to make services unavailable by overwhelming it with traffic from
multiple machines that are distributed across the Internet.

MitM

A Man-in-the-Middle attack is a type of
eavesdropping attack where an intruder inserts himself into a conversation
between two parties, intercepts sensitive information from users, and then
passes it to the third party.

IP
Spoofing

IP Spoofing is a way to gain unauthorized
access to the server, whereby an attacker illegally impersonates an IP
address of trusted host to conceal his identity.

Packet
Sniffing

Packet sniffer or analyzer is commonly used
to diagnose network-related problems. However, an attacker to capture and
analyze all transmitted sensitive information can also use it.

Port
Scanning

Attacker sends queries to search for
vulnerable ports on the server and attempts to identify kind of used service.

Session
Hijacking

An attacker can hijack an active session
and masquerade as one of the conversation parties.

Phishing

Phishing is the attempt to steal sensitive
user data such as usernames, passwords, and credit card details. It occurs
when an attacker, impersonate an identity of a trusted entity and fools a
victim to open an email, or reading an instant message.

4. RELATED WORK

In the present era various number of
applications are relying on internet such online shopping , stock trading,
internet banking, digital bill payment etc., All these public networks need to
have the end to end  connection in a
secured manner which should also be confidential in order to ensure data
authentication, confidentiality ,availability 
integrity as well as accountability.

As per NIST  computer security can be defined as the
protection afforded to an automated information system in order to attain the
applicable objectives of preserving the integrity ,availability of
confidentiality of information system resources(inclusion hardware, software,
firmware ,data /information and tele-communications)

Security is the process of protecting
the services and information from an unauthorised access, modification or
distruction . In networking the security can be obtained by using cryptography (one
of  science and art) is  of 
transforming the messages  so that
they can be protected by attacks.

Encryption is one of important mechanism which can ensure the security of sensitive
information. The  encryption algorithms
are classified into two groups: symmetric key(secret key) and asymmetric
key(public key)

Symmetric key: it is also known as conventional encryption is a form of cryptosystem
in which encryption and decryption performed using same key 9

Asymmetric encryption : In which encryption and decryption
are performed using the different keys 
ie., public key, private key. 9

Figure 5: classification of encryption
methods

 

5.EXISTING ALGORITHMS FOR SECURITY

 

In 
data communication encryption plays a major role to secure the data. The
encryption algorithms used in cloud computing are

1.Symmetric encryption algorithms:

            In this method sender and receiver
use a single secret key which is used to encrypt and decrypt the messages. Some
of the encryption algorithms are

a)    
DES(Data
Encrytpion Standard): It is a symmetric key algorithm used to encrypt
the information. It was developed by IBM in 1970s. In DES algorithm block
cipher is of 64bits and key is of 56bits. Now a days this algorithm is insecure
for lots of applications.

b)    
3DES(Tripple
Data Encryption algorithm): It is developed to overcome the flaws of DES
without  designing a new crypto system.
3DES extends the key size of DES by applying the algorithm 3 times in
succession with 3 different keys. The combined key size is thus 168 bits(
3times to DES(3*56)).TDEA uses three 64bit keys K1,K2,K3 in
Encrypt-Decrypt-Encrypt(EDE) mode. 3DES is slower than other block cipher
methods.

c)     
AES(Advanced
Encyrption Standard): Is one of the new encryption standard recommended
by NIST to replace DES in 2001. AES can support any combination of data
(128bits ) and key length of 128,192 and 256 bits. During encryption and
decryption process AES goes through 10 rounds for 128 bit keys, 12 rounds for
192 bit keys and 14 rounds for 256 bit keys to deliver final cipher text. The
draw back of this algorithm is difficult to implement.

d)    
BlowFish:
Is
a symmetric key algorithm designed by Bruce Schneier in the year 1993. It is a
basic algorithm developed an option to DES algorithm to  overcome many problems that come with many
other algorithms. This algorithm is available in public domain. And can be
available to free to every one.

e)     
RC5(Rivest
Cipher):  Is a symmetric key algorithm.
Mainly known for its simple execution. This is developed by Ronald Rivest in
1994. The speed of algorithm is slow comparative to other algorithms

 

2.Asymmetric Algorithms:

            These  are public key algorithms which generally
make use of different keys for encryption and decryption. These algorithms are
most important because these can be used for transmission of encryption keys.

a) RSA
(Rivest-Shamir-Adeleman): Is the most simple and common asymmetric
algorithm used for both encryption and decryption of digital signature. It has
fast encryption key.

     
b) DSA :  It is an important algorithm for
processing the digital data. It was given by the NIST in the year august 1991.

c) Diffie-Hellman : Is the earlier
asymmetric data standard algorithm developed in the year 1976. This algorithm
most widely used   key exchange algorithm

 

5.CONCLUSION:Cloud computing provides an enormous benefits of cloud services and
resources in various fields. However cloud security issues remain the major
obstacles  that may prohibit the adoption
of cloud computing on a large scale.  Security
engineering is one of the best practices to provide the best methods and
techniques for developing systems and services which are built for security, sustainability
and resiliency. In this paper a comprehensive list of some recommendations have
been provided to efficiently avoid the security risks and some of the
encryption techniques were given, which are facing some problems regarding speed
and key length that can be overcome by using ABAC and RBAC algorithms if
possible along with the combinations of some other trends like iot.

Post Author: admin

x

Hi!
I'm Sonya!

Would you like to get a custom essay? How about receiving a customized one?

Check it out