INTRODUCTION Cloud computing is a model for enabling ubiquitous, convenient, on-demandnetwork access to a shared pool of configurable computing resources (e.g.,networks, servers, storage, applications, and services) that can be rapidlyprovisioned and released with minimal management effort or service providerinteraction. In addition it has some other advantages like providing low costinfrastructure ,flexibility ,scalability, collaboration and ease of use andalso on-demand access fromanywhere through the internet is beingused by commercial entities and also by conventionalusers.
Characteristicsof cloud computing According to the definition of NIST ,the cloud computing services have somecharacteristics: on demand self service, broad network access , resourcepooling , rapid elasticity and measure service.1 As per NIST cloud computing is describedusing three service models and four DeploymentmodelsDeploymentmodels :There arefour Deployment models in cloud11· Private cloud is deployed inside the boundary of the organization and its dataand services cannot be accessed fromoutside of an organization· Public cloud has mega scalable infrastructure.Is owned and managed by academic, business or government organizationswhich provides cloud services for openuse to the public. · Hybrid cloud is a combination of both privateand public cloud usually private for sensitive data and strategic applications· Community cloud has a infrastructure and services that are provisioned for use by thespecific community of the customers. Figure 1: Cloud deployment model Cloud servicemodelsThere are three types of service models in he cloud environment. User can select any one this three services based on their need 10They are: SaaS(Software as Service):It is giving the ability to use the software and its functions on demandremotely through the internet.It removesthe huge responsibility of organizations such as set up, handling theinstallations, maintenance , and daily preservations. Ex: Face book, Whatsapp,Gmail etc.
PaaS (Platform as Service):it can be described as application development environments offered by thecloud provider as a service. It gives the user ability to deploy hisapplication on to the clouds infrastructure of provider. The developmentexecution environment should be programming language, operating system anddatabase. Example: Google App Engine.
IaaS(Infrastructure as Service):It provides the infrastructure such as servers, hardware, storage,router and other networking modules to the users. Figure 2 : Cloud Service models 2. CLOUD ARCHITECTURE:Cloud computing is a collection of resourceswhich can be availed on demand based.
It is available over the internet in aself service model with no interaction with the service provider. Cloud provides various products and serviceswith innovative , technical and pricing opportunities. As per NIST’s cloudcomputing reference architecture thereare five important actors that can influence and are impacted by cloud computingalong with its security implications.1. Cloudconsumer – A person or organization that maintains a business relationship with ,uses services from cloud providers2.
Cloudprovider – A person , organization or entity responsible for making a service availableto interested parties.3. Cloudauditor- A party that can conduct independent assessment of cloud services.
information system operations , security and performance of cloudimplementation4. Cloudbroker – An entity that manages the use, performance and delivery of cloudservices and negotiates relationship between cloud consumers and providers.5. Cloudcarrier- An intermediary that providesconnectivity and transport of cloud services from cloud providers to cloudconsumers 2 Figure 3: NIST reference cloud architecture23. SECURITY OPEN ISSUES AND THREATS The adaption of cloud has been reached to thepeak point and it is expected that more workloads will move from traditionallocal storage to cloud, ranging frominternet users to commercialorganizations.
While there are many security problems to be identified andanalysed in various aspects like 1)Privileged User Access Management 2) Regulatory Compliance 3) Data Location 4) Data Segregation 6) Data protection and recovery support 7)Investigativesupport and 8) Long Term Viability. Cloud computing provides many benefits on other side it suffers from security issues which cannotbe ignored. In the recent report of ENISA , thirteen technical risks were identified As per NIST’s report cloud computing isfacing some security challenges which are resulting from the cloud’s wide rangeof outsourcing , Network Dependency, multi tenancy ,and scalability. Fernandes et al.3 6provided thorough reviewof the research literature to define cloud security open issues and challenges.Main security challenges are · Shared technologies vulnerabilities · Data breach· Account or service traffic hijacking· Denial of service (DOS)· Malicious insiders Figure 4: cloudplatform attack vectors6 The above mentioned open issues can becaused by three main vectors of attack : Network, Hypervisor and ComputingHardware and the various attackers are internal users, External users and cloud provider itself(maliciousemployee) Network is one of the most importantvector in cloud platform with which the application can runHypervisor: It is a program that would enable you to hostseveral different virtual machines on a single hardware. The Hypervisor is alsoknown as Virtual Machine Monitor(VMM).The Hypervisor presents the guestoperating Systems with a virtual operating platform and it manages theexecution of the guest operating systems.
Hypervisor is the fundamental partthat guarantee the multi tenancy feature in the cloud computing, The memory bus, disk bus, data and instruction caches and other VMinstances are some of the physicalrecourses.External users can attack against thecloud infrastructure through the network. They can effect data integrity , confidentiality by tampering the communication channels. They can effectthe availability of cloud provider data centres.Internal Users (owners of VM instance) can exploit thehypervisor to attack another VM instance which is by the multitenancy feature ie both the attacker and victim share the same host. It maylead to breaches of confidentiality of sensitive information6The Cloud provider itself might be anattacker. The employees could exploit their privileged position to steal the sensitive user information eitherby physical or logical manipulation of hardware platform .
Table 1: 4 Cloud threats and attacks TYPES EFFECTS SOLUTIONS Threats Different service delivery/receiving model Loss of control over the infrastructure of the cloud Offering services under the control and monitoring Abusive use of cloud computing validation loss, fraud service , stronger attack due to unidentified sign-up Observe the network status, provide robust registration and authentication technique Insecure interface and API Improper authentication and authorization, wrong transmission of the content Data transmission is in encrypted form, strong access control and authentication mechanism Malicious insiders Penetrate organizations resources, damage assets, loss of productivity, affect an operation Use agreement reporting and breach notifications, transparent security and management process Shared technology issues Interfere one user services to other user services by compromising hypervisor Audit configuration and vulnerability, for administrative task use strong authentication and access control mechanisms Data loss and leakage Personal sensitive data can be deleted, destructed, corrupted or modified Provide data storage and backup mechanisms Service/Account hijacking Stolen user account credentials, access the critical area of the cloud, allowing the attacker to compromise the security of the services Adoption of strong authentication mechanisms, security policies, and secure communication channel Risk profiling Internal security operations, security policies, configuration breach, patching, auditing and logging Acknowledge partial logs, data and infrastructure aspect, to secure data use monitoring and altering system Identity theft An aggressor can get identity of a valid user to access that user resources and take credits or other benefits in that user name Use strong multi-tier passwords and authentication mechanisms Attacks Zombie attack(DoS/DDoS attack) Service availability affected, may be create a fake service Strong authentication and authorization Service injection attack Service integrity distressed, Malicious service provided to users instead of valid service Strong isolation mechanisms between VMs, use hash function to check service integrity, Web service security, adopt secure web browsers and API Attack on virtualization/hypervisor Access the credentials and control to another user Need a hypervisor security solutions, monitor hypervisor activities, VM isolation required User to root attacks Affect the privacy of user’s sensitive information and services Use strong password, better authentication mechanism Port scanning Abnormal behaviour of the service, affect service availability Required strong port security Man-in-middle attack Penetrate the data privacy and security Required a proper secure Secure Socket Layer (SSL) architecture Metadata spoofing attack Abnormal behaviour of the service, affect privacy of the service Service functionality and other details should be kept in encrypted form, to access the file required a strong authentication mechanism Phishing attack Affect the privacy of the user credentials that should not be revealed Use secure web link (HTTPS) Backdoor channel attack Affect the service availability and data privacy, provides rights for gaining valid user’s resources Required strong authentication, and isolation mechanisms Table 2:classification of the cloud computing security issues Cloud security issues Data storage and computing security issues Data storage issue Un-trusted computing Data and service availability Cryptography Cloud data recycling Malware Virtualization security issues VMs image management Virtual machine monitor Network virtualization Mobility Issues in virtual machine Malware Internet and services related security issues Advanced repeated threats and venomous outsiders Internet Protocols Web services Web technologies Service availability Network security issues Mobile platforms Circumference security Access control issues Physical access User credentials Entity authentication Authorization Management of user identity Anonymization Software security issues Platform and frameworks User frontend Trust management issues Cloud to cloud trust Human aspect Reputation Trust on the auditability reports Anonymization Compliance and legal aspects Forensics Acts Legal problems Incorrect resource usage metering Governance Table 3:Securitychallenges and risks Threats Risk Description DoS In Denial-of-Service attack, the attacker flooding the server with traffic in order to make services or resources unavailable to cloud users. DDoS A Distributed Denial of Service attack is an attempt to make services unavailable by overwhelming it with traffic from multiple machines that are distributed across the Internet. MitM A Man-in-the-Middle attack is a type of eavesdropping attack where an intruder inserts himself into a conversation between two parties, intercepts sensitive information from users, and then passes it to the third party.
IP Spoofing IP Spoofing is a way to gain unauthorized access to the server, whereby an attacker illegally impersonates an IP address of trusted host to conceal his identity. Packet Sniffing Packet sniffer or analyzer is commonly used to diagnose network-related problems. However, an attacker to capture and analyze all transmitted sensitive information can also use it. Port Scanning Attacker sends queries to search for vulnerable ports on the server and attempts to identify kind of used service.
Session Hijacking An attacker can hijack an active session and masquerade as one of the conversation parties. Phishing Phishing is the attempt to steal sensitive user data such as usernames, passwords, and credit card details. It occurs when an attacker, impersonate an identity of a trusted entity and fools a victim to open an email, or reading an instant message. 4. RELATED WORKIn the present era various number ofapplications are relying on internet such online shopping , stock trading,internet banking, digital bill payment etc., All these public networks need tohave the end to end connection in asecured manner which should also be confidential in order to ensure dataauthentication, confidentiality ,availability integrity as well as accountability.
As per NIST computer security can be defined as theprotection afforded to an automated information system in order to attain theapplicable objectives of preserving the integrity ,availability ofconfidentiality of information system resources(inclusion hardware, software,firmware ,data /information and tele-communications)Security is the process of protectingthe services and information from an unauthorised access, modification ordistruction . In networking the security can be obtained by using cryptography (oneof science and art) is of transforming the messages so thatthey can be protected by attacks.Encryption is one of important mechanism which can ensure the security of sensitiveinformation. The encryption algorithmsare classified into two groups: symmetric key(secret key) and asymmetrickey(public key)Symmetric key: it is also known as conventional encryption is a form of cryptosystemin which encryption and decryption performed using same key 9Asymmetric encryption : In which encryption and decryptionare performed using the different keys ie.
, public key, private key. 9 Figure 5: classification of encryptionmethods 5.EXISTING ALGORITHMS FOR SECURITY In data communication encryption plays a major role to secure the data. Theencryption algorithms used in cloud computing are 1.Symmetric encryption algorithms: In this method sender and receiveruse a single secret key which is used to encrypt and decrypt the messages. Someof the encryption algorithms area) DES(DataEncrytpion Standard): It is a symmetric key algorithm used to encryptthe information. It was developed by IBM in 1970s.
In DES algorithm blockcipher is of 64bits and key is of 56bits. Now a days this algorithm is insecurefor lots of applications.b) 3DES(TrippleData Encryption algorithm): It is developed to overcome the flaws of DESwithout designing a new crypto system.3DES extends the key size of DES by applying the algorithm 3 times insuccession with 3 different keys. The combined key size is thus 168 bits(3times to DES(3*56)).TDEA uses three 64bit keys K1,K2,K3 inEncrypt-Decrypt-Encrypt(EDE) mode. 3DES is slower than other block ciphermethods.
c) AES(AdvancedEncyrption Standard): Is one of the new encryption standard recommendedby NIST to replace DES in 2001. AES can support any combination of data(128bits ) and key length of 128,192 and 256 bits. During encryption anddecryption process AES goes through 10 rounds for 128 bit keys, 12 rounds for192 bit keys and 14 rounds for 256 bit keys to deliver final cipher text. Thedraw back of this algorithm is difficult to implement.
d) BlowFish:Isa symmetric key algorithm designed by Bruce Schneier in the year 1993. It is abasic algorithm developed an option to DES algorithm to overcome many problems that come with manyother algorithms. This algorithm is available in public domain. And can beavailable to free to every one.
e) RC5(RivestCipher): Is a symmetric key algorithm.Mainly known for its simple execution. This is developed by Ronald Rivest in1994. The speed of algorithm is slow comparative to other algorithms 2.Asymmetric Algorithms: These are public key algorithms which generallymake use of different keys for encryption and decryption.
These algorithms aremost important because these can be used for transmission of encryption keys.a) RSA(Rivest-Shamir-Adeleman): Is the most simple and common asymmetricalgorithm used for both encryption and decryption of digital signature. It hasfast encryption key. b) DSA : It is an important algorithm forprocessing the digital data. It was given by the NIST in the year august 1991.c) Diffie-Hellman : Is the earlierasymmetric data standard algorithm developed in the year 1976. This algorithmmost widely used key exchange algorithm 5.
CONCLUSION:Cloud computing provides an enormous benefits of cloud services andresources in various fields. However cloud security issues remain the majorobstacles that may prohibit the adoptionof cloud computing on a large scale. Securityengineering is one of the best practices to provide the best methods andtechniques for developing systems and services which are built for security, sustainabilityand resiliency.
In this paper a comprehensive list of some recommendations havebeen provided to efficiently avoid the security risks and some of theencryption techniques were given, which are facing some problems regarding speedand key length that can be overcome by using ABAC and RBAC algorithms ifpossible along with the combinations of some other trends like iot.