ABSTRACT
In today’s organizations need for several new resources and storage requirements for terabytes of data is generated every day. Cloud computing provides solution for this in a cost effective and efficient manner. Cloud computing provides on demand resources as services to clients. Cloud is highly scalable and flexible. Although it is benefiting the clients in several ways but as data is stored remotely it has many security loopholes like attacks, data lose, other security and authentication issues. In this paper we are proposing an authentication model for cloud computing based on the Kerberos protocol to provide single sign-on and to prevent against DDOS attacks. This model can benefit by filtering against unauthorized access and to reduce the burden, computation and memory usage of cloud against authentication checks for each client. It acts as a third party between cloud servers and clients to allow secure access to cloud services. In this paper we will see some of the related work for cloud security issues and attacks. Then in next section we will discuss the proposed architecture, its working and sequential process of message transmission. Next we will see how it can prevent against DDOS attacks, some benefits and how it provides single sign-on.
A survey on cloud security issues and techniquesijcsa
This document summarizes security issues and techniques related to cloud computing. It discusses common cloud security threats such as multi-tenancy, elasticity, insider and outsider attacks, loss of control, data loss, network attacks, malware injection, and flooding attacks. The document also outlines techniques for securing data in the cloud, including authentication, encryption, privacy, availability, and information management. Finally, it briefly discusses cloud computing security standards like SAML, OAuth, OpenID and SSL/TLS.
The document compares the security of grid computing and cloud computing. Grid computing is considered more mature and has tighter security than cloud computing. Some key differences are:
- Grid computing uses multiple IDs for authentication while cloud often uses a single ID and password.
- Grid security infrastructure (GSI) uses public key protocols for authentication, communication protection, and authorization. Cloud relies more on basic username and password.
- Grid computing enforces service level agreements (SLAs) and policies across sites using distributed enforcement points. Cloud SLA security is simpler.
- The document proposes a new two-factor authentication model for cloud computing that uses graphical passwords and pass point selection on images for added security.
Comparison of data security in grid and cloud computingeSAT Journals
Abstract In the current era, Grid computing and cloud computing are the main fields in the research work. This thesis define which are the main security issues to be considered in cloud computing and grid computing, and how some of these security issues are solved. Comparative study shows the grid security is tighter than the cloud. It also shows cloud computing is less secure and faced security problems. This research work is based on main security problems in cloud computing such as authentication, authorization, access control and security infrastructure (SLA). Cloud infrastructure is based on service level agreement; simply cloud providers provide different services to cloud’s users and organizations with an agreement known SLA. So the security and privacy of user’s data is the main problem, because unauthorized person can’t access the data of cloud user. Hacking and data leakage are the common threats in cloud computing. As the security due to hackers increase over internet and the cloud computing is totally on internet. At this time, cloud computing demand the tight password protection and strong authentication and authorization procedure. For an increased level of security, privacy and password protection, we provide a new strong authentication model named “Two factor authentications using graphical password with pass point scheme”. This authentication model includes the login procedure, access control that is based on service level agreement (SLA) in cloud computing. Index Terms: Cloud computing, Authentication, login, Recognition, Recall, Pass point, security, Cloud Provider, Service level Agreement, Two Factor Authentication
Security Issues in Cloud Computing Solution of DDOS and Introducing Two-Tier ...ijccsa
This document discusses security issues in cloud computing, specifically addressing distributed denial of service (DDoS) attacks and introducing a two-tier CAPTCHA method to improve authentication. It provides background on cloud computing models and challenges, including security concerns over data privacy and availability issues from DDoS attacks. The document proposes a new two-tier CAPTCHA method that generates an alphanumeric CAPTCHA code and image along with a related query to make it more difficult for bot programs to pass, improving security.
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREIJNSA Journal
In a typical cloud computing diverse facilitating components like hardware, software, firmware,
networking, and services integrate to offer different computational facilities, while Internet or a private
network (or VPN) provides the required backbone to deliver the services. The security risks to the cloud
system delimit the benefits of cloud computing like “on-demand, customized resource availability and
performance management”. It is understood that current IT and enterprise security solutions are not
adequate to address the cloud security issues. This paper explores the challenges and issues of security
concerns of cloud computing through different standard and novel solutions. We propose analysis and
architecture for incorporating different security schemes, techniques and protocols for cloud computing,
particularly in Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) systems. The proposed
architecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and
is not coupled with the underlying backbone. This would facilitate to manage the cloud system more
effectively and provide the administrator to include the specific solution to counter the threat. We have also
shown using experimental data how a cloud service provider can estimate the charging based on the
security service it provides and security-related cost-benefit analysis can be estimated.
Security Issues’ in Cloud Computing and its Solutions. IJCERT JOURNAL
Cloud computing is a set of IT services that are provided to a customer over a network on a leased basis and with the ability to scale up or down their service requirements. Usually cloud computing services are delivered by a third party provider who owns the infrastructure. It advantages to mention but a few include scalability, resilience, flexibility, efficiency and outsourcing non-core activities. Cloud computing offers an innovative business model for organizations to adopt IT services without upfront investment. Despite the potential gains achieved from the cloud computing, the organizations are slow in accepting it due to security issues and challenges associated with it. Security is one of the major issues which hamper the growth of cloud. The idea of handing over important data to another company is worrisome; such that the consumers need to be vigilant in understanding the risks of data breaches in this new environment. This paper introduces a detailed analysis of the cloud computing security issues and challenges focusing on the cloud computing types and the service delivery types.
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...iosrjce
Cloud computing is an important transition that makes change in service oriented computing
technology. Cloud service provider follows pay-as-you-go pricing approach which means consumer uses as
many resources as he need and billed by the provider based on the resource consumed. CSP give a quality of
service in the form of a service level agreement. For transparent billing, each billing transaction should be
protected against forgery and false modifications. Although CSPs provide service billing records, they cannot
provide trustworthiness. It is due to user or CSP can modify the billing records. In this case even a third party
cannot confirm that the user’s record is correct or CSPs record is correct. To overcome these limitations we
introduced a secure billing system called THEMIS. For secure billing system THEMIS introduces a concept of
cloud notary authority (CNA). CNA generates mutually verifiable binding information that can be used to
resolve future disputes between user and CSP. This project will produce the secure billing through monitoring
the service level agreement (SLA) by using the SMon module. CNA can get a service logs from SMon and stored
it in a local repository for further reference. Even administrator of a cloud system cannot modify or falsify the
data.
Enhancing Data Integrity in Multi Cloud StorageIJERA Editor
Cloud computing is a way to increase the capacity or add capabilities dynamically without investing in new infrastructure, training new personnel, or licensing new software. Cloud is surrounded by many security issues like securing data and examining the utilization of cloud by the cloud computing vendors. Security is one of the major issues which reduce the growth of cloud computing. A large number of clients or data owners store their data on servers in the cloud and it is provided back to them whenever needed. The data provided should not be jeopardized. Data integrity should be taken into account so that the data is correct, consistent and accessible. For ensuring the integrity in cloud computing environment, cloud storage providers should be trusted. Dealing with single cloud providers is predicted to become less secure with customers due to risks of service availability, failure and the possibility of malicious insiders in the single cloud. This paper deals with multi cloud environments to resolve these issues. The integrity of the data in multi cloud storage has been provided with the help of trusted third party using cryptographic algorithm.
A survey on cloud security issues and techniquesijcsa
This document summarizes security issues and techniques related to cloud computing. It discusses common cloud security threats such as multi-tenancy, elasticity, insider and outsider attacks, loss of control, data loss, network attacks, malware injection, and flooding attacks. The document also outlines techniques for securing data in the cloud, including authentication, encryption, privacy, availability, and information management. Finally, it briefly discusses cloud computing security standards like SAML, OAuth, OpenID and SSL/TLS.
The document compares the security of grid computing and cloud computing. Grid computing is considered more mature and has tighter security than cloud computing. Some key differences are:
- Grid computing uses multiple IDs for authentication while cloud often uses a single ID and password.
- Grid security infrastructure (GSI) uses public key protocols for authentication, communication protection, and authorization. Cloud relies more on basic username and password.
- Grid computing enforces service level agreements (SLAs) and policies across sites using distributed enforcement points. Cloud SLA security is simpler.
- The document proposes a new two-factor authentication model for cloud computing that uses graphical passwords and pass point selection on images for added security.
Comparison of data security in grid and cloud computingeSAT Journals
Abstract In the current era, Grid computing and cloud computing are the main fields in the research work. This thesis define which are the main security issues to be considered in cloud computing and grid computing, and how some of these security issues are solved. Comparative study shows the grid security is tighter than the cloud. It also shows cloud computing is less secure and faced security problems. This research work is based on main security problems in cloud computing such as authentication, authorization, access control and security infrastructure (SLA). Cloud infrastructure is based on service level agreement; simply cloud providers provide different services to cloud’s users and organizations with an agreement known SLA. So the security and privacy of user’s data is the main problem, because unauthorized person can’t access the data of cloud user. Hacking and data leakage are the common threats in cloud computing. As the security due to hackers increase over internet and the cloud computing is totally on internet. At this time, cloud computing demand the tight password protection and strong authentication and authorization procedure. For an increased level of security, privacy and password protection, we provide a new strong authentication model named “Two factor authentications using graphical password with pass point scheme”. This authentication model includes the login procedure, access control that is based on service level agreement (SLA) in cloud computing. Index Terms: Cloud computing, Authentication, login, Recognition, Recall, Pass point, security, Cloud Provider, Service level Agreement, Two Factor Authentication
Security Issues in Cloud Computing Solution of DDOS and Introducing Two-Tier ...ijccsa
This document discusses security issues in cloud computing, specifically addressing distributed denial of service (DDoS) attacks and introducing a two-tier CAPTCHA method to improve authentication. It provides background on cloud computing models and challenges, including security concerns over data privacy and availability issues from DDoS attacks. The document proposes a new two-tier CAPTCHA method that generates an alphanumeric CAPTCHA code and image along with a related query to make it more difficult for bot programs to pass, improving security.
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREIJNSA Journal
In a typical cloud computing diverse facilitating components like hardware, software, firmware,
networking, and services integrate to offer different computational facilities, while Internet or a private
network (or VPN) provides the required backbone to deliver the services. The security risks to the cloud
system delimit the benefits of cloud computing like “on-demand, customized resource availability and
performance management”. It is understood that current IT and enterprise security solutions are not
adequate to address the cloud security issues. This paper explores the challenges and issues of security
concerns of cloud computing through different standard and novel solutions. We propose analysis and
architecture for incorporating different security schemes, techniques and protocols for cloud computing,
particularly in Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) systems. The proposed
architecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and
is not coupled with the underlying backbone. This would facilitate to manage the cloud system more
effectively and provide the administrator to include the specific solution to counter the threat. We have also
shown using experimental data how a cloud service provider can estimate the charging based on the
security service it provides and security-related cost-benefit analysis can be estimated.
Security Issues’ in Cloud Computing and its Solutions. IJCERT JOURNAL
Cloud computing is a set of IT services that are provided to a customer over a network on a leased basis and with the ability to scale up or down their service requirements. Usually cloud computing services are delivered by a third party provider who owns the infrastructure. It advantages to mention but a few include scalability, resilience, flexibility, efficiency and outsourcing non-core activities. Cloud computing offers an innovative business model for organizations to adopt IT services without upfront investment. Despite the potential gains achieved from the cloud computing, the organizations are slow in accepting it due to security issues and challenges associated with it. Security is one of the major issues which hamper the growth of cloud. The idea of handing over important data to another company is worrisome; such that the consumers need to be vigilant in understanding the risks of data breaches in this new environment. This paper introduces a detailed analysis of the cloud computing security issues and challenges focusing on the cloud computing types and the service delivery types.
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...iosrjce
Cloud computing is an important transition that makes change in service oriented computing
technology. Cloud service provider follows pay-as-you-go pricing approach which means consumer uses as
many resources as he need and billed by the provider based on the resource consumed. CSP give a quality of
service in the form of a service level agreement. For transparent billing, each billing transaction should be
protected against forgery and false modifications. Although CSPs provide service billing records, they cannot
provide trustworthiness. It is due to user or CSP can modify the billing records. In this case even a third party
cannot confirm that the user’s record is correct or CSPs record is correct. To overcome these limitations we
introduced a secure billing system called THEMIS. For secure billing system THEMIS introduces a concept of
cloud notary authority (CNA). CNA generates mutually verifiable binding information that can be used to
resolve future disputes between user and CSP. This project will produce the secure billing through monitoring
the service level agreement (SLA) by using the SMon module. CNA can get a service logs from SMon and stored
it in a local repository for further reference. Even administrator of a cloud system cannot modify or falsify the
data.
Enhancing Data Integrity in Multi Cloud StorageIJERA Editor
Cloud computing is a way to increase the capacity or add capabilities dynamically without investing in new infrastructure, training new personnel, or licensing new software. Cloud is surrounded by many security issues like securing data and examining the utilization of cloud by the cloud computing vendors. Security is one of the major issues which reduce the growth of cloud computing. A large number of clients or data owners store their data on servers in the cloud and it is provided back to them whenever needed. The data provided should not be jeopardized. Data integrity should be taken into account so that the data is correct, consistent and accessible. For ensuring the integrity in cloud computing environment, cloud storage providers should be trusted. Dealing with single cloud providers is predicted to become less secure with customers due to risks of service availability, failure and the possibility of malicious insiders in the single cloud. This paper deals with multi cloud environments to resolve these issues. The integrity of the data in multi cloud storage has been provided with the help of trusted third party using cryptographic algorithm.
Cloud computing has become one of the most interesting topics in the IT world today. Cloud model of computing as a resource has changed the landscape of computing as it promises of increased greater reliability, massive scalability, and decreased costs have attracted businesses and individuals alike. It adds capabilities to Information Technology’s. Over the last few years, cloud computing has grown considerably in Information Technology. As more and more information of individuals and companies are placed in the cloud, there is a growing concern about the safety of information. Many Companies that are considered to be giants in software industry like Microsoft are joining to develop Cloud services [1]. Despite the hype about the cloud, customers are reluctant to deploy their business in the cloud. Security issues is one of the biggest concerns that has been affecting the growth of cloud computing .It adds complications with data privacy and data protection continues to affect the market. Users need to understand the risk of data breaches in the cloud environment. The paper highlights issues related to cloud computing.
This document discusses security issues related to cloud computing. It begins with an introduction to cloud computing models including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). It then discusses potential security attacks to clouds like denial of service attacks and man-in-the-middle attacks. Security concerns with moving data and applications to the cloud are outlined. Techniques for securely publishing data in the cloud are also presented. The document concludes that security in cloud computing is challenging due to the complexity of clouds but that assurance of secure and mission-critical operations is important.
This document proposes a new method for improving cloud computing security using RSA encryption with Fermat's Little Theorem. RSA is widely used for encryption but has drawbacks related to key generation time. Fermat's Little Theorem can help speed up the RSA key generation process. The document discusses cloud computing concepts and challenges, related work on encryption techniques for cloud security, an overview of the RSA algorithm and its security, and how the proposed method would integrate Fermat's Little Theorem into RSA key generation to improve encryption performance for cloud computing.
This document summarizes recent research on security issues related to single cloud and multi-cloud storage models. It finds that relying on a single cloud service provider poses risks to data availability and integrity if the provider experiences an outage. Storing data across multiple cloud providers (a multi-cloud model) can help address these issues but may increase costs. The document surveys various techniques proposed in recent research to improve security, availability, and integrity in single and multi-cloud environments, such as homomorphic tokens, file division, and the Depsky model. It concludes that while single cloud has been more widely researched, multi-cloud is an important area of ongoing work to help overcome the security and cost challenges of cloud storage.
This document discusses security issues related to cloud computing. It begins with an introduction to cloud computing models including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). It then discusses potential security threats in cloud computing like denial of service attacks, side channel attacks, and man-in-the-middle cryptographic attacks. The document proposes a layered framework for assured cloud computing and techniques for secure publication of data in the cloud, including encryption. It concludes that achieving end-to-end security in cloud computing will be challenging due to complexity, but that more secure operations can be ensured even if some parts of the cloud fail.
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...IJERA Editor
In this paper, SMCSaaS is proposed to secure email system based on Web Service and Cloud Computing
Model. The model offers end-to-end security, privacy, and non-repudiation of PKI without the associated
infrastructure complexity. The Proposed Model control risks in Cloud Computing like Insecure Application
Programming Interfaces, Malicious Insiders, Data Loss Shared Technology Vulnerabilities, or Leakage,
Account, Service, Traffic Hijacking and Unknown Risk Profile
A survey on data security in cloud computing issues and mitigation techniqueseSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
This document summarizes a literature review on security issues and techniques in cloud computing. It discusses several common security issues in cloud computing including multi-tenancy, insider attacks, outsider attacks, elasticity, security performance and optimization, information integrity and privacy, and network level attacks. It also describes some techniques for securing data in cloud computing such as encryption algorithms, authentication and identity management, and auditing support. Finally, it discusses some risks and considerations regarding cloud computing security such as insecure APIs, data loss, identity theft, and shared technology issues.
A traditional computing environment requires a costly
infrastructure to offer a better service to users. The introduction
of cloud computing has changed the working environment from
traditional to virtual. A larger number of IT companies are
utilizing the cloud. On the one hand, the cloud attracts more
number of consumers by offering services with minimized
capital cost and virtual infrastructure. On the other hand, there
are a risk and security challenges in cloud computing that
makes the user not to move completely towards it. The cloud
environment is more vulnerable to security breaches and data
theft. Moreover, insider attacks are more frequent in larger
enterprises. An unauthenticated user can cause more damage
to company reputation. The cloud service providers are trying
to provide a secure work environment for users. However,
there is a lack of global standards and policies to invoke
security measures in cloud computing. This study aims to
highlight and classify security challenges and trust issues in the
cloud environment.
The survey was conducted in various institutions and
governmental organizations in Saudi Arabia to study the
opinions of stakeholders on cloud computing security
challenges and risks.
Links:
http://sites.google.com/site/ijcsis/
https://google.academia.edu/JournalofComputerScience
https://www.linkedin.com/in/ijcsis-research-publications-8b916516/
http://www.researcherid.com/rid/E-1319-2016
Security policy enforcement in cloud infrastructurecsandit
This document proposes an architecture for implementing security in cloud computing systems, particularly for Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) models. It discusses key security issues like confidentiality, integrity, and authentication in cloud systems. It then proposes a framework that incorporates solutions like homomorphic encryption to ensure confidentiality while still allowing data processing, as well as using standards like XACML for flexible policy-based access control and authentication. The goal is to provide an integrated security solution as a service for cloud platforms.
Improve HLA based Encryption Process using fixed Size Aggregate Key generationEditor IJMTER
Cloud computing is an innovative idea for IT industries which provides several services to
users. In cloud computing secure authentication and data integrity of data is a major challenge, due to
internal and external threats. For improvement in data security over cloud, various techniques are
used.MAC based authentication is one of them, which suffers from undesirable systematic demerits
which have bounded usage and not secure verification, which may pose additional online load to users,
in a public auditing setting. Reliable and secure auditing are also challenging in cloud. In Cloud auditing
existing audit systems are based on aggregate key HLA algorithm. This algorithm is based on variable
sizes, different aggregate key generation, which encounters with security issues at decryption level.
Current Scheme generates a high length of key decryption that encounters with problem of space
complexity. To overcome these issues, We can improve HLA algorithm by improve aggregate key
generation, based on fixed key size. This algorithm generates constant aggregate key which will
overcomes problem of sharing of keys, security issues and space complexity.
Fog computing extends cloud computing by providing security and data processing capabilities at the edge of the network, close to end users and devices. It aims to address issues like high latency and bandwidth usage that can occur when all data processing is done in the cloud. Fog computing deploys computing, storage, and applications between end devices and cloud data centers so that data can be processed locally when needed. This helps enable real-time applications like smart energy grids that require low latency responses by running applications on edge devices instead of sending all data to the cloud.
Cloud Computing is benefiting to both cloud hosts and consumers by providing elastic services as a utility. These
services are provided on the basis of Service Level Agreement (SLA). Security and privacy are major issues when dealing with a multi - tenant model of cloud. Consumers are provided computing power in terms of virtual machines (VMs). A consumer can have many VMs at a time. Multiple consumers can get different VMs from the same server. This may lead to cross-VM attacks. This paper introduces a new framework: SAFETY (Security Awareness Framework for Everyone's Task with You), for maintaining security from cross-VM attacks, Data
leakage, VM theft, VM escape, Hyper jacking and VM Hopping. Experiments and results show that this framework is suitable and can be used for secure operations at cloud host side.
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...IJCNCJournal
Cloud computing is utility-based computing provides many benefits to its clients but security is one aspect which is delaying its adoptions. Security challenges include data security, network security and infrastructure security. Data security can be achieved using Cryptography. If we include location information in the encryption and decryption process then we can bind access to data with the location so that data can be accessed only from the specified locations. In this paper, we propose a method based on the symmetric cryptography, location-based cryptography and ciphertext policy – Attribute-based encryption (CP-ABE) to implements secure access control to the outsourced data. The Symmetric key is used to encrypt that data whereas CP-ABE is used to encrypt the secret key and the location lock value before uploading on the server. User will download encrypted data and the symmetric secret key XORed with the Location Lock value, using his attributes based secret key he can obtain first XORed value of Symmetric secret key and location lock value. Using anti-spoof GPS Location lock value can be obtained which can be used to retrieve the symmetric secret key. We have adopted Massage Authentication Code (MAC) to ensure Integrity and Availability of the data. This protocol can be used in the Bank, government organization, military services or any other industry those are having their offices/work location at a fixed place, so data access can be bounded to that location.
Assurance of Security and Privacy Requirements for Cloud Deployment ModelIJMTST Journal
Regardless of the few advantages of relocating endeavor basic resources for the Cloud, there are challenges particularly identified with security and protection. It is imperative that Cloud Users comprehend their security and protection needs, in light of their particular setting and select cloud show best fit to help these requirements. The writing gives works that attention on talking about security and protection issues for cloud frameworks yet such works don't give a nitty gritty methodological way to deal with evoke security and security necessities neither one of the to choose cloud arrangement models in view of fulfillment of these prerequisites by Cloud Service Providers. This work propels the present best in class towards this bearing. Specifically, we consider necessities designing ideas to inspire and dissect security and protection prerequisites and their related instruments utilizing an applied structure and an orderly procedure. The work presents confirmation as proof for fulfilling the security and protection necessities as far as culmination and reportable of security occurrence through review. This enables point of view cloud clients to characterize their confirmation prerequisites with the goal that proper cloud models can be chosen for a given setting. To exhibit our work, we display comes about because of a genuine contextual analysis in view of the Greek National Gazette.
Cloud Computing Using Encryption and Intrusion Detectionijsrd.com
Cloud computing provides many benefits to the users such as accessibility and availability. As the data is available over the cloud, it can be accessed by different users. There may be sensitive data of organization. This is the one issue to provide access to authenticated users only. But the data can be accessed by the owner of the cloud. So to avoid getting data being accessed by the cloud owner, we will use the intrusion detection system to provide security to the data. The other issue is to save the data backup in other cloud in encrypted form so that load balancing can be done. This will help the user with data availability in case of failure of one cloud.
A Security Model for Virtual Infrastructure in the CloudEditor IJCATR
1) The document proposes a new security model called the cloud protection system for virtual infrastructure in cloud computing.
2) The model aims to increase security in the cloud by more accurately monitoring virtual machines and cloud infrastructure components to detect threats like denial of service attacks.
3) The key components of the proposed model include monitoring core cloud components and middleware, detecting any unauthorized changes, and prioritizing packet processing to avoid dropping important packets during denial of service attacks.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
An approach for secured data transmission at client end in cloud computingIAEME Publication
This document summarizes a research paper that proposes an algorithm for securing data transmission between a client and cloud server in cloud computing environments. The algorithm uses an authentication function and key that are updated during transmission to verify authorization and detect any modifications by potential attackers. When a client connects to a server, they both initialize the key to the same value. Then, the key is incremented by one for each packet sent or received. If a client wants to verify security, it can send a packet with the current key value to the server for matching. This helps prevent man-in-the-middle attacks by making it difficult for attackers to modify packets without knowing the updated key values. The approach aims to securely transmit sensitive data from cloud servers
Single Sign-On (SSO) for Cloud Based Applicationsarj_presenter
Single Sign-On (SSO) allows users to access multiple cloud applications with a single set of login credentials. SSO provides a solution to the problems of users needing multiple accounts for different services, having to remember numerous passwords, and passwords expiring regularly. SSO permits users to login once to gain access to all their cloud applications without being prompted to login again separately to each one.
This document provides an overview of Hidden Markov Models (HMM). HMMs are statistical models used to model systems where an underlying process produces observable outputs. In HMMs, the observations are modeled as a Markov process with hidden states that are not directly observable, but can only be inferred through the observable outputs. The document describes the key components of HMMs including transition probabilities, emission probabilities, and the initial distribution. Examples of applications like speech recognition and bioinformatics are provided. Finally, common algorithms for HMMs like Forward, Baum-Welch, Backward, and Viterbi are listed for performing inference on the hidden states given observed sequences.
Cloud computing has become one of the most interesting topics in the IT world today. Cloud model of computing as a resource has changed the landscape of computing as it promises of increased greater reliability, massive scalability, and decreased costs have attracted businesses and individuals alike. It adds capabilities to Information Technology’s. Over the last few years, cloud computing has grown considerably in Information Technology. As more and more information of individuals and companies are placed in the cloud, there is a growing concern about the safety of information. Many Companies that are considered to be giants in software industry like Microsoft are joining to develop Cloud services [1]. Despite the hype about the cloud, customers are reluctant to deploy their business in the cloud. Security issues is one of the biggest concerns that has been affecting the growth of cloud computing .It adds complications with data privacy and data protection continues to affect the market. Users need to understand the risk of data breaches in the cloud environment. The paper highlights issues related to cloud computing.
This document discusses security issues related to cloud computing. It begins with an introduction to cloud computing models including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). It then discusses potential security attacks to clouds like denial of service attacks and man-in-the-middle attacks. Security concerns with moving data and applications to the cloud are outlined. Techniques for securely publishing data in the cloud are also presented. The document concludes that security in cloud computing is challenging due to the complexity of clouds but that assurance of secure and mission-critical operations is important.
This document proposes a new method for improving cloud computing security using RSA encryption with Fermat's Little Theorem. RSA is widely used for encryption but has drawbacks related to key generation time. Fermat's Little Theorem can help speed up the RSA key generation process. The document discusses cloud computing concepts and challenges, related work on encryption techniques for cloud security, an overview of the RSA algorithm and its security, and how the proposed method would integrate Fermat's Little Theorem into RSA key generation to improve encryption performance for cloud computing.
This document summarizes recent research on security issues related to single cloud and multi-cloud storage models. It finds that relying on a single cloud service provider poses risks to data availability and integrity if the provider experiences an outage. Storing data across multiple cloud providers (a multi-cloud model) can help address these issues but may increase costs. The document surveys various techniques proposed in recent research to improve security, availability, and integrity in single and multi-cloud environments, such as homomorphic tokens, file division, and the Depsky model. It concludes that while single cloud has been more widely researched, multi-cloud is an important area of ongoing work to help overcome the security and cost challenges of cloud storage.
This document discusses security issues related to cloud computing. It begins with an introduction to cloud computing models including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). It then discusses potential security threats in cloud computing like denial of service attacks, side channel attacks, and man-in-the-middle cryptographic attacks. The document proposes a layered framework for assured cloud computing and techniques for secure publication of data in the cloud, including encryption. It concludes that achieving end-to-end security in cloud computing will be challenging due to complexity, but that more secure operations can be ensured even if some parts of the cloud fail.
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...IJERA Editor
In this paper, SMCSaaS is proposed to secure email system based on Web Service and Cloud Computing
Model. The model offers end-to-end security, privacy, and non-repudiation of PKI without the associated
infrastructure complexity. The Proposed Model control risks in Cloud Computing like Insecure Application
Programming Interfaces, Malicious Insiders, Data Loss Shared Technology Vulnerabilities, or Leakage,
Account, Service, Traffic Hijacking and Unknown Risk Profile
A survey on data security in cloud computing issues and mitigation techniqueseSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
This document summarizes a literature review on security issues and techniques in cloud computing. It discusses several common security issues in cloud computing including multi-tenancy, insider attacks, outsider attacks, elasticity, security performance and optimization, information integrity and privacy, and network level attacks. It also describes some techniques for securing data in cloud computing such as encryption algorithms, authentication and identity management, and auditing support. Finally, it discusses some risks and considerations regarding cloud computing security such as insecure APIs, data loss, identity theft, and shared technology issues.
A traditional computing environment requires a costly
infrastructure to offer a better service to users. The introduction
of cloud computing has changed the working environment from
traditional to virtual. A larger number of IT companies are
utilizing the cloud. On the one hand, the cloud attracts more
number of consumers by offering services with minimized
capital cost and virtual infrastructure. On the other hand, there
are a risk and security challenges in cloud computing that
makes the user not to move completely towards it. The cloud
environment is more vulnerable to security breaches and data
theft. Moreover, insider attacks are more frequent in larger
enterprises. An unauthenticated user can cause more damage
to company reputation. The cloud service providers are trying
to provide a secure work environment for users. However,
there is a lack of global standards and policies to invoke
security measures in cloud computing. This study aims to
highlight and classify security challenges and trust issues in the
cloud environment.
The survey was conducted in various institutions and
governmental organizations in Saudi Arabia to study the
opinions of stakeholders on cloud computing security
challenges and risks.
Links:
http://sites.google.com/site/ijcsis/
https://google.academia.edu/JournalofComputerScience
https://www.linkedin.com/in/ijcsis-research-publications-8b916516/
http://www.researcherid.com/rid/E-1319-2016
Security policy enforcement in cloud infrastructurecsandit
This document proposes an architecture for implementing security in cloud computing systems, particularly for Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) models. It discusses key security issues like confidentiality, integrity, and authentication in cloud systems. It then proposes a framework that incorporates solutions like homomorphic encryption to ensure confidentiality while still allowing data processing, as well as using standards like XACML for flexible policy-based access control and authentication. The goal is to provide an integrated security solution as a service for cloud platforms.
Improve HLA based Encryption Process using fixed Size Aggregate Key generationEditor IJMTER
Cloud computing is an innovative idea for IT industries which provides several services to
users. In cloud computing secure authentication and data integrity of data is a major challenge, due to
internal and external threats. For improvement in data security over cloud, various techniques are
used.MAC based authentication is one of them, which suffers from undesirable systematic demerits
which have bounded usage and not secure verification, which may pose additional online load to users,
in a public auditing setting. Reliable and secure auditing are also challenging in cloud. In Cloud auditing
existing audit systems are based on aggregate key HLA algorithm. This algorithm is based on variable
sizes, different aggregate key generation, which encounters with security issues at decryption level.
Current Scheme generates a high length of key decryption that encounters with problem of space
complexity. To overcome these issues, We can improve HLA algorithm by improve aggregate key
generation, based on fixed key size. This algorithm generates constant aggregate key which will
overcomes problem of sharing of keys, security issues and space complexity.
Fog computing extends cloud computing by providing security and data processing capabilities at the edge of the network, close to end users and devices. It aims to address issues like high latency and bandwidth usage that can occur when all data processing is done in the cloud. Fog computing deploys computing, storage, and applications between end devices and cloud data centers so that data can be processed locally when needed. This helps enable real-time applications like smart energy grids that require low latency responses by running applications on edge devices instead of sending all data to the cloud.
Cloud Computing is benefiting to both cloud hosts and consumers by providing elastic services as a utility. These
services are provided on the basis of Service Level Agreement (SLA). Security and privacy are major issues when dealing with a multi - tenant model of cloud. Consumers are provided computing power in terms of virtual machines (VMs). A consumer can have many VMs at a time. Multiple consumers can get different VMs from the same server. This may lead to cross-VM attacks. This paper introduces a new framework: SAFETY (Security Awareness Framework for Everyone's Task with You), for maintaining security from cross-VM attacks, Data
leakage, VM theft, VM escape, Hyper jacking and VM Hopping. Experiments and results show that this framework is suitable and can be used for secure operations at cloud host side.
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...IJCNCJournal
Cloud computing is utility-based computing provides many benefits to its clients but security is one aspect which is delaying its adoptions. Security challenges include data security, network security and infrastructure security. Data security can be achieved using Cryptography. If we include location information in the encryption and decryption process then we can bind access to data with the location so that data can be accessed only from the specified locations. In this paper, we propose a method based on the symmetric cryptography, location-based cryptography and ciphertext policy – Attribute-based encryption (CP-ABE) to implements secure access control to the outsourced data. The Symmetric key is used to encrypt that data whereas CP-ABE is used to encrypt the secret key and the location lock value before uploading on the server. User will download encrypted data and the symmetric secret key XORed with the Location Lock value, using his attributes based secret key he can obtain first XORed value of Symmetric secret key and location lock value. Using anti-spoof GPS Location lock value can be obtained which can be used to retrieve the symmetric secret key. We have adopted Massage Authentication Code (MAC) to ensure Integrity and Availability of the data. This protocol can be used in the Bank, government organization, military services or any other industry those are having their offices/work location at a fixed place, so data access can be bounded to that location.
Assurance of Security and Privacy Requirements for Cloud Deployment ModelIJMTST Journal
Regardless of the few advantages of relocating endeavor basic resources for the Cloud, there are challenges particularly identified with security and protection. It is imperative that Cloud Users comprehend their security and protection needs, in light of their particular setting and select cloud show best fit to help these requirements. The writing gives works that attention on talking about security and protection issues for cloud frameworks yet such works don't give a nitty gritty methodological way to deal with evoke security and security necessities neither one of the to choose cloud arrangement models in view of fulfillment of these prerequisites by Cloud Service Providers. This work propels the present best in class towards this bearing. Specifically, we consider necessities designing ideas to inspire and dissect security and protection prerequisites and their related instruments utilizing an applied structure and an orderly procedure. The work presents confirmation as proof for fulfilling the security and protection necessities as far as culmination and reportable of security occurrence through review. This enables point of view cloud clients to characterize their confirmation prerequisites with the goal that proper cloud models can be chosen for a given setting. To exhibit our work, we display comes about because of a genuine contextual analysis in view of the Greek National Gazette.
Cloud Computing Using Encryption and Intrusion Detectionijsrd.com
Cloud computing provides many benefits to the users such as accessibility and availability. As the data is available over the cloud, it can be accessed by different users. There may be sensitive data of organization. This is the one issue to provide access to authenticated users only. But the data can be accessed by the owner of the cloud. So to avoid getting data being accessed by the cloud owner, we will use the intrusion detection system to provide security to the data. The other issue is to save the data backup in other cloud in encrypted form so that load balancing can be done. This will help the user with data availability in case of failure of one cloud.
A Security Model for Virtual Infrastructure in the CloudEditor IJCATR
1) The document proposes a new security model called the cloud protection system for virtual infrastructure in cloud computing.
2) The model aims to increase security in the cloud by more accurately monitoring virtual machines and cloud infrastructure components to detect threats like denial of service attacks.
3) The key components of the proposed model include monitoring core cloud components and middleware, detecting any unauthorized changes, and prioritizing packet processing to avoid dropping important packets during denial of service attacks.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
An approach for secured data transmission at client end in cloud computingIAEME Publication
This document summarizes a research paper that proposes an algorithm for securing data transmission between a client and cloud server in cloud computing environments. The algorithm uses an authentication function and key that are updated during transmission to verify authorization and detect any modifications by potential attackers. When a client connects to a server, they both initialize the key to the same value. Then, the key is incremented by one for each packet sent or received. If a client wants to verify security, it can send a packet with the current key value to the server for matching. This helps prevent man-in-the-middle attacks by making it difficult for attackers to modify packets without knowing the updated key values. The approach aims to securely transmit sensitive data from cloud servers
Single Sign-On (SSO) for Cloud Based Applicationsarj_presenter
Single Sign-On (SSO) allows users to access multiple cloud applications with a single set of login credentials. SSO provides a solution to the problems of users needing multiple accounts for different services, having to remember numerous passwords, and passwords expiring regularly. SSO permits users to login once to gain access to all their cloud applications without being prompted to login again separately to each one.
This document provides an overview of Hidden Markov Models (HMM). HMMs are statistical models used to model systems where an underlying process produces observable outputs. In HMMs, the observations are modeled as a Markov process with hidden states that are not directly observable, but can only be inferred through the observable outputs. The document describes the key components of HMMs including transition probabilities, emission probabilities, and the initial distribution. Examples of applications like speech recognition and bioinformatics are provided. Finally, common algorithms for HMMs like Forward, Baum-Welch, Backward, and Viterbi are listed for performing inference on the hidden states given observed sequences.
- Hidden Markov models (HMMs) are statistical models where the system is assumed to be a Markov process with hidden states. Each state has a number of possible transitions to other states, each with an assigned probability.
- There are three main issues in HMMs: model evaluation, decoding the most probable path, and model training.
- HMMs have applications in areas like speech recognition, gesture recognition, language modeling, and video analysis.
The document summarizes recent news articles related to freshwater biology and conservation from around the world. It discusses the following:
1) A study finding that freshwater creatures were less affected by the asteroid impact that killed the dinosaurs than other habitats, as many freshwater species are adapted to periods of low oxygen.
2) Efforts in the UK to install bristly boards and eel passes on rivers to help endangered eel populations recover in lakes like Windermere.
3) Research demonstrating that ecosystems can change long before species are actually lost, using studies of dragonflies and diving beetles.
The document discusses the Upstate South Carolina region's participation in the global economy. It notes that 95% of the world's population and 80% of global purchasing power are outside the US. The Upstate aims to capture a share of the projected 85% of economic growth occurring outside the US by developing a comprehensive global engagement strategy. This would involve increasing exports and foreign direct investment through partnerships with other metropolitan regions and a 4-year learning and action network program coordinated by the Brookings Institution. The goal is to make the Upstate more globally competitive and diversify its economy.
Program Indonesian Leadership Awards (ILA) 2014 memberikan beasiswa bagi siswa terbaik Indonesia untuk belajar di universitas terbaik di dunia. Persyaratan meliputi prestasi akademik tinggi dan nilai TOEFL/IELTS. Seleksi dilakukan melalui tiga tahap ujian tertulis dan wawancara, dengan pemenang mendapat beasiswa biaya kuliah dan hidup. Program ini diselenggarakan oleh Kementerian Agama RI bekerja sama dengan universitas mitra.
This document discusses appropriate antibiotic use and how to prevent the spread of illness. It explains that antibiotics only work on bacterial infections, not viral infections like colds and flu. Taking antibiotics when not needed can lead to antibiotic-resistant bacteria. Proper handwashing and completing antibiotic prescriptions are important for preventing the spread of infection and ensuring antibiotics remain effective.
1. The document describes a knock out bunkers battle drill that begins as a movement to contact.
2. During the movement, the squad leader determines that one fire team can suppress the enemy while the other maneuvers to flank and assault a bunker.
3. The assault team then moves into position under cover to attack and knock out the bunker with the support of suppressive fire from the other team.
Application server adalah middleware yang digunakan klien untuk mengakses data secara dinamis dari MySQL. Biasanya menerapkan user management untuk menentukan siapa saja yang bisa mengakses dan menyimpan data pengguna di database atau directory server. Juga melakukan verifikasi setiap upaya klien untuk mengakses sumber daya dan melindungi sumber daya dari akses yang tidak sah.
Peraturan Menteri ini mengatur perubahan standar biaya penilaian kinerja pengelolaan hutan produksi lestari dan verifikasi legalitas kayu khususnya untuk industri rumah tangga/pengrajin, TDI, IUI, IUIPHHK, dan tempat penampungan terdaftar. Peraturan ini menetapkan standar biaya baru untuk kegiatan tersebut.
The document proposes creating a unique Internet space for pregnant women to find answers to questions, support, and connect with healthcare specialists. It sees a large market opportunity and proposes a business model supported by ads, services, and marketing research. The team is seeking $200,000 investment over 6 months to build the platform, develop recommendation systems, attract users and doctors, and provide technical support. The proposal expects to profit by connecting 100,000 pregnant women with a virtual doctor community, selling medical recommendations, and developing a new healthcare format and genetic medicine.
Este documento es la edición número 26 de la revista infantil "Niños del Siglo" de mayo de 2012. Agradece a los asistentes a la fiesta de aniversario y felicita a los que no pudieron asistir. Celebra su 2o aniversario y la primavera. Resalta las secciones de Biblia, consejos, salud, recetas y juegos. Anima a los lectores a participar enviando sugerencias para mejorar la revista.
Praktikum5 komdat_SHARE FILE DARI KOMPUTER HOST KE GUESTJefri Fahrian
Laporan praktikum ini membahas cara berbagi file dari komputer host ke komputer guest menggunakan VirtualBox. Langkah-langkahnya meliputi instalasi VirtualBox dan VBoxGuestAddition pada komputer guest, mengaktifkan fitur berbagi folder, memilih folder yang akan dibagikan, dan merestart komputer guest untuk mengakses folder yang dibagikan.
The strategic plan overview outlines the mission, vision, and strategic goals of Children's Hospital and Regional Medical Center over the next 5 years. The hospital's mission is to prevent, treat and eliminate pediatric disease with community support. Its vision is to be the best children's hospital by providing excellent and compassionate care, superior and accessible services, attracting top talent, conducting leading research, and achieving worldwide prominence through integration. The strategic plan details 6 key components, including building nationally recognized care programs, improving access and services, developing future health leaders, conducting impactful research, recruiting the best staff, and securing the hospital's financial future through community support.
Presented in Salt Lake City, this lecture offered participants strategies for working with state policy makers to further their business goals through proactive legislation.
This document provides an overview of oil and gas production processes. It discusses how surface equipment is used to collect, separate, treat, store, and measure oil and gas from wells. It also describes common production costs, the production process from the wellhead to storage and processing, and methods for allocating production costs. Finally, it discusses standards for measuring oil and gas production volumes and quality, as well as performance metrics used to evaluate production efficiency.
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...cscpconf
Deployment of using cloud services as a new approach to keep people's platforms, Infrastructure and applications has become an important issue in the world of communications technology. This is a very useful paradigm for humans to obtain their essential needs simpler, faster ,more flexible, and safer than before. But there are many concerns about this system challenge. Security is the most important challenge for cloud systems. In this paper we design and explain the procedure of implementation of a new method for cloud services based on multi clouds on our platform which supplies security and privacy more than other clouds. We introduce some confidentiality and security methods in each layer to have a secure access to requirements. The architecture of our method and the implementation of method on our selected platform for each layer are introduced in this paper.
Design and implement a new cloud security method based on multi clouds on ope...csandit
Deployment of using cloud services as a new approach to keep people's platforms,
Infrastructure and applications has become an important issue in the world of communications
technology. This is a very useful paradigm for humans to obtain their essential needs simpler,
faster ,more flexible, and safer than before. But there are many concerns about this system
challenge. Security is the most important challenge for cloud systems. In this paper we design
and explain the procedure of implementation of a new method for cloud services based on multi
clouds on our platform which supplies security and privacy more than other clouds. We
introduce some confidentiality and security methods in each layer to have a secure access to
requirements. The architecture of our method and the implementation of method on our selected
platform for each layer are introduced in this paper.
Challenges and Mechanisms for Securing Data in Mobile Cloud Computingijcnes
Cloud computing enables users to utilize the services of computing resources. Now days computing resources in mobile applications are being delivered with cloud computing. As there is a growing need for new mobile applications, usage of cloud computing can not be overlooked. Cloud service providers offers the services for the data request in a remote server. Virtualization aspect of cloud computing in mobile applications felicitates better utilization of resources. The industry needs to address the foremost security risk in the underlying technology. The cloud computing environment in mobile applications aggravated with various security problems. This paper addresses challenges in securing data in cloud for mobile Cloud computing and few mechanisms to overcome.
Cloud computing security through symmetric cipher modelijcsit
Cloud computing can be defined as an application and services which runs on distributed network using
virtualized and it is accessed through internet protocols and networking. Cloud computing resources and
virtual and limitless and information’s of the physical systems on which software running are abstracted
from the user. Cloud Computing is a style of computing in which dynamically scalable and often virtualized
resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or
control over the technology infrastructure in the "cloud" that supports them. To satisfy the needs of the
users the concept is to incorporate technologies which have the common theme of reliance on the internet
Software and data are stored on the servers whereas cloud computing services are provided through
applications online which can be accessed from web browsers. Lack of security and access control is the
major drawback in the cloud computing as the users deal with sensitive data to public clouds .Multiple
virtual machine in cloud can access insecure information flows as service provider; therefore to implement
the cloud it is necessary to build security. Therefore the main aim of this paper is to provide cloud
computing security through symmetric cipher model. This article proposes symmetric cipher model in
order to implement cloud computing security so that data can accessed and stored securely.
Establishing applications on on-demand infrastructures rather of building applica-tions on fixed and rigid infrastructures was provided by cloud computing provides. By merely exploiting into the cloud, initiatives can gain fast access to business applications or infrastructure resources with decreased Capital Expenditure (CAPEX). The more and more information is placed into the cloud by someone and initiatives, security issues begins to develop and raised. This paper discusses the different security issues that rise up about how secure the mo-bile cloud computing environment.
This document describes a proposed design for a trustworthy and secure billing system for cloud computing. It discusses the need for such a system given that users and cloud service providers could potentially modify or falsify billing records. The proposed system, called THEMIS, would introduce a Cloud Notary Authority (CNA) to generate mutually verifiable binding information from service logs monitored by an SMon module. This binding information could then be used to resolve any future disputes over billing between users and providers. The CNA would store the service logs locally so that even administrators could not modify or falsify the data, improving the trustworthiness and security of the billing process.
Abstract--The paper identifies the issues and the solution to overcome these problems. Cloud computing is a subscription based service where we can obtain networked storage space and computer resources. This technology has the capacity to admittance a common collection of resources on request. It is the application provided in the form of service over the internet and system hardware in the data centers that gives these services. But having many advantages for IT organizations cloud has some issues that must be consider during its deployment. The main concern is security privacy and trust. There are various issues that need to be dealt with respect to security and privacy in a cloud computing scenario [4].
Keywords--Cloud, Issues, Security, Privacy, Resources, Technology.
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...Salam Shah
Cloud computing has attracted users due to high speed and bandwidth of the internet. The e-commerce systems are best utilizing the cloud computing. The cloud can be accessed by a password and username and is completely dependent upon the internet. The threats to confidentiality, integrity, authentication and other vulnerabilities that are associated with the internet are also associated with cloud. The internet and cloud can be secured from threats by ensuring proper security and authorization. The channel between user and cloud server must be secured with a proper authorization mechanism. The research has been carried out and different models have been proposed by the authors to ensure the security of clouds. In this paper, we have critically analyzed the already published literature on the security and authorization of the internet and cloud.
A Systematic Literature Review On Cloud Computing Security Threats And Mitig...Claire Webber
This systematic literature review examines research on cloud computing security threats and mitigation strategies published between 2010 and 2020. The review identified 7 major security threats to cloud services, including data tampering, data leakage, and issues with data storage and intrusion. Data tampering and leakage were highly discussed topics. The findings also indicated that outsourcing data remains a challenge and suggested blockchain as a technology that could help address security issues. The review revealed needs to improve data confidentiality, integrity, and availability in future work.
Trust based Mechanism for Secure Cloud Computing Environment: A Surveyinventionjournals
Ubiquitous computing has revolutionized interaction of humans and machines. Cloud computing has been mainly used for storing data and various computational purposes. It has changed the face of using the internet. But, as we know every technology has its pros and cons. Securing cloud environment is the most challenging issue for the researchers and developers. Main aspects which cloud security should cover are authentication, authorization, data protection etc. Establishing trust between cloud service providers (CSP) is the biggest challenge, when someone is discussing about cloud security. Trust is a critical factor which mainly depends on perception of reputation and self-assessment done by both user and CSP. The trust model can act as security strength evaluator and ranking service for cloud application and services. For establishing trust relationship between two parties, mutual trust mechanism is reliable, as it does verification from both sides. There are various trust models which mainly focuses on securing one party i.e., they validate either user or service node. In this survey paper, the study of various trust models and their various parameters are discussed.
Cloud computing is set of resources and services offered through the Internet. Cloud
services are delivered from data centers located throughout the world. Cloud computing
facilitates its consumers by providing virtual resources via internet. The biggest challenge in
cloud computing is the security and privacy problems caused by its multi-tenancy nature and the
outsourcing of infrastructure, sensitive data and critical applications. Enterprises are rapidly adopting
cloud services for their businesses, measures need to be developed so that organizations can be assured
of security in their businesses and can choose a suitable vendor for their computing needs. Cloud
computing depends on the internet as a medium for users to access the required services at any time on
pay-per-use pattern. However this technology is still in its initial stages of development, as it suffers
from threats and vulnerabilities that prevent the users from trusting it. Various malicious activities
from illegal users have threatened this technology such as data misuse, inflexible access control and
limited monitoring. The occurrence of these threats may result into damaging or illegal access of
critical and confidential data of users. In this paper we identify the most vulnerable security
threats/attacks in cloud computing, which will enable both end users and vendors to know a bout
the k ey security threats associated with cloud computing and propose relevant solution directives to
strengthen security in the Cloud environment. We also propose secure cloud architecture for
organizations to strengthen the security.
This document discusses security and privacy issues related to cloud computing. It begins by defining cloud computing and describing the four broad categories of cloud services: IaaS, PaaS, DSaaS, and SaaS. It then discusses general security issues faced by both cloud service providers and consumers. Specific issues are organized by governance domain, operational domain, and computer network domain for providers, and by governance, architecture, identity and access management, and availability for consumers. The document also summarizes security challenges related to each type of cloud service and issues regarding virtualization and legal concerns in cloud computing.
Sections:
Introduction
Cloud Computing background
Securing the Cloud
Virtualization
Mobile Cloud Computing
User safety & energy consumption
Author’s proposal
Conclusion
In order to make cloud computing to be adopted by users and enterprises, security concerns of users should be rectified by making cloud environment trustworthy, discussed by Latif et al. in the assessment of cloud computing risks[2].
We address the questions related to:
security concerns and threats over general cloud computing,
(2) the solutions for these problems and
(3) mobile users safety in convergence with energy consumption.
This document discusses security issues and challenges related to data security in cloud computing. It begins by providing background on cloud computing and its benefits. It then discusses some key security challenges including data breaches, insecure interfaces, denial of service attacks, eavesdropping, data loss, lack of compatibility between cloud services, abuse of cloud technologies, insufficient user understanding of risks, and safe storage of encryption keys. It also discusses issues regarding data integrity verification and privacy when data is outsourced to cloud servers. In the end, it recommends solutions such as homomorphic encryption, decentralized information flow control, and data accountability frameworks to enhance security in cloud computing.
This presentation gives a detailed overview about Cloud Computing, its features and challenges faced by it in the market. It gives an insight into cloud security and privacy issues and its measures.
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
Abstract: Cloud computing promises to significantly change the way we use computers and access and store our personal and business information. With these new computing and communications paradigms arise new data security challenges. Existing data protection mechanisms such as encryption have failed in preventing data theft attacks, especially those perpetrated by an insider to the cloud provider. We propose a different approach for securing data in the cloud using offensive decoy technology. We monitor data access in the cloud and detect abnormal data access patterns. When unauthorized access is suspected and then verified using challenge questions, we launch a disinformation attack by returning large amounts of decoy information to the attacker. This protects against the misuse of the user’s real data. Experiments conducted in a local file setting provide evidence that this approach may provide unprecedented levels of user data security in a Cloud environment.
Keywords: Mist, Insider data stealing, Bait information, Lure Files, Validating user
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREIJNSA Journal
In a typical cloud computing diverse facilitating components like hardware, software, firmware, networking, and services integrate to offer different computational facilities, while Internet or a private network (or VPN) provides the required backbone to deliver the services. The security risks to the cloud system delimit the benefits of cloud computing like “on-demand, customized resource availability and performance management”. It is understood that current IT and enterprise security solutions are not adequate to address the cloud security issues. This paper explores the challenges and issues of security concerns of cloud computing through different standard and novel solutions. We propose analysis and architecture for incorporating different security schemes, techniques and protocols for cloud computing, particularly in Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) systems. The proposed architecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and is not coupled with the underlying backbone. This would facilitate to manage the cloud system more effectively and provide the administrator to include the specific solution to counter the threat. We have also shown using experimental data how a cloud service provider can estimate the charging based on the security service it provides and security-related cost-benefit analysis can be estimated.
Evaluation Of The Data Security Methods In Cloud Computing Environmentsijfcstjournal
This document discusses methods for ensuring data security in cloud computing environments. It begins by introducing cloud computing models including infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). The main goals of data security - confidentiality, integrity, and availability - are then described. Several methods for data security are proposed, including data fragmentation where sensitive data is divided and distributed across different domains. Encryption techniques are also discussed as ways to protect confidential data during storage and transmission. Overall, the document aims to evaluate approaches for addressing key issues around securing user data in cloud systems.
This document provides an overview of ANEKA, a cloud application platform developed by Manjrasoft Pvt. Ltd. that allows for building and managing distributed applications and multiple clouds. It discusses cloud computing concepts and the need for multiple clouds and resource management. ANEKA addresses issues with existing approaches by providing programming models, tools, and APIs to deploy scalable applications across distributed networks and clouds. The document outlines ANEKA's architecture, functions for building, deploying, and managing applications, and compares its programming models including Task, Thread, MapReduce, and Parameter Sweeping. In summary, ANEKA is a platform that enables development of applications for multiple cloud environments and distributed networks through its programming abstractions and
This document discusses security aspects of mobile cloud computing. It begins with an abstract discussing how cloud computing offers scalable and secure computation resources as a service. Mobile cloud computing combines mobile computing, cloud computing, and wireless networks. The document then analyzes existing security challenges and issues in cloud and mobile cloud environments. It identifies key long-term security and privacy issues based on documented problems. The document provides an overview of cloud computing models, characteristics, architectures, and security issues. It discusses how the flexibility and openness of cloud environments challenge assumptions about application security.
Similar to Single Sign-on Authentication Model for Cloud Computing using Kerberos (20)
Single Sign-on Authentication Model for Cloud Computing using Kerberos
1. Single Sign-on Authentication Model for Cloud
Computing using Kerberos
Mr. Deepak Bagga
Shivalik Institute of Engineering & Technology,
Aliyaspur, Ambala
er.deepakbagga@gmail.com
Ms. Shilpi Harnal
Department of Computer Science and Application,
Kurukshetra University, Kurukshetra
shilpi13n@gmail.com
ABSTRACT
In today’s organizations need for several new resources and
storage requirements for terabytes of data is generated every
day. Cloud computing provides solution for this in a cost
effective and efficient manner. Cloud computing provides on
demand resources as services to clients. Cloud is highly
scalable and flexible. Although it is benefiting the clients in
several ways but as data is stored remotely it has many security
loopholes like attacks, data lose, other security and
authentication issues. In this paper we are proposing an
authentication model for cloud computing based on the
Kerberos protocol to provide single sign-on and to prevent
against DDOS attacks. This model can benefit by filtering
against unauthorized access and to reduce the burden,
computation and memory usage of cloud against
authentication checks for each client. It acts as a third party
between cloud servers and clients to allow secure access to
cloud services. In this paper we will see some of the related
work for cloud security issues and attacks. Then in next section
we will discuss the proposed architecture, its working and
sequential process of message transmission. Next we will see
how it can prevent against DDOS attacks, some benefits and
how it provides single sign-on.
KEYWORDS
Cloud Computing, Security Attacks, DDOS, DOS, sign-on,
Kerberos
1. INTRODUCTION
Through cloud computing IT-related capabilities are
provided as services to multiple external customers using
Internet technologies. It allows users to consume services
without knowledge and control over the technology and
infrastructure supporting them. Today’s businesses are very
complicated, whenever there is a new hire we need to
purchase new hardware, software licenses etc. Also
organizations need experts to install, configure, test and run
them. Cloud computing reduces this entire burden as
organizations need not to own all these resources. Resources
are owned by the third party cloud provider. The best idea
behind this is reusability of IT-related capabilities.
Computing software, hardware and other resources are
prone to be outdated very soon. Therefore cloud computing
platforms are smart solution for the users to handle
complicated IT infrastructures. The important advantages of
cloud computing are:
Fast delivery of resources, lower entry cost, agility, device
independency, services independency, location
independency and scalability. Services are provided like
utilities in Cloud computing, so end users only pay
according to the type and amount of usage. It facilitates on-
demand service delivery and also quality of service. Cloud
computing is usable in several applications areas such as
education, banking, medical and health and several financial
applications. But as cloud is a distributed and shared
environment there are several issues related to its security.
Also it is the major target for an attacker. Some of the
attacks that an attacker may launch are DOS or DDOS
attacks, man in the middle, side channel attack, injection
attacks, indexing attacks, flooding, packet sniffing, etc.
In cloud computing environment an important issue is to
provide reliable and secure services. One of the major
security issues is how to handle distributed denial-of-service
(DDoS) and denial-of-service (DoS) attacks and their
impact. The main purpose
of DDOS attacks is to
consume large volume of
server resources, so that the
legitimate users would not
be able to get services. For
an attacker DDOS attacks
are easy and simple to
implement but are very
difficult to prevent for
security experts. We are
proposing a solution to
DDOS attacks by
integrating strong Kerberos authentication protocol with
cloud computing.
Also it provides single sign-on for whole session along with
convince and ease of usage for users. This reduces the need
to login again and again for a complete session unlike
simple cloud system. In a cloud computing environment
where everything is provided as services to client such as
Software as a Service (SaaS), Platform as a Service (PaaS),
Infrastructure as a Service (IaaS) and Data as a Service
(DaaS), this proposed system for cloud computing can
provide secure access to all of these services for the clients.
In other words, Cloud services are like applications that are
running somewhere in the Cloud and can be accessed
through Internet or Intranet. For users, who don’t need to
care about their data where to be stored or services where to
be provided.
2. RELATED WORK
Minqi Zhou, Rong Zhang and others [1] have discussed
several security and privacy issues related to cloud. They
investigated several Cloud Computing system providers and
their concerns on privacy and security issues.
Fig 1: Cloud Services
2. Kevin Hamlen, Murat Kantarcioglu and et al. [2] have
followed bottom up approach to security and worked on
small problems in the cloud environment in the hope that it
will solve the larger problems of cloud security. They
discussed security issues for cloud middleware security,
storage security, network security, data security and
application level security.
Richard Chow, Philippe Golle et al. [3] characterize the
problems and their impact on adoption of cloud computing.
They have proposed to extend control measures through the
use of Trusted Computing and by applying cryptographic
techniques.
B.Meena, Krishnaveer Abhishek Challa [4] identifies all the
possible security attacks on clouds including: Authentication
attack, Denial of Service attack, Wrapping attacks, Man-in-
the Middle attack, Flooding attacks, Malware-Injection
attacks, Browser attacks, and also Accountability check
problems. They mentioned the root causes of these attacks
and also proposed specific solutions for all of these attacks.
Farhan Bashir Shaikh and Sajjad Haider [5] identifies top
security concerns of cloud computing, these concerns are
Leakage of Data, Data loss, User‘s Authentication, Client‘s
trust, Malicious users handling, risk management, Wrong
usage of Cloud services and Hijacking of sessions while
accessing data. They propose to use new release of
governance The Cloud Security Alliance (CSA) and
compliance stack for cloud computing.
To counter these kinds of attacks, Chi-Chun Lo, Chun-
Chieh Huang and Joy Ku [6] have proposed a framework of
cooperative intrusion detection system (IDS). This system
could reduce the DDOS attacks impacts. This cooperative
IDS send the alert messages to other IDSs, if they detect any
region suffers from DoS attacks.
AO Shan and Guo Shuangzhou [7] have designed and
implement the SHIFT (Speculative Hardware based
Information Flow Tracking) system. This can enhance
security of software in cloud computing platform. This can
detect low-level attacks such as buffer overflow attack and
also other SQL injections based high-level semantic attacks
and cross-directory traversal attacks.
Bansidhar Joshi, A. Santhana Vijayan [8], proposes a
solution model is to Trace Back through proposed Cloud
Trace Back (CTB) to find the DDOS attacks source, and
also introduced the use of a back propagation neutral
network, called Cloud Protector, which can be trained to
filter and detect such attack traffic.
Yang Xiang and Wanlei Zhou [9] present a new approach,
called Flexible Deterministic Packet Marking (FDPM), this
can perform a large-scale IP traceback to defend against
Distributed Denial of Service (DDoS) attacks.
Ashley Chonka et al. [10] also proposed an IP traceback
scheme using a machine learning technique called
Intelligent Decision Prototype (IDP). IDP can be used on
both Deterministic Packet Marking (DPM) and Probabilistic
Packet Marking (PPM) traceback schemes to identify DDoS
attacks.
An Lei and Zhu Youchan [11] propose a solution for DDOS
attacks based on multi-agent. They have discussed DDOS
attacks and also the methods to launch DDOS attacks. So
this solution increases the server-side bandwidth and
computing speed.
3. THE PROPOSED SINGLE SIGN-ON AUTHENTICATION
MODEL FOR CLOUD COMPUTING BASED ON KERBEROS
PROTOCOL
The main focus of this model is to authenticate a client
before accessing service and to find the source of DDOS
attack. Merely username and passwords checking is not
enough for a cloud computing like distributed and shared
environment. Kerberos is an authentication protocol for
network and also provides single sign-on facility to clients.
Kerberos was developed in the mid of 1980’s at MIT. It is
upgraded to different versions since it comes to action.
Currently Kerberos version 5 is in use. The main entities
used are key distribution center (KDC), authentication
server (AS) and ticket-granting server (TGS). Control node
at cloud acts as interface between cloud and client. Control
node receives the requests from clients and must check each
client for identification.
Till now, author has proposed [12] a single sign-on
authentication model for an open environment that combines
the platform trust in user systems and trusted module
security using Kerberos. Kerberos acts as third party in
every transaction as identity or authentication service
provider. This can helps to achieve strong security,
enhanced privacy and platform trust. Nitin and others [13]
have proposed an Image Based Authentication (IBA)
systems combined with strong Kerberos Protocol to assure a
scope for secured communication systems in the future.
They proposed to use images as password set and also
implemented their solution it for a JUIT university (Jaypee
University of Information Technology). Here we will see
how cloud computing can be integrated with the Kerberos
protocol to provide authentication, secure access and to
provide secure single sign-on.
Cloud Servers or Control Node must have the ability to
check the identities and authenticity of clients before
granting access to subscribed services [14]. Task for each
client/server interaction, server can be required to undertake
this. But in a cloud computing like open and shared
environment, this places a substantial burden on each server.
AS does this work on behalf of cloud server, who knows the
passwords of all users and stores them in a centralized
database. AS then interacts with the TGS that grant a master
ticket to the clients to access all the subscribed cloud
services for a session. In cloud system a client has to login
every time, whenever he/she wants to access a service. But
with this proposed system the client can have access to
subscribed services for the entire session. One full session
can be of 8, 9 or more hours. By this it minimizes the
number of times that a client has to log on. Suppose every
ticket is once usable. If the user wants to access the same or
different services at the server at different times after once
logon, re-login is required for every attempt. This situation
can be improved by making the ticket reusable.
This will be the case of single sign-on for an entire session.
Once received the ticket from TGS, the client’s workstation
can store it and can use it on behalf of client for all accesses
to the cloud server for a session. It also facilitates encrypted
transmission of passwords and tickets. Kerberos uses PKI
(private key encryption).
3. 4. HERE'S HOW THIS MODEL WORKS
4.1 Initial Authentication of Client
1. Suppose a client wants to access cloud server. Then this
server requires a Kerberos "ticket" before it will honor
client’s request. Only on the basis of that ticket the
Cloud Server will grant access to all the subscribed
services to client. This ticket proofs client’s
authentication to server. This removes burden of cloud
server for performing authentication checks. And also
saves cloud’s processing time and memory.
2. To get ticket, client first request authentication from the
Authentication Server (AS). The Authentication Server
creates a "session key" (which is also an encryption key)
basing it on client’s password and a random value that
represents the requested service. This complete process
is shown in Figure shown below. The session key is
effectively a "ticket-granting ticket." That will be used
by the client to get master ticket to access services from
cloud server. The Authentication server (AS) may send
the session key to any request. But it’s only the
legitimate client who can decrypt the session key to
obtain the Ticket-Granting ticket.
Fig 2: The Initial Authentication of Client
4.2 Ticket-Granting Ticket Exchange to Obtain Service-
Granting Ticket
3. Client next sends the ticket-granting ticket to a ticket-
granting server (TGS). The TGS may be physically the
same server as the Authentication Server, but it's now
performing a different service. The TGS returns the
ticket that can be sent to the cloud server for the
requested service. We named this ticket as “Master
Key”. This ticket will be used to access services from
cloud server.
4. The server either rejects the ticket or accepts it and
performs the service. The master key granted to client
can only be decrypted by the cloud server with the secret
key shared between cloud server and the TGS. Client or
anybody else will not be able to decrypt the master
ticket.
Fig 3: The Proposed Model for accessing cloud services
5. Because the ticket client has received from the TGS is
time-stamped, it allows client to make additional
requests using the same ticket within a certain time
period (typically, 8 hours) without need to prove
authenticated again. As the ticket is valid for a limited
period of time, this makes fewer chances that anyone
else will be able to use it later.
6. The control node at cloud receives the client request. It
acts as the interface between the Data Center/Cloud
service provider and external users/brokers. It examines
the service request, performs accounting and pricing
functions, keeps track of the availability of VMs and
their resource entitlements and also starts the execution
of accepted service requests on VMs those are allocated.
The actual process may be more complicated than just
described. On the basis of implementation the user
procedure may vary.
5. MESSAGE TRANSMISSION FOR ACCESSING SERVICES
FROM THE CLOUD SERVER
5.1 Authentication Service Exchange to obtain ticket-
granting ticket
(1) Encrypted Password: With message (1) the client
request for a ticket-granting ticket. It includes the user’s ID,
TGS’s ID and timestamp 1.
(2) Ticket to TGS (TGT): AS responds back with ticket to
TGS, client ID, timestamp 2 etc. These all are in encrypted
form and this encryption is done using the key generated
from the client’s password.
5.2 Ticket-Granting Service Exchange for getting service-
granting ticket
(3) Ticket to TGS (TGT): Client sends the TGT along with
its authentication and ID of TGS.
(4) Master Key: TGS sends the ticket to cloud server along
with client ID to client.
5.3 Client/Server Authentication Exchange
(5) Master Key: Client sends the cloud server ticket and its
authentication to cloud server.
4. (6) Authentication: Cloud may either request
authentication from client or client can directly start
accessing service from cloud.
6. THE SEQUENCE DIAGRAM
The Figure 6.4 given below shows sequential or interactive
diagram for the whole working. It shows the sequential
process of messages transmission for accessing the Cloud
Services. The solid arrow lines here depict message
transmission for messages from (1) to (6). The vertical lines
depict the timeline and text in boxes represents objects
interacting with each other. Such as client interacting with
AS, TGS etc.
Fig 4: Sequence Diagram Depicting Exchange of messages
7. WHY CLOUD PROVIDERS DO NOT PROTECT YOU FROM
DDOS ATTACKS
1. The cloud providers claim that they have vast amounts
of bandwidth. Anyone with a lot of bandwidth can
make the excuses.
2. The cloud firms personally use very low tech way to
mitigate against these attacks.
3. Several Mature networks and hosting providers with
years of experience in mitigation handle these attacks
better than others cloud providers.
8. DDOS PREVENTION THROUGH THIS PROPOSED MODEL
The DDOS attacks are composed of four elements. It
involves victim, attack daemon agents, control master
program and finally the real attacker [15]. Kerberos reveals
and checks the identity of the source. Kerberos messages
exchange are very secure and in encrypted form. After
authenticating and granting session ticket to client, client
can send the message to the cloud server to access service.
Then cloud’s service will prepare a response and send it to
client as part of HTTP response. Kerberos handles most of
the traffic to cloud and also helps in congestion control. It
pays no attention to any outgoing transmission between user
and cloud after this and will not interfere with any response
request or incoming and outgoing messages. This model
prevents against DDOS attacks in following manner:
8.1 Filter and detect DDOS attacks: Kerberos can be
trained to detect and filter DDOS attacks [14]. The entire
prior authentication will be done by Kerberos, instead of
cloud provider. This helps to prevents direct attacks.
8.2 Proper source Detection: Kerberos can also help to
locate source of attack by examining the frequency of
requests. It is also able to detect all attacks that damage at
the victim. It can separate Attack and legitimate Traffic by
applying certain precedence rules.
8.3 Priority checking at Control Node: Control node at
cloud receives master ticket that includes timestamp and
session information. Control node may also records the time
of last access of client. And at every next access give
priority to requests that have the least access before and
being waiting for response. And allocate services and
resources to next selected request. This can also prevent
against denial of service to legitimate users.
8.4 Accurate identification of attacks & response: In the
case of response by agent identification, the system can
accurately identify the majority of attack machines
regardless of their distribution. This identification can be
prompt so that the action can be taken while the attack is on-
going.
8.5 Congestion avoidance and traffic control: It stops the
attack streams near the source and preserves the resources
that are usually overwhelmed by the attack traffic. This
reduces overall congestion and increases resources
availability for legitimate users.
8.6 Earlier traceback: As it is closer to the source, it
facilitates earlier traceback and investigation of attack.
Kerberos can receive attack alerts from source-end defense
systems and examine all the machines in the protected
source network in order to detect those that are
compromised.
9. SECURE SINGLE SIGN-ON (SSO) WITH KERBEROS
This allows customers of cloud to include database access in
a Single Sign-On (SSO) environment that:
Boost up security of the system [16].
Now users need not to log in separately for each
application within a session.
Reduces the costs for Cloud servers that are
associated with managing user accounts.
5. Table 1: The benefits of an application environment that leverages Single
Single-On
Single Sign-On Security Benefits
Shared key secrets with
encryption are used to
enable authentication; direct
passwords are never
transmitted over the
network.
Eliminates the chances of
packet sniffing and capturing
of passwords through router
logging.
Single and central
management of user’s
account credentials.
More security and lowers
management costs. It allows
rapid and comprehensive
changes to and/or removal of a
user’s credentials.
Data base activities of a
unique user are identified by
User ID.
Better accuracy and auditing of
logs.
10. SOME OTHER BENEFITS OF THIS PROPOSED MODEL
ARE
Firewall only makes assumption that attackers are always
outsiders but in reality, attacks usually come from inside.
Kerberos makes assumption that network connections are
the weakest link of network security instead of servers and
work stations. Kerberos lets users to access network
resources by simply presenting these secure tickets rather
than repeatedly entering a user name and password. Instead
of sending password to cloud servers client requests ticket
from AS, and only ticket and encrypted request transmitted
to cloud server. Possible Summarized benefits are:
1. Encrypted interactions between the clients and the
host.
2. Single sign-on for an entire session.
3. More easy and convenient access for the clients.
4. Prevention from intercepted credentials and DDOS
attacks.
5. Prevent against direct attack to cloud server.
6. It’s easier for the administrator to maintain a single
and centralized password store.
7. Passwords are never intercepted on the network.
8. Frees client from repeatedly authenticating
themselves to cloud servers.
9. Prevent from password sniffing, password
filename/database stealing.
10. This provides a scalable authentication infrastructure.
11. Limits the duration of user’s authentication.
12. Authentications are durable and reusable.
13. Benefits the customer by saving time and money.
14. Saves memory and computational time of cloud.
15. Reduced burden at cloud’s control node.
16. Access priority checking at control node can prevent
denial of cloud services for clients waiting from a
long time.
17. Above all, improved cloud network security.
11. CONCLUSIONS AND FUTURE WORK
Cloud computing offers sharing of resources in a location
independent and cost effective way. Now many
organizations, educational institutes, banking sector, health
centers are relying on cloud services. Cloud is not only for
Multinational companies but it is also being used by Small
and medium enterprises. Cloud computing improves
productivity while reducing the cost. Now employees can
focus on development work and planning instead of wasting
time for managing storage of data and other resources.
Although advantages of cloud computing are very appealing
but nothing can be 100 percent perfect on the shared internet
environment. Cloud computing also involves several
security and management risks and concerns. Cloud
involves virtual machines that are very prone to attacks.
Also DDOS attacks can be easily influence the cloud
resources. These issues have made the adaptation cloud a bit
difficult. These hurdles have several management issues.
Still many new providers are stepping into this business. So
choices for customers are increasing day by day. But there
are always threats of attacks, data leakage and security
breach. The solutions proposed here can be implemented in
future to prevent cloud from direct access, DDOS attacks
and to produce satisfactory improvements in cloud security.
This will also helps to enhance the client’s interest and
satisfaction. There are also some issues related to Kerberos
such as:
TGT can be misused by attacker for accessing cloud
services until the session expires, in case if TGT is
stolen.
As authentication server is the main entity that stores
complete database of login details, it will be worst if in
any case its security is compromised. AS must be
physically protected.
Kerberos protocol can only authenticate a client’s
identity; it cannot authorize the accesses of users once
they got ticket to access services from cloud.
Although these issues are rare but need special attention.
Once satisfactory care is taken for all these, and then this
solution can be able for better detection and filtration of
DDOS attacks.
12. ACKNOWLEDGEMENTS
We wish to express our deep sense of indebtedness and
sincerest gratitude to all the experts and Prof. Shuchita
Upadhyaya for her invaluable guidance and appreciation.
13. REFERENCES
[1] Minqi Zhou, Rong Zhang and others, “Security and Privacy in Cloud
Computing: A Survey”, Sixth International Conference on Semantics,
Knowledge and Grids, IEEE, 2010
[2] Kevin Hamlen, Murat Kantarcioglu, Latifur Khan, Bhavani
Thuraisingham, “Security Issues for Cloud Computing”, International
Journal of Information Security and Privacy, 4(2), April-June 2010
[3] Richard Chow, Philippe Golle, Markus Jakobsson, “Controlling Data
in the Cloud: Outsourcing Computation without Outsourcing
Control”, Fujitsu Laboratories of America, CCS. 2009
[4] B.Meena, Krishnaveer Abhishek Challa, “ Cloud Computing Security
Issues with Possible Solutions”, IJCST Vol. 3, Issue 1, Jan. - March
2012
[5] Farhan Bashir Shaikh and Sajjad Haider, “Security Threats in Cloud
Computing”, 6th International Conference on Internet Technology
and Secured Transactions, IEEE, 11-14 December 2011
[6] Chi-Chun Lo, Chun-Chieh Huang and Joy Ku, “A Cooperative
Intrusion Detection System Framework for Cloud Computing
Networks”, 39th International Conference on Parallel Processing
Workshops, 2010
[7] AO Shan and Guo Shuangzhou, “An enhancement technology about
system security based on dynamic information flow tracking”, IEEE,
2011
6. [8] Bansidhar Joshi, A. Santhana Vijayan, “Securing Cloud Computing
Environment Against DDoS Attacks, ICCCI, IEEE, Jan 10-12, 2012
[9] Yang Xiang and Wanlei Zhou, “A Defense System Against DDoS
Attacks by Large-Scale IP Traceback”, ICITA’05, IEEE, 2005
[10] Ashley Chonka, Wanlei Zhou, Jaipal Singh, Yang Xiang, “Detecting
and Tracing DDoS attacks by Intelligent Decision Prototype”,
PERCOM.2008, IEEE
[11] An Lei and Zhu Youchan, “The Solution of DDOS attack based on
Multi-agent”, ICEIT 2010, IEEE
[12] Zubair Ahmad and Jamalul-Lail Ab Manan, “Trusted Computing
based Open Environment User Authentication Model”, 3rd
International Conference on Advanced Computer Theory and
Engineering(ICA CTE), IEEE, 2010
[13] Nitin, Durg Singh Chauhan et al, “Security Analysis and
Implementation of *JUIT–Image Based Authentication System using
Kerberos Protocol”, Seventh IEEE/ACIS International Conference on
Computer and Information Science, 2008
[14] Shilpi Harnal, Shuchita Upadhyaya, “Authentication Model for Cloud
Computing using Kerberos”, Emerging Trends in Computer and
Information Technology, NCETCIT-2012 (AICTE Sponsored).
[15] David L, Ashok Kumar, “A Dot to DDoS Attack on Cloud
Computing Environment Using Adaptive WRED Congesiton Control
Algorithm”, National Institute of Technology, Hamirpur, 2010
[16] http://www.datadirect.com/solutions/security/kerberos/index.html