Professional Documents
Culture Documents
Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com Volume 1, Issue 2, October 2012 ISSN 2319 - 4847
ABSTRACT
Security concerns have given rise to immerging an active area of research due to the many security threats that many organizations have faced at present. Addressing these issues requires getting confidence from user for cloud applications and services. In this paper, we have cast light over the major security threats of cloud computing systems, while introducing the most suitable countermeasures for them. We have also cited the aspect to be focused on when talking about cloud security. We have categorized these threats according to different viewpoints, providing a useful and little-known list of threats. After that some effective countermeasures are listed and explained.
1. INTRODUCTION
Cloud computing is not an innovation, but a means to constructing IT services that use advanced computational power and improved storage capabilities. The main focus of cloud computing from the provider's view as extraneous hardware connected to support downtime on any device in the network, without a change in the users' perspective. Also, the users' software image should be easily transferable from one cloud to another. Balding proposes that a layering mechanism should occur between the front-end software, middle-ware networking and back-end servers and storage, so that each part can be designed, implemented, tested and ran independent from subsequent layers [8]. Though cloud computing is targeted to provide better utilization of resources using virtualization techniques and to take up much of the work load from the client, it is fraught with security risks. In this paper we describe the various security issues of cloud computing beside the countermeasure of each one. In the first place, the underlying technology of cloud by itself provides a major security risk. After that in chapter 3 we security challenges of cloud computing are explained. Chapter 4 focuses on countermeasures that can help providing a secure environment, considering the threats proposed in its previous chapter. Finally chapter 5 provides a conclusion for the paper.
Page 234
Figure 5: Virtual machine as infrastructure/platform[3] 2.2 Confidentiality Confidentiality means keeping users data secret in the Cloud systems. Cloud Computing system offerings (e.g., applications and its infrastructures) are essentially public networks Therefore, keeping all confidential data of users secret in the Cloud is a fundamental requirement which will attract even more users consequently. Traditionally, there are two basic approaches (i.e., physical isolation and cryptography) to achieve such confidentiality, encrypting data before placing it in a Cloud may be even more secure than unencrypted data in a local data center; this approach was successfully used by TC3 [52] 2.3 Privacy Privacy is an important issue for cloud computing, both in terms of legal compliance and user trust and this need to be considered at every phase of design. The key challenge for software engineers to design cloud services in such a way as to decrease privacy risk and to ensure legal compliance. The following tips are recommended for cloud system designers, architects, developers and Testers [5]. 1. Minimize personal information sent to and stored in the cloud. 2. Protect personal information in the cloud. 3. Maximize user control. 4. Allow user choice. 5. Specify and limit the purpose of data usage. 6. Provide feedback. 2.4 Data Integrity Data integrity in the Cloud system means to preserve information integrity (i.e., not lost or modified by unauthorized users). As data is the base for providing Cloud Computing services, such as Data as a Services, Software as a Service, Platform as a Service, keeping data integrity is a fundamental task. Furthermore, Cloud Computing system usually provides massive data procession capability Digital signature is a commonly used technique for data integrity testing. The widely adopted distributed file systems (e.g., GFS [6], HDFS [53]) usually divide data in large volumes into a set of blocks, each of which has a default size (e.g., 64MB, 128Mb). When a block of the data is physically stored on, a digital signature is attached to it. This digital signature is useful for future integrity testing. Herein, digital signature is able to test the integrity of the data, and recover from corruption. Hence, data integrity is fundamental for Cloud Computing system, and it is hopeful to be achieved by techniques such as RAID-liked strategies, digital signature and so on. 2.6. Identity and Access Management (IAM) The key critical success factor to managing identities at cloud providers is to have a robust federated identity management architecture and strategy internal to the organization. Using cloud-based Identity as a Service providers may be a useful tool for outsourcing some identity management capabilities and facilitating federated identity management with cloud providers [9]. 2.7 Control Control in the Cloud system means to regulate the use of the system, including the applications, its infrastructure and the data. Cloud Computing system always involves distributed computation on multiple large-scale data sets across a large number of computer nodes. Even more, every Internet user is able to contribute his or her individual data to the Cloud Computer systems which are located on the other side of the Internet, and make use of them. For example, a users click stream across a set of webs (e.g., Amazon book store, Google search web pages, etc.) can be used to provide targeted advertising. Future healthcare applications may use an individuals DNA sequence (which is captured by hospitals) to develop tailored drugs and other personalized medical treatments. When all these personal data are stored in the Cloud Computing system environment, users of Cloud Computing systems may face many threats to their individual data.
Page 235
Page 236
Page 237
3.3.9 Distributed Denial of Service Attacks DDoS may be called an advanced version of DoS in terms of denying the important services running on a server by flooding the destination sever with large numbers of packets such that the target server is not able to handle it. In DDoS the attack is relayed from different dynamic networks which have already been compromised unlike the DoS attack 3.3.10 CAPTCHA Breaking Recently, it has been found that the spammers are able to break the CAPTCHA [54], provided by the Hotmail and Gmail service providers. They make use of the audio system able to read the CAPTCHA characters for the visually impaired users. Various techniques such as: implementing letter overlap, variable fonts of the letters used to design a CAPTCHA, increasing the string length and using a perturbative background can be used to avoid CAPTCHA breaking [17]. Single frame zero knowledge CAPTCHA design principles have been proposed, which will be able to resist any attack method of static optical character recognition (OCR). 3.3.11 Google Hacking Google App engine is one of the renowned solution provider in the scope of cloud computing. This engine uses a distributed architecture named as Google geo-distributed architecture. In Google Hacking attack, The hacker searches all the possible systems with a loophole and finds out those having the loopholes he wishes to hack upon. 3.4 Inevitable Cases of Information Disclosure There are some activities done in cloud environment that fail to protect the information to be disclosed to government [18]. These activities are as follow: 3.4.1 Electronic Communications Privacy Act (ECPA) [55]: In an electronic environment, the Electronic Communications Privacy Act of 1986 (ECPA) provides some protections against government to access the electronic information that is stored in the storage device of the third parties (e.g., Internet service providers), including electronic mail and other computer information, and so on. However, the privacy
Page 238
Page 239
Figure 7: Data security lapse statics in different countries around the world[15]
Page 240
Page 241
Page 242
Password Recovery
Encryption Mechanism
Data Location
5. CONCLUSION
Security concerns are an active area of research and experimentation. Lots of research is going on to address the issues like network security, data protection, virtualization and isolation of resources. Addressing these issues requires getting confidence from user for cloud applications and services. Obtaining user confidence can be achieved by creating trust for cloud resource and applications, which is a crucial issue in cloud computing. Trust management is attracting much attention. Providing secure access to cloud by trusted cloud computing and by using service level agreements, made between the cloud provider and user; requires lots of trust and reputation management. We will be focusing on the analysis of solution in the cloud computing environment. Also lots of our survey based in the field of trust and trust management. In this article we gave a telling overview of security threats of cloud computing. We have also provided the reader with some effective countermeasures, beside introducing main elements of security in cloud computing.
REFRENCES
[1] Nuno Santos Krishna P. Gummadi Rodrigo Rodrigues, Towards Trusted Cloud Computing, Conference on Hot Topics in Cloud Computing 2009, pages 1-5, USA. [2] Hyukho Kim, Hana Lee, Woongsup Kim, Yangwoo Kim, A Trust Evaluation Model for QoS Guarantee in Cloud Systems, International Journal of Grid and Distributed Computing, March, 2010. [3] Zhimin Yang at el, A Collaborative Trust Model of Firewall-through based on Cloud Computing, 14th International Conference on Computer Supported Cooperative Work in Design, 2010, China.
Page 243
Page 244
AUTHOR Seyed Reza Taghizadeh has received his bachelor degree in software engineering in 2008, and his master degree in information technology in 2011. His fields of interest are network security, routing algorithm of networks, and wireless sensor networks. He has taught different courses of network such as Network security, computer networks, and network lab. He has also published lots of research papers in the fields of network routing and network security.
Vahid AshkTorab is a M.Sc. student in Computer Engineering at Islamic Azad University of Iran Najafabad Branch. He received his B.Sc. degree in Computer Science from Islamic Azad University of shiraz , Iran, in 2007. His research interests Cloud Computing and Distributed Systems
Page 245