Security in Cloud Computing

(A Novel Methods For Security)

Asrarulhaq Asifali Maktedar Akshay C Navilkar Umesh M Kulkarni

Department of Comuter Science and
Engineering
KLS Gogte Institute of Technology
Belagavi India
Email Id: asrarmaktedar@gmail.com
Department of Comuter Science and
Engineering
KLS Gogte Institute of Technology
Belagavi India
Email Id: akshay.navilkar@gmail.com
Department of Comuter Science and
Engineering
KLS Gogte Institute of Technology
Belagavi India
Email Id: umesh_k@git.edu

Abstract: II. BENEFITS OF CLOUD COMPUTING

“The traditional business application has always been very
expensive and complicated. The total cost and variety of software
 Cost
and hardware required to run them are intimidating. You need a  Speed
whole team of experts to install, configure, test, run, secure, and  Global Scale
update them. To Overcome this Cloud computing is introduced,  Productivity
Cloud Computing is a term which is used to describe a paradigm  Performance
for delivery of computing services to users on a pay-as-you-go
 Reliability
basis. In this paradigm, users utilize the Internet and remote data
centers to run applications and store data. The cloud technology
allows more efficient computing by removing most of the upfront III. TYPES OF CLOUD COMPUTING
costs of setting up an IT infrastructure. It allows organizations to
expand or reduce their computing facilities. Cloud computing is a
complete internet dependent technology where client data is stored Cloud Computing services fall into three categories
and maintained in the data center of a cloud provider like Google,  Software as a service (SaaS)
Amazon, Salesforce.som and Microsoft etc. Limited control over
 Platform as a service (PaaS)
the data may incur various security issues and threats which
include data leakage, insecure interface, sharing of resources,  Infrastructure-as-a-service (IaaS)
data availability and inside attacks. There are various research
challenges also there for adopting cloud computing such as well
managed service level agreement (SLA), privacy, interoperability,
and reliability. It also allows users to minimize the complexity and
increase the reliability of overall networking. This paper also
analyzes the security issues and ways to tackle and provide hassle-
free access to the resources by an authorized user”.

I. INTRODUCTION
Proposed Technology is cost-effective, reliable and
functions to request and response in a very quick manner.
Cloud computing is the delivery of computing services
-servers, storage, databases, networking, software, analytics
and more -over the internet. Companies which are offering
these computing services bill users based on the usage.
Cloud Computing is a distributed architecture that
centralizes server resources on a scalable platform to provide
on-demand computing resources and services. Cloud
Computing is a proposed structure which enables to access
to a shared computing resources such as networks, servers,
storage, applications that can be rapidly provisioned and
released with minimal management effort or service
provider’s interaction. There are numerous reasons for
organizations to move towards IT solutions that include Fig. 1. Types of Cloud Computing
cloud computing as they are just required to pay for the
resources on a consumption basis. In addition, companies
can easily meet the needs of rapidly changing markets to
ensure that they are always on the leading edge for their
consumers [2] With the exploit of cloud computing
technology, users can access heavy applications via
lightweight portable devices such as mobile phones, and
PDAs.
 I. TYPES OF CLOUD DEPLOYMENTS
Public cloud
Public clouds are owned and operated by a third-party
cloud service provider, which deliver their computing
resources like servers and storage over the Internet.
Microsoft Azure is an example of a public cloud. With a
public cloud, all hardware, software and other supporting
infrastructure is owned and managed by the cloud provider.
You can access these services and manage your account
using a web browser.
Private cloud
Cloud computing resources which are used by a single
business or organization. It can be physically located in the
company data center. Whereas some of the companies also
pay third-party service providers to host their private cloud.
A private cloud is one in which the services and
infrastructure of the cloud are maintained on a private
network.
Hybrid cloud
This combines both public and private clouds, bound
together by technology that allows data and applications to
be shared between them. By allowing data and applications
to move between private and public clouds, hybrid cloud
gives businesses greater flexibility and more deployment
options.
IV. USES OF CLOUD COMPUTING
We all are probably using cloud computing right now,
even if we don’t realize it. If you use an online service to
send email, edit documents, watch movies or TV, listen to
music, play games or store pictures and other files, it is
likely that cloud computing technology is making
everything possible behind the scenes. The first cloud
computing service is barely a decade old, but already a
variety of organizations, from small startups to global
corporations, government agencies to non-profits
organizations are embracing the technology for all sorts of
reasons, here are few of the things you can do with the
cloud
 Create new apps and services
 Store, backup, and recover data
 Host websites and blogs
 Stream audio and video
 Deliver software on demand
 Analyze data for patterns and make predictions
Fig. 2. Resources access in Cloud Computing
V. CLOUD COMPUTING CHARACTERISTICS
Cloud computing requires searching for a cloud provider.
Whether your cloud is public, private, or hybrid, look for
scalability, access, interface, and usage model:
Scalability:
Resource allocation in cloud can get bigger or smaller
depending on client’s demand. Which means that the cloud
can scale upward for peak or downward for lighter demand
depending on needs. Scalability also means that an
application can scale when adding users and when
application requirement change.
Self Service Access:
Cloud customers can get cloud services without going
through a lengthy process. All you have to do is request a
specific amount of computing, storage or software from the
service provider. After you use these resources, they can be
automatically shut down by disconnecting from the internet.
General User Interface:
There should be a standardized interface, which must
provide instructions that how two applications can
communicate with each other, and such interfaces help the
customer more easily link cloud services together.
Free or Service Use Metering:
Right now, there are number of free cloud services for
basic document preparation capabilities for example Some
targeted Cloud services such as payroll or accounting
software are based on pay-as-you-go model.
VI. SECURITY ISSUES IN CLOUD COMPUTING
Even though there are many advantages of cloud
computing, the organizations aren’t accepting it due to
security issues associated with it. Security is one of the
primary issue in a cloud environment. Here there are various
security concerns given below
 Virtualization
 Network Security
 Policy and Compliance
 Data location
 Data integrity
Virtualization:
Virtualization is one of the main components of a cloud.
Virtual machines are dynamic in nature so that it is difficult
to maintain security. Vulnerabilities or configuration errors
may be generated easily. The main issue in virtual machine
is to keep maintaining the security state for a given time [1]
Network Security:
Networks have more security problem to deal with such
as DNS attacks, Sniffer attacks, issue of reused IP address,
etc.
Cloud providers have to ensure that the customer’s
data won’t be breached anytime even when they left the
organization.
Data location
Clients might never know where the data is
located.
Data Integrity
Maintaining Data Integrity is essential in cloud
storage which is critical for any data center. Keeping data in
the clouds means users may lose control of their data and
rely on cloud operators to enforce access control.

VII. STEPS TO IMPROVE CLOUD SECURITY

Domain Name System (DNS Attack) i.
It is the corruption of Domain Name System (DNS)
server. A DNS server performs the translation of a domain
name to an IP address. In this case, the user request one IP
address but it is redirected to some other unauthorized cloud.
Counter measure for this attack is that Domain Name
System Security Extensions (DNSSEC). But this security
measure proves to be inadequate one. [1]
ii.
Sniffer Attack
Sniffer attack is a more critical issue of network security
in which unencrypted data are hacked through the internet
during the communication between two parties. Figure3
represents the attacker. Counter measure for this attack is
that the parties should use efficient encryption method for
securing the data.
iii.
iv.
Fig. 3. Sniffer Attack v.
Issue of Reused IP Addresses
Each node of a network is provided with an IP
address and the number of IP addresses that can be assigned
is limited. When a User leaves the network the IP-address
assigned to him will be given to a new user. But it causes a
lot of security issues to the new user if any time lag occurs
between the variation of IP address in DNS and deleting of
address in DNS Caches. [1]
Policy and Compliance
RESEARCH
COMPUTING
Make sure someone is monitoring the actions of
users on cloud (who is accessing what and
watching your every move). There are people
within your organization who are privileged users,
such as an IT administrator must be appointed and
trusted by an organization to make any changes
regarding their computers system or their clouds
[6].
Administrator must limit the data access for every
user based on what a user is going to use it for:
Administrator must always be aware and
continuously changing the level of access of their
data in their organizations cloud, depending on
where the user is and what device they are using.
For example: When a person uses a mobile device,
he/ she has to go through additional sign-in steps
and has more limited access to the data [7].
Taking a risk-based approach in securing assets,
such as valuable information stored on a cloud.
Thus identifying databases that store highly
sensitive or valuable data and provide extra
protection to such databases, encryption and
monitoring around them.
Use of supplementary security software to the
device that is being used: Ensure that corporate data
is isolated from personal data on the mobile
devices, such as tablets & smart-phones. Install
management software, that always monitors the
device so that it is running the latest software.
Scanning mobile applications from time to time to
check for vulnerabilities this can reduce the risks,
such as data loss and privacy [9].
Add artificial intelligence to network protection:
The network still needs to be protected – never
more so than in the cloud. Network protection
devices need to have the ability to provide extra
control with insight into what users are accessing
and what content or applications, that they are
running. The intelligence can be used in multiple
ways, with its primary goal as the protection of its
network’s service being provided to cloud
operators. This will make a user feel more secure in
his attempts to use cloud computing properly [10-
13]
CHALLENGES IN CLOUD
 Cloud Computing research addresses the challenges of
meeting the new requirements of next-generation
computing architectures, also the challenges of allowing
applications and development platforms to take advantage
of the benefits of cloud computing. Many existing issues
have not been fully addressed, while new challenges keep
emerging from industrial applications. Followings are the
challenging research issues in cloud computing.
 Service Level Agreements (SLA’s)
 Cloud Data Management & Security
 Data Encryption
 Migration of virtual Machines
 Interoperability
 Access Controls
 Energy Management
 Multitenancy
 Server Consolidation
 Reliability & Availability of Service
 Common Cloud Standards
 Platform Management
Conclusion and Feature work
The biggest security worries with the cloud
computing model is sharing of resources. Cloud service
providers need to inform their customers on the level of
security that they provide on their cloud. In this paper, we
first discussed types of cloud computing, benefits of cloud
computing, uses of cloud computing and characteristics of
cloud computing. Data security is the major issue in the
Cloud Computing. There are many other security challenges
including security aspects of network and virtualization.
This paper has highlighted almost all these issues and risks
of cloud computing. We believe that due to the complexity
of the cloud, it will be difficult to achieve end-to-end
security. New security techniques need to be developed and
updated at a regular interval of time to gain more security
inorder to avoid loss of resources. Certain infrastructures
such as IaaS, PaaS and SaaS can play the major role in
securing the future of cloud computing. This brings along
additional security requirements and responsibilities.
Considering the time, computation resources, and even the
related online burden of users, to provide the extension of
the proposed main scheme to support third-party auditing,
users can also appoint any third-party auditors inorder to
mainten the integrity of data.
REFERENCES
[1] Rabi Prasad Padhy, Manas Ranjan Patra, Suresh Chandra Satapathy
“Cloud Computing: Security Issues and Research Challenges”,
International Journal of Computer Science and Information
Technology & Security (IJCSITS), Vol. 1, No. 2, December 2011
[2] A. Kundu, C. D. Banerjee, P. Saha, “Introducing New Services in
Cloud Computing Environment”, International Journal of Digital
Content Technology and its Applications, AICIT, Vol. 4, No. 5, pp.
143-152, 2010..
[3] Garter, “Seven Cloud computing security risks”, 2008[Online]
Available http://www.infoworld.com.
[4] Marios D. Dikaiakos, Dimitrios Katsaros, Pankaj Mehra, George
Pallis, Athena Vakali, ―Cloud Computing: Distributed Internet
Computing for IT and Scientific Research,‖ IEEE Internet Computing
Journal, vol. 13, issue.5, pp. 10-13, Sep.2009.
[5] R. Maggiani, Communication Consultant, Solari Communication,
―Cloud Computing is Changing How we Communicate,‖ 2009 IEEE
International Professional Conference, IPCC, pp. 1-4, Waikiki, HI,
USA, Jul. 2009.
[6] Security for Cloud Computing Ten Steps to Ensure Success Version
2.0, 2015. http://www.cloud-council.org/
[7] G. Pallis, “Cloud Computing: The New Frontier of Internet
Computing”, Internet Computing, IEEE, Vol. 14, No. 5, pp. 70-73,
2010.
[8] B. R. Kandukuri, R. V. Paturi and A. Rakshit, “Cloud Security
Issues,” 2009 IEEE International Conference on Services Computing,
Bangalore, India, September 21-25, 2009. In Proceedings of IEEE
SCC'2009. pp. 517-520, 2009. ISBN: 978-0-7695-3811-2.
[9] B. R. Kandukuri, R. V. Paturi and A. Rakshit, “Cloud Security
Issues,” 2009 IEEE International Conference on Services Computing,
Bangalore, In Proceedings of IEEE SCC’2009. pp. 517-520,. ISBN:
978-0-7695-3811-2, 2009.
[10] A. Williamson, “Comparing cloud computing providers,” Cloud
Comp. J, Vol. 2, No. 3, pp. 3–5, 2009.
[11] M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A.
Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M.
Zaharia, “Above the Clouds: A Berkeley View of Cloud Computing”,
EECS Department, University of California, Berkeley, Technical
Report No., UCB/EECS-2009-28, pp.1-23, February 2009.
[12] R. W. Lucky, “Cloud computing”, IEEE Journal of Spectrum, Vol. 46,
No. 5, 27-45, 2009
[13] M. D. Dikaiakos, G. Pallis, D. Katsa, P. Mehra, and A. Vakali, “Cloud
Computing: Distributed Internet Computing for IT and Scientific
Research”, IEEE Journal of Internet Computing, Vol. 13, No. 5, pp.
10-13, 2009.