Security Aspects in Cloud Computing
Cloud computing has become one of the integral part of everyone’s life in the present world. Cloud computing delivers applications and also helps in storage as a service over the Internet. This storage is sometimes free of cost and sometimes it is including little cost. Considering our daily basis, we use web-based mail systems like Google or Yahoo to share information and also to be in touch with others. There are cloud storages such as Dropbox, ZumoDrive, Humyo (Chou, 2013) which are used to store any type of data on cloud free of cost up till certain level of data in the account. Considering new software such as WhatsApp, the data of this application will be updated on daily basis at 2 AM. The backup data is nothing but the data that will be stored on cloud. Even if the data is lost on the mobile phone, one can easily restore the data that is present on cloud (Chou, 2013).
It is quite clear that cloud computing services have changed daily lives with its low cost and convenience in using it. Along with cloud’s business, hackers too employ a wide range of techniques for unauthorized access to the cloud and disrupt the services on clouds for achieving their specific objectives and motives. If the hackers are successful in locating the data which are sensitive, they might exploit it or they can leak the data to the public which brings chaos in day to day life (Chou, 2013).
Cloud can be deployed in the following four ways depending on the customer’s requirement. They are:
- Public cloud – multiple infrastructures work at the same time and it is managed by the service provider. In this case it will be some third party.
- Private cloud – cloud facilities are made available to the limited users and managed by an organization.
- Community based cloud – infrastructure shared by several organizations and maybe managed by the third party service provider.
- Hybrid cloud – a composition of two or further more cloud deployment models and the data transfer will take place without affecting each other’s service (Kuyoro, Ibikunle, & Awodele, 2011).
Availability – Primary motive of cloud computing systems (which includes applications and also its infrastructure) is to provide assurance to the users that the data are available at any time and also at any place. Hardening and redundancy are the two important platforms that are used to enhance the cloud system which is present. Many vendors those who provide services run cloud infrastructure on the virtual machine. Considering an example, Amazon web service provides EC2 and S3services that are totally dependent on any of the virtual machine which are generally called Xen and Skyyap (Ashktorab & Taghizadeh, 2012). And clearly, virtual machines do have enough capability for providing services on demand to the users. To mitigate redundancy, cloud computing providers like Google and Amazon are offering geographic redundancy in the cloud system (Ahmat, 2013).
Confidentiality – Confidentiality refers to keeping user’s data secret in the cloud system. Depending on the cost, on cloud, data are public and if it has to be kept private then user has to pay. To achieve confidentiality, data can be encrypted and kept on cloud. And, encryption should be done before the data is sent to cloud systems. This makes data more secure. This approach is successfully used by TC3 (Ashktorab & Taghizadeh, 2012).
Privacy – Privacy is defined as the ability of an entity which can control its information and reveal the information to the service providers of cloud and also, the ability to control the authorization process that is, who is going to have access of information that it holds (Rohit Bhadauria). It is a well-known fact that the success of any new or existing or trending technology will be based on the level of security it provides to the users. How efficiently can cloud service providers can uphold the data if there is any sort of internet breakdown and how efficiently the data can be accessed which are present on cloud by the user. If the user’s data are stored on public cloud, then there are many security issues that have to be addressed in association with the private based cloud. Since public cloud generally acts as virtual machine monitors, and middleware that supports it, security will depend on the interactions of the objects. And since public cloud can contain any number of users and the number can increase at any point of time, security risks get more intensified and more diverse. In order to maintain privacy, following are the few points that have to noted:
Cloud Security Threats
Minimizing personal information sent to cloud and if it is sent, then make sure that is encrypted before sent to cloud.
Since the cloud is public, cloud service provider should make sure that the number of users doesn’t reach at maximum which will increase security risks.
Specifying the limit of data usage will help in maintaining the data on cloud efficiently.
Providing feedback to the service providers (Ashktorab & Taghizadeh, 2012).
Data Integrity – Along with security, data integrity which means that the information or the data which is stored on cloud will not be authorized by any third party users which will result in either modifying the data or deleting the data from the cloud. There are few models that handle this, such as Software as a Service (SaaS), Data as a service, Platform as a Service (PaaS) etc. These service models will help in data integrity. Digital signature commonly is the most used technique for the sake of data integrity. Data is stored in the blocks and each block will be attached with a digital signature. Hence, digital signature will help in recovering data if the data gets corrupted by malware (Ashktorab & Taghizadeh, 2012).
Server side and client side authentication – On cloud, because of its vulnerability, it is better to apply authentication process at both ends that is, with the entities that are involved in interactions. Digital signatures along with the SSO and LDAP will implement a strong authentication process in the distributed systems such as cloud (Zissis & Lekkas, 2010).
Brute force attacks or DoS attacks are becoming more common for attackers to be applied on the cloud, since cloud has prevailing computing power of cloud networks (Chou, 2013). A brute force attack is used for breaking down the passwords and this technique requires great computing capability on the computer systems. Cloud computing system provides great platform for these types of attacks and Amazon’s EC2 was hacked in 20 minutes and that was exploited by Thomas Roth at a Black Hat Technical Security Conference (Chou, 2013). DoS attacks will restrict the legitimate users to get logged in the application and sometimes blocks the server. These attacks can cause changes in configuration information, destruction of configuration files, physical destruction of network components etc (Cybrary, 2016).
Security threats are not bound to attackers from outside the organization. It is both within and outside of the organization. According to a study from Cyber Security Watch Survey, it has been observed that 21 percentages of the cyber-attacks were due to insiders and 33% of damages are costlier for the organization. 63% were unauthorized access to corporate information and unintentional exposure of data or sensitive data is 57% (Chou, 2013), injecting malicious code or virus or worms include 32%. It clearly says that the usage of cloud is not clear for the employees within the organization and their roles and responsibilities are unclear (ClickSSL, 2013).
Generally, web based application will provide web pages which are dynamic to the users for the sake of accessing application servers via browser. The applications’ usage is dependent on the application provider. The application can be a simple email service or it can be as complicated such as banking service. Studies state, the servers are more vulnerable to the web-based attacks. In a study by Symantec, the attacks caused by web has increased to 36% with at least 4,500 new attacks each day (Chou, 2013). These attacks include cross site scripting, information leakage, injecting malicious data for theft of information, improper way of error handling and data validation, failure and control URL access, breaking of session management of the application and its authentication process etc.
Abuse Use of Cloud Resources
Among all major malware attacks, SQL injections attacks and cross-site scripting attacks are the basic two forms which are more popular. In a study, it has been observed that SQL injection attacks have increased to 69% in the year 2012. This study is done by host provider FireHost (Chou, 2013). SQL injections target those database applications which are vulnerable in the server. Hackers will exploit these servers and inject code and will bypass in the application. If the hack is successful, hackers can exploit the data or retrieve any confidential data from the server.
Whenever a user requests for a service to web servers in the web browser, this service gets interacted with Simple Object Access Protocol (SOAP). This provides messages which get transmitted with the help of HTTP protocol with the help of XML (Extensible Markup Language). In order to maintain security constraint between a client and server, a security mechanism WS-Security is used. This mechanism will use Digital signatures to acquire the message which is signed and then encryption technique will be applied for the encryption of content. Wrapping attacks is based on XML. That is XML is rewritten and then, it exploits the weakness present in the web servers and validate signed requests (Ahmed Shawish). This process is done during translation of SOAP messages in between the user who is logged in and the web server. Here, the attacker will duplicate the user’s account and will modify the content of the data that are been transmitted between the client and the server. For example, Amazon’s EC2 was found out to be vulnerable for wrapping attacks. This was found in the year 2008 (Chou, 2013).
With a valid credit card details, everyone has the access to utilize the resources provided by the cloud. This will help hackers to take the advantage of these powerful computing techniques provided by cloud and then conduct malicious and malware activities (spamming) and also attack other cloud computing systems of the cloud. To avoid these types of attacks, credit card fraud monitoring process can be applied (Chou, 2013).
The data that are stored by the end user is sensitive and also private. Authorization control mechanism should be applied so that only authenticated user gets access to the data stored by them. Firewalls (on the cloud) and intrusion detection systems are commonly used techniques to detect unauthorized access to the information. In addition to these, SAML and XACML can be used for more security on the cloud (Chou, 2013).
Data breaches caused can be by the insiders or attackers and this can be because of accidental or most of the times intentional. Since it gets difficult for pointing out insider’s behavior, it is recommend using proper tools to deal with threats caused by the insiders. The tools that can be used are: data loss preventing systems, format preserving systems, encryption tools to encrypt data on cloud and anomalous behavior type pattern detection system etc. (Chou, 2013).
Conclusion
Even though cloud computing provides best solution for pushing data to the cloud and access it wherever we wish to; there are many security issues that are related to the cloud. Exposure of iPhone’s cloud data is one of the examples and that shows how vulnerable cloud is. At the same time, following certain tools and techniques that are mentioned in this report such as authentication at both client and server’s end, using of LDAP, encryption of data before sending it to the cloud techniques will result in lesser attacks and data theft from the cloud.
References
Ahmat, K. (2013). Emerging cloud computing security threats. Retrieved from Arxiv.org: https://arxiv.org/ftp/arxiv/papers/1512/1512.01701.pdf
Ahmed Shawish, M. S. (n.d.). Cloud Computing: Paradigms and Technologies.
Ashktorab, V., & Taghizadeh, S. R. (2012). Security threats and countermeasures in cloud computing. International Journal of Application or Innovation in Engineering & Management (IJAIEM), 1(2), 234-245.
Chou, T.-S. (2013). Security Threats On Cloud Computing Vulnerabilities. International Journal of Computer Science & Information Technology, 5(3), 79-88.
ClickSSL. (2013, April 10). Top 8 Cloud Computing Threats and its Security Solutions.
Cybrary. (2016, January 20). 9 Cloud Security Threats You Should Know.
Kai Hwang, D. L. (2010). Trusted Cloud Computing with Secure Resources and Data Coloring. IEEE, 14-22.
Kuyoro, S. O., Ibikunle, F., & Awodele, O. (2011). Cloud computing security issues and challenges. International Journal of Computer Networks, 3(5), 247-255.
Rohit Bhadauria, S. S. (n.d.). Survey on Security Issues in CLoud Computing and associated mitigation techniques.
Sabahi, F. (2011). Cloud computing security threats and responses. IEEE.
Zissis, D., & Lekkas, D. (2010). Addressing cloud computing security issues. Future Generation computer systems, 28(3), 583-592.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
