The Security Aspects Of Cloud Computing

Published Date: 02 Nov 2017

Abstract: The field of cloud computing is immerging and improving day by day. Almost all the IT related organizations wants to move to cloud because of many reasons and they think that cloud computing would provide solutions for most of the burning issues that the IT industry has faced during past decades. Even Google, Microsoft like giant organizations released their solutions as cloud based solutions simply because cloud computing is the next generation of IT. When general public more aware about the cloud computing, demand for the security may also increase. Because of that this review paper will more focus on security aspects of the cloud computing, drawbacks of existing of exiting security mechanisms and new approaches to improve the security of cloud.

Introduction

Security aspects of the cloud computing is an evolving and immerging sub-domain of computer and network security, more widely, information security. It refers to a wide set of policies, technologies, and controlling mechanisms to protect confidential data, applications, and associated infrastructure (hardware, software) of cloud computing. An organization to get the maximum benefits from cloud computing, organization must ensure that the confidential data, applications and systems which are running on cloud is properly secured. So that organization’s cloud infrastructure won't expose the organization to risk.

There are number of security concerns associated with cloud computing, but these problems can be fall into two wide categories: Security problems faced by cloud providers and security problems faced by their customers. In most scenarios, the cloud provider must ensure that their infrastructure (hardware and software) is secure and their clients’ data, applications and systems are protected and secured while the customer must entrusts that the provider has taken the appropriate security measures and mechanisms to protect their confidential information.

Cloud computing has the answer for the most of the drawbacks in the traditional IT solutions, though it has added extra level of risk, because of the externalized aspect of the cloud model and it can make more difficult to maintain the data integrity and the privacy, support data and service availability and etc.

First section of this paper gave a brief introduction about security aspects of cloud computing. Second section provides the overview of the research area and its importance. Section three provides the information about major researches of this area. Section four is about the new approaches taken to improve security of cloud.

Overview- security aspects of cloud computing

Cloud computing is a very broad term used for the recent development of internet-based computing. This section gives a very brief summary of cloud computing, its security aspect sand current security measures existing within cloud computing.

2.1 Cloud Computing Architecture

Cloud computing can be divided into two sections, the user and the cloud. In most scenarios, the user is connected to the cloud via the internet. It is also possible for an organization to have a private cloud in which a user is connected via an intranet. However, both scenarios are identical other than the use of a private and public network or cloud. The user sends requests to the cloud and the cloud provides the service. See Figure 1.

Within the cloud, a central server is responsible for administering the system and in many ways functions as the operating system of the specific cloud network. Another name for this is called "middleware" which is the central server for a particular cloud. Examples include Google App Engine and Amazon EC2.cloud_computing.jpg

Figure1. Cloud Architecture

2.2 Security issues

As mentioned previously, there are many security concerns for the use of cloud computing. These security concerns include both items that are related to traditional computing as well as security issues specific to cloud computing. Also, there are security issues that affect clients as well as providers. Most individuals think of attacks on the user’s computer when computer security is mentioned. However, it is important to also consider that individuals can abuse cloud computing to create a virtual bot-network.

Security refers to confidentiality, integrity and availability, which pose major issues for cloud vendors. Also allow user access to privileged users, encrypting cloud user’s confidential data, data recovery and investigative support are several of security concerns that cloud venders has to focus on.

Major Researches in security aspects of cloud computing

Security aspects of cloud computing has become one of the major research areas in the world because security and protection of data and applications run on cloud is one of the major concerns of the organizations, when moving their applications and systems to cloud environment.

According to the survey done by the School of Electronics and Communications Engineering Vellore Institute of Technology, India, there are several loopholes of cloud architecture which made cloud computing vulnerable to several security and privacy threats and these threat make barriers to enter the cloud for the organizations that are willing to be in cloud. Security and privacy, Performance, Latency and Reliability, Portability and Interoperability, Data-Breach through fiber Optic Networks are some of them. They also have point out several threats to security of cloud computing. According to the survey, they have categorized the threats in to three main categories. Under the basic security, main threats are SQL injection attacks, Cross Site Scripting (XSS) attacks; Man in the Middle attacks (MITM). Under the network security, main issues are DNS attacks, sniffer attacks, issue of reused IP addresses, BGP prefix hijacking. Under the category of application security, main problems are security concerns with the hypervisor, denial of service attacks, cookie poisoning, hidden field manipulation, distributed denial of service attacks and etc. They also mention several mechanisms to ensure the security against these kind of attacks, some of them are avoiding the usage of dynamically generated SQL in the code, validating all user entered parameters, framework to interface with any type of cloud environment, finding the meta-structures used in the code disallowing and removal of unwanted data and characters, and to be able to handle and detect predefined as well as customized security policies and etc.

3.1Top Threats to Cloud Computing

Cloud Security Alliance has also published a paper regarding the threats and issues to cloud computing, according to them there are seven major threats to cloud computing. Those are (1) Abuse and Nefarious Use of Cloud Computing (can be seen in Iaas and Paas), (2) Insecure Interfaces and APIs (can be seen in Iaas and Paas and Saas), (3) Malicious Insiders(can be seen in Iaas and Paas and Saas), (4) Shared Technology Issues(can be seen in Iaas), (5) Data Loss or Leakage(can be seen in Iaas and Paas and Saas, (6) Account or Service Hijacking(can be seen in Iaas and Paas and Saas), (7) Unknown Risk Profile(can be seen in Iaas and Paas and Saas)

Proposed mechanisms to overcome the threat no.1 are stricter initial registration and validation processes, monitoring public blacklists for one’s own network blocks and Comprehensive introspection of customer network traffic. Proposed mechanisms to overcome the threat no.2 are Analyze the security model of cloud provider interfaces, understand the dependency chain associated with the API and ensure strong authentication and access controls are implemented in concert with encrypted transmission. Proposed mechanisms to overcome the threat no.1 are enforce strict supply chain management and conduct a comprehensive supplier assessment, specify human resource requirements as part of legal contracts

Proposed mechanisms to overcome the threat no.4 are implement security best practices for installation/configuration, Promote strong authentication and access control for administrative access and operations and monitor environment for unauthorized changes/activity. Proposed mechanisms to overcome the threat no.5 are Implement strong API access control, encrypt and protect integrity of data in transit and contractually specify provider backup and retention strategies.

Proposed mechanisms to overcome the threat no.6 are prohibiting the sharing of account credentials between users and Services and leverage strong two-factor authentication techniques where possible. Proposed mechanisms to overcome the threat no.7 are disclosure of applicable logs and data, partial/full disclosure of infrastructure details and monitoring and alerting on necessary information.

3.2 Cloud computing security issues & challenges

This research paper also highlights several problems and concerns which are highlighted by the previous research papers. Some of them are Privacy Issue, lack of user control, unauthorized Secondary Usage, transborder Data Flow and Data Proliferation and dynamic provision. It also provide some mechanisms to overcome the security issues and other has divided the solution mechanisms in to several categories so that cloud users and vendors can easily follow them

Data handling mechanism: Classify the confidential Data, Define the geographical region of data and define policies for data destruction.

Data Security Mitigation: encrypting personal data, avoid putting sensitive data in cloud.

Design for Policy: Fair information principles are applicable.

Standardization: CSP should follow standardization in data tracking and handling.

Accountability: For businesses having data lost, leakage or privacy violation is catastrophic Accountability needs in legal and technical, audit is need in every step to increase trust and all CSP make contractual agreements.

Mechanism for rising trust: Social and technological method to raise trust, devices connected should be

3.3 Data Security in Cloud Computing with Elliptic Curve Cryptography

This research paper main concern on the data security in cloud computing. It has proposed algorithms for data encryption and decryption using a special theory called Elliptic Curve Cryptography. Also the research paper proposed to use several mechanisms to generate keys (public and private keys )for data encryption and other keys for database purposes, etc using theories related to Elliptic curves. Proposed algorithm by the research paper can be use to increase the security of confidential data which are stored in the cloud. So that cloud vendors can ensure their client’s data are secured and impossible to retrieve by other parties accept the user

Future directions

According to the Gilad Parann-Nissany, Chief Executive Officer of Porticor Cloud Security [10], companies are willing to move to the cloud because of its attractive features and advantages. But Customers cannot accept a tradeoff between security and flexibility. They expect the security vendor to deliver the best data security solution which does not compromise the cloud values of flexibility and elasticity. Actually this is not an easy task, which is why most of the new researches are undergoing in the security aspects of the cloud to make sure that cloud users will get the 100% security that they expect.

In other ways, fundamental breakthroughs in technology are still expected by the cloud venders. Especially in the fields of key-splitting technology and homomorphic encryption. If cloud venders able to implement these technologies properly inside their public clouds., venders allow cloud users to be in the cloud without losing control, because sensitive data or keys are encrypted even when in use in the cloud, which means cloud providers cannot know them, and even security vendors never know them which increase the confidentiality of data.

Discussion

Security aspects of cloud computing is one of the major research areas in the world where most of the giant organizations like Google, Microsoft spend ton of money to make sure that their clouds have world’s best security mechanisms to ensure their client’s data and application security. Cloud computing is one of the most revolutionized trends in IT which provide solutions to burning issues which are related with traditional IT solutions. But the main concern for most of the organizations is the security and confidentiality of their data application and systems when moving to the cloud.

Actually there are several concerns that the cloud users have to think about when moving to the cloud like privacy and security, Performance, Latency and Reliability, Portability and Interoperability and etc. most of the undergoing researches try to make sure that there won’t be any security concerns for the users when moving to the cloud. So security aspects of the cloud computing will be a really good research area for the researchers to introduce more powerful algorithms and mechanisms to ensure the security.

Acknowledgement

I would like to express my deep and sincere gratitude to my supervisor, Mr. saminda premarathne, Senior Lecturer. His wide knowledge and his logical way of thinking have been of great value for me. His understanding, encouraging and personal guidance have provided a good basis for the present thesis. I would like to thank each and every person who has helped me to write this thesis.