Contemporary Security Issues and Challenges in Public Cloud Computing

  • Published on
    22-Dec-2015

  • View
    2

  • Download
    0

Embed Size (px)

DESCRIPTION

Contemporary Security Issues and Challenges in Public Cloud Computing

Transcript

A Survey on Security issues and challenges in Public Cloud Computing

1GnanaPrakasam T, 2Rajiv Kannan A1Assistant Professor in Computer Science and Engineering, The Kavery Engineering College, Mecheri, Tamil Nadu, India1Professor in Computer Science and Engineering, K.S.R College of Engineering, Tiruchengode,

Tamil Nadu, India1trainergnanam@gmail.com,2rajiv5757@yahoo.co.inAbstract Cloud computing discusses the facts, handling control, and system deposited on isolated servers which are easily available in the Internet as conflicting to one's individual terminals. For consumers, cloud computing provisions can fetch around foremost fee concessions and proficiencies. It unseals the world of computing to a wider range of uses and supplements the ease of use by providing access through any network link. There is much delicate information and data that are secured and kept in the computers, and these are at present being relocated to the cloud. Along with these advantages there are also some drawbacks too. Eventually the consumers have less control over the unprivileged access to the data and have minimum awareness of where it is located. There are several safety hazards to the data that are located on the cloud. The cloud can be besieged by mischievous people who can access those data through unsafe internet links. There are numerous disputes that require to be dispensed with reverence for safekeeping and confidentiality in a cloud computing set-up. This wide-ranging review paper targets to briefly examine unanswered questions, threatening the Cloud Computing.

Keywords Cloud Computing, security, longevity, recovery, data segregationI. IntroductionInternet has been a driving force to various technologies that have been developed. Cloud computing is seen as a trend in the present day scenario with almost all the organizations trying to make an entry into it [1]. The advantages of using cloud computing are reduced hardware and maintenance cost, accessibility around the globe, and flexibility. Fig. 1 shows the basic cloud platform and the various applications that cloud providers contribute to the consumers.

A few existing techniques that contribute to the cloud computing are:

1. Virtualization

Virtualization is a remarkable technology used in cloud computing settings. The idea of cloud computing has taken the consideration and fancy of formations of all scopes since its capability distribution model converts the power of virtualization into quantifiable business significance. Cloud computing includes virtualization and the way to implement it [2]. Cloud and Virtualization together support and distributing enhanced possessions, on-demand applications, elasticity and scalability.

2. Web Service, SOA and Mash-up

The objective of a Service Oriented Architecture (SOA) is amplified IT compliances, condensed charge of request improvement and upkeep, and better configuration among IT specialists and corporate employers [3]. Cloud Computing and SOA Services provide: Cloud Computing & Virtualization Referring / Executions SOA Accessing / Applications Complex Event Processing (CEP) Checking / Operations XML / SOAP / REST Web Services constructed Compound Requests and SOA Resolutions Software Development, comprising Mobile Applications.

Mash-ups allow developers to combine interesting data and then visualize that data through a web application. In practice, a mash-up requires a data source and a web visualization platform. Mash-up is a technique by which a website or Web application uses data, presentation or functionality from two or more sources to create a new service [4]. 3. Application Programming Interface (API)

An application-programming interface is a unique significant technique of cloud computing. Without an API, there is no cloud computing. API facilitates Amazon Simple Storage Service (S3), cloud services such as Amazon Elastic Compute Cloud (EC2) and Twitter. These organizations use this technique to access the service [5]. Cloud APIs fall into three overall groupings:

Control APIs, which permit cloud structure to be supplemented, restructured, or detached in actual time.

Data APIs, through which data are streamed along the channels to and from the cloud.

Application Functionality APIs, which facilitate the functionality with which end customers interrelate.The remainder of this paper is organized into different sections in which the background is presented in section II. In section III, Threats to security in Public cloud Computing are discussed in terms of Basic, Network Level and application level Securities. In section IV, recommendations and suggestions are provided to overcome the security challenges and the paper is concluded in section V.II. BackgroundThe Cloud Computing exploration group discussed various custom circumstances and associated desires that may occur in the cloud model. These models reflect use cases from various view-points including those of customers, designers and security engineers [6]. ENISA examined the different security risks connected to the influences and weaknesses in the cloud computing [7]. Discussions were held with respect to the security specifications and objectives related to data locations, segregations and data recovery [8]. Related work has been done in high level security fears in the cloud computing models such as data integrity, imbursement and privacy of complex material [9].

Different authors have studied the possible vulnerabilities in technology related, cloud-characteristics related and security concerns related issues and risks [10]. Works have been carried out in association with the Administration of Security in cloud computing, focusing on cloud security issues with the help of observations done by the International Data corporation enterprise [11]. A survey by cloud security alliance (CSA) & IEEE indicates that enterprises, almost in all the sectors, are keen to implement cloud computing. However, security measures are needed both to accelerate the cloud adoption in a wider range and to respond to the regulatory advice from different governing bodies [12, 32]. Several studies have been carried out concerning the security matters in cloud computing and these efforts have carried out a thorough investigation of the cloud computing security issues and challenges.

Several security issues have to be considered before an enterprise switches to the cloud computing model [13]. They are:

Restricted consumer admission: A hazard which deals with who accesses the data of a business in the cloud.

Governing Agreement: A threat concerning warranties and guidelines in relation to a cloud service.

Data Position: A danger about who stores the data in a specific site.

Data Separation: A feature which deals with the dispute that ones facts must not fuse with somebody elses data.

Data Retrieval: A subject which suggests that clients might not be able to get their data back.

Long-Term Feasibility: A characteristic which means that the cloud provider relies in provision for infinity [14].

III. Threats to Security in Public Cloud Computing

Due to involvement of many technologies such as linkages, databanks, working arrangements, resource planning, business supervision, concurrency regulator and memory organization, several safe keeping disputes rise in cloud computing [15]. Security requires a holistic approach. Security at different levels such as Basic level, Network level, and application level is necessary to keep the cloud up and running continuously.

1. Basic Security

A. Emulating and speedy resource assemblingThe demands in IT lead to accumulation of Virtual Machines, causing VM trail. Along with the cloud self-service gateways, VMs can rapidly be provisioned and willingly emulated and motivated between physical servers. However, weaknesses or formation flaws may be un-intentionally disseminated. It is problematic to preserve an auditable record of the security state of a VM at some opinion of interval [16]. A query arises about the possible security risks in the use of shared pre-built images which are vital. B. Data Remnants

In a cloud organization, records are repeatedly relocated to style the pre-eminent usage of resources which means that initiatives might not constantly recognize their data location [17]. This may be correct about any cloud prototype, but is typically accurate in the public cloud. To compromise the greatest cost savings, industries want service providers to enhance resource convention.

Also, if data is relocated, remaining data may be left behind which can be accessed by illegal handlers [18]. This unauthorized access is considered unpreventable in public cloud till date. However, new security practices must be introduced to relocate data without any remnants in the old location. C. Adaptable LimitsA cloud organization produces an adaptable limit. Additional sections and users throughout the organization can deliver computer resources, and a cloud portal can also be stretched to exterior sources such as associates [19]. However, with this amplified access comes an increased risk of data outflow. In addition, businesses are tackled with handling and safeguarding a dissimilar set of mobile equipment, often developed by the employee. With this tendency towards consumerization, the cloud is often used for consistent access to requests and data on wandering endpoints. Security must provide a stability of stretchy access and data guard [20].

D. Unencrypted data

Un-encrypt are apparently a weakness for delicate data. Data encryption helps to address outward threats, threats from spiteful insiders, and the need for supervisory agreement [21]. With data encryption issues, such as data remnants and an adaptable limit become relatively less because even if the data is accessed by an unlicensed consumer, it cannot be interpreted. However, many out dated encryption clarifications can permit customers to a vulnerable situation in the cloud. If there is no solution to provide policy-based management methodologies with identity and integrity-based server authentication, unlicensed servers may obtain the encrypted data [22].

E. Shared multi-tenant environments of the public cloud

The multi-tenant construction of the public cloud raises fears about the grasping of an industrys cloud data, or sharing their storage dimensions. And with these apprehensions there comes a craving for prominence [23]. One customer in this environment should not be allowed to access the data of another resident. F. Control and availability

The most common knowledge about the usage of common data center or public cloud give the organizations a better feeling that they have good control over the data with regard to security and accessibility [24]. Service providers can form their cloud set-up to offer high convenience and presentation, maintained by their cloud computing specialists [25]. Often this substructure and staff outstrip the limit of an enterprise that can facilitate the delivery in-house. However, all data centers, whether in-house or through a service provider may undergo outages.

G. Invaders Practice on the cloudInvaders have a practice of using cloud computing techniques to support their assaults. Computing resources of the public cloud can promote attacks. In the multi-tenant environment attackers can attain inter-VM attacks by connecting their personal VM and then polluting the visitor of other residents on the same host machine [26]. This type of attack can result in stolen computer resources for using as trusted data access. Invaders also generate their own personal clouds to circulate resources.

2. Network Level Security

There are different network issues that occur in cloud computing some of which are discussed below:

A. Denial of Service

When a hacker surpluses a network server or web server with recurrent appeal of services to destruct the network, the denial of service cannot keep up with them. The server cannot validate the clients consistent requirements. In such a situation, in cloud computing, when the hacker attacks a server by sending numerous requests to the server, then the server is unable to respond properly and more over the server gets hanged [27]. This can be avoided by reducing the privileges of the users connected to a server.

B. Man in the Middle Attack

If the secure socket layer (SSL) is not designed properly, this kind of problem arises. In this situation, a network link can be easily hacked by an unknown person, when both the parties establish communication [28]. One of the remedies for this type of attack is to install and configured the secure socket layer properly, before the parties establish the communication among themselves.

C. Port Scanning

Port scan attack is one of the most popular reconnaissance techniques attackers used to discover services they can break into. All machines connected to a network run many services that used TCP or UDP ports and there are more than six thousand defined ports available [29]. Normally, port scan does not make any direct damage just by scanning. Potentially a port scan helps the attacker find which ports are available to launch various attacks. Port scanning tools can be used legitimately for administrators and users to learn network vulnerabilities. [30].

D. SQL Injection Attack

SQL injection is an attack in which a malicious code is implanted into the strings which in future impedes occurrences of SQL servers parsing and execution. Therefore, any Procedure that constructs SQL statements should be studied for injection vulnerabilities because SQL server implements all syntactically effective queries that it accepts. Even parameterized data can be influenced by an accomplished and determined attacker. [31].E. Cross Site Scripting

Cross Site Scripting which is also known as XSS or CSS is commonly supposed to be one of the most collective application layer hacking techniques.

Cross-site scripting indicates the hacking technique that influences vulnerabilities in the code of a web application to allow an attacker to send malicious content from an end-user and collect some types of data from the victim [17]. Cross site scripting attacks can provide ways to buffer overflows, DOS attacks and inserting spiteful software into the web browsers for violation of users credentials [32]. Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and even medical records.

3. Application Level Security

A.XML Signature Element Wrapping

Naive use of XML Signature may result in signed documents remaining vulnerable to undetected modification by an adversary. In the typical usage of XML S...