Cloud Computing and Its Security Issues - A Review - IEEE Xplore

IEEE - 33044

Cloud Computing and Its Security Issues - A Review Jitender Grover1, Shikha2, Mohit Sharma3 Department of Computer Science & Engineering, M. M. University, Sadopur, Ambala, India 1 [email protected], 2 [email protected], 3 [email protected]

1, 2, 3

Abstract : Cloud Computing is one of the popular techniques in distributed computing due to its ability to minimize the cost of computing when scalability and flexibility of computer process get increased. Cloud Computing provides shared resources and services via internet. Services are delivered through data center. Cloud Computing allows an interesting business proposal for IT industries to provide IT services without any extra investment. Client is able to perform heavy computer processes with low capable device (like mobile) which has resource to run the web browser. But cloud computing is crowded with many security related issues. When client saves his data to the company’s cloud, there may be chance of data breaching. So the purpose of this paper is to search out various issues in cloud computing where all computing is done on the server side and both data & tasks are stored on the data centers. Keywords- Cloud Computing, IaaS, PaaS, SaaS, Types of clouds, DDOS.

I.

INTRODUCTION

In last few years, internet becomes an important part of life. So the need of internet as well as computing is increasing very rapidly which leads to the increase in cost of hardware, software and power consumption.[1] So the new technique known as cloud computing is a beam of hope to solve these problems by giving service over the internet and cutting down the cost of hardware and software. Services offered in cloud computing has various features like high scalability, reliability, flexibility and dynamic property. User needs to increase the resources in cloud system to improve the performance of his task. Cloud computing is internet (network) based distributed computing which emerged from grid computing. [2] It is used to provide application as services over the internet (network) and hardware by using virtualization of data center or data server, where responsibility of service availability is of provider. Data center is the collection of servers where all the applications used by user are collected. For example, everyone has an email id in which a user needs only an internet connection to access it. Cloud computing working is very much similar to an email client. All the data of a mail can be accessed anytime and anywhere if a user has an internet connection because data is not stored on a local computer system. [3] Clients need not to worry about the maintenance

and management of the resources. On the basis of this property, cloud computing is also known as utility computing or IT on demand [4]. But cloud computing has much issues about security, because all information of client is stored on server. If cloud provider wants to misuse the client information, it can do so and that means cloud is not fully safe for sharing due to the chances of information leak or theft. So this paper picks some emerging issues in respect of security, privacy and its challenges.

II. CLOUD COMPUTING: ITS TYPES & SERVICES The cloud computing takes place when numerous computers are using services which are distributed over the network (internet) and connected to the data center (private/public). Every service is loosely attached. If one service gets failed then it will not affect the other services. Cloud computing is performed in two phase as frontend and back end. The front end is a client who gets served by those services which are provided by the back end which is the cloud system. [8]

Fig 1: Cloud Computing Model Definition of cloud computing according to The National Institute of Standards and Technology (NIST) is: “Cloud computing is a way of enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services)

5th ICCCNT - 2014 July 11 - 13, 2014, Hefei, China

IEEE - 33044

that can be rapidly provisioned and released with minimal management effort or service provider interaction.”[7] Wikipedia defines cloud computing as: “The delivery of computing as a service rather than a product, whereby shared resources, software and information are provided to computers and other devices. Cloud computing provides computation, software, data access, and storage services that do not require enduser knowledge of the physical location and configuration of the system that delivers the services”. Some bunch of users needs a separation in computing and service. So Cloud computing is divided into three types of clouds [1] [11]: x x x

Private Cloud Public Cloud Hybrid Cloud

Private Cloud: The cloud is deployed by the private organization for own purpose. This type is limited to the access for a specific group. Services are design for private benefits called as private cloud that can be one house, industry cloud. Public Cloud: The cloud is implemented for general purpose where rent basis services are provided to the public. This can be accessed by any user. Charges are applied to the client on behalf of service utilization. Hybrid Cloud: The combination of the private cloud and public cloud is called hybrid cloud. This is done when private cloud needs some special service from public cloud.

Software as a Service (SaaS): In this, provider provides service to user for accessing the software to develop application where software is provided on monthly rent basis. More the user used it, more he will be billed. For example goggle app software is provided for a certain time to develop application. [5] In this, a user has the least control over the cloud. Platform as a Service (PaaS): It is developed above the SaaS level and services are given to clients with access to the operating system as well as basic operating software to use software applications. It provides all the resources needed to build an application. For example for accessing database and payment services there is no need to purchase or maintain & manage the existing computing infrastructure. Like as Google App Engine allows clients to run their web applications (software that can be accessed using a web browser such as goggle chrome over the internet) [6] on Google’s infrastructure. Infrastructure as a Service (IaaS): It offers an infrastructure to the client. It allows clients with the access to server hardware, storage, bandwidth and other basic needs for computing resources. For example, Amazon EC2 allows individuals and businesses to rent machines preconfigured with selected operating systems [6] to run their own applications. Figure 3 shows all the above three cloud providers in different layers with the reources managed. Each layer has its own importance to implement cloud computing which are explained as below [7]:

Fig 2: Types of Clouds in Cloud Computing In cloud computing, there are three types of cloud services which give by cloud provider. These services are root execution of cloud computing. So whenever an user need to perform any processes, user able select any services those mention follow: x x x

Software as a service(SaaS) Platform as a service (PaaS) Infrastructure as a service (IaaS)

Fig 3: Layered Architecture of Cloud Services x

Application Layer: Highest layer of the cloud, where request for services and resources push to the data centers. Here client use computing and perform his task which is possible by using application on cloud.


IEEE - 33044

x

x

x

Platform Layer: This layer consists of operating system, application software and frameworks. The main aim of platform layer is to reduce the efforts for execution of application directly to the virtual machine. Therefore an application interfaces are used at this layer. Infrastructure Layer: The resource virtualization creates on an infrastructure layer by dividing the physical resources using virtualization tools like VMware, Xen. The dynamic resource and service allocation is also done at this layer. Thus it can be say that infrastructure layer is very important part of cloud computing. The hardware layer: This layer is responsible for arranging the physical resources of the cloud which have physical servers, routers, switches, power and cooling systems. The hardware layer is mostly applied in data centers.

III.

CHALLENGES IN CLOUD COMPUTING

There are several challenges in cloud computing which are necessary to keep in knowledge and be aware about these. Some of the challenges are given as follows [9] [14]: x

x

Privileged User Access: If any sensitive data of client is accessing outside the enterprise then client needs to buy a new membership for verification otherwise the risk of data leak is increased. Availability: Some clients of cloud computing need to access the cloud services but the range of the company is not available at every time and place.

x

Regulatory Compliance: Cloud computing provider never allows any external audits and also refuses to install new security certificates to network.

x

Data Location: When a client uses the cloud computing then client doesn’t know about the location where his data is stored. And hosted from where?

x

Investigative Support: If any inappropriate and illegal activity takes place with client data in cloud computing then the proper investigation about this is impossible.

x

Data segregation: In cloud computing, the data of client is available in a shared condition with other clients of cloud that is using services in parallel.

x

Recovery: If server or data center ruined due to some natural problem or disaster, the cloud provider informs the client about the status of his data.

IV.

SECURITY RISK IN CLOUD COMPUTING

Cloud computing is a way of accessing resources and service for a particular organization. But hacker, attacker and security researcher find out that cloud computing is not fully secure. It has some issues which are mentioned below [9] [13]: x

Insecure Interface: Cloud service provider show all the software interface and application which are used to interact with cloud by client. Data arrangement, identity management, monitor of service all happen on the cloud. And authentication and access control is monitored by these interfaces too [12].

x

Data Loss or Leakage: When cloud computing is being executed. There are two changes happen to the client data. Firstly, data is stored far from the client machine. Second, data is transmitted from one execution mode to multi execution mode. When these changes occur to information place the security issue of data loss or leakage.

x

Malicious Insiders: At this time, cloud is served by organization which hires employees for providing service to its client. So those employee can misused the information or can sell information to other organization and this is happen on internal level of a company and hard to aware for clients or consumers.[2]

x

Shared Technology: components of working under the cloud which make environment (virtual memory, processor, caches etc) for computing does not support strong isolation for multi execution mode [12].

x

Flood Attacks: When any customer is using the cloud computing services and he need to extend size of service and initialization is happen due to dependency on internal communication. And attacker makes large false request to the server. So server gets busy and unable to work properly.

x

IP Spoofing: IP spoofing is known as analysis of network traffic. When any attacker send message to a computer being a trusted user. Attacker determines the IP address of a trusted system and makes some modification to packet information like packet header and sends that packet which seems as packet is originating from trusted system.[10]

x

DDOS Attacks: In DDOS (Distributed Denial of Service) attack, attacker makes some spoofing and sends large number of requests to the server. So server gets busy and not able to response on the valid and authentic request of customer. In this way server deny for giving the service to customer and DDOS take place [10].


IEEE - 33044

x

VM-Based Malware Attack: Security can be break in virtual machines by some virus or malware like VM based root kits which design to harm both entity client and server system in computing of cloud services. The root kits uses cloaking technique, means client send some message to server which take by the attacker and send to server by attacker. Same process happen when server send message to client. So this malicious code hide some system information file like registry keys, antivirus and security program.

implement because a client just needs a web browser to experience cloud computing. But when security & privacy comes into existence then so many challenges and issues appeared according to hackers, crackers and security researcher’s suggestion that cloud computing is not hundred percent safe due to information can be leak at any level of cloud. So this paper tries to analyze various challenges and issues related to the security of a cloud and need to work on those issues to protect manipulation of information.

VII. V.

PRIVACY ISSUES IN CLOUD COMPUTING

Client uses all services which are server oriented and all processes have to be complete on the server. Due to server computing, all the data of client is saved at server which can be called as data center. But some issues may be arises in the regard of privacy. Some privacy issues are explained in this paper as [1]: x

x

Loss of Control: When a client is using cloud it means he is using some applications in cloud and makes some document and project under those applications which stored on cloud. If client needs to change cloud provider then he can be threaten about manipulation or misuse of his sensitive information which he already store on the present cloud data centers. Invalid Storage: The data may be stored on an inappropriate space or secondary memory of the cloud because if authentic storage is used then cloud provider has to pay for use of storage which reduces the profit of cloud provider. So this may be a serious issue about data privacy in cloud computing.

REFERENCES

[1]

Satveer Kaur and Amanpreet Singh, “The Concept of Cloud Computing and Issues Regarding its Privacy and Security”, International Journal of Engineering Research & Technology (IJERT), Vol. 1 Issue 3, May 2012.

[2]

Farzad Sabahi, “Cloud Computing Security Threats and Responses”, 2011 IEEE 3rd International Conference on Communication Software and Network (ICCSN), pp. 245-249, May 2011.

[3]

Alexa Huth and James Cebula,”The Basics of Cloud Computing” Carnegie Mellon University. Produced for US-CERT, 2011.

[4]

Farhan Bashir Shaikh and Sajjad Haider, “Security Threats in Cloud Computing”, 6th IEEE International Conference on Internet Technology and Secured Transactions, December, pp: 214-219, Dec. 2011.

[5]

Kim Kwang Raymond Choo, “Cloud computing: Challenges and Future Directions", Trends & Issues in Crime and Criminal Justice No. 400, Canberra: Australian Institute of Criminology, pp. 381-400, October 2010.

x

Access Control: When client saves his complete data to the server and he is not accessing it for a long time due to any reason. An unauthorized access will use that data illegally due to lack of authorized rights of access control.

[6]

Hassan Takabi, James B.D. Joshi and Gail-Joon Ahn, “Security and Privacy Challenges in Cloud Computing Environments”, Copublished By The IEEE Computer And Reliability Societies , Vol. 8 , No. 6, pp. 24-31, Dec. 2010.

x

Data Boundary: Cloud provider makes several copies of data to provide at the location for client. Wherever this data is required by a user, it is available there for use. If any data present at the data center is not used for a long time then it deleted from data center. And multiple copies of data for servers can be cause of information leak or theft.

[7]

Qi Zhang, Lu Cheng, Raouf Boutaba,”Cloud Computing: State-of-The-Art and Research Challenges”, Journal of Internet Services and Applications, Vol. 1, No. 1, pp 7-18, April 2010.

[8]

Wentao Liu, “Research on Cloud Computing Security Problem and Strategy”, 2nd International Conference on Consumer Electronics, Communications and Networks, pp. 1216-1219, April 2012.

[9]

Xiang Tana, Bo Aib, “The Issues of Cloud Computing Security in High-speed Railway”, IEEE International Conference on Electronic & Mechanical Engineering and Information Technology, Vol. 8, pp. 4358-4363, August 2011.

VI.

CONCLUSION

Cloud computing is a way of computing which depletes the boundaries of hardware and software. Each and every resource is available as a service to the user. It means cloud computing is a long term computing which will make IT technology more successful. Computing becomes easy to use &


IEEE - 33044

[10] D. Kishore Kumar, G. Venkatewara Rao, G.Srinivasa Rao, “Cloud Computing: An Analysis of Its Challenges & Security Issues”, International Journal of Computer Science and Network (IJCSN), Vol. 1, No. 5, October 2012, [11] Kuyoro S. O., Ibikunle F. and Awodele O., “Cloud Computing Security Issues and Challenges”, International Journal of Computer Networks (IJCN), Vol. 3, No. 5, pp. 247-255, 2011. [12] Ruchi Bhatnagar, “Proposal of Security Schemes For Protecting Services In Cloud Computing”, International Journal of Engineering Research & Technology (IJERT), Vol. 1, No. 3, May 2012. [13] Kevin Hamlen, Murat Kantarcioglu, Latifur Khan and Bhavani Thuraisingham, “Security Issues for Cloud Computing”, International Journal of Information Security and Privacy, Vol. 4, No. 2, April-June 2010. [14] Naveen Dogra and Harpreet Kaur, “Cloud Computing Security: Issues and Concerns”, International Journal of Emerging Technology and Advanced Engineering, Vol. 3, No. 3, March 2013.
