Security Protocol Suite for Preventing Cloud-based Denial-of-Service Attacks

Cloud systems, also known as cloud services, are among the primary solutions of the information technology domain. Cloud services are accessed through an identity authentication process. These authentication processes have become increasingly vulnerable to adversaries who may perform denial-of-service (DoS) attacks to make cloud services inaccessible. Several strong authentication protocols have been employed to protect conventional network systems. Nevertheless, they can cause a DoS threat when implemented in the cloud-computing system. This is because the comprehensive verification process may exhaust the cloud resources and shut down cloud’s services. This thesis proposes a novel cloud-based secure authentication (CSA) protocol suite that provides a smart authentication approach not only for verifying the users’ identities but also for building a strong line of defense against the DoS attacks. CSA protocol suite offers two modules, CSAM-1 and CSAM-2. The decision of which module of CSA to be utilized depends on the deployment nature of the cloud computing. CSAM-1 is designed to prevent external risks of DoS attacks in private and community cloud computing. CSAM-1 utilizes multiple techniques that include the client puzzle problem and utilization of unique encrypted text (UET). Therefore, these techniques can distinguish between a legitimate user’s request and an attacker’s attempt. CSAM-2 is designed to prevent internal risks of DoS attacks in public and hybrid cloud computing. CSAM-2 combines an extended unique encrypted text (EUET) application, client puzzle problem, and deadlock avoidance algorithm to prevent DoS risks that occur from inside cloud computing systems. The authentication process in both modules is designed so that the cloud-based servers become footprint-free and fully able to detect the signs of DoS attacks. The reliability and scalability of these two modules have been measured through a number of experiments using the GreenCloud simulation tool. The experiments’ results have shown that the CSA protocol suite is practically applicable as a lightweight authentication protocol. These experiments have verified the ability of the CSA to protect the cloud-based system against DoS attacks with an acceptable mean time to failure while still having the spare capacity to handle a large number of user requests

An Enhanced Cloud-Based Secure Authentication (ECSA) Protocol Suite for Prevention of Denial-of-Service (DoS) Attacks

Cloud systems are currently one of the primary solutions used in the information technology (IT) domain, also known as cloud services. Cloud services are accessed via an identity authentication process. These authentication processes have become gradually vulnerable to aggressive attackers who may perform Denial of Service (DoS) attacks to keep cloud services inaccessible. Several strong authentication protocols have been employed to protect traditional network systems and verify the identity of the users. Nevertheless, these authentication protocols could cause a DoS threat when implemented in the cloud-computing system. This is because the comprehensive verification process may exhaust the clouds� resources and shut their services down. In this work, we propose an enhanced cloud-based secure authentication protocol suite to operate as DoS resistance on multiple cloud layers. Our proposed solution utilizes multi-technique to prevent external and internal risks of DoS attacks. These techniques can distinguish legitimate a user�s requests from an attacker�s requests and then direct the legitimate user to the requested service(s). The cloud�s servers in the proposed authentication process become imprint-free servers, and fully aware of DoS attacks. To validate the proposed solution, an experiment is conducted using state-of-the-art cloud simulation (GreenCloud). The experimental results verify that the proposed solution is practically applicable as a lightweight authentication protocol suite in multiple cloud layers in terms of reliability and scalability

A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view

Analysis of Cloud Security Controls in AWS, Azure, and Google Cloud

This research paper aims at solving the gap of information related to cloud security alliance top twenty critical controls. By reviewing the controls against the major cloud providers. Most organizations are adopting cloud for their business-critical applications. To make it secure, they need to understand the security controls they have access to and how they can perform cloud audits to assure the organization is secure in the cloud environment and complaint. To counter this predicament, Information technology professionals need to review the cloud security measures in AWS, Google Cloud, Azure against CIS top 20 controls, which will help security professionals identify the right cloud vendor for their business needs. This paper provides additional information to the reader who wants to understand the role of security controls in cloud environment and how they address the cloud security risk. Cloud users, cloud architects and cloud consumers will be able to understand how various cloud providers offer tools which assist in maintain the security controls. This research paper provides the base layer information and will help future research in cloud security controls

From cloud computing security towards homomorphic encryption: A comprehensive review

“Cloud computing” is a new technology that revolutionized the world of communications and information technologies. It collects a large number of possibilities, facilities, and developments, and uses the combining of various earlier inventions into something new and compelling. Despite all features of cloud computing, it faces big challenges in preserving data confidentiality and privacy. It has been subjected to numerous attacks and security breaches that have prompted people to hesitate to adopt it. This article provided comprehensive literature on the cloud computing concepts with a primary focus on the cloud computing security field, its top threats, and the protection against each one of them. Data security/privacy in the cloud environment is also discussed and homomorphic encryption (HE) was highlighted as a popular technique used to preserve the privacy of sensitive data in many applications of cloud computing. The article aimed to provide an adequate overview of both researchers and practitioners already working in the field of cloud computing security, and for those new in the field who are not yet fully equipped to understand the detailed and complex technical aspects of cloud computing

Cloud Forensic: Issues, Challenges and Solution Models

Cloud computing is a web-based utility model that is becoming popular every day with the emergence of 4th Industrial Revolution, therefore, cybercrimes that affect web-based systems are also relevant to cloud computing. In order to conduct a forensic investigation into a cyber-attack, it is necessary to identify and locate the source of the attack as soon as possible. Although significant study has been done in this domain on obstacles and its solutions, research on approaches and strategies is still in its development stage. There are barriers at every stage of cloud forensics, therefore, before we can come up with a comprehensive way to deal with these problems, we must first comprehend the cloud technology and its forensics environment. Although there are articles that are linked to cloud forensics, there is not yet a paper that accumulated the contemporary concerns and solutions related to cloud forensic. Throughout this chapter, we have looked at the cloud environment, as well as the threats and attacks that it may be subjected to. We have also looked at the approaches that cloud forensics may take, as well as the various frameworks and the practical challenges and limitations they may face when dealing with cloud forensic investigations.Comment: 23 pages; 6 figures; 4 tables. Book chapter of the book titled "A Practical Guide on Security and Privacy in Cyber Physical Systems Foundations, Applications and Limitations", World Scientific Series in Digital Forensics and Cybersecurit

A Federated Architecture for Heuristics Packet Filtering in Cloud Networks

The rapid expansion in networking has provided tremendous opportunities to access an unparalleled amount of information. Everyone connects to a network to gain access and to share this information. However when someone connects to a public network, his private network and information becomes vulnerable to hackers and all kinds of security threats. Today, all networks needs to be secured, and one of the best security policies is firewall implementation. Firewalls can be hardware or cloud based. Hardware based firewalls offer the advantage of faster response time, whereas cloud based firewalls are more flexible. In reality the best form of firewall protection is the combination of both hardware and cloud firewall. In this thesis, we implemented and configured a federated architecture using both firewalls, the Cisco ASA 5510 and Vyatta VC6.6 Cloud Based Firewall. Performance evaluation of both firewalls were conducted and analyzed based on two scenarios; spike and endurance test. Throughputs were also compared, along with some mathematical calculations using statistics. Different forms of packets were sent using a specialized tool designed for load testing known as JMeter. After collecting the results and analyzing it thoroughly, this thesis is concluded by presenting a heuristics method on how packet filtering would fall back to the cloud based firewall when the hardware based firewall becomes stressed and over loaded, thus allowing efficient packet flow and optimized performance. The result of this thesis can be used by Information Security Analyst, students, organizations and IT experts to have an idea on how to implement a secured network architecture to protect digital information