Detecting TCP SYN Flood Attack in the Cloud

In this paper, an approach to protecting virtual machines (VMs) against TCP SYN flood attack in a cloud environment is proposed. An open source cloud platform Eucalyptus is deployed and experimentation is carried out on this setup. We investigate attacks emanating from one VM to another in a multi-tenancy cloud environment. Various scenarios of the attack are executed on a webserver VM. To detect such attacks from a cloud provider’s perspective, a security mechanism involving a packet sniffer, feature extraction process, a classifier and an alerting component is proposed and implemented. We experiment with k-nearest neighbor and artificial neural network for classification of the attack. The dataset obtained from the attacks on the webserver VM is passed through the classifiers. The artificial neural network produced a F1 score of 1 with the test cases implying a 100% detection accuracy of the malicious attack traffic from legitimate traffic. The proposed security mechanism shows promising results in detecting TCP SYN flood attack behaviors in the cloud

CMI Computing: A Cloud, MANET, and Internet of Things Integration for Future Internet

The wireless communication is making it easier for smart devices to communicate with one another in terms of the network of the Internet of Things. Smart devices are automatically linked and built up a network on their own. But there are more obstacles to safe access within the network itself. Mobile devices such as smart home automation access point, smart washing machines, mobile boards, temperature sensors, color-changing smart lighting, smartphones, wearable devices, and smart appliances, etc. are widespread in our daily lives and is becoming valuable tools with wireless communication abilities that are using specific wireless standards that are commonly used with IEEE 802.11 access points. On the realism of the Internet, security has been perceived as a prominent inhibitor of embracing the cloud paradigm. It is resource storage and management that may lay in any since the cloud environment is a distributed architecture, which place of the world, many concerns have been raised over its vulnerabilities, security threats and challenges. The involvement of various parties has widened these concerns based on each party's perspective and objective. The Cloud point of view we mainly discuss the causes of obstacles and challenges related to security, reliability, privacy, and service availability. The wireless communication Security has been raised as one of the most critical issues of cloud computing where resolving such an issue would result in constant growth in the cloud’s use and popularity. Our purpose of this study is to create a framework of mobile ad hoc network mobility model using cloud computing for providing secure communication among smart devices network for the internet of things in 5G heterogeneous networks. Our main contribution links a new methodology for providing secure communication on the internet of smart devices in 5G. Our methodology uses the correct and efficient simulation of the desired study and can be implemented in a framework of the Internet of Things in 5G

Review and analysis of networking challenges in cloud computing

Cloud Computing offers virtualized computing, storage, and networking resources, over the Internet, to organizations and individual users in a completely dynamic way. These cloud resources are cheaper, easier to manage, and more elastic than sets of local, physical, ones. This encourages customers to outsource their applications and services to the cloud. The migration of both data and applications outside the administrative domain of customers into a shared environment imposes transversal, functional problems across distinct platforms and technologies. This article provides a contemporary discussion of the most relevant functional problems associated with the current evolution of Cloud Computing, mainly from the network perspective. The paper also gives a concise description of Cloud Computing concepts and technologies. It starts with a brief history about cloud computing, tracing its roots. Then, architectural models of cloud services are described, and the most relevant products for Cloud Computing are briefly discussed along with a comprehensive literature review. The paper highlights and analyzes the most pertinent and practical network issues of relevance to the provision of high-assurance cloud services through the Internet, including security. Finally, trends and future research directions are also presented

Understanding Security Threats in Cloud

As cloud computing has become a trend in the computing world, understanding its security concerns becomes essential for improving service quality and expanding business scale. This dissertation studies the security issues in a public cloud from three aspects. First, we investigate a new threat called power attack in the cloud. Second, we perform a systematical measurement on the public cloud to understand how cloud vendors react to existing security threats. Finally, we propose a novel technique to perform data reduction on audit data to improve system capacity, and hence helping to enhance security in cloud. In the power attack, we exploit various attack vectors in platform as a service (PaaS), infrastructure as a service (IaaS), and software as a service (SaaS) cloud environments. to demonstrate the feasibility of launching a power attack, we conduct series of testbed based experiments and data-center-level simulations. Moreover, we give a detailed analysis on how different power management methods could affect a power attack and how to mitigate such an attack. Our experimental results and analysis show that power attacks will pose a serious threat to modern data centers and should be taken into account while deploying new high-density servers and power management techniques. In the measurement study, we mainly investigate how cloud vendors have reacted to the co-residence threat inside the cloud, in terms of Virtual Machine (VM) placement, network management, and Virtual Private Cloud (VPC). Specifically, through intensive measurement probing, we first profile the dynamic environment of cloud instances inside the cloud. Then using real experiments, we quantify the impacts of VM placement and network management upon co-residence, respectively. Moreover, we explore VPC, which is a defensive service of Amazon EC2 for security enhancement, from the routing perspective. Advanced Persistent Threat (APT) is a serious cyber-threat, cloud vendors are seeking solutions to ``connect the suspicious dots\u27\u27 across multiple activities. This requires ubiquitous system auditing for long period of time, which in turn causes overwhelmingly large amount of system audit logs. We propose a new approach that exploits the dependency among system events to reduce the number of log entries while still supporting high quality forensics analysis. In particular, we first propose an aggregation algorithm that preserves the event dependency in data reduction to ensure high quality of forensic analysis. Then we propose an aggressive reduction algorithm and exploit domain knowledge for further data reduction. We conduct a comprehensive evaluation on real world auditing systems using more than one-month log traces to validate the efficacy of our approach

Sensor-Cloud Architecture: A Taxonomy of Security Issues in Cloud-Assisted Sensor Networks

The orchestration of cloud computing with wireless sensor network (WSN), termed as sensor-cloud, has recently gained remarkable attention from both academia and industry. It enhances the processing and storage capabilities of the resources-constrained sensor networks in various applications such as healthcare, habitat monitoring, battlefield surveillance, disaster management, etc. The diverse nature of sensor network applications processing and storage limitations on the sensor networks, which can be overcome through integrating them with the cloud paradigm. Sensor-cloud offers numerous benefits such as flexibility, scalability, collaboration, automation, virtualization with enhanced processing and storage capabilities. However, these networks suffer from limited bandwidth, resource optimization, reliability, load balancing, latency, and security threats. Therefore, it is essential to secure the sensor-cloud architecture from various security attacks to preserve its integrity. The main components of the sensor-cloud architecture which can be attacked are: (i) the sensor nodes; (ii) the communication medium; and (iii) the remote cloud architecture. Although security issues of these components are extensively studied in the existing literature; however, a detailed analysis of various security attacks on the sensor-cloud architecture is still required. The main objective of this research is to present state-of-the-art literature in the context of security issues of the sensor-cloud architecture along with their preventive measures. Moreover, several taxonomies of the security attacks from the sensor-cloud's architectural perspective and their innovative solutions are also provided

Tailoring the Cyber Security Framework: How to Overcome the Complexities of Secure Live Virtual Machine Migration in Cloud Computing

This paper proposes a novel secure live virtual machine migration framework by using a virtual trusted platform module instance to improve the integrity of the migration process from one virtual machine to another on the same platform. The proposed framework, called Kororā, is designed and developed on a public infrastructure-as-a-service cloud-computing environment and runs concurrently on the same hardware components (Input/Output, Central Processing Unit, Memory) and the same hypervisor (Xen); however, a combination of parameters needs to be evaluated before implementing Kororā. The implementation of Kororā is not practically feasible in traditional distributed computing environments. It requires fixed resources with high-performance capabilities, connected through a high-speed, reliable network. The following research objectives were determined to identify the integrity features of live virtual machine migration in the cloud system: To understand the security issues associated with cloud computing, virtual trusted platform modules, virtualization, live virtual machine migration, and hypervisors; To identify the requirements for the proposed framework, including those related to live VM migration among different hypervisors; To design and validate the model, processes, and architectural features of the proposed framework; To propose and implement an end-to-end security architectural blueprint for cloud environments, providing an integrated view of protection mechanisms, and then to validate the proposed framework to improve the integrity of live VM migration. This is followed by a comprehensive review of the evaluation system architecture and the proposed framework state machine. The overarching aim of this paper, therefore, is to present a detailed analysis of the cloud computing security problem, from the perspective of cloud architectures and the cloud service delivery models. Based on this analysis, this study derives a detailed specification of the cloud live virtual machine migration integrity problem and key features that should be covered by the proposed framewor

Sensor-cloud architecture: a taxonomy of security issues in cloud-assisted sensor networks

© 2021 The Authors. Published by IEEE. This is an open access article available under a Creative Commons licence. The published version can be accessed at the following link on the publisher’s website: https://ieeexplore.ieee.org/document/9451213The orchestration of cloud computing with wireless sensor network (WSN), termed as sensor-cloud, has recently gained remarkable attention from both academia and industry. It enhances the processing and storage capabilities of the resources-constrained sensor networks in various applications such as healthcare, habitat monitoring, battlefield surveillance, disaster management, etc. The diverse nature of sensor network applications processing and storage limitations on the sensor networks, which can be overcome through integrating them with the cloud paradigm. Sensor-cloud offers numerous benefits such as flexibility, scalability, collaboration, automation, virtualization with enhanced processing and storage capabilities. However, these networks suffer from limited bandwidth, resource optimization, reliability, load balancing, latency, and security threats. Therefore, it is essential to secure the sensor-cloud architecture from various security attacks to preserve its integrity. The main components of the sensor-cloud architecture which can be attacked are: (i) the sensor nodes; (ii) the communication medium; and (iii) the remote cloud architecture. Although security issues of these components are extensively studied in the existing literature; however, a detailed analysis of various security attacks on the sensor-cloud architecture is still required. The main objective of this research is to present state-of-the-art literature in the context of security issues of the sensor-cloud architecture along with their preventive measures. Moreover, several taxonomies of the security attacks from the sensor-cloud’s architectural perspective and their innovative solutions are also provided.This work was supported by the Taif University, Taif, Saudi Arabia, through the Taif University Researchers Supporting Project under Grant TURSP-2020/126.Published versio

SensorCloud: Towards the Interdisciplinary Development of a Trustworthy Platform for Globally Interconnected Sensors and Actuators

Although Cloud Computing promises to lower IT costs and increase users' productivity in everyday life, the unattractive aspect of this new technology is that the user no longer owns all the devices which process personal data. To lower scepticism, the project SensorCloud investigates techniques to understand and compensate these adoption barriers in a scenario consisting of cloud applications that utilize sensors and actuators placed in private places. This work provides an interdisciplinary overview of the social and technical core research challenges for the trustworthy integration of sensor and actuator devices with the Cloud Computing paradigm. Most importantly, these challenges include i) ease of development, ii) security and privacy, and iii) social dimensions of a cloud-based system which integrates into private life. When these challenges are tackled in the development of future cloud systems, the attractiveness of new use cases in a sensor-enabled world will considerably be increased for users who currently do not trust the Cloud.Comment: 14 pages, 3 figures, published as technical report of the Department of Computer Science of RWTH Aachen Universit