International Journal of Advanced Computational Engineering and Networking, ISSN(p): 2320-2106, ISSN(e): 2321-2063 Volume-6, Issue-9, Sep.-2018, http://iraj.in STUDY ON SECURITY LEVELS IN CLOUD COMPUTING

1K. SWATHI, 2BADDAM INDIRA

1Research Scholar, Dept. of Computer Science & Engineering, University college of Engineering, OU, Hyderabad 2Associate Professor, Dept. of Computer Science, Kasturba Degree & PG College, Hyderabad E-mail: [email protected], [email protected]

Abstract - Organization’s adapt to cloud computing is increasing rapidly as it offers many potential benefits to small and medium scale firm such as fast deployment, pay-for-use, low costs, scalability, rapid provisioning, rapid elasticity, pervasive network access, greater flexibility, and on-demand security controls. Beside its advantages, cloud computing has its own major disadvantages which is obstructing in moving cloud to vogue. Major concern on cloud computing is data and its security. Security attacks are at various levels in cloud computing which is becoming very difficult to handle with. The levels of cloud computing security include Network level, Host Level, and Application level. This paper demonstrates various possible attacks at each level of cloud computing security. It also helps in understanding the necessary measures required to be taken in order to get rid of the attacks.

Keywords - Cloud Computings; Security Levels; Phishing Attack; Malware Injection; FASP; Hypervisor; DNSSEC; Virtual Server; VMware .

I. INTRODUCTION and every type of service requires different levels of security in order to protect the cloud. Current hot topic in information technology discussions is cloud computing and the core part in it The common and main goals of security requirements is its security. Security on cloud is one of the biggest are Confidentiality, Availability, Integrity and hurdle that hamper the fame and popularity of cloud Ratification. computing. The concept of cloud was introduced by Amazon. Amazon is an American electronic Confidentiality: It is the state of maintaining the commerce and cloud computing company. In order to information protected i.e., not being revealed to run their business smoothly, they increased their unauthorized users. server capability during peak marketing time. But, the Availability: It is the state of being able to provide power consumption was very high and most of the the data without having interruptions due to any server usage was idle during off-season market. malicious activities. Hence they have come up with a new concept called Integrity: It is the state of maintaining the data Cloud Computing where they gave their servers for accurately without being modified by any rent in the off-season to others, such that they can anonymous/unauthorized users. make money out of it. Ratification: It is the state by ensuring proper and legal agreements is made which can restrict the The cloud services reach the customer through the access to any malicious or anonymous Internet facility. As the cloud works with the communications. network, there is a high chance of getting injected by various attacks like Zombie attack, Phishing attack, III. CYBER ATTACKS Man-in-the Middle attack, Password Attacks, Backdoor Channel attack, Malware Injection attack, The attacks are classified as Active and Passive. etc.,. These attack the data at various levels of Cloud Active attackers are the one who obstructs the computing like Network, Host and Application Level. connection and alter the information or system The most critical task to be ensured by cloud service resource to destruct the operations performed. Passive providers is providing effective security algorithms attackers are the one whose goal is to gain and which obstruct all the attacks and save the cloud from analyze the data but do not modify the data. getting affected and loosing confidential data of their customers. Cloud service provider should ensure that ACTIVE Attack: Alters the message during transfer their client’s data is safe and not accessed by any and sends the modified message unauthorized users.

II. CLOUD SECURITY

The services provided by Cloud are of various types like Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (Paas). Each

Study on Security Levels in Cloud Computing

16 International Journal of Advanced Computational Engineering and Networking, ISSN(p): 2320-2106, ISSN(e): 2321-2063 Volume-6, Issue-9, Sep.-2018, http://iraj.in PASSIVE Attack: Reads the message which is 3. Security (TLS): It is a transferred protocol which helps in transferring the data through Web browsers and other applications by providing data privacy and integrity. TLS is more secure and efficient when compared to SSL as it supports new and more secure algorithms and also provides authentication at message. It is also backward compatibility to get worked with legacy systems. Data breaches are the most crucial security threat in 4. Secure Hyper Text Transfer Protocol cloud computing. It had very huge impact in the year (HTTPS): It is a protocol which provides 2017 as data breaches frequently happened. Data secure communications through Internet. Its breach can also be referred as data leak or data flow. is designed using In data breach, confidential or sensitive data gets TLS and SSL mechanism to encrypt and accessed in unauthorized manner. provide data privacy and integrity during the Application Programming Interfaces (APIs) are the transfer. major software components for all the cloud services. 5. Firewalls: Firewalls are the defined set of If the APIs are not strong enough then the cyber rules that helps to protect and control the attackers can destroy the API and get access easily to network from unauthorized outgoing and any of the cloud applications. incoming network packets. It plays a major role in restricting the unlicensed or IV. SECURITY LEVELS unapproved network traffic on an suspicious zone like Internet. Based on the major goals of security requirements, need to take necessary actions at various levels like B. HOST LEVEL SECURITY Network, Host and Application to ensure that there is Cloud service provider do not share any information no loss or damage to the Cloud users. related to their host regarding their Platform, Infrastructure etc., publicly as there is a chance of A. NETWORK LEVEL SECURITY being hacked. A cloud host is typically based on The Cloud Service Providers and Users make use of cloud computing technologies that include a network Internet as a medium for the data being transferred of servers which are responsible for communications over a network which require a secure model at among different data centers located at different network level to secure the data or communication locations. They provide a facility that allows the being shared. By making use of advanced techniques clients to make use of the available services of Cloud over the network, various security issues like data as required. The concept of virtual servers is security, data confidentiality, data privacy, data introduced to fulfill the needs of all the clients leakage etc., can be easily handled which can prevent simultaneously. To manage and control sharing and the leakage or modification or theft of sensitive data allotment of virtual servers to the clients a Virtual by the attackers. Machine Manager (VMM) is presented and also 1. Secure Shell (SSH): It is a network protocol referred as Hypervisor helps in running multiple OS which provides a secure channel to transfer on single machine simultaneously. the data between remote machines through 1. Host based Firewalls: These are the set of Internet. The performance of the SSH is high rules which is implemented through when compared to various protocols like software that runs on individual machines rlogin, ftp and . SSH. Secure Shell is and restricts unauthorized communications used in file transfer mechanisms like SFTP to or fro. They are efficient when compared (Secure ), SCP (Secure to Network based Firewalls as the rules are Copy) and FASP (Fast and Secure Protocol). specific to a machine as can be designed It is being designed to secure the network effectively. These can be defined for a set of services and communications through login applications by configuring the ports of the and password authentication. applications running on a Host. 2. Secure Socket Layer (SSL): It is a protocol 2. Virtual Server Security: Virtual servers are which provides a secure way of transferring being accessed through internet; hence steps the data over Web. It makes use of need to be taken to avoid unauthorized encryption/decryption mechanism to transfer access to these virtual instances of the Host. the data. The information is exchanged The Iaas Users of Cloud will have full between Client (Browser) and Server access to these instances as VM guests. (Website). Securing these virtual servers require strong mechanisms to prevent the access from

Study on Security Levels in Cloud Computing

17 International Journal of Advanced Computational Engineering and Networking, ISSN(p): 2320-2106, ISSN(e): 2321-2063 Volume-6, Issue-9, Sep.-2018, http://iraj.in cloud attackers. One of the mechanism is to CONCLUSION restrict the access to the host based on various roles like developer, tester etc.,. The security is one of the major and critical issues in Better system auditing and public-private cloud environment. There are various areas that need security key protection can also prevent to be taken into account by cloud service providers to hacking. build trust on the services offered. Update the 3. Antivirus on VMWare: Each Virtual antivirus program regularly with latest updates. Machine can run its own individual Regularly monitoring the logs and making use of Operating system and share various efficient encryption algorithms can help the cloud resources like RAM, networking etc., hence service providers to be in safe mode. Making use of multiple Operating systems can run in cloud appropriate protocols at various levels can help the computing. Making use of efficient antivirus cloud service providers to withstand against like Kaspersky, Trend Micro, McAfee etc., unauthorized users. Virtual Private Network (VPN) and upgrading to latest updates can help in also can restrict any intruder in harming the system. protecting the host from hacking. REFERENCES C. APPLICATION LEVEL SECURITY Though there are security measure taken at network [1] Vikas Malik, Srishti Gupta, Jyoti Kaushik, “Network and host level, there might be some security Security: Security in Cloud Computing International Journal Of Engineering And Computer Science ISSN:2319-7242 loopholes at application level which may allow Volume 3 Issue 1, Jan 2014 Page No. 3643-3651. unauthorized users to access the information. Security [2] Dimiter Velev, Plamena Zlateva , “Cloud Infrastructure at application level can be achieved through some Security” Institute of Control and System Research - external software or hardware. By implementing Bulgarian Academy of Sciences. [3] Ankur Pandey , Kirtee Shevade , Roopali Soni , “Application some strong and efficient security algorithms within Level Security in Cloud Computing” International Journal of the application APIs can restrict the attacks to various Computer Science and Information Technologies, Vol. 3 (6), applications on cloud. 2012,5369-5373. 1. Secure Multipurpose Internet Mail [4] R. Charanya, M.Aramudhan, K. Mohan, S. Nithya, “Levels of Security Issues in Cloud Computing” International Journal Extensions (S/MIME): It makes use of of Engineering and Technology, ISSN: 0975-4024, Vol 5 No asymmetric mechanism of using public- 2 Apr-May 2013. private key to encrypt and decrypt the [5] Satyendra Singh Rawat, Alpesh Soni, “Security emails. It also allows to digitally signing the Requirements Guide” DISA Risk Management, Cybersecurity Standards, 18 March, 2016. email to know the sender of the mail. It is [6] Priscilla Oppenheimer, “Top-Down Network Design, 3rd used at applications to restrict unauthorized Edition. senders. [7] Dhuratë Hyseni, Artan Luma, Besnik Selimi, Betim Cico 2. Security “The Proposed Model to Increase Security of Sensitive Data in Cloud Computing” International Journal of Advanced Extensions (DNSSEC): It provides security Computer Science and Applications, Vol.9, No. 2, 2018. protocol at Domain Name System (DNS) [8] Holger Schulze, “2018 Cloud Security Report”, which is a main media to lookup for the Cybersecurity Insiders. correct Website. It has been designed to [9] Rajat Soni, Smrutee Ambalkar, Pratosh Bansal, “Security and Privacy in Cloud Computing”, 2016 Symposium on protect applications from using incorrect or Colossal Data Analysis and Networking (CDAN), manipulated DNS entry. 10.1109/CDAN.2016.7570962.



Study on Security Levels in Cloud Computing

18