Science, Technology and Development ISSN : 0950-0707

Cloud :Review of Security Issues, Threats and Challenges

SimpyKataria Assistant Professor Department of IT,LKCTC,Jalandhar

Abstract: computing is the most hottestexpansions in the IT industry also termed as on- demand computing. The technology is enticingdiverse organization due to its benefits like throughput, scalability, easy access etc. permits an remarkable business applications for IT industries to deliver IT services deprived of any additional investment. Client is able to accomplish computer processes with low capable device (like mobile) which has resource to run the web browser. Nevertheless cloud computing is packed with countless security allied issues.Alongsideit has a big challenge of security and confidentiality issues. In this paper, we review various securityissues, risks and challenges in cloud computing like data breach, confidentiality, vendor-locks-in, transparency, downtime etc. Moreover various attacks are also discussed in the paper which is risk to efficient working of the computing system.

Keywords - Cloud Computing, Security Issues, trust, confidentiality, authenticity, Saas, Paas, Iaas

I. Introduction:

Cloud computing is “a model for empoweringuseful, ondemand network access to a commongroup of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be speedily provisioned and unconfined with nominalorganizational effort or service provider collaboration” (NIST) [2]. Cloud computing normallycomprisesactivities such as the use of websites such as, Facebook or LinkedIn i.e. social networking sites between other Cloud computing can also be cast-off as a forms of social computing namely, skype, way to upsurge the dimension or ability of WhatsAppetc; though, itmainconcerns is your digital storingcapacity or related to the access of online software enhancedifferentutilitiesanimatedly with applications, online data storage and lesserassets. It protects on acquisition on processing power [1]. license of new software, teaching of new teams or producing new set-up [3]. For

instance cloud computing is reliant onthe

Volume X Issue II FEBRUARY 2021 Page No : 1046 Science, Technology and Development ISSN : 0950-0707

distribution of resources to get consistency allowingto paysimply for what we use. It and frugalities of scale i.eextrarecords of assists to evade the expenditure and organizations and its personnel aredwelled difficulty of purchasing and handling own on the cloud, thusrisingworries over the physical servers and datacenter security. The approachesorganizations can infrastructure. Every resource is provided as use arenumerous, for examplefull or partial a discrete service module and we only lease storage of data on cloud permitting to keep a specific one for needed duration. Azure, important data on private servers. Presently one of cloud providergives the infrastructure the majorsuppliers of cloud computing are service, when one buys, install, construct Cloud, or and handles own software—operating AWS, IBM cloud, Aliyun and systems, middleware and applications. Azure.[20] Amazon web services being the most effortlesslyavailable as it public and monitors ‘pay as you use’ model where as consentson use of hybrid model i.e. agreeingorganizations to savedefinite data on their private servers.

II. Cloud Structural Design

Cloud computing models are divided into 3 categories.

A. Software (SaaS): Applications are presented and spread online with the help of web browser that Fig [1] deliversold-style desktop applications such as Google Docs, Gmail, etc. III. Cloud Security Challenges

B. (PaaS):Cloud Cloud computing in its numerous ways, established to be a potent set of technologies offers the software platform for giving even smaller organizations lot of organizations such as , benefit. The hardware and software services are accomplishedby PaaS enterprises on its Though, cloud computing similar to other particularsystem. PaaSconsequentlypermits systems come out with challenges, especially related with security. users to connect in-house hardware and Underneathissummary of the security software to construct or execute a new challenges confronted by cloud computing application. users. C. Infrastructure as a Service (IaaS): IaaS rapidly changes with request,

Volume X Issue II FEBRUARY 2021 Page No : 1047 Science, Technology and Development ISSN : 0950-0707

• Absence of Perceptibility and • Agreement Complexity:In areas Governance: Concerning to together such as healthcare and finance, public and hybrid cloud where surroundings, total control over the governmentalnecessitiesinfavor to servicesprovided by organizations loading of private data is substantial, can be a major hindrance to users. accomplishing full compliance Losing control over perceptibility in the whileconsuming public or private cloud means a loss of authority over cloud assistances can be variouscharacteristics data security. Mostly extracomposite.Numerous cloud services brought by third-party enterprises challengeis faced to providers do not provide the similar level of achieveacquiescenceby cloud granularity in respects to administration and vendor.Undeniably, data confirms management. This deficiency of visibility that 51% of firms in the can lead to a deterioratingthe performance USA depends ondeclaration of increasing potential risks. compliance from their cloud vendor as validation that all legislative • Data Breaches and Downtime: In requestsare met.But later on when spite of the fact that organizational user come to that the needs are not cloud services are more secure than met fully then he/she has no legacy architecture, yet there is latent alternative to set it right. cost in the way of data breaches and • downtime. The public and private A Lack of Transparency: When a cloud contributions, solving these company is in contract with third- sorts of glitches is in the hands of the party cloud services as one or the third-party provider. Therefore, the other a public or hybrid, it is user has very slight control possiblethat they will not be aboveusage of system, as well as delivered with a how the breach is coped. completeprovisionexplanation, specifyingaccurately how the • Vendor Lock-In:For firms that platform works, and the security come to rely heavily on public and processes.This deficiency of service hybrid cloud platforms, there is a transparency makes it difficult for danger that they become forced to customers to wiselyassess whether continue with a specific third-party their data is being stored and handled vendor simply to retain operational securely at all times. Around 75% of capacity. If important applications IT managers are only a bit confident are purchased by a single vendor, it that corporation data is being becomes problematic to make warehoused securely by their cloud strategicchoiceslike shifting to a new vendor. one. As a result,provides the powerto vendor to force the customer into an unwanted contract.A study provides • Insecure Interfaces and information that 78% of IT choosers APIs:Cloud vendors deliver their describe the threat of vendor lock-in consumers with a variety of as a main reason for users facing Application Programming Interfaces difficulty in cloud environment. (APIs), thereby helping to handle the

Volume X Issue II FEBRUARY 2021 Page No : 1048 Science, Technology and Development ISSN : 0950-0707

cloud service.Inopportunely, not o Man in the Middle attacks – in this every API is completelyprotected. case the third party accomplishesthe Initially seemed secure but later on task of being interface between giving problems. This difficulty source and a destination. If this appears when the client company has happens data and control can be constructed their own application breached by the third party. layer on top of these APIs. The o Distributed Denial of Service – a security defenselessness then on DDoS attack tries to bump a resource customer’sapplicationi.einternal offline by saturating it with too application, or even a public fronting abundant traffic. application theoreticallyrevealing o Account or Service Traffic private data. Hijacking – aeffective attack of this where hijacker gets key and • Insufficient Due Diligence: Certain password to secure data and tampers companies where there is absenceof with it. the resources to completelyvalue the inferences of cloud acceptance, then Moreover, deliberations such as vendor the threat of putting a platform that is lock-in, service transparency, and visibility fruitless and even uncertain is essentialbeassessedbeforehandcreating a real.Concernregarding issues of data promises to a specific cloud vendor. security should be well- definedearlier any deployment. Inadequateto solve such concerns can lead to liabilities. IV.SECURITY RISK IN CLOUD COMPUTING

• Shared Technology Computing is a way of retrieving resources Vulnerabilities:Consuming public and amenities for aindividual organization. or hybrid cloud assistances can However hacker, attacker and security uncoverconsumers to security investigatordiscover that cloud computing is susceptibilitiesinstigated by other not completelysafe. It has users of the same cloud certainrisksrevealed below [9] [11] infrastructure.The responsibility is on the cloud service providerto look • Insecure Interface : Cloud service forward to such situations. Any supplierdisplay all the software security vulnerabilities caused by interface and application which are one user effects all others on same provide interfacebetween cloud and network. software. Data organization, characteristicsadministration, • Other Potential Threats:Combined monitoring of service all ensue on with security issues directly effecting the cloud. Verification and access to the cloud service, there are control is watchedover by interfaces certainother external threats leading too [10]. to seriousissue. Such as: • Data Loss or Leakage : During data being executed on cloud

Volume X Issue II FEBRUARY 2021 Page No : 1049 Science, Technology and Development ISSN : 0950-0707

environmentit goes through two createscertainalteration to packet like phases. Initially, data user stores the change in packet header and sending data from its machine onto packet which appears as packet is cloud.Following, with data being initiating from reliable system.[12] passedsingle to multi transmission mode. This can lead to loss and • DDOS Attacks : In DDOS leakage of data. (Distributed Denial of Service) attack, attacker creates some • Malicious Insiders : Certain spoofing and directs large amount of situations arise when a person or appeals to the server. Thereby employee hired for giving services is making server busy and thus unable the one who leak out data to other to response to trusted and reliable organization as it happens at internal user. Soserver refutes for providing level consumer is unaware of the service to customer and DDOS situation.[11] occurs [12].

• Shared Technology : Modules of operationalunderneath the cloud making environment (virtual memory, processor, caches etc) for computing is not supporting multi

execution mode. [12].

• Flood Attacks : At time any customer is consuming the cloud computing services and he requires

extendingextent of service and initialization occurowing to reliance on internal communication. Attackers make false request so that network becomes busy for the genuine users thereby increasing traffic

• IP Spoofing : IP spoofing is known as examination of network traffic. Once any attacker sends message to a computer being a trusted user. Attacker get to know the IP address

of a reliable system and

Volume X Issue II FEBRUARY 2021 Page No : 1050 Science, Technology and Development ISSN : 0950-0707

IV. A SHORT REVIEW ON WORKS DONE IN SECURITY ISSUES OF CLOUD COMPUTING

S.No Name of Paper Year of Author Description Publication 1 Large scale Optimized 2019 TessemaMengistu, This paper focuses Searching for Cruise Itinerary Abdulrahman on Cruise Itinerary Scheduling on the Cloud Alahmadi, Schedule Design Abdull ah Albual (CISD) issue, a cruise itinerary wishes to be acknowledged to expand a cruise company's payoff. A strategy optimization method grounded on a heuristic taboo search strategy that processes and examines the cruise schedule and a genetic algorithm optimizing the heuristic search parameters. The recommended presentation method and the scalability / cost efficiency of the Amazon Web Services cloud infrastructure is described. 2 A SURVEY ON CLOUD 2019 S.Pavithra , The paper describes SECURITY ISSUES AND the concept of Block BLOCKCHAIN S.Ramya chain which is making a cloud Soma Prathibha environment better than before. Block chain overpowers the security issues in cloud computing. These survey

Volume X Issue II FEBRUARY 2021 Page No : 1051 Science, Technology and Development ISSN : 0950-0707

intentions at assessing and associating various issues in the cloud environment and security issues using block chain A model is propsed which will increase the integrity in the cloud. 3 Critical Security Issues in 2018 Xiaotong Sun In this paper, a Cloud Computing: A Survey analysis was completed to evaluate all vital safety features of cloud computing. IT covered three parts: , , and .The survey also illustrated that security issues in cloud computing is consequent of both insider and outsider dangers. Old-styled security protocols can mostly help to avoid risks from outsider threats; an actual FHE is a chosen solution despite of any available solution. 4 Cloud Computing: Legal and 2018 HussamHourani In this paper the Security Issues main issues of Cloud Mohammad Abdallah Computing are underlined and certain key challenges associated to Legal, contractual and Security issues. Collaboration among services provides,

Volume X Issue II FEBRUARY 2021 Page No : 1052 Science, Technology and Development ISSN : 0950-0707

customers and Legal bodies is vital to flourish Reform of the current rules, regulations, policies, and law should be enforced to evade any major failures for independent regulatory body should be defined to maintain communication among all. 5 A Survey on Layer wise 2017 Mr.S.Hendry Leo This survey Issues and Challenges in Kanickam, demonstrates that Cloud Security there is no Dr.L.Jayasimman, appropriate output which covers all the Dr. layers of cloud. A.NishaJebaseeli Mostly the work is done on cloud service level security rather than provider level.A proposal was proposed which will cover cloud layer wise issues in a single package 6 Issues And Challenges of Data Prof.(Dr.) Pradeep This paper describes Security In A Cloud Computing Kumar Sharma that main focus must Environment Prof. (Dr.) be over how the data Prem Shankar is being transferred Kaushik, over the network. PrernaAgarwal, Payal Homomorphic Jain, , ShivangiAgarwal, Searchable/ Kamlesh Dixit structured encryption, Proofs of storage, Server aided secure computation and further methods to overawed circumstances of data breach , making cloud more secure

Volume X Issue II FEBRUARY 2021 Page No : 1053 Science, Technology and Development ISSN : 0950-0707

and safe . 7 Cloud Computing: Technology, 2017 Naim Ahmad This paper has out Security Issues and Solutions build the focus on the establishing technologies of cloud computing such as and web services/applications. These issues mainly focuses on two major types firstly the traditional issues likely the web services and secondly on the implementation of cloud technology such as virtualization, cloud architecture, cloud deployment models, cloud service models and service level agreements This paper also describes significance of multi- level integrated cloud security in distinction to the well-known security- as-a-service concept. Further focusing up on the push model to implement security from CSP1, CSP2 to CSC.

V.Conclusion Cloud Computing, the security issues need to be reducedmoreover other threats need to In this Review Paper, the key points be handled .Sharing of resources is the summarized are the security issues majorconcern in cloud computing. As in challenges along with privacy. The cloud computing, data is used by any suitableavailable resultsgiven in every paper person. So strong encryption methods must is also are also discussed. So, it can be also be brought into considerations. On the summarized that to improve the service of

Volume X Issue II FEBRUARY 2021 Page No : 1054 Science, Technology and Development ISSN : 0950-0707

other hand yet many problem are unknown is always open. and unseen so the door of the future research

References:

[1] Kuyoro, Shade &Ibikunle, F &Oludele, Awodele. (2011). Cloud Computing Security Issues and Challenges.International Journal of Computer Networks (IJCN). 3. 247-255.

[2] Peter Mell, and Tim Grance, "The NIST Definition of Cloud Computing," 2009, ”http://www.wheresmyserver.co.nz/storage/media/faq-files/cloud-defv15.pdf”, Accessed April 2010

[3] DimitriosZissis, DimitriosLekkas. “Addressing cloud computing security issues” in Future Generation Computer Systems Volume 28, Issue 3, March 2012, pp. 583-592

[4] Xiaotong Sun,” Critical Security Issues in Cloud Computing: A Survey, 2018 4th IEEE International Conference on Big Data Security on Cloud.

[5] S.Pavithra ,S.Ramya ,Soma Prathibha “A SURVEY ON CLOUD SECURITY ISSUES AND BLOCKCHAIN” , 3rd International Conference on Computing and Communication Technologies ICCCT 2019

[6] HussamHourani ,MohammadAbdallah “Cloud Computing: Legal and Security Issues” , 2018 8th International Conference on Computer Science and Information Technology (CSIT)

[7] Prof.(Dr.) Pradeep Kumar Sharma ,Prof. (Dr.) Prem Shankar Kaushik, PrernaAgarwal, Payal Jain,

ShivangiAgarwal, Kamlesh Dixit “Issues And Challenges of Data Security In A Cloud Computing Environment” 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON)

[8] Naim Ahmad “Cloud Computing: Technology, Security Issues and Solutions” 2017 2nd International Conference on Anti-Cyber Crimes (ICACC)

[9[ XiangTana, Bo Aib, “The Issues of Cloud Computing Security in High-speed Railway”, IEEE International Conference on Electronic & Mechanical Engineering and Information Technology, Vol. 8, pp. 4358-4363, August 2011.

[10] RuchiBhatnagar, “Proposal of Security Schemes For Protecting Services In Cloud Computing”, International Journal of Engineering Research & Technology (IJERT), Vol. 1, No. 3, May 2012

Volume X Issue II FEBRUARY 2021 Page No : 1055 Science, Technology and Development ISSN : 0950-0707

[11] Kevin Hamlen, Murat Kantarcioglu, Latifur Khan and BhavaniThuraisingham, “Security Issues for Cloud Computing”, International Journal of Information Security and Privacy, Vol. 4, No. 2, April-June 2010.

[12] D. Kishore Kumar, G. VenkatewaraRao, G.SrinivasaRao, “Cloud Computing: An Analysis of Its Challenges & Security Issues”, International Journal of Computer Science and Network (IJCSN), Vol. 1, No. 5, October 2012,

[13]Santos, Nuno, Krishna P. Gummadi, and Rodrigo Rodrigues. "Towards trusted cloud computing." Proceedings of the 2009 conference on Hot topics in cloud computing. 2009.

[14] Alexey Lesovsky. Getting Started with oVirt 3.3. ISBN 9781783280070.

[15] Cong Wang, Qian Wang, KuiRen, and Wenjing Lou, “Ensuring Data Storage Security in Cloud Computing,” 17th International workshop on Quality of Service, USA, pp.1-9, July 13-15, 2009, ISBN: 978-1-4244- 3875-4

Volume X Issue II FEBRUARY 2021 Page No : 1056