City Research Online

City Research Online

Sajjad, Ali (2015). A secure and scalable communication framework for inter-cloud services. (Unpublished Post-Doctoral thesis, City University London) City Research Online Original citation: Sajjad, Ali (2015). A secure and scalable communication framework for inter- cloud services. (Unpublished Post-Doctoral thesis, City University London) Permanent City Research Online URL: http://openaccess.city.ac.uk/14415/ Copyright & reuse City University London has developed City Research Online so that its users may access the research outputs of City University London's staff. Copyright © and Moral Rights for this paper are retained by the individual author(s) and/ or other copyright holders. All material in City Research Online is checked for eligibility for copyright before being made available in the live archive. URLs from City Research Online may be freely distributed and linked to from other web pages. Versions of research The version in City Research Online may differ from the final published version. Users are advised to check the Permanent City Research Online URL above for the status of the paper. Enquiries If you have any enquiries about any aspect of City Research Online, or if you wish to make contact with the author(s) of this paper, please email the team at [email protected]. A Secure and Scalable Communication Framework for Inter-Cloud Services Ali Sajjad School of Mathematics, Computer Science & Engineering City University London This dissertation is submitted for the degree of Doctor of Philosophy September 2015 THE FOLLOWING PARTS OF THIS THESIS HAVE BEEN REDACTED FOR COPYRIGHT REASONS: p 7: Fig 1.2. International Data Corporation survey. p 8: Fig 1.3. International Data Corporation survey. p 43: Fig 2.13. Architectural view of Google Secure Data Connector. Supervisors Prof. Muttukrishnan Rajarajan (City University London) Prof. Andrea Zisman (The Open University) Prof. Theo Dimitrakos (British Telecom/University of Kent) i ابّو ، امّی ، رحمٰی ، زعیم اور عيشہ کے ل “For Abbu, Ammi, Ruhma, Zaim and Eesha” رازِ حیات پوچھ لےخضرخجستہ گام سے زندہ ہرایک چیز ہے ِکوشش نا تمام سے (علامہ محمّد اقبالؒ) Ask Khidr, him of the blessed feet, for the secret of life ‘Everything that is alive is due to unsuccessful efort’ (Iqbal) Acknowledgements I would like to express my gratitude to my advisers, Muttukrishnan Rajarajan, Andrea Zisman and Theo Dimitrakos, firstly for agreeing to take me on as a PhD student and then for their continuous guidance in form of fruitful discussions and useful advises. Special thanks to Theo for arranging further funding for me after the third year, without which it would have been very difficult, if not impossible, for me to complete this thesis. I am also grateful to Constantino Carlos Reyes-Aldasoro and Steven Furnell for being on my committee and for their timely corrections and comments that helped me greatly in improving this thesis. On a personal note, I would like to thank and pay tribute to my parents who have made immense efforts and sacrifices throughout my life so that I could focus all of my energies on my academic pursuits. I admit that I have not been able to do justice to their efforts and their prayers and unconditional support are the only reasons that I have been able to accomplish anything. I am also deeply thankful to my wife, who has supported me in these last four years while pursuing her own doctoral research and raising our two wonderful children in parallel. Thank you Ruhma for your phenomenal multi-tasking skills and for being a rock for our family. Lastly, I do not know how to express in words my eternal love for the sources of my motivation and inspiration, my brilliant children Zaim and Eesha, whose laughter takes away all of my worries and weariness. I love you. I hereby declare that except where specific reference is made to the work of others, the contents of this dissertation are original and have not been submitted in whole or in part for consideration for any other degree or qualification in this, or any other University. This dissertation is the result of my own work and includes nothing which is the outcome of work done in collaboration, except where specifically indicated in the text. Ali Sajjad September 2015 Abstract A lot of contemporary cloud computing platforms offer Infrastructure- as-a-Service provisioning model, which offers to deliver basic virtual- ized computing resources like storage, hardware, and networking as on-demand and dynamic services. However, a single cloud service provider does not have limitless resources to offer to its users, and in- creasingly users are demanding the features of extensibility and inter- operability with other cloud service providers. This has increased the complexity of the cloud ecosystem and resulted in the emergence of the concept of an Inter-Cloud environment where a cloud computing platform can use the infrastructure resources of other cloud computing platforms to offer a greater value and flexibility to its users. However, there are no common models or standards in existence that allows the users of the cloud service providers to provision even some basic services across multiple cloud service providers seamlessly, although admittedly it is not due to any inherent incompatibility or proprietary nature of the foundation technologies on which these cloud computing platforms are built. Therefore, there is a justified need of investigating models and frameworks which allow the users of the cloud computing technologies to benefit from the added values of the emerging Inter- Cloud environment. In this dissertation, we present a novel security model and protocols that aims to cover one of the most important gaps in a subsection of this field, that is, the problem domain of pro- visioning secure communication within the context of a multi-provider Inter-Cloud environment. Our model offers a secure communication framework that enables a user of multiple cloud service providers to provision a dynamic application-level secure virtual private network on top of the participating cloud service providers. We accomplish this by taking leverage of the scalability, robustness, and flexibility of peer-to-peer overlays and distributed hash tables, in addition to novel usage of applied cryptography techniques to design secure and efficient admission control and resource discovery protocols. The peer-to-peer approach helps us in eliminating the problems of manual configura- tions, key management, and peer churn that are encountered when setting up the secure communication channels dynamically, whereas the secure admission control and secure resource discovery protocols plug the security gaps that are commonly found in the peer-to-peer overlays. In addition to the design and architecture of our research contributions, we also present the details of a prototype implementa- tion containing all of the elements of our research, as well as showcase our experimental results detailing the performance, scalability, and overheads of our approach, that have been carried out on actual (as opposed to simulated) multiple commercial and non-commercial cloud computing platforms. These results demonstrate that our architecture incurs minimal latency and throughput overheads for the Inter-Cloud VPN connections among the virtual machines of a service deployed on multiple cloud platforms, which are 5% and 10% respectively. Our results also show that our admission control scheme is approximately 82% more efficient and our secure resource discovery scheme is about 72% more efficient than a standard PKI-based (Public Key Infras- tructure) scheme. Table of Contents Table of Contents vii List of Figures xiii List of Tables xix List of Abbreviations xx 1 Introduction 1 1.1 Overview of Cloud Computing . 1 1.2 Characteristics of Cloud Computing . 5 1.3 Challenges of Cloud Computing . 6 1.4 Research Problem . 9 1.5 Research Objectives . 12 1.6 Thesis Contributions . 15 1.7 Thesis Outline . 16 2 Review of Related Work 17 2.1 Client-Server based approaches . 22 2.2 Virtual Network based approaches . 24 vii Table of Contents 2.2.1 VNET . 24 2.2.2 VIOLIN . 26 2.3 Peer-to-Peer based approaches . 26 2.3.1 Hamachi . 28 2.3.2 N2N . 30 2.4 Cloud based approaches . 32 2.4.1 Dynamic IP-VPN . 33 2.4.2 IPsec VPN . 35 2.4.3 Connectivity as a Service (CaaS) . 38 2.4.4 Amazon Virtual Private Cloud (Amazon VPC) . 41 2.4.5 Google Secure Data Connector . 42 2.4.6 CohsiveFT VPN-Cubed . 43 2.5 Chapter Summary . 45 3 Background 48 3.1 Peer-to-Peer Overlays . 50 3.2 Distributed Hash Tables . 53 3.3 IPsec . 57 3.4 Internet Key Exchange . 60 3.5 Key Agreement Protocols . 62 3.6 Functional Cryptography . 65 3.6.1 Predicate Encryption . 68 3.6.2 Identity-based Encryption . 69 3.6.3 Attribute-Based Encryption . 70 3.7 Chapter Summary . 71 viii Table of Contents 4 Inter-Cloud VPN Overlay 73 4.1 Design and Architecture . 75 4.1.1 Inter-Cloud VPN Overlays . 77 4.1.2 Secure Virtual Private Connections . 83 4.2 Prototype Implementation . 88 4.3 Experimental Evaluation . 90 4.3.1 Latency Evaluation Methodology . 90 4.3.1.1 Measurement Tools . 91 4.3.2 Throughput Evaluation Methodology . 92 4.3.2.1 Measurement Tools . 93 4.3.2.2 Data Size for Throughput Experiments . 94 4.3.3 Scalability Evaluation Methodology . 99 4.3.3.1 Measurement Tools . 99 4.4 Experimental Results and Analysis . 102 4.4.1 Service Latency . 102 4.4.2 Service Throughput . 106 4.4.3 Service Scalability . 107 4.5 Chapter Summary . 111 5 Inter-Cloud VPN Admission Control 113 5.1 Admission Control in Peer-to-Peer Systems . 113 5.1.1 Definition . 113 5.1.2 Bootstrapping using Server Lists .

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    231 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us