See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/284451951

Information Security in Cloud Computing

Article · August 2014

DOI: 10.7753/IJCATR0308.1005

CITATION READS
1 2,394

1 author:

Ekambaram Kesavulu Reddy

Sri Venkateswara University
26 PUBLICATIONS   52 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Computer Architecture View project

Elliptic curve cryptography View project

All content following this page was uploaded by Ekambaram Kesavulu Reddy on 24 April 2018.

The user has requested enhancement of the downloaded file.

 International Journal of Computer Applications Technology and Research
Volume 3– Issue 8, 510 - 514, 2014, ISSN: 2319–8656

Information Security in Cloud Computing

E.Kesavulu Reddy
Dept.of Computer Science,
S.V.University College of CM & CS,
Tirupati, Andhra Pradesh, India-517502.

Abstract :-The National Institute of Standards and Technology (NIST) defined cloud computing as a model for enabling convenient, on-
demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal
management effort or cloud provider interaction. Cloud Computing refers to the following concepts of Grid Computing, Utility
Computing, software as a service, storage in the cloud and virtualization. These are termed as a client using a provider’s service remotely,
known as cloud. Cloud computing has the potential to change how organizations manage information technology and transform the
economics of hardware and software at the same time. Cloud computing promised to bring a new set of entrepreneurs who could start their
venture with zero investment on IT infrastructure. A principal goal of this paper is to identify privacy and security issues in the distributed
environment and concern to cloud computing participants and users .

Keywords: Cloud computing, Security and Privacy, Information Technology, IT, Software as a service, Grid Computing, Utility
Computing, Security.

1. INTRODUCTION
The Cloud Computing is a latest concept to become popular in 2.2.. Grid Computing
computer industry. The basic idea of Cloud Computing is the Grid computing attaches computers from multiple
sharing of computing resources among a community of users. administrative spheres to reach a common goal for solving a
At present cloud computing emerged as a web based technology single task. The strategies used by Grid computing are to use
computing that provides a freedom in the establishment of IT middleware to divide the pieces of program among several
infrastructure[1]. Cloud is basically representing internet and computers. It includes computation in a distributed fashion.
web based applications. It basically works on user interactive Grid computing is providing the resources of many computers
software which is as simple as web browser. The various cloud in a network to a problem at the same time to a scientific or
vendors do not require their own infrastructure rather they can technical problem that needs large number of computers
rent or use third party providers processing or ease to access large amount of data.

2. DIFFERENT TYPES OF CLOUD 2.3..Utility Computing

COMPUTING Utility computing is the packaging of computation resources,
such as computation, storage and service as a metered service.
2.1. Cloud Computing This model has the benefit of lesser cost to get hold of computer
The Cloud Computing can be termed as internet based and are
resources. Utility computing can be same to some extent which
connected through the remote servers. Through this sharing of
has the features of very large computations or a sudden height
data processing tasks, online access to computer resources or
of demand which are supported by a huge number of computers.
services and centralized data storage. The best examples are
electric station, in which consumer use power without having Utility computing is having some features of virtualization, so
the knowledge of infrastructure to provide the service. In the the large amount of storage or computing power is
same manner, the cloud vendors use the resources as a service utilized at a single time sharing computers.
and pay only for resources that they use. majority cloud
computing infrastructures includes services delivered through 3. SERVICES OF CLOUD COMPUTING
common centers and build on servers.
Cloud computing provides both the software and
hardware services through or over the internet. The
services are mainly classified into three categories[3]:-

3.1. Software as a Service (SaaS)

The SaaS allows a user to use the software or application as
service on demand using the Internet.

Fig.1.1. Cloud Containing Servers

www.ijcat.com 510
 International Journal of Computer Applications Technology and Research
Volume 3– Issue 8, 510 - 514, 2014, ISSN: 2319–8656

3.2. Infrastructure as a Service (IaaS): 4. Location of Data : The physical location of the
It allows a user to use IT infrastructure such as hardware, server storing the data may have legal implications
storage and networking components as a service. The user can
access the operating system, storage and application.
5.2. Security issues
3.3. Platform as a Service (PaaS)
The provider provides a platform for their own use and user. Security Domains

4. CLOUD COMPUTING MODEL

Client Server Security
4.1. Private Cloud
In this model, the infrastructure is used, maintained and Location and Control of Data
operated for a specific company or organization.
Network Security
4.2. Community Cloud
In this model, the infrastructure is shared among the various
companies or organizations with similar areas of interests and Data Recovery in the Cloud Computing
requirements.

4.3. Public cloud Securing Data in the Cloud

In this model, the infrastructure is available to the public for
business purpose by various cloud service providers.
Installation and Maintenance of Firewall

Private
Data Encryption
Communit Public
Cloud y Cloud Cloud

Backup and Recovery

Communi
Private ty Cloud
Cloud
Public Fig.1.3. Security Domains
Hybrid Cloud

5.2.1. Client server security

Cloud computing encompasses a client and a server. To
maintain secure client, organizations should review existing
security practices and employ additional ones to ensure the
security of its data. Clients must consider secure VPN to
connect to the provider.
Web browsers are used in client side to access cloud computing
services. Cloud providers usually provide the consumers with
Flg.1.2. Cloud Computing Model APIs which is used by the latter to control, monitor the cloud
services. It is vital to ensure the security of these APIs to protect
5. PRIVACY AND SECURITY ISSUES against both accidental and malicious attempts to evade the
security. The various plug-ins and applications available in the
OF CLOUD COMPUTING web browsers also causes a serious threat to the client systems
used to access the provider. Many of the web browsers do not
5.1. Privacy issues allow automatic updates which will append to the security
1. Compelled Disclosure to the government Cloud can concerns. Cloud providers should also incorporate these
be subject to different levels of protection than on the measures to assure secure transaction among its customers
information it contained
2. Data Security and Disclosure of Breaches: How does 5.2.2. Location and control of data
cloud provider protect customer’s data how can In traditional data centers business had the privilege to know
customer ensure security compliance when storing about the data flow, exact data location, precautions used to
information on the cloud? protect data from unauthorized access. The physical location’
raises the question of legal governance over the data. Another
3. Data Accessibility, Transfer and Retention: Can
impediment issue is incase of disputes arises between the
companies and consumers have access to data on
provider and the customer.
cloud? [4]Can the data be destructed by cloud owners
or should it be returned to customers?
Public cloud has the attraction of cost saving and low
maintenance but the enticement comes with a drawback. The

www.ijcat.com 511
 International Journal of Computer Applications Technology and Research
Volume 3– Issue 8, 510 - 514, 2014, ISSN: 2319–8656

infra structure has to be shared with unknown people. A cyber store crucial data organizations can think of private or hybrid
invader can act as a subscriber and can spread malicious viruses cloud where the data will be in secure corporate firewall.
in the system. It is a responsibility of the provider to check the
authenticity of the consumers. The vendor may grant some
privileged third parties access to your stored data. The identity
5.2.8. Back up and recovery
of such parties, if any, must be disclosed to the customer. Here, In cloud computing data is stored in distributed location..
the third party could be a legal authority or even an internal Backup software should include public cloud APIs, enabling
employee. The customer should always be informed before the simple backup and recovery across major cloud storage vendors,
vendor allows third parties to access the stored data. Non cloud such as Amazon S3, Nirvanix Storage Delivery Network.
services also have security concerns but cloud has additional
risk of external party involvement and exposure of critical and It is critical for the backup application to encrypt confidential
confidential data outside organizations control. Modifying data before sending it offsite to the cloud, protecting both data-
security measures or introducing pristine Cloud provider stores in-transit over a WAN to a cloud storage vault and data-at-rest
the data in provider’s side and maintenance is exclusively done at the cloud storage site. Consumers need to verify that the
by the providers, hence the clients have no means to check on cloud backup software they choose is certified and compliant
the providers security practices, providers employees, their with the Federal Information Processing Standards (FIPS) 140
skills specializations etc. requirements issued by the National Institute of Standards and
Technology.
5.2.3. Network security
Public cloud services are delivered over the internet, exposing
6. ENSURING SECURITY AGAINST THE
the data which were previously secured in the internal firewalls. VARIOUS TYPES OF ATTACKS
Applications which people used to access within organizations
intranet are hence exposed to networking threats and internet Problems associated with the network level security comprise
vulnerabilities which includes distributed denial of service of: DNS attacks, Sniffer attacks, issue of reused IP address,
attacks, phishing, malwares and Trojan horses. If an attacker Denial of Service (DoS) and Distributed Denial of Service
gains access to client credentials, they can eavesdrop on all attacks (DDoS) etc.
activities and transactions, manipulate data, return falsified
information, and redirect clients to illegitimate sites.
6.1. DNS attacks
A Domain Name Server (DNS) server performs the translation
5.2.4. Data recovery in cloud computing of a domain name to an IP address. Although using DNS
Usually cloud users do not know their data location and the vital security measures like: Domain Name System Security
query of data recovery in all circumstances may not be possible. Extensions (DNSSEC) reduces the effects of DNS threats but
The difficulty in retrieving data if there is a change in provider still there are cases when these security measures prove to be
or a need to roll to different platform adds to the apprehension insufficient when the path between a sender and a receiver gets
to embrace cloud computing. rerouted through some evil connection. It may happen that even
after all the DNS security measures are taken, still the route
selected between the sender and receiver cause security
5.2.5. Securing data in the cloud problems..
A Proper implementation of security measures is mandatory in
cloud computing. The fact that application is launched over the 6.2. Sniffer attacks
internet makes it susceptible for security risks. Cloud providers A sniffer program, through the NIC (Network Interface Card)
should think beyond the customary security practices like ensures that the data/traffic linked to other systems on the
restricted user access, password protection etc. Physical location network also gets recorded. It can be achieved by placing the
of stored data is also vital and it‘s the responsibility of the NIC in promiscuous mode and in promiscuous mode it can track
provider to choose the right location of storage. all data, flowing on the same network. A malicious sniffing
detection platform based on ARP (address resolution protocol)
5.2.6. Installation and maintenance of and RTT (round trip time) can be used to detect a sniffing
system running on a network.
firewall
Installation of firewall and its maintenance is mandatory to 6.3. Issue of Reused IP Addresses
ensure the protection. A firewall should be present in all
Each node of a network is provided an IP address. IP address is
external interfaces. Assessment of firewall policies and rule sets
basically a finite quantity. A large number of cases related to re-
and reconfiguration of router should be done in regular
used IP-address issue have been observed lately. When a
intervals. Build and deploy a firewall that denies access from particular user moves out of a network then the IP-address
untrusted sources or applications, and adequately logs these associated with him (earlier) is assigned to a new user. This
events. Build and deploy a firewall that restricts access from sometimes risks the security of the new user as there is a certain
systems that have direct external connection and those which time lag between the change of an IP address in DNS and the
contain confidential data or configuration data. clearing of that address in DNS caches. We can say that
sometimes though the old IP address is being assigned to a new
5.2.7. Data encryption user still the chances of accessing the data by some other user. It
is not negligible as the address still exists in the DNS cache and
Data encryption is one common approach the providers to
the data belonging to a particular user may become accessible to
protect their clients data but the question is whether the data is
some other user violating the privacy of the original user.
getting stored in encrypted format or not. Many providers
follow private/public key encryption to ensure data security. To

www.ijcat.com 512
 International Journal of Computer Applications Technology and Research
Volume 3– Issue 8, 510 - 514, 2014, ISSN: 2319–8656

6.4. DBGP Prefix Hijacking In Public key encryption bit processing time is more than
Prefix hijacking is a type of network attack in which a wrong private key encryption,. But the security is more concern rather
announcement related to the IP addresses associated with an than the speed, public-key encryption provides more secure data
Autonomous system (AS) is made malicious parties get access transmission in comparison to private-key encryption. Security
to the untraceable IP addresses. On the internet, IP space is issues in a virtualized environment wherein a malicious virtual
associated in blocks and remains under the control of AS’s. An machine tries to take control of the hypervisor and access the
autonomous system can broadcast information of an IP data belonging to other [8].
contained in its regime to all its neighbours. These ASPs
communicate using the Border Gateway Protocol (BGP) model. Step.2. Sender encrypts the Data using sender’s Public
Sometimes, due to some error, a faulty AS may broadcast Key and sends it to Receiver
wrongly about the IPs associated with it[7]. In such case, the
actual traffic gets routed to some IP other than the intended one.
Hence, data is leaked or reaches to some other destination that it Ek1
actually should not.
A Encryption B
7. SECURITY AGAINST THE VARIOUS
TYPES OF ATTACKS
Step.3. Receiver using his Private Key and Decrypts the
7.1. Symmetric Key Cryptography same data
It is equally important to secure the data in transit and security Decryption
of transmitted data can be achieved through various encryption Dk2
and decryption schemes. In such a scenario, even if the data gets
into the hands of a hacker, he won’t be able to make any
unauthorized use until he knows how to decrypt it. A few of the B Private key k2 A
encryption-decryption techniques include private and public key
encryption. In a symmetric key (private key) encryption such as:
DES, Triple DES, RC2, RC4 etc, the same key is used for
encryption and decryption. Before the data is transferred, the
8. CHALLENGES OF CLOUD
key is shared between both the receiver and the sender. Sender COMPUTING
then sends the data after having encrypted it using the key and
the receiver decrypts it using the same key. 8.1. Data Security
Security is the main area of concern. A cloud vendor watches
Step.1. Receiver sends its Private Key to sender the usage of the cloud and the data. The person who is using the
cloud doesn’t have the knowledge about the back-end data
storage. The user doesn’t have the fair idea where they are
storing their data. This can be rectified if vendors can provide a
A Private Key B good security[7] or strong firewall and if they adopt encryption
facility.

Step.2. Sender encrypts the Data using sender’s Private 8.2. Data Recovery and Availability
key and sends it to Receiver This challenge is faced by the vendors. The vendor should
maintain a good recovery system and good maintenance
Ek1 management system.
A Encryption B
8.3. Management Abilities
Step.3. Receiver using his Private Key and Decrypts the The management of platform and communication are in its
same data starting phase. There is a huge requirement to improve on the
Dk1 scalability and load equal balancing features.

B Decryption A 9. ADVANTAGES OF CLOUD

COMPUTING
7.2. Asymmetric Key Cryptography
In case of Asymmetric key algorithm (RSA, DSA etc..) there
 Cost Benefits
are two types of keys known as Public Key and Private Key.
 Flexibility
Public key is common for both sender and receiver and the
 Reliability
Private Key is used for decrypts the data from the sender  Maintenance
 Mobile Accessibility
Step.1. Receiver sends its Public key to sender
10. CONCLUSION
Public Key k1
A B Cloud computing is artifact of highly advanced research done
for virtualization, distributed computing with usages of software

www.ijcat.com 513
 International Journal of Computer Applications Technology and Research
Volume 3– Issue 8, 510 - 514, 2014, ISSN: 2319–8656

and its related services and also networking. It completely opens

a new advanced and secured world of occasions for businesses,
but mixed with the offers and high level of security challenges
that needs to be definitely considered when society using the
advanced cloud computing concepts. We are presenting the
various hidden security challenges to be precisely and closely
monitor. In this paper we are also discussed the intrinsic use of
virtual systems as a tool for implementing an improved and
advanced cloud environment.

11. REFERENCES

[1] Anderson, D., Frivold, T. & Valdes, A (May, 1995). Next

generation Intrusion Detection Expert System (NIDES):
[2] Pant Durgesh, Sharma M.K “Cloud Computing
“CSICommunication-2009”,Vol-32, pp10-13
[3] George Reese. Cloud Application Architectures “Building
Applications and Infrastructure in the Cloud” (Theory in
Practice)
[4] Esteves, R.M. and Chunming Rong (2010), Social Impact of
Privacy in Cloud Computing In 2010 , IEEE Second
International Conference on Cloud Computing Technology and
Science Nov. 30-Dec. 3 ,2010, pp. 593-596.
[5] Mell, P. and Grance, T. (2011) The NIST Denition of Cloud
Computing (Draft): Recommendations of the National Institute
of Standards and Technology. Special publication 800-145
(draft), Gaithersburg (MD).
[6] In Gutwirth, S., Poullet, Y., de Hert, P., and Leenes, R.,editors,
Computers, Privacy and Data Protection: an Element of Choice,
Springer,pages 293–314.
[7] Lin, G., D. Fu, J. Zhu and G. Dasmalchi (2009). Cloud
Computing: IT as a Service. IT
[8] Weinhardt C., A. Anandasivam, B. Blau and J. Stosser (2009),
Business Models in the Service World, IT Professional, Vol. 11 No
2, pp. 28-33

www.ijcat.com 514

View publication stats