International Journal of Computer Networks and Applications (IJCNA)

Published By EverScience Publications

ISSN : 2395-0455

International Journal of Computer Networks and Applications (IJCNA)

International Journal of Computer Networks and Applications (IJCNA)

Published By EverScience Publications

ISSN : 2395-0455

A Diffie-Hellman and Two Step Verification based Secure Cloud Computing Paradigm

Author NameAuthor Details

Mir Shahnawaz Ahmad, Syed Rameem Zahra

Mir Shahnawaz Ahmad[1]

Syed Rameem Zahra[2]

[1]Institute of Technology, University of Kashmir, J& K, India

[2]Shri Mata Vaishno Devi University, J & K, India

Abstract

The foundation of cloud computing has been laid on five important traits: self-service on appeal, wide network access, pooling of resources (location independence), quick elasticity and quantified service. In least complex terms, it is to say that any cloud product (whether infrastructure, platform or software) is offered in a way that it can be rented by consumers over the internet (pay for what you use on demand). Owing to all these characteristics, there are enormous advantages from the viewpoint of both the vendor and the user and hence the cloud is gaining limelight day by day. However, it should not be forgotten that every coin has two sides; the level of dangers against IT frameworks is specifically corresponding to the level of developing technology. In order to make any new reliable technology, the security professionals need to pay attention to discover any new threats that could possibly be launched against it. Cloud computing has various issues, like privacy issues, confidentiality of user’s data etc. which majorly depress the extensive benefits of cloud computing is restricted. Also, the concept of multi-tenancy offered by cloud computing poses new challenges to the security professionals. In this research article, we enlighten the security issues related to cloud computing and propose the corresponding possible solutions to balance out these threats.

Index Terms

Cloud Computing

Security Issues

multi-tenancy

privacy

confidentiality

Reference

  1. 1.
    Q. Wang, C. Wang, K. Ren, W. Lou, and J. Li, “Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing,” IEEE Transactions on Parallel and Distributed Systems, vol. 22, no. 5, pp. 847-859, 2011.
  2. 2.
    M. Armbrust, A. Fox, R. Griffith, A. Joseph, R. Katz, A.Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, etal, A view of cloud computing, Communications of the ACM 53 (4) (2010) 50–58.
  3. 3.
    Jun-jie Wang and Sen Mu, “Security issues and countermeasures in cloud computing,” in 2011 IEEE International Conference on GreySystems and Intelligent Services (GSIS), 2011, pp. 843–846.
  4. 4.
    “Final Version of NIST Cloud Computing Definition Published.”[Online]. Available: http://www.nist.gov/itl/csd/cloud-102511.cfm.[Accessed: 18-Mar-2012].
  5. 5.
    Haoyong Lv and Yin Hu, “Analysis and Research about Cloud Computing Security Protect Policy,” in 2011 International Conference on Intelligence Science and Information Engineering (ISIE), 2011, pp. 214–216.
  6. 6.
    H. Takabi, J. Joshi, G. Ahn, Security and privacy challenges in cloud computing environments, IEEE Security & Privacy 8 (6) (2010) 24–31.
  7. 7.
    Rabi Prasad Padhy, Manas Ranjan Patra, Suresh Chandra Satapathy, Cloud Computing: Security Issues and Research Challenges, IRACST - International Journal of Computer Science and Information Technology & Security (IJCSITS) Vol. 1, No. 2, December 2011.
  8. 8.
    Diogo A. B. Fernandes, Liliana F. B. Soares, João V. Gomes, Mário M. Freire, Pedro R. M. Inácio, Security issues in cloud environments: a survey, Int. J. Inf. Secur. 13:113–170 (2014) DOI 10.1007/s10207-013-0208-7.
  9. 9.
    Aguiar, E., Zhang, Y., Blanton, M.: An Overview of Issues and Recent Developments in Cloud Computing and Storage Security, pp. 1–31, Springer, Berlin (2013).
  10. 10.
    “T. Grance, and P. Mell, ‘The NIST definition of Cloud Computing,’ National Institute of Standards and Technology (NIST), 2009.”
  11. 11.
    B. Gowrigolla, S. Sivaji, and M. R. Masillamani, “Design and auditing of Cloud computing security,” in 2010 5th International Conference on Information and Automation for Sustainability (ICIAFs), 2010, pp. 292–297.
  12. 12.
    C. Wang, Q. Wang, and K. Ren, “Towards Secure and Effective Utilization over Encrypted Cloud Data,” in Proc. of ICDCS’11 Workshops, 2011.
  13. 13.
    P. Samarati and S. De Capitani di Vimercati, “Data Protection in Outsourcing Scenarios: Issues and Directions,” in Proc. of ASIACCS, 2010.
  14. 14.
    M. Li, S. Yu, N. Cao, and W. Lou, “Authorized private keyword search over encrypted personal health records in cloud computing,” in Proc. of ICDCS, 2011.
  15. 15.
    GoGrid API, http://www.gogrid.com/company/press-releases/gogridmoves- api-specification-to-creativecommons.php, 2011.
  16. 16.
    Storage Network Industry Alliance, http://www.snia.org, 2011.
  17. 17.
    Amazon Web Services, “Amazon Simple Storage Service (Amazon S3),” http://aws.amazon.com/s3/, 2009.
  18. 18.
    H. Lo, R. Wang, J. P. Garbani, E. Daley, R. Iqbal, and C. Green, Forrester report, The State of Enterprise Software: 2009, 2009.
  19. 19.
    M. Jensen, J. Schwenk, N. Gruschka, and L. L. Iacono, “On Technical Security Issues in Cloud Computing,” in Proc. of IEEE International Conference on Cloud Computing, 2009.
  20. 20.
    Hacker4Lease, “Backdoor and Debug Options,” http://www.hacker4l ease.com/attack methods/backdoor/, 2011.
  21. 21.
    R. Bhadauria, R. Chaki, N. Chaki, and S. Sanyal, “A Survey on Security Issues in Cloud Computing,” in ArXiv 2011.
  22. 22.
    Q. Duan, Y. Yan, A.V. Vasilakos, A survey on service oriented network virtualization toward convergence of networking and cloud computing, IEEE Transactions on Network and Service Management 9 (4) 373–392 (2012).
  23. 23.
    W. A. Wayne, “Cloud hooks: Security and privacy issues in cloud computing,” in Proc. of Hawaii International Conference on System Sciences, 2011.
  24. 24.
    Texiwill, “Is Network Security the Major Component of Virtualization Security?,” http://www.virtualizationpractice.com/blog/?p=35, 2009.
  25. 25.
    Sabahi and Farzadl, “Virtualization-level security in cloud computing,” in Proc. of IEEE International Conference on Communication Software and Networks, 2011.
  26. 26.
    Slawomir Grzonkowski and Peter M. Corcoran "Sharing Cloud Services: User Authentication for Social Enhancement of Home Networking", IEEE Transactions on Consumer Electronics, vol. 57, no. 3, 2011.
  27. 27.
    G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, D. Song, Provable data possession at untrusted stores, in: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS‘07), Alexandria, Virginia, USA, October 28–31, 2007.
  28. 28.
    D. Boneh, C. Gentry, B. Lynn, H. Shacham, Aggregate and verifiably encrypted signatures from bilinear maps, in: International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT 2003), Warsaw, Poland, May 4–8, 2003.
  29. 29.
    D. Boneh, B. Lynn, H. Shacham, Short signatures from the Weil pairing, Journal of Cryptology 17 (4) 297–319 (2004).
  30. 30.
    R. Merkle, Protocols for public key cryptosystems, in: IEEE Symposium on Security and Privacy, Oakland, California, USA, April, 1980.
  31. 31.
    P. Rewagad and Y. Pawar "Use of Digital Signature with Diffie Hellman Key Exchange and AES Encryption Algorithm to Enhance Data Security in Cloud Computing", IEEE International Conference on CSNT, pp.437 – 439, 2013.
  32. 32.
    Dimitrios Zissis, Dimitrios Lekkas, Addressing cloud computing security issues, Future Generation Computer Systems 28 583–592 (2012).
  33. 33.
    B. Kang, C. Boyd, E. Dawson, A novel identity-based strong designated verifier signature scheme, Journal of Systems and Software 82 (2) 270–273 (2009).
  34. 34.
    VeriSign. Directories and public—key infrastructure (PKI), Directories and Public—Key Infrastructure, PKI.
  35. 35.
    W. Du, J. Jia, M. Mangal, M. Murugesan, Uncheatable grid computing, in: Proceedings of the 24th International Conference on Distributed Computing System (ICDCS‘04), Hachioji, Tokyo, Japan, March 24–26, 2004.
  36. 36.
    Chirag Modi, Dhiren Patel, Hiren Patel, Bhavesh Borisaniya, Avi Patel, Muttukrishnan Rajarajan, A survey of intrusion detection techniques in Cloud, Journal of Network and Computer Applications, 36(1), pp. 42-57 (2013).
  37. 37.
    K. Vieira, A. Schulter, C. B. Westphall, and C. M. Westphall, ―Intrusion detection techniques for Grid and Cloud Computing Environment,‖ IT Professional, IEEE Computer Society, vol.: 12, issue 4, pp. 38-43, 2010.
IJCNA NPC