INCON – X 2015 144
To Study the Overall Cloud Computing Security Using Virtual Private
Network.
Aparna Gaurav Jaisingpure/Gulhane Email id: [email protected]
Dr.D.Y.Patil Vidya Pratishthan’s
Dr. D.Y Patil College of Arts, Commerce and Science Pimpri, Pune 18 (India)
ABSTRACT:
Cloud computing is a computing paradigm in which large groups of remote servers are interconnected to allow centralized data storage and online access to computer services. A large number of systems are connected in private or public networks, and to provide dynamically scalable infrastructure for application, data and file storage. Cloud computing provide a secure service in virtual network used for business organizations, information Technologies as well as for educational institutions all over world. In establishing a robust administrative and network management security consoles designed to virtual Network it result in a level of security insight not previously achieved prior to cloud computing.
In this paper we introduced the concept of virtual private network based on Cloud Computing by using some security. This VPN service is fully dedicated to the Small and medium size companies which are based on pay as much as used policy. In cloud computing security does not affect by any organization, hence it is implemented a virtual Private Network security and its provide by overall cloud computing security.
Keywords: Introduction; Traditional Security on cloud computing; type of attack; Security in VPN; VPN services; Virtual Private Cloud, Review for Research.
Introduction:
A cloud computing is a pool of abstracted, highly scalable, and managed compute infrastructure over the network, it supplied as a service by the cloud-provider at possibly one or more levels of abstraction, it’s receiving a great deal of attention, both in publications and among users, hence cloud makes it possible to access the information from anywhere at any time by user.
To cloud computing provide a services by numerous opportunities to gain visibility and retrieve security data points across your infrastructure, platforms, and applications. It relies that, on sharing computing resources rather than having local servers or personal devices to handle applications. It includes online file storage, social networking sites, webmail, and online business applications.
INCON – X 2015 145 The cloud computing allows access to information and computer resources from anywhere that a network connection is available. Cloud computing provides a shared pool of resources, including data storage space, networks, computer processing power, and specialized corporate and user applications. The growth of internet it makes information easier to access and share, cheaper to store, and more efficient to manage. But some hackers to hack a data over the network hence it implemented a security use as Virtual Private Network (VPN).
VPN transmits data by means of tunnelling. Before a packet is transmitted, it is encapsulated or wrapped in a new packet, with a new header. This header provides routing information so that it can traverse a shared or public network, before it reaches its tunnel endpoint. This logical path that the encapsulated packets travel through is called a tunnel. When each packet reaches the tunnel endpoint, it is decapsulated and forwarded to its final destination. Both tunnel endpoints need to support the same tunnelling protocol.
VPN is a network that is constructed by using public wires usually the Internet to connect to a Cloud private network, such as a company's internal network. There are a number of systems that enable you to create networks using the Internet as the medium for transporting data. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted. Traditional Security issue on cloud computing
In traditional Cloud computing involve computer and network intrusions or attacks that will be made possible or at least easier by moving to the cloud. Cloud providers respond to these concerns by arguing that their security measures and processes are more mature and tested than those of the average company. It could be easier to lock down information if it's administered by a third party rather than in-house, if companies are worried about insider threats. In addition, it may be easier to enforce security via contracts with online services providers than via internal controls.
Confidentiality of data is a potential issue, depending on server location. Servers within the US are within the bounds of more stringent scrutiny legislation than that which exists in the UK currently. Data can be easily transferred from Source to Destination without any Permission. Hence data is easily transferred then to increase the hacker’s view, to hack a data. Some attacks are given below:
The following type of attack in traditional Cloud computing: 1. VM-level attacks:
INCON – X 2015 146 2. Cloud provider vulnerabilities:
This type of attack could be platform level, such as an SQL-injection or cross-site scripting vulnerability; there have been a couple of recent Google Docs vulnerabilities. There is nothing new in the nature of these vulnerabilities .In fact, IBM has repositioned its Rational AppScan tool, which scans for vulnerabilities in web services as a cloud service Denial attack.
3. Phishing cloud provider attack.
In this type of attack that phishing information from server side only enter a login id and password but it does not secure, because unauthorized user to access data by authorized user, hence hackers directly attack by cloud server and hack a important data. 4. Expanded network attack surface:
The cloud user must protect the infrastructure used to connect and interact with the cloud, at this task in traditional view many expandable networks to store an important data in main database. It is complicated by the cloud being outside Attack on the firewall in many cases.
In traditional cloud computing to growth of attack are increases, hence it prevent a security on Private network.
Cloud computing provide a security on Virtual Private Network:
In Virtual Private Network to provide a security on cloud Computing in following forms.
Encryption:
Encryption is the process of encoding data so that only a computer with the right decoder will be able to read and use it. You could use encryption to protect files on your computer or e-mails you send to friends or colleagues. An encryption keytells the computer what computations to perform on data in order to encrypt or decrypt it. The most common forms of encryption are symmetric-key encryption or public-key encryption.
1. In symmetric-key encryption, all users share the same key used to both encrypt and
decrypt a message.
2. In public-key encryption, each user has a public-private key pair. One computer
uses its private key to encrypt a message, and another computer uses the corresponding public key to decrypt that message.
Internet protocol security Protocol:
INCON – X 2015 147 Internet protocol (IP). This framework includes information on what type of packet you're encapsulating and the connection between sender and receiver.
IPSec is a widely used protocol for securing traffic on IP networks, including the Internet. IPSec can encrypt data between various devices, including router to router, firewall to router, desktop to router, and desktop to server. IPSec consists of two sub-protocols which provide the instructions a VPN needs to secure its packets:
Authentication Header (AH):
In AH hashing operation on the packet header to help hide certain packet information like the sender's identity until it gets to its destination. Networked devices can use IPSec in one of two encryption modes. In transport mode, devices encrypt the data travelling between them. In tunnel mode, the devices build a virtual tunnel between two networks. As you might guess, VPNs use IPSec in tunnel mode with IPSec ESP and IPSec AH working together.
In a remote- access VPN, tunnelling typically relies on Point-to-point Protocol (PPP) which is part of the native protocols, Used by the Internet. More accurately, though, remote-access VPNs use one of three protocols based on PPP.L2F (Layer 2 Forwarding) Developed by Cisco; uses any authentication scheme supported by PPP.PPTP (Point-to-point Tunnelling Protocol) Supports 40-bit and 128-bit encryption and any authentication scheme supported by PPP.L2TP (Layer 2 Tunnelling Protocol) Combines features of PPTP and L2F and fully supports IPSec, also applicable in site-to-site VPNs
.
INCON – X 2015 148 VPN services:
1. VPN prevents snoops from eavesdropping on your online activity, whether that's
marketers, someone malicious, or even the government. People just want to be able to surf the Web or access remote services without worrying about attackers and rogue hotspots.
2. A VPN service protects them if they accidentally connect to a rogue hotspot or if
someone is sniffing all the data flowing through the network. Most services also act as an anonymizer, reassigning IP addresses to hide the user's geographic location and other identifying information. For the privacy-conscious Web user, a VPN connection gives them peace of mind, knowing that Websites can't figure out where they are located and also that all the data going to and from their computer is encrypted.
3. A VPN service would allow a visitor in China to still log in to Facebook and
German users would be able to watch YouTube by getting an IP address from a US-based server.
4. The reverse is also possible, with users selecting servers in other countries in
order to access sites blocked to American users. Unlike corporate VPN clients, setting up and using a VPN service is as easy as just downloading the client and installing it.
5. This is useful for accessing region-specific services. This isn't the same as
connecting to TOR (The Onion Router) which would bounce you from server to server and anonymize your location, but not necessarily set your location to where you want it to be.
6. A VPN service is pretty much just for connecting to Websites and services. It
wouldn't be used to create a true VPN tunnel between two computers. While most VPN connections generally slow down connections, the drop is not that bad.
Virtual private cloud:
A virtual private cloud (VPC) is the logical division of a service provider’s public multi-tenant service to support private cloud computing in a public cloud environment. It provides secure data transfer over the public Internet, a VPC provides secure data transfer between a private enterprise and a public cloud provider, ensuring that each customer's data remains isolated from every other customer's data both in transit and inside the cloud provider's network.
Review for Research:
A VPN it providing a security on cloud computing, hence it helps of the following review:
INCON – X 2015 149 leaked out without the permission or support of the other entire department involved in that organization.
b) Avoidance of loss of control: In general people or any other organizations that are using the cloud environment for the necessity of its services such as software or hardware are in need of depending upon the cloud providers. Similarly if an organization is developing a project under the help of cloud service and they are storing it under the cloud environment, they need to believe the service provider ensures integrity, but still there is no assurance that the data will be safe.
The factor loss of control with respect to the organizations data is made complex.
But this proposed to overcome this drawback by means of Virtual Private organization in the cloud. Another factor that is giving additional confidence for their security is the virtual private network (VPN) that is established between the organizations in that cloud.
c) Virtualized Cloud Services: The Virtual network Cloud Manager dynamically
partitions the cloud computing data centre into Virtual Private Cloud. It handles the creation of new virtual machines and manages performance within each VPC. The Cloud Manager utilizes several forms of virtualization so that physical resources can be multiplexed across many customers. Xen is used to Private virtualizes servers are used to partition the local area networks within each cloud data centre. The Cloud Manager uses virtual data that dynamically configure the Virtual Edge associated with each VPC are a means to partition physical network, each with independent control planes.
Conclusion:
This research paper for to study the overall Cloud computing security Using Virtual Private Network We concluded of the following points:
1. VPN is a generic term used to describe a communication network that uses any
combination of technologies to secure a connection tunnelled through an otherwise unsecured or untrusted network
2. This paper also describes the concept of secured infrastructure that was established
between the department of organizations and the cloud environment by means of Virtual Private Network.
3. To avoid unauthorized access and hence the users of organization feel secured in public,
Private cloud server.
4. In VPN is a network that is constructed by using public wires usually the Internet to
connect to a Cloud private network, such as internal network. There are a number of systems that enable you to create networks using the Internet as the medium for transporting a secure data over network.
5. The information on the cloud is often seen as valuable to individuals with malicious
INCON – X 2015 150 Authorized server in private network. This makes it critical for you to understand the security measures by main VPN Gateway, and it is equally important to take personal precautions to secure your data.
References: 1. http://ijeit.com/vol%201/Issue%205/IJEIT1412201205_55.pdf 2. http://www.webopedia.com/TERM/V/VPN.html 3. http://cloudsecuritythreats.blogspot.in/2011/11/traditional-security.html 4. http://computer.howstuffworks.com/vpn7.htm 5. http://searchcloudapplications.techtarget.com/definition/virtual-private-cloud-VPC 6. http://www.infosec.gov.hk/english/technical/files/vpn.pdf 7. http://www.ijteee.org/final-print/oct2013/Proposed-Architecture-For-Implementing-Privacy-In-Cloud-Computing-Using-Grids-And-Virtual-Private-Network.pdf 8. http://www.cl.cam.ac.uk/research/srg/netos/papers/2003-xensosp.pdf 9. http://www.technologyreview.com/computing/22608/ 10. http://www.techterms.com/definition/vpn
11. Carl Hewitt, “ORGs for Scalable, Robust, Privacy-Friendly Client Cloud Computing”,
IEEE internet computing,October 2004