International Journal of Advanced Engineering Science and Technological Research (IJAESTR)
A survey on various security issues in hybrid cloud
Dibya sourbhi
ASET, Amity University, INDIA [email protected]
Sandeep kaur
ASET, Amity University, INDIA [email protected]
Dr.S.N singh
Prof, Amity University, INDIA [email protected]
Abstract
The organizations should trust that a cloud service provider’s platforms are secured and provide a sufficient level of integrity to the client’s data. Once a client’s sensitive data are released in cloud, it is in control of someone else. The security and privacy of the data faces a significant level of risk. With the advancement of developed cloud computing, the social interest in cloud is also developing. And the security risks are hampering the adoption of cloud in organizations.
Meanwhile the interest of information security is expanding, especially in hybrid cloud that consists of both private and public cloud. So in hybrid cloud, it is necessary to shield the private cloud from the public one.
This paper focuses on Data security & Data privacy.
The section I includes introduction about hybrid cloud environment. Section II consists of various security issues and in section III their probable solutions are provided. Then in section IV paper is concluded & a more secured hybrid cloud model is proposed that will instill different parameters which is an unquestionable requirement.
Keywords – hybrid clouds, security issues, parameters of security.
I. Introduction
Cloud computing is an important infrastructure for a much needed model of service provision with the advantages of reducing cost by sharing computing and it’s storage resources, and allowing on-demand mechanism .
It has a direct impact on technology budgeting. The advantages of cloud computing are many, most importantly an application can be scaled well with low cost and maximum use of resources. But many security
related risks can become unavoidable disadvantages to maintain assurance parallel to confidence in potential customers. Security risks are increasing parallel to technology enhancements. Many traditional Mechanisms for addressing security and privacy like model contract are not flexible or dynamic enough now, so new approaches are a must to be developed that can fit this new paradigm. Here we are going to assess security and trust issues of cloud computing. We will also discuss the approaches by which they may be properly addressed.
1.1 Cloud Computing
Although there is no overall defining definition for cloud computing, but the most commonly accepted is provided by the United States National Institute of Standards and Technologies (NIST):
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources like storage, applications, networks, servers and services that can be released with minimal management effort and with less service provider interaction it can be rapidly provisioned .” [1]
1.2 Cloud Deployment and Service Models
Different layers of cloud services referred as types of service model, offering discrete capabilities. The major layers are:
Software as a Service (SaaS): In this layer cloud provides support to end users. This technique is works on the top of web services and used with the help of portals.
User has to use this only, without bothering for maintenance.
Platform as a Service(PaaS): It sits at middle level of architecture. To access the platform, consumer is required to purchase it which makes him able to deploy their own applications and software in the cloud.
Neither the operating system nor the network, are access
International Journal of Advanced Engineering Science and Technological Research (IJAESTR) by the consumer, some constraints are imposed on
consumer what application they can deploy
Infrastructure as a Service( IaaS):
In this model infrastructure is given as a service;
infrastructure in terms of operating system, application, storage, network access are given, but basic cloud infrastructure is managed and controlled by the cloud provider itself.
Fig: Top level view of cloud implementation.
Cloud computing is having several deployment models, and important ones are:
•Private Cloud —the user gets a dedicated cloud architecture which is maintained and operated for his organization only. All the services and access is limited to that particular organization.
•Hybrid Cloud —Different user with similar requirements and interests are grouped together to make a community and the cloud infrastructure is shared among them. This makes the establishment and deployment relatively inexpensive as cost is shared among the users.
•Public Cloud —this type of cloud infrastructure can be accessed by any user for the services; provided that they have the internet connection. It makes the user develop services on the cloud and deploy them with little expense as compared to other option available. It makes the
optimum use of resources without any wastage because it is shared by a number of users.
1.5 Motivation to think for security in hybrid cloud Ensuring the security in the cloud becomes an issue because there is no single ownership. The data of any organization may be very sensitive, and many incidents that occurred in past are enough to discourage the customer. There are many organizations that require legally protecting their data from outside due to sensitivity. Inherent risk of compromising the data from systems stops to get the benefit.
Hybrid cloud is built upon the integration of inter- connected, inter-linked and dependent components and applications. These components and applications are residing on a shared resource. So there is a need to authenticate and monitor the traffic between protected and public cloud. We need a technology to build trust;
however problem can’t be solved via existing techniques.
We are discussing some existing mechanisms and proposing a model that helps to establish trust in hybrid cloud computing environments.
Security issues are in the core that resists customers to use cloud. If this will be addressed properly, cloud computing business will be of billions to trillions and will lead to most satisfied customers.
II. Hybrid Cloud Model
As this work is related to hybrid clouds, an insight for all about hybrid cloud is necessary. Hybrid cloud is a type of cloud which is a mixture of private and public cloud.
This model gives higher flexibility to entrepreneurs as the high confidential data might be put on private cloud and not-so-confidential type data may be put on public cloud.
Though hybrid clouds are more robust, it incorporates the risks of both public and private cloud. For any enterprise to have a personal device at cloud is a matter of immense monitoring and auditing. Hence arises the need to secure the hybrid cloud environment.
Another hybridized approach lets the enterprises to have a separated physical servers and applications with the premises of cloud provider infrastructure.
International Journal of Advanced Engineering Science and Technological Research (IJAESTR) Fig: hybrid cloud model
Relation between trust and security
There are various issues related to the security. The security is proportionally related to trust in cloud. Trust is the factor that helps a cloud provider to spread and sustain in competition. Higher the degree of trust, more people will use the cloud. So trust is beneficial for both the user and the cloud provider.
An aspect of security issues in hybrid cloud
Several types of issues exist in the cloud environment that hampers the growth of cloud. It gives many reasons to users to resist the adoption of cloud.
Security issues are prominent in public cloud [2]. As we know, hybrid infrastructure is a combination of public and private cloud; it incorporates the risks of both. Here is a brief description of security challenges faced by cloud.
2.1 Protected flow of data
In a hybrid cloud a private VM is residing in public infrastructure of cloud [11]. Private cloud has a benefit of infrastructural control, but this situation is different in hybrid cloud. The CSP has no or less control of the infrastructure [2]. Another issue is data traffic, which is supposed to give attention. At times data residing within a server disrupts the traffic [3,4].
The highly confidential data are supposed to keep secured by the CSP. That will demand a proper monitoring, modification scheme, and communication threat control.
2.2 Isolation of resources
As several networks and various computing resources are in the same cloud, CSP has to isolate them to each- other. Hybrid cloud environment is vulnerable because of its nature of multi-tenancy. Multi-tenancy leads to the threat of data theft from inside the cloud. CSP has to be pre pare for the information theft.
To overcome this, network virtualiz- ation and host virtualization can be used to isolate the
resources of various users.
2.3 Outsourcing of private data:
As CSP has no control on the data in hybrid cloud, many organizations are not comfortable to put their data in a network which is public in nature [5]. So the secure infrastructure is the responsibility of CSP. Data handled by outsider may increase the risk of data leakage, modification of data and most importantly data loss.
III. Proposed security mechanisms for issues in hybrid computing
On the basis of different parameters, many techniques are proposed for the security issues in hybrid cloud environment. Various parameters are data-centric protections, attack on private servers, and protocols for host identification.
Wood [6] has proposed a system which can integrate services seamlessly. Another data-intensive architecture has been proposed by Zhang [7] let’s to have a transparent hybrid cloud. Study has given an executing system for ensuring data confidentiality and privacy. The list is going on. Few proposed systems have been discussed here.
3.1 To increase confidentiality in data protection.
To reduce the cost and investments, SMEs uses cloud as a storage service. Vast information is being stored in cloud storage. There are probabilities of data mingling with the data of other users data. Then the issue of confidentiality arises. One solution of this problem is encryption. Though encryption is not sufficient alone.
So, confidentiality is used as a parameter for security of data in cloud.
Encryption and obfuscation has been used in this model.
First it is decided which type of data is this. Then a proper mechanism applied on data. This is done at user side. Then only it is being sent to the cloud storage. If large amount of data is there, then symmetric encryption is best suitable [8]. With the help of various algorithms, data is being encrypted. The obfuscation is used to
International Journal of Advanced Engineering Science and Technological Research (IJAESTR) increase the confidentiality [9]. Integration of encryption
and obfuscation gives the best results of data security.
3.2 Mechanism for detecting physical level attacks In the hybrid cloud environment, many devices are used in sharing modes. These devices are supposed to be monitored properly so that the physical level attacks can be detected and by and large, defended.
The proposed system works on the notion that whatever be the type of device, it will run with the help of system calls. When a device tries to connect a server, which sits on private cloud of hybrid cloud, the device will be checked for the authenticity. The functioning follows the procedure as:
1. Firstly an open connection is allowed. Then file path is found.
2. Then the list of file path is resembled to know that request is from authorized users or by some unauthorized user.
3. It omits the operations, and directly ask for authentication.
The main motivation for this system is to minimize the communication overhead cost. Even, the results have been checked for the minimum cost.
To detect and ignore the unauthorized access, the device authentication mechanism seems to be sufficient [10].
3.3 Mechanism to support multi tenancy in hybrid cloud
For mitigating privacy issues in public part of hybrid cloud, a protocol is proposed. This protocol improves the multi tenancy problem in hybrid and public cloud. The protocol, host identify protocol (HIP), gives a standardized way to authorize and secure the data in tenants of a security environment [11].
The one issue that should be considered is the security problems in inter-cloud communication. When a communication is taken place between two or more hybrid clouds, many issues arise.
The working of HIP is that the administer will communicate via this protocol and others will communicates through proxy servers. The other benefit that the proxy server adds is the load balancing. It helps in distributed communication.
Whenever a new protocol is introduced, it faces the resistance as it demands changes at various levels. But HIP does not demand any substantial changes. But the HIP is not deployed properly yet. This is because of the
user supports. They just implement HIP in their environment and forget to assist it.
Hip is very useful for the scalable applications. HIP can be considered for secure communications within and between the clouds.
IV. Conclusion
The way companies purchase, manage and use IT can be revolutionized. All new risks, threats came with this technology are needed to be understood and thoroughly analyzed. And this may be incorporated in early phases of development of a secure and reliable cloud.
Cloud within cloud is an emerging field in cloud. In hybrid cloud computing, the mechanism ensures security by introducing trust.
Correctly configured environments assure data are kept confidential by cloud. This paper introduces design concepts. A development cycle is to be proposed, to fulfill the expectations cloud users. By the proper industry support a very secure cloud, may be in use.
Some addition would improve and provide security in different virtual environments integration.
When we secure the hybrid cloud environment around one parameter, other parameters might also be of great focus. So a framework that will inculcate various parameters and mechanism are a must.
Further Work
The way companies purchase, manage and use IT can be revolutionized. All new risks, threats came with this technology are needed to be understood and thoroughly analyzed. And this may be incorporated in early phases of development.
Many new algorithms and interfaces are to be developed to support the adoption of hybrid cloud.
Properly integration of the various security parameters, as confidentiality, multi tenancy, secure hardware connection, to construct a extensively secure cloud is to be proposed. The applicability of this model to computation scale can also be explored.
Other interesting research include finding other security parameters for cloud computing models for Platform as a Service (PaaS) and Software as a Service (SaaS)models.
The applicability of this model to computation clusters scale can also be explored.
Hybrid cloud infrastructures are allowed with the powerful technology. Its use has extended to the area with the need of secure provision and migrate on, much beyond cloud computing.
International Journal of Advanced Engineering Science and Technological Research (IJAESTR)
“Cloudy, the future is…”
REFERENCES
[1] A NIST definition of cloud computing. National Institute of Standards and Technology. NIST SP 800- 145.
[2] W. Jansen and T. Grance, “Guidelines on Security and Privacy in Public Cloud Computing,” National Institute of Standards andTechnology, Tech. Rep., January 2011.
[3] A. Greenberg, J. R. Hamilton, N. Jain, S. Kandula, C.
Kim, P. Lahiri D. A. Maltz, P. Patel, and S. Sengupta,
“Vl2: a scalable and flexibledata center network,” in Proceedings of the ACM SIGCOMM 2009conference on Data communication, ser. SIGCOMM ’09. New York, NY, USA: ACM, 2009, pp. 51–62.
[4] A. Greenberg, P. Lahiri, D. A. Maltz, P. Patel, and S.
Sengupta, “Towards a next generation data center architecture: scalability and commoditization,” in Proceedings of the ACM workshop on Programmable routers for extensible services of tomorrow,
ser.PRESTO’08. New York, NY, USA: ACM, 2008, pp.
57–62.
[5] Y. Chen, V. Paxson, and R. H. Katz, “What’s new about cloud computing security?” EECS Department, University of California, Berkeley, Tech. Rep.
UCB/EECS-2010-5, January 2010.
[6] T. Wood, A. Gerber, K. K. Ramakrishnan, P. Shenoy, and J. Van der Merwe, “The case for enterprise-ready virtual private clouds,” in Proceedings
of the 2009 conference on Hot topics in cloud
computing. Berkeley, CA, USA: USENIX Association, 2009.
[7] K. Zhang, X. Zhou, Y. Chen, X. Wang, and Y. Ruan,
“Sedic: privacyaware
data intensive computing on hybrid clouds,” in
Proceedings of the 18th ACM conference on Computer and communications security.
New York, NY, USA: ACM, 2011, pp. 515–526.
[8] Tim Mather, Subra Kumaraswamy, and Shahed Latif,
”Cloud Security
and Privacy”, O’Reilly Media, Inc., chapter 4, September 2009, pp61-71.
[9] Dr. L. Arockiam S. Monikandan “Efficient Cloud Storage Confidentiality to Ensure Data Security”.
[10] Hongli Zhang1, Lin Ye1, Xiaojiang Du2, and Mohsen Guizani31School of Computer Science and Technology, Harbin Institute of Technology, Harbin,
China,{zhanghongli, hityelin}@hit.edu.cn’Protecting Private Cloud Located within Public Cloud”.
[11] Miika Komu, Mohit Sethi, Ramasivakarthik Mallavarapu, Heikki Oirola and Rasib Khan “Secure Networking for Virtsual Machines in the Cloud”.
