Cloud Security

Characteristics of cloud computing

The essential characteristics of the cloud computing model were defined by the National Institute of Standards and technology (NIST) and have since been redefined by number of architects and experts. 

A.     On-demand self-service

Users are capable to providing cloud computing resources, such as server time and network storage without requiring human communication, mostly done through a web-based self-service portal. You can access to your services and you have the capability to change cloud services through an online control panel or directly with the provider. You can add or delete users and change storage networks and software as wanted.

B.     Broad network access

In this, capabilities are available through the network and accessed through standard tools that promote use by heterogeneous thin and thick client platform such as mobile services and workstations. They can use these devices wherever they are placed with a simple online access point. Broad network access contains private clouds that operate within a company’s firewall, hybrid deployments or a public cloud.

C.     Resource Pooling

The provider’s computing resources are pooled to serve multiple clients using a multi-tenant model, with different physical and virtual resources dynamically allocated and reallocated according to client Broad network access demand.

D.     Rapid Elasticity

Resources are provisioned and released on-demand and/or automatic based on triggers or parameters. This will ensure your application will have exact capacity it wants at any point of time.

E.     Measured Service

A nature of the cloud, you only pay for what you see. You and your cloud provider can measure storage levels, processing, bandwidth, and the amount of user accounts and you are billed correctly.


Cloud Security Challenges

Cloud computing is very different than physical or virtual servers, which translates into a different cyber security model as well. These difference lead to a variety of security challenges. Many remaining problems have not been completely addressed in cloud computing, while new challenges keep emerging from industry applications.
When many people share data in cloud services there is a risk of data misuse. To avoid that the data should be secure. Protecting the data is the main and important challenges in cloud computing. Providing authorization, authentication and access control can enhance the security in cloud computing. Some challenges issues in cloud computing are given below. 

A.     Access Control

Cloud must have right data security policies and accessing data should happen according to policies. Data can be access by authorized users. There are various techniques must be use to ensure that the data is access by valid users like encryption and key management mechanisms. Accessing sensitive data from invalid users can occur to huge problems.

B.     Authentication

Authentication is to check the identity of the user which are communicating with cloud. Throughout the internet, the user that storing the data in cloud is accessible to all unauthorized people. There henceforth the certified user and assistance cloud must have interchangeability administration entity.

C.     Data Encryption

An effective way to keep your most sensitive information from being access by other party is data encryption. Strong encryption can minimize the risk of stolen data being used against your company or your customers/clients before you have a chance to alert them so they can take steps to protect their identities.

D.     Integrity

In the system, there should be a security such that data can be only modified by the authorized person. In cloud computing the data cannot be lost or change because many people use it. To avoid that data integrity must be there and it should maintain correctly.

E.     Confidentiality

Confidentiality certifies that data is not disclosed to unauthorized persons. Loss of confidentiality happens when data can be viewed or read by any individuals who are unauthorized to access it. Loss of confidentiality can occur physically or electronically.

Solutions for cloud security issues

There are some cloud security solutions, that service providers should concern when they distribute their service to customers in a public cloud solution.


Encryption is recommended as a better solution to protect information. In a PaaS model, the user may or may not be alert of the format or location of stored data. Hence to verify that the data is secured the user should use proper data encryption standards to encrypt the data before uploading it into the cloud. In SaaS model, the client is only able to alter the parameters of an application provided by the cloud, but the customer should safeguard the changes are in accordance with the cloud provider’s security model.

Before uploading data into the cloud, the customers are recommended to confirm whether the data is stored on backup drives and the keywords in files remain as same. Compute the hash of the file before uploading to cloud servers will guarantee that the data is not changed. This hash calculation can be used for data integrity but it is very hard to uphold it. RSA grounded data integrity check can be provided by merging identity based cryptography and RSA Signature.

The security actions designed for virtualization contains virtual firewall, virtual machine security management, virtual machine monitor and virtual machine isolation. Further Cloud providers should employ Intrusion Detection Systems to keep their customers secure in cloud environment. Trusted cloud computing platform (TCCP) is designed to afford better security of the virtual machines.

Heterogeneous data centric security is to be used to deliver data access control. A data security model contains of authentication, data recovery, data encryption and data integrity, user protection has to be designed to expand the data security over cloud. Distributed access control architecture can be used for access management in cloud computing. Using of credential or attributed based policies are better when recognizing unauthorized users. Permission as a service can be used to express the user that which part of data can be accessed. Fine grained access control mechanism permits the owner to delegate most of computation rigorous tasks to cloud servers without disclosing the data contents.

Cloud service providers use Network Based Intrusion Prevention System to detect threats in real time. RSA based storage security method can be used to compute large files with various sizes and to address remote data security.

Data Splitting is also a countermeasure for cloud security issues. Here the data split over several hosts that cannot communicate with each other; only the owner who can access both hosts can collect and combine the separate datasets to re-form the original.

Cloud service provider must deliver safe and helpful recovery facilities, so in any condition if data is fragmented or lost because of any cause, data can be recovered so that continuity of data can be managed. Cloud provider must provide backup facilities since natural disaster may damage or harm physical devices that may be the reason of data loss. Thus, to avoid this issue vendor must provide the backup of information, this facility gives a key assurance of service provided by service providers.



Comments

Post a Comment

Popular posts from this blog

Introduction to Encryption

Image
What is Encryption? Encryption is like sending secret messages between parties; if someone tries to pry without the proper keys, they won't be able to understand the message. In other words, it is the process of locking up information using cryptography (Cryptography is both the practice and the study of hiding information.) Definition:  ‘ The Process of converting plain text into cipher text, something that appears to be random and meaningless ’ is called as the encryption. Process of converting cipher text back into original text is called as decryption . Terminology Original message is called as plain text/clear text.   Encrypted message is called as cipher text/encrypted text.  A Key which is a secret like a password which is used to encrypt and decrypt information.  Ciphers are the specific algorithms which are used to encrypt and decrypt data. A cipher is series of well-defined steps that can be followed as a procedure to encrypt and decrypt m
Read more

Cross-Site Request Forgery protection in web applications via Double Submit Cookies Patterns

Image
Double submission of cookies is another well-known method to block CSRF. Similar to using unique tokens, random tokens are assigned to both a cookie and a request parameter. In double-submitted cookie pattern, two cookies (for the session and for the CSRF token) are stored in the browser. This pattern is also called as Stateless CSRF Defense since the server site does not have to save this value in any way, thus avoiding server side state. In our previous method, we stored CSRF token values on the server side (text file). But here we don't do it. When a user authenticates to a site, the site should generate a (cryptographically strong) pseudorandom value and set it as a cookie on the user's machine separate from the session id. The site then requires that every transaction request include this random value as a hidden form value (or other request parameter). A cross origin attacker cannot read any data sent from the server or modify cookie values, per the same-origin
Read more

How to do a Phishing attack on Facebook?

Image
This is a Step by step tutorial to make an undetectable Facebook phishing site. Step 1: Download page source Go to https://www.facebook.com Right click on the blank area -> Click Save As When dialog box appears select ‘Webpage, complete’ as Save as type -> Click Save Step 2: Edit “Facebook - Log In or Sign Up.html” file and rename it. Open ‘Facebook - Log In or Sign Up.html’ file with notepad or Dreamweaver. Remove all the ajax codes. (You can download HTML file which removed all ajax codes form here https://github.com/nimeshikaranasinghe/Facebook-Phisihing.git   ) Search for login action (Press Ctrl + F -> type ‘ action= ’ -> Click Find Next) Replace the highlighted part (as in the following screenshot) with getDetails.php Save the file as index.html Step 3: Create getDetails.php Open a notepad. Type the following code <?php             $username = $_POS
Read more