International Journal on Recent and Innovation Trends in Computing and Communication ISSN: 2321-8169

Volume: 5 Issue: 7 279 282

_______________________________________________________________________________________________
Threats Solutions in Cloud security

Ranjit Kumar1, L.Venkateswar Reddy2

1 2
Department of Computer Science & Engineering, Department of Information and Technology
Rayalaseema university,kurnool, Andhra Pradesh, India Sree vidyaniketan Engineering college,chittor, Andhra
ranjithphdd@gmail.com Pradesh, India
lakkireddy.v@gmail.com

Abstract: Distributed computing frameworks speak to a standout amongst the most complex processing frameworks as of now in presence.
Current uses of Cloud include broad utilization of disseminated frameworks with shifting level of network and use. With a late concentrate on
huge scale expansion of Cloud processing, personality administration in Cloud based frameworks is a basic issue for the maintainability of any
Cloud-based administration. This zone has additionally gotten extensive consideration from the exploration group and also the IT business.
Diverse calculations and methodology are utilized by the specialists. Still distributed computing security is in its center stage. A few IT
organizations are concentrating on cloud security and cloud information security. This paper gives a thought regarding security dangers and
arrangements.
Keywords: Cloud computing, security, attacks, distributed computing

__________________________________________________*****_________________________________________________

I. Introduction running on an individual premise on a spread of agent

Distributed computing develops this pattern through frameworks and associated through net administrations.
mechanization. As opposed to arranging with an IT Electronic hardware and system data measure is dispensed
association for assets on which to convey an application, a and dis-assigned on interest. The framework stockpiling
register cloud could be a self-administration ability will goes here and there relying on the measure of
recommendation wherever a MasterCard can purchase clients, examples, furthermore the amount of data
process cycles, and an online interface or API is utilized to exchanged at a given time. Both figuring assortments
make virtual machines and set up system connections include multi-tenure, which implies that a great deal of
between them. Instead of requiring a long haul contract for clients will perform entirely unexpected assignments,
administrations with an IT association or an administration getting to one or numerous application occurrences. Sharing
supplier, mists chip away at pay-by-use show wherever an assets among a larger than usual pool of clients helps with
application may exist to run business for various minutes lessening foundation costs and top burden capacity. Cloud
orhours, or it will exist to supply administrations to clients and lattice processing give administration level
on a long haul premise. It almost abandons expression that understandings (SLAs) for secure timeframe administration;
distributed computing amplifies the present pattern of the purchaser can get administration kudos for accepting
making administrations accessible over the system. For all data late. The Amazon S3 gives an online administrations
intents and purposes every undertaking has perceived the interface to the capacity and recovery of data inside the
value of Web-based interfaces to their applications, cloud. Setting a most confines the amount of articles we will
regardless of whether they are inward applications that are store in S3. We can store an item as one byte and as vast as
made out there to the staff, accomplices, suppliers, experts. 5 GB or perhaps numerous terabytes.
The estimation of basically based administration
conveyance is that applications will be made out there II. Threats and solutions
wherever, and whenever. Though ventures are mindful of Security danger is one of the wellsprings of the specialized
the adaptability to secure interchanges the quality Secure danger that clients perceive and in this way can be said as
Socket Layer (SSL) encoding adjacent to durable the danger of being not able fulfill the security prerequisites
confirmation, bootstrapping trust in an extremely distributed among clients amidst or in the wake of utilizing cloud
computing environment needs painstakingly considering the administration [1]. Besides, since cloud server farms are
varieties between big business figuring and distributed putting away data on numerous organizations and people, it
computing. Once legitimately architected, web is likely that they are harmed by programmers and that
administration conveyance will offer the flexibleness and insider's information spillage dependably exists. Indeed,
security required by endeavors of all sizes. Distributed cloud administration has numerous security dangers in cloud
computing and matrix figuring are versatile. Quantifiability execution situations or in the earth helpless against strict
is refined by utilizing load adjusting of utilization cases detachment in nature. The security dangers of cloud
279
IJRITCC | July 2017, Available @ http://www.ijritcc.org
_______________________________________________________________________________________
International Journal on Recent and Innovation Trends in Computing and Communication ISSN: 2321-8169
Volume: 5 Issue: 7 279 282
_______________________________________________________________________________________________
administration are more lethal than those of the general one securities [10]. Advantaged client access, administrative
in light of the fact that in the event that one's security has consistence, information area, information isolation,
openings (data spillage including hacking), it may influence recuperation, investigative backing, longterm practicality are
corporate intensity and the harm itself fatal. The utilization the seven security-related issues proposed [11]. Almond
of cloud administration may contrarily influence the included multi-occupancy, always creating hazard,
utilization and spread of cloud administration since it is unwinding of security, administration supplier levels,
more intentional than the other data administration temporary worker access, fiascos, outside physical, outer
situations. Specifically, all things considered a perceived intelligent, episodes, application bugs, information spillage
danger is high in an Internet space, generally negative as danger elements in distributed computing [12]. Zissis and
impacts have a tendency to be high [2,3]. Also, arrange Lekkas isolated programming as an administration (Sass)
based frameworks like cloud administration see specialized into four administration levels, stage as an administration
components as vital wellsprings of danger including security (PaaS)/base as an administration (IaaS) into seven
defenselessness not at all like alternate frameworks [4]. On administration levels, and Physical Data focus into five
the off chance that we expect that the level of client's variables [13]. Foster et al. break the danger components
acknowledgment of security danger in cloud administration into advantaged client access, information isolation,
is high, it might influence the utilization and spread of the protection, bug abuse and recuperation, responsibility [14],
framework. In spite of the universalized utilization of cloud while Tarrant et al. break it into accessibility administration,
administration, numerous clients have questions about the access control, weakness administration, patch
wellbeing in security of cloud administration and such an administration, design administration, episode reaction,
impression of security danger may lower client's expectation framework utilize and get to checking [15]. There are
to utilize cloud benefit ceaselessly [5]. Hexin and Ahn several studies in the literature that have identified security
utilized brand impact, equipment environment, threats in the cloud computing paradigm. Some such studies
administration content, straightforwardness, ease of use, and [16][23] ranging from 2009 to 2016 have been selected to
dependability as compelling components to the nonstop get the gist of the security concerns. The study of [13] have
utilize goal of individual cloud administration clients in tried to categories these issues on the basis of cloud service
China and played out an investigation [6]. Jun, et al. led an models (SaaS, PaaS and IaaS). Similarly [17] has classified
investigation with an extended TAM model so as to the security concerns on the basis of technology
recognize the effect on the ceaseless use goal of the (communication and architecture) and business issues
distributed storage administration. Accordingly, an (conceptual and legal aspects). Whereas the study of [18]
individual's imaginativeness, self-adequacy, practical has presented threats in various general dimension of cloud
attribute, and mental changing over expense affected the computing. The study of [19] presents the security issues to
nonstop utilize aim of the distributed storage administration be handled in service level agreements. And also emphasize
[7]. Seo examined with an extended TAM model to break upon the security threats to be addressed at various access
down the effect on the cloud administration reception goal. points such as Server, Internet and Database. In addition to
Therefore, ease of use, social impact, effectiveness, and maintaining Data Privacy and Program access Security.
dependability affected appropriation goal [8]. Park inspected As given investigation report in [23] Cloud Computing
different significant issues brought about by distributed credits which are dangers to Cloud Computing. They are
computing environment including security, distinguished the Confidentiality, Integrity, Availability, Security,
dangers to the distributed computing, and proposed inexact Accountability, Usability, Reliability and Audit capacity.
countermeasures to lessen the security hazard [9]. The records of the most undermine properties are in fig1. It
Distributed computing is bringing about impediments in demonstrates that Confidentiality 31% and Integrity 24%
light of the fact that different suppliers are giving clients recorded most debilitate, while contrasting and ease of use,
benefit and putting away individual data, lastly creating unwavering quality, responsibility and review capacity
security issues. New qualities showing up in distributed which recorded not exactly the 10%.
computing make the conventional security idea connected in
the current Internet administration hard to be utilized and
this highlights the need to modify the customary security
idea proper for distributed computing. The studies on the
security hazard variables of distributed computing are as per
the following: Siani and Azzedine talked about that control
over information lifecycle, accessibility and reinforcement,
absence of institutionalization, multitenancy and review are Fig 1: List of Compromised attributes [23]
the critical issues in managing distributed computing
280
IJRITCC | July 2017, Available @ http://www.ijritcc.org
_______________________________________________________________________________________
International Journal on Recent and Innovation Trends in Computing and Communication ISSN: 2321-8169
Volume: 5 Issue: 7 279 282
_______________________________________________________________________________________________
Looking at the importance of cloud computing various connotations to this idea that are very detrimental to the
organizations such as NIST has put forth the guidelines for proliferation of the cloud computing. Firstly, it means that
adopting cloud computing. It has categorized cloud security one has to pay directly for the security a major deterrent in
issues into 9 categories [20]. Similarly another important time of scarce competitive resources. Secondly it implies the
organization European Union Agency for Network and security is the luxury of effluents hurting the efforts to
Information Security (ENISA) provides insights to SMEs on bridge the digital divide. Or the worst implications is that it
issues related to network and information security risks sends the signal that without security-as-a- service
before they adopt cloud computing [21]. Last but not least, subscription your resources are not safe, a very serious
Cloud Security Alliance (CSA)s Top Threat Working restraint for the potential adopters. The correct approach
Group has recently published 12 most treacherous cloud would be to integrate the security features in all of the cloud
threats based on survey from industry experts [22]. As the offerings SaaS, PaaS or IaaS. And various levels of it can be
Web services and SOA are integral parts of cloud defined such as normal, High or critical.
orchestration, the security in this domain is of paramount Similarly security control APIs can be developed to enforce
importance. The open web application security project these levels. At the time of service subscription user must
(OWASP) has been issuing ten most critical web application define the desired level based on the domain specific
security risks since 2003. In its present release of 2013 it has requirement. And during service configurations these can be
consolidated the top 10 list from over 500,000 enforced through the implementation of the various security
vulnerabilities across hundreds of organizations and control APIs. The cost of these endeavors can be first tried
thousands of applications [20]. The review of these studies to be realized from the extra utilization of computing,
shows the cloud computing security issues range from storage and bandwidth or the increase in customer base. The
physical ICT resources, internet, web applications, and data other option, the less desirable, is through the direct billing
access and privacy, data centers on one hand to on the subscription of these APIs. In either case security will
virtualization and cloud architecture, cloud deployment and remain the integrated concept in the cloud. Similarly the
service models, and service level agreements on the other push security model should be followed from CSP1, CSP2
hand. In essence first category is more pertinent to the to CSC. Where almost all onus of security embedding
traditional ICT infrastructure and second category is more should fall upon CSP1 and CSP2 in that order. And the CSC
concerned with the Cloud Computing domain. There exits level users should be encouraged or enforced to security
huge literature to deliberate and advocate the concept of standard operating procedures through push models.
security-as-a-service. But there are clear negative

Table1: Review of different attacks and solutions

Attack Type Solution
Eavesdropping Authentication Protocols that protect secrets, ensures user anonymity and Password
Authenticated Key exchange (PAKE) protocols are much preferred in a multi-tenant
Cloud environment.

Shoulder Surfing Attack This attack results in information disclosure and in a Cloud scenario it can be mitigated
by using secure two factor authentication and out-of band authentication mechanisms.

Cookie Poisoning It can be handled by attaching the hash values of the data stored in the cookies and
recalculating the same at the destination
Replay Attack The integrity of the nonce value send by the legal user can be ensured by attaching the
plain nonce value with the hash of the nonce XORed with the message value.
Session Hijacking A key exchange mechanism, that involves the calculation of session key separately by
the Client and server, resulting in the same key value, can be adopted in a Cloud
environment
Flooding Attack This attack can be controlled by data transfer throttling, fool proof authentication
mechanisms and mechanisms that filter out bogus requests
Browser Attack The web browser has to use SSL/TLS to encrypt the credentials and use SSL/TLS 4-way
handshake process in order to authenticate the client
Weak Authentication : Strong authentication mechanisms such as 2-factor authentication without password
tables are recommended in a Cloud environment

281
IJRITCC | July 2017, Available @ http://www.ijritcc.org
_______________________________________________________________________________________
International Journal on Recent and Innovation Trends in Computing and Communication ISSN: 2321-8169
Volume: 5 Issue: 7 279 282
_______________________________________________________________________________________________
All these attacks included in the category of password [8] Seo, K.K.: Factor analysis of the cloud service adoption
discovery attacks, focuses on obtaining the passwords of a intension of Korean firms: applying the TAM and VAM. J.
legal user which in turn is used to illegally impersonate the Digit PolicyManag.11(12), 155160 (2013)
[9] Park, C.S.: Study on security considerations in the cloud
user to a verifier. Such attacks will result in a successful
computing. J Korea Acad.-Ind. Co-op. Soc. 12(3), 1408
authentication, if and only if the authentication process is
1416 (2011)
solely based on password. In a Cloud scenario, this can be [10] Siani, P., Azzedine, B.: Privacy, security and trust issues
handled by protecting secrets, avoiding the storage of arising from cloud computing. In: 2nd IEEE International
passwords, Zero Knowledge Proof (ZKP) mechanisms, Conference on Cloud Computing Technology and Science,
privacy enhanced protocols implementing 2-factor pp. 693702 (2010)
authentication mechanisms without password tables [11] Heiser, J., Nicolett, M.: Assessing the Security Risks of
etc.Different attacks and solutions are reviewed in table1. Cloud Computing. Gartner (2008)
[12] Almond, C.: A Practical Guide to Cloud Computing
Security What You Need to Know Now About Your
III. Conclusion
Business and Cloud Security, pp. 627. Avanade Inc.
Distributed computing can be considered as an
(2009)
administration, like the way that power is viewed as an [13] Zissis, D., Lekkas, D.:Addressing cloud computing security
administration in urban territories. A cloud client can use issues. Future Gener. Comput. Syst. 28(3), 583592 (2012)
distinctive processing assets (e.g. system, stockpiling, [14] Foster, T., Zhao,Y., Lu, S.: Cloud computing resource
programming application), at whatever point required, management through a grid middleware: a case study with
without being worried with the complex basic innovation diet and eucalyptus. Cloud computing. In: IEEE
and framework engineering. The most essential component International Conference, pp. 151154(2009). Accessed 25
is that the figuring assets are accessible at whatever point August (2015)
[15] Tarrant, D., Brody, T., Carr, L.: From the desktop to the
they are required. Also, clients pay just for the asset they
cloud: leveraging hybrid storage architectures in your
really utilize. Subsequently, cloud clients can without much
repository. In: International Conference on Open
of a stretch scale their data innovation foundation, taking Repositories. http://eprints.soton.ac.uk/267084/1/or09.pdf
into account their business strategy and prerequisites. This (2009). Accessed 25 August (2015)
adaptability makes the business procedure more agile.This [16] S. Subashini and V. Kavitha, A survey on security issues
paper talks about a few dangers that are connected with the in service delivery models of cloud computing, J. Netw.
cloud security. Comput. Appl., vol. 34, no. 1, pp. 111, 2011.
[17] M. Ali, S. U. Khan, and A. V. Vasilakos, Security in cloud
computing: Opportunities and challenges, Inf. Sci. (Ny).,
References
vol. 305, pp. 357383, 2015.
[1] Ratansingham, P., Kumer, K.: Trading partner trust in
[18] M. Jouini and L. B. A. Rabai, A Security Framework for
electronic commerce participation. In: Proceeding of the
Secure Cloud Computing Environments, Int. J. Cloud
22nd International Conference on Information systems, pp.
Appl. Comput., vol. 6, no. 3, pp. 3244, 2016.
544552 (2000)
[19] B. R. Kandukari, R. Paturi V, and A. Rakshit, Cloud
[2] Kim, K.K., Lee, J.W., Kim, H.S.: Impact of trust and risk
Security Issues, in 2009 Ieee International Conference on
on internet banking adoption. Korean Manag. Rev. 32(6),
Services Computing, 2009, pp.517520.
17711797 (2003)
[20] W. Jansen and T. Grance, Guidelines on Security and
[3] Jarvenpaa, S.L., Knoll, K., Leidner, D.E.: Is anybody out
Privacy in PublicCloud Computing, National Institute of
there? Antecedents of trust in global virtual teams. J.
Standards and Technology Draft (NIST) Draft Special
Manag. Inf. Syst.14(4), 2964 (1998)
Publication 800-144, 2011
[4] Lim, N.: Consumers Perceived Risk: Sources versus
[21] M. A. C. Dekker and L. Dimitra, Cloud Security Guide
Consequences. Electron. Commer. Res. Appl. 2(3), 216
for SMEs, European Union Agency for Network and
228 (2003)
Information Security, 2015.
[5] Ahn, J.H.,Choi,K.C., Sung, K.M., Lee, J.H.:Astudy on the
[22] OWASP Top 10, The Ten Most Critical Web Application
impact of security risk on the usage of knowledge
Security Risks, 2013.
management system: focus on parameter of trust. In:
[23] Venkata Sravan Kumar Maddineni
International Conference on Information systems, vol.15
,ShivashankerRagi.,(2011). Security Techniques for
[6] Hexin, Y., Ahn, J.C.: An empirical analysis on the
Protecting Data in Cloud Computing.
persistent usage of personal cloud service: a cast study of
China. Proc. Korean Soc. Internet Inf. Conf. 15(2), 149
150 (2014)
[7] Jun, C.J., Lee, J.H., Jeon, I.S.: Research about factor
affecting the continuous use of cloud storage service: user
factor, system factor, psychological switching cost factor. J.
Soc. e-Bus. Stud. 19(1), 1542 (2014)

282
IJRITCC | July 2017, Available @ http://www.ijritcc.org
_______________________________________________________________________________________