However, ensuring securityfor business data in the "cloud" is difficult to almost impossible because they providedifferent services such as: Software as a Service SaaS, Platform as as a
INTRODUCTION
OVERVIEW OF THE TOPIC
Cloud computing offers users access to vast amounts of virtual memory without the need for costly setups, resulting in lower service costs In recent years, it has advanced significantly, integrating with various industries and attracting researchers to drive technological innovation Its scalability allows organizations to easily transfer data and services to cloud storage However, this convenience also introduces challenges, such as security threats for trusted third-party providers and new security issues arising from the use of web technologies in cloud services.
REASONS FOR CHOOSING THE TOPIC
Cloud security has become essential as businesses increasingly adopt cloud computing Protecting data and applications in the cloud is crucial in this rapidly evolving landscape Continuous advancements in cloud security technologies are being made to combat sophisticated threats Therefore, ongoing research in cloud security is vital for our team to remain informed about the latest security challenges.
OBJECTIVES OF THE RESEARCH
Discover the critical cloud security threats outlined in the cloud security course report, including DDoS attacks, code injection attacks, and data theft Gain insights into the workings of the cloud and its vulnerabilities to effectively safeguard your data and applications Implement essential security measures such as encryption, two-factor authentication, and access control to enhance your cloud security posture.
PROJECT STRUCTURE
The report has 3 main parts:
Topic “SECURITY IN CLOUD COMPUTING”
THEORETICAL BASIS
OVERVIEW OF CLOUD COMPUTING
Cloud computing is a cost-effective IT solution that provides a wide range of services through interconnected computing units Organizations across various industries leverage cloud services for numerous applications, such as data backup, disaster recovery, email management, virtual desktops, software development, big data analytics, and customer-facing web applications For instance, healthcare companies utilize cloud technology to create personalized patient treatments, while financial services enhance real-time fraud detection and prevention Additionally, video game publishers rely on cloud computing to deliver online games to millions of global players.
SECURITY IN CLOUD COMPUTING
Cloud security encompasses a range of technologies, protocols, and best practices designed to safeguard cloud computing environments, applications, and data It is essential for businesses to implement effective cloud security measures to protect their cloud infrastructure and ensure the integrity and confidentiality of their information stored in the cloud.
Security is designed to secure the following departments:
1 Physical Networks: Routers, power supplies, cabling, control panels,
2 Data Storage: hard drive, storage memory,
3 Data Servers: core network computing hardware and software
4 Computer Virtualization Frameworks: virtual machine software, servers and clients participating in using Cloud Computing services
5 Operating System (OS): software containing services
6 Middleware: helps manage application programming interfaces (APIs)
7 RTE (Runtime Environment): is the environment that executes and maintains a running program
8 Stored data: is all information stored, edited and accessed to
9 Applications: can be traditional software such as (email, tax calculation software, productivity suite, )
Topic “SECURITY IN CLOUD COMPUTING”
10.End-user hardware: including computers, phones, IoT devices, …
2.2.1 Security of cloud computing services:
SaaS services offer customers access to applications hosted on the provider's cloud servers, with the service provider handling the management of applications, data storage, runtime, middleware, and the operating system.
Customers when using SaaS services are only responsible for receiving their applications SaaS services can be mentioned as: Google Drive, Slack, Salesforce, Microsoft 365, Cisco WebEx, Evernote,…
Picture 1 : Software as a Service (SaaS)
PaaS services provide customers with private servers to self-develop applications that will run on their space
Vendors manage runtime, middleware, and operating system (O/S) And the customer's job will be to manage the applications, data and user accounts, access devices and networks of end users
Examples of PaaS services can be mentioned as Google App Engine, WindowsAzure, …
Picture 2 : Platform as a Service (PaaS)
IaaS, or Infrastructure as a Service, is a cloud computing model that delivers remote hardware access, including operating systems, to customers In this model, the service provider is responsible for managing essential components such as virtualization, servers, storage, and networking, allowing users to focus on their applications and workloads without the need for physical infrastructure management.
The customer's task is to secure all data, applications, operating systems, runtimes and middleware In addition, customers also need to manage end-user access devices and networks.
Some examples of IaaS services such as Microsoft Azure, Google Compute Engine(GCE), Amazon Web Services (AWS)
Topic “SECURITY IN CLOUD COMPUTING”
Picture 3 : Infrastructure as a Service (IaaS)
CLOUD DEPLOYMENT MODELS
Cloud deployment models are deployed from a model in which one or more cloud services are created to be made available to individuals and organizations
This environment will divide the responsibility for security management among different actors, including vendors and users.
A public cloud is a computing environment owned and managed by third-party providers like Amazon Web Services (AWS) and Microsoft Azure, allowing users to access resources via the internet In this multi-tenant model, multiple users share the same infrastructure, meaning that different virtual machine instances can operate on a single physical server, and storage volumes may exist on the same storage system.
Private clouds are preferred by businesses when public clouds fall short of their requirements, particularly regarding service availability and uptime Organizations may also choose private clouds to mitigate risks associated with hosting critical workloads in public environments, especially when security or regulatory compliance issues arise from multi-tenant setups By investing in a private cloud, enterprises can leverage the advantages of cloud computing while ensuring complete control and ownership of their infrastructure.
Topic “SECURITY IN CLOUD COMPUTING”
A community cloud is a specialized cloud computing solution tailored to the needs of a specific group of organizations, which can be defined by factors such as geography or industry These clouds can be managed either by a third party, offering professional support at a higher cost, or internally by the member organizations, which is more cost-effective but demands greater time and resources.
Hybrid Cloud is a cloud computing environment that combines and interconnects public cloud and private cloud platforms It is built specifically for an organization and is provided by a third-party
Hybrid cloud offers organizations enhanced flexibility and a variety of options for data deployment, enabling seamless movement of workloads between public and private clouds according to cost-effectiveness and computing needs.
- Suitable of small system where job arrival rate is low
- Does not consider the size of task to be mapper
- Does not consider the capacity of VM and size of tasks in VM queue while mapping task with VM
TYPES OF CLOUD COMPUTING ATTACKS
A denial-of-service (DoS) attack is a cyber threat designed to disrupt access to a computer or network resource for legitimate users This type of attack often involves inundating a cloud service with excessive traffic, overwhelming the system and preventing it from handling genuine requests effectively.
DoS attacks pose significant risks by disrupting vital services, leading to financial losses and harming an organization's reputation Defending against cloud-based DoS attacks is especially challenging due to the vast scale and complexity of cloud environments, which complicates the identification and mitigation of such threats.
Topic “SECURITY IN CLOUD COMPUTING”
Picture 9 : Denial-of-service attack
Picture 10 : Account hijackingAccount hijacking in the cloud refers to the unauthorized access or control of a cloud computing account by an attacker This can allow the attacker to use the associated resources for their own purposes, or to steal or manipulate data stored in the cloud For example, attackers can use password cracking techniques to guess or steal login credentials and gain access to a cloud account Account hijacking can lead to financial losses and damage to an organization’s reputation
User account compromise occurs when an attacker gains unauthorized access to an account, often by deceiving the account owner into disclosing their login credentials or by exploiting vulnerabilities in the user's system or applications.
This differs from account hijacking, which involves an attacker gaining unauthorized access to an account through means such as password cracking or exploiting vulnerabilities in the cloud infrastructure.
Cloud malware injection attacks involve the insertion of malicious software, like viruses or ransomware, into cloud computing resources These attacks can compromise the integrity of affected systems, enabling attackers to steal or destroy sensitive data or exploit the resources for their own gain.
There are several ways in which attackers can inject malware into cloud resources, including:
- Exploiting vulnerabilities in the cloud infrastructure or in the systems and applications running on the cloud
- Adding a malicious service module to a SaaS or PaaS system, or an infected VM to an IaaS system, and diverting user traffic to it
Topic “SECURITY IN CLOUD COMPUTING”
- Using phishing attacks to trick users into downloading and installing malicious software
- Gaining unauthorized access to cloud accounts and injecting malware through the use of malware-infected files or links.
Picture 12 : Malware-as-a-service business model
Insider threats in cloud environments pose significant risks as they involve unauthorized access or misuse of cloud resources by individuals within an organization, including employees and contractors Although these individuals typically have legitimate access to cloud assets, they may exploit that access for personal gain or inadvertently compromise security through their actions.
Insider threats present significant challenges in detection and prevention, as they typically involve authorized individuals accessing cloud assets, often without malicious intent Mitigating these threats is complicated due to the inherent trust and extensive access these individuals have within the organization.
A side-channel attack targets vulnerabilities in a system's physical implementation rather than its logical interfaces, allowing attackers to exploit leaked information about the system's workings or data By deploying a malicious virtual machine on a legitimate physical host utilized by a cloud customer, the attacker gains access to sensitive information stored on the victim's machine.
Side-channel attacks are techniques employed to extract sensitive information from systems, including passwords and encryption keys These attacks can also disrupt system operations or manipulate their behavior, posing significant security risks.
Picture 13: How a side-channel attack works
Cookie poisoning in cloud applications involves the unauthorized alteration or injection of harmful content into cookies, which are small data files stored on a user's device by websites or web applications.
Cookies play a crucial role in storing user preferences and browsing history, enhancing personalized experiences and tracking online activity However, in SaaS and cloud applications, these cookies can also store sensitive credential data, making them a target for attackers who may exploit them to gain unauthorized access to applications.
Security misconfiguration refers to the failure to properly configure cloud computing resources and infrastructure to protect against cyber threats This can include failure to
Topic “SECURITY IN CLOUD COMPUTING” properly set access controls, failure to properly configure and secure systems and applications, and failure to regularly update and patch systems and applications.
Insecure APIs have vulnerabilities that can be exploited by attackers to gain unauthorized access to systems or data, or to disrupt the operation of the API
Shadow APIs refer to undocumented or unauthorized application programming interfaces that may go unnoticed by the organization that owns them Often created by developers or users within the organization, these APIs can inadvertently expose sensitive data and functionalities to unauthorized individuals, posing significant security risks.
API parameters: The inputs and outputs of an API, which can be vulnerable to injection attacks if they are not properly validated and sanitized.
A cloud cryptomining attack involves cybercriminals leveraging cloud computing resources to conduct cryptomining activities without the consent of the cloud provider or resource owner This illicit process utilizes computing power to solve intricate mathematical problems, enabling the verification and validation of transactions within a blockchain network.
A cloud cryptomining attack occurs when attackers exploit stolen or compromised credentials to access cloud computing resources, including virtual machines and containers, for cryptomining purposes These attackers may also employ malware and other methods to gain unauthorized entry into cloud environments.
Topic “SECURITY IN CLOUD COMPUTING”
EXPERIMENTAL RESULTS
THE PROPOSED EXPERIMENT PREVENT FROM ACCOUNT HIJACKING
To improve cloud server security and safeguard against hijacking attacks, it is crucial to implement a range of security practices These practices encompass establishing a strong password policy, utilizing multi-factor authentication (MFA), enforcing network access control (NAC), managing user accounts effectively, and conducting thorough security monitoring and logging Additionally, employing encryption for secure communication, performing regular patch management and software updates, ensuring robust backup and disaster recovery plans, and developing a comprehensive incident response plan are essential for maintaining a secure cloud environment.
- Here are the detailed explanations for each practice:
Implement a password policy that requires users to use a combination of uppercase and lowercase letters, numbers, and special characters
Regularly enforce password expiration to ensure the user is required to create a new strong password
Require users to provide an additional layer of authentication when logging into their cloud server
Implement MFA through either an authenticator app (like Google Authenticator) or SMS-based authentication
Use NAC to control the devices that can access the cloud server and ensure only trusted devices can connect
NAC systems can be integrated with Virtual Private Networks (VPNs) to further enhance security.
Implement the principle of least privilege by ensuring users have access to only the necessary resources
Regularly review and remove any dormant or unnecessary user accounts Security
Implement continuous security monitoring to detect any unusual activity on the cloud server
Enable comprehensive logging capabilities to capture detailed logs of all user activities and system events
Ensure data at rest is encrypted using strong encryption algorithms like AES-256 Enable data in transit encryption using Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocols
Patch Management and Software Updates:
Regularly apply security patches and software updates to the cloud server to ensure it is protected against known vulnerabilities
Implement robust backup and disaster recovery plans to protect against data loss and system downtime
Establish an incident response plan that outlines the steps to be taken in the event of a security breach or cyberattack
Implementing a robust security process is essential for significantly reducing the risk of server hijacking To effectively combat potential threats, it is vital to consistently uphold and regularly update these security measures.
3.2 THE PROPOSED ALGORITHMS TO PREVENT FROM HIJACKING ATTACK
The AES-256 encryption algorithm is crucial for securing data transmission in cloud servers, significantly enhancing their overall security By implementing this advanced encryption method, the security capabilities of cloud servers can be effectively updated, ensuring that data remains protected during the transmission process.
Topic “SECURITY IN CLOUD COMPUTING”
Picture 17 : AES-256 Model When users create a file and take them to the cloud server it will be encrypted and the encrypted data will be transmit to the storage server At the time the encrypted data arrive to the storage server the data will be decrypted to the real file which is transmit by the users This thing happen to ensure the data will not easily be attacked and encrypted.
Picture 18 : The AES-256 algorithm Using AES to encrypt the data from a file to a encrypted file and then the data of the file will be more difficult to decrypt to the original file.
The AES algorithm is utilized to encrypt files before they are transmitted to the server by the user, ensuring secure data transfer The encrypted file is transformed into an encrypted string using the AES-256 algorithm, providing robust protection for sensitive information.
Topic “SECURITY IN CLOUD COMPUTING”
The AES-256 algorithm enhances data security for users transmitting information to cloud storage, as its robust encryption makes it significantly more challenging for unauthorized parties to access large files.
Using WireShark to check log from the connection of the https
Continuous server monitoring is essential for system administrators to detect any unusual symptoms, such as strange connections or discrepancies in performance Regular oversight ensures prompt identification and resolution of potential issues, maintaining optimal server functionality and security.
IP try to connect to the Cloud Server, they can easily isolate that address from the server system.
CONCLUSION
CONCLUSION
During the course of this cloud security research and development project, I learned valuable insights into important aspects of securing cloud environments
Delving into the intricate realm of cloud security has enhanced my comprehension of the challenges and vulnerabilities linked to cloud computing, while also empowering me to implement robust security measures effectively.
In today's interconnected digital landscape, safeguarding cloud infrastructure is crucial This initiative emphasizes the need for robust security strategies to address emerging threats while ensuring data confidentiality, integrity, and availability As technology evolves, enhancing cloud security is an ongoing journey that demands dedication and expertise, and I am committed to advancing my knowledge in this vital area.
DEVELOPMENT
As cloud security continues to evolve, it faces several challenges due to the ever-changing digital landscape One major issue is the rapid advancement of cyber threats, necessitating ongoing security measures to tackle emerging vulnerabilities Additionally, the complexity of cloud environments, which encompass various technologies and services, complicates the effort to maintain a unified and effective security strategy.
Balancing accessibility and security poses a significant challenge, as it is crucial to provide authorized users with seamless access while simultaneously preventing unauthorized entry Achieving this equilibrium necessitates meticulous design and implementation strategies.
To address security challenges effectively, organizations must adopt a comprehensive strategy that includes continuous education and training for security teams to stay abreast of emerging threats Utilizing advanced technologies such as artificial intelligence and machine learning enhances threat detection capabilities Additionally, fostering a culture of security within the organization is crucial Regular security testing and assessments are essential for identifying and mitigating vulnerabilities.
Topic “SECURITY IN CLOUD COMPUTING”
Cloud security development focuses on continuous evolution and innovation to address emerging threats Staying vigilant, proactive, and collaborative is essential for safeguarding cloud environments, ensuring the integrity and security of data.
Topic “SECURITY IN CLOUD COMPUTING”