IT | A Proposed Concept of Security in "Hybrid Cloud"

IT | A Proposed Concept of Security in "Hybrid Cloud"

By Anukrati Dubey, Gunjita Shrivastava & Sandeep Sahu

Cloud computing is becoming a buzz word in computer industry and everyone is looking to associate in one way or other with this brand new concept. It is a very current topic and the term has gained a lot of traction being sported on advertisements all over the Internet from web space hosting providers, through data centers to virtualization software providers.

 IT | A Proposed Concept of Security in "Hybrid Cloud"

Such complex technology and business models setting entails an extensive research and provides the motivation towards writing this paper. The main goal is to “clear the air on hybrid cloud computing security” and provide an unbiased and independent, albeit critical outlook of the technology. Special emphasis is put on the critical examination of each strategy as now more than ever in the face of the global economic crisis, companies face higher refinancing and investment costs and as any company thinking about adopting or moving to cloud computing technology would do in practice; short-to medium term disadvantages of the technology have to be pragmatically and carefully weighted out against any hyped long-term potential efficiency achievements, be it strategic, technical or cost related.

In order to understand the vision, goals and strategy behind cloud computing, two key concepts that form its foundations need to be explained first:
  • Autonomic Computing
  • Utility Computing
Autonomic computing, the term initially being introduced by IBM's Senior Vice President Paul Horn to the National Academy of Engineers at Harvard University in 2001, represents a research aim towards achieving self-managing computing systems, whose components integrate effortlessly.

Utility computing is the second key concept that one encounters in all cloud computing models. It is by no means a new concept as articulated in one form or another as early as the 1960s and implies that it is only natural that at some point computing power will be offered as a standardized service billed on actual usage with very limited or no upfront set-up charges.

A scientific definition is proposed by the GRIDS Lab at the University of Melbourne: "A Cloud is a type of parallel and distributed system consisting of a collection of interconnected and virtualized computers that are dynamically provisioned and presented as one or more unified computing resources based on service-level agreements established through negotiation between the service provider and consumers." 

Berkeley's defines it as: "Cloud Computing refers to both the applications delivered as services over the Internet and the hardware and systems software in the data centers that provide those services (Software as a Service - SaaS). The data center hardware and software is what we will call a Cloud. When a Cloud is made available in a pay-as-you-go manner to the public, we call it a Public Cloud; the service being sold is Utility Computing"

Building blocks of cloud computing:
  • Storage-as-a-Service
  • Database-as-a-Service
  • Information-as-a-Service
  • Process-as-a-Service
  • Application-as-a-Service
  • Integration-as-a-Service
  • Security-as-a-Service
  • Management/Governance-as-a-Service
  • Testing-as-a-Service

Basics of Hybrid Cloud Computing:

Image Attribute: Difference Between Private, Hybrid and Public Cloud Systems

Image Attribute: Difference Between Private, Hybrid and Public Cloud Systems

1. A hybrid cloud is a composition of at least one private cloud and at least one public cloud. A hybrid cloud is typically offered in one of two ways: a vendor has a private cloud and forms a partnership with a public cloud provider, or a public cloud provider forms a partnership with a vendor that provides private cloud platforms.

2. A hybrid cloud is a cloud computing environment in which an organization provides and manages some resources in-house and has others provided externally. For example, an organization might use a public cloud service, such as Amazon Simple Storage Service (Amazon S3) for archived data but continue to maintain in-house storage for operational customer data. Ideally, the hybrid approach allows a business to take advantage of the scalability and cost-effectiveness that a public cloud computing environment offers without exposing mission-critical applications and data to third-party vulnerabilities. This type of hybrid cloud is also referred to as hybrid IT.

Challenges in Hybrid Cloud Computing Here are some challenges to consider when setting up hybrid clouds:

1.On Demand Start-up and Shutdown

Your infrastructure must be able to start up and shutdown cloud nodes on demand. Usually you should have some policy implemented which listens to some of your application characteristics and reacts to them by starting or stopping cloud nodes. In simplest case, you can react to CPU utilization and start up new nodes if main cloud gets overloaded and stop nodes if it gets under loaded.

2. Cloud-based Node Discovery

The main challenge in setting up regular discovery protocols on clouds is that IP Multicast is not enabled on most of the cloud vendors (including Amazon and Go Grid). Your node discovery protocol would have to work over TCP. However, you do not know the IP addresses of the new nodes started on the cloud either. To mitigate that, you should utilize some of the cloud storage infrastructure, like S3 or Simple DB on Amazon, to store IP addresses of new nodes for automatic node detection.

3. One-Directional Communication

One of the challenges in big enterprises is opening up new ports in Firewalls for connectivity with clouds. Quite often you will only be allowed to make only outgoing connections to a cloud. Your middleware should support such cases. On top of that, sometimes you may run into scenario of disconnected clouds, where cloud A can talk to cloud B, and cloud B can talk to cloud C, however cloud A cannot talk to cloud C directly. Ideally in such case cloud A should be allowed to talk to cloud C through cloud B.

4. Latency

Communication between clouds may take longer than communication between nodes within the same cloud. Often, communication within the same cloud is significantly slower than communication within local data center. Your middleware layer should properly react to and handle such delays without breaking up the cluster into pieces.

5. Reliability and Atomicity

Many operations on the cloud are unreliable and non-transactional. For example, if you store something on Amazon S3 storage, there is no guarantee that another application can read the stored data right away. There is also no way to ensure that data is not overwritten or implement some sort of file locking. The only way to provide such functionality is at application or middle-ware layers.

Security problems faced by the cloud system about in the following five aspects:

First, it faces more security attacks: due to the vast amounts of user data stored in the cloud system, for attackers there has greater allure. If the attacker in some way successfully attack cloud systems, it will bring devastating disaster for both cloud providers and users; On the other hand, in order to ensure flexibility and versatility services of the cloud, cloud systems provide users with more open access interfaces, which also bring greater security threats.

Second, virtualization technology: it not only brings cloud computing platform flexibly resources configured, but also brings new security challenges. There is a need to solve the problem that secure deployment of cloud platform based on the virtual machine architecture. In a virtualized environment, the server is like a file which is taken away easily, so the risk of disclosure increases. The introduction of the virtualization platform has become new security vulnerabilities. Once be hacked, all the virtual machines running on the virtualization platform will be under control of attackers. By that time, the cloud providers and users will suffer huge loss.

Third, ensure continuity of the cloud platform services and high availability of user data and business: Amazon data center downtime event, Google's Gmail failing to use event and so on are associated with cloud computing availability. To a certain extent, the events above discourage the enthusiasm of the enterprise to use public cloud. Cloud computing service need to provide a fault tolerant mechanism to backup user data to reduce the impact in application when the original data is destroyed. In addition, the software itself may have loopholes and a large number of malicious attacks happen, all these above greatly increase the possibility of service interruption. How to protect the high availability of software services and user application and how to provide convenience security management to the thin-client user have become one of the biggest challenges of cloud security.

Fourth, ensure the safety and privacy of user data: user data stored in the cloud system, for malicious attacks, the primary purpose is to get user privacy, and then to obtain economic benefits. In this case, laws, regulations and processes are the problems that are the most urgent to be solved, and relevant laws and regulations should be established and improved to protect third-party security, to meet requirements listed by companies, especially to clear responsibility division when problems arise and to provide protection mechanisms as cloud service providers exit. • Fifth, perfect the cloud standards: Interest-oriented IT development process leads to cloud standards exist everywhere. Many manufacturers have defined their own application standards and data formats, forcing the user deploying IT system and their own business in accordance with the framework set by different service provider. Ultimately, all of this leads to business fragmented and chaotic system which are adverse to users' application. In cloud computing, cloud computing security standards and evaluation system provides an important technical and management support. And interoperability between varieties of cloud services is essential to ensure the cloud not to fall into isolated development situation and then promote common progress. To a certain extent, the establishment of cloud standards decides the future evolution of cloud computing.

With the advance of cloud computing, hybrid cloud that integrate private and public cloud is increasingly becoming an important research issue. Migrating cloud applications from a busy host to an idle host needs an efficient way to guarantee the performance in the geographical heterogeneous cloud environment. In this article we propose an automatic, intelligent service migration framework on a hybrid cloud based on agent technology. We build a prototype that integrated our private cloud with public cloud. In the prototype, mobile agent technique is exploited to manage all resources, monitor system behavior, and negotiate all actions in the hybrid cloud, in order to achieve automatic, intelligent service migration between the clouds. We demonstrate the service migration mechanism on Hadoop platform between our platform and ITRI public cloud.

For data security and privacy protection issues, the fundamental challenges are separation of sensitive data and access control. Our objective is to design a set of unified identity management and privacy protection frameworks across applications or cloud computing services. From the studies of various research papers and works done by various researchers it has been found that following are the major areas of focus in the field of cloud computing:

1. Defining Architecture: on the basis of the application areas.
2. Security of communication over the cloud.
3. Integration of services on various layers.
4. Inclusion of Various network and communication devices being developed rapidly

Proposed Algorithm:

Hybrid cloud, in this way is more useful as they are combination of public and private clouds. Such a system is obviously going to very less secured and will face more and more security challenges. Primary security goal found in hybrid clouds is to provide secured sharing of data between the public and private clouds i.e. secured intra cloud communication. This article proposes a secured intra cloud communication mechanism in which it is being tried to keep the data more secured over the intra cloud communication using a challenge text based communication. Various Steps involved are as follows:

Step 1: Cloud ‘A’ has to communicate with Cloud ‘B’. (Both ‘A’ and ‘B’ may be public, private or combination). Both have a trusted environment already created between them using SLA.

Step 2: Cloud ‘A’ sends a data request (DRQ) to Cloud ‘B’

Step 3: Cloud ‘B’ receives the DRQ and sends a challenge text (RID) encrypted using RSA algorithm, to Cloud ‘A’.

Step 4: Cloud ‘A’ receives the RID and decrypts the same using its public key. The decrypted text (VID) is sent to the Cloud ‘B’.

Step 5: Cloud ‘B’ if founds that the key is matching, it will send the encrypted data to Cloud ‘A’ as desired by the Cloud ‘A’.

Step 6: Cloud ‘B’ if founds that the key is not matching, it will reject the request instantly.

DRQ- Data Request
RID-Reveal Identification
VID – Verify Identity

In the recent era, cloud computing has evolved as a net centric, service oriented computing model. Consumers purchase computing resources as on-demand basis and get worry free with the underlying technologies used. Cloud computing model is composed of three service models Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) and four deployment models Public, Private, Community and Hybrid. A third party service provider, stores & maintains data, application or infrastructure of Cloud user. Relinquishing the control over data and application poses challenges of security, performance, availability and privacy. Security issues in Cloud computing are most significant among all others. Information Technology (IT) auditing mechanisms and framework in cloud can play an important role in compliance of Cloud IT security policies.

Publication Details:

This is an abridged report derived from a technical paper titled – “Security in Hybrid Cloud” by Anukrati Dubey, Gunjita Shrivastava & Sandeep Sahu published at Global Journal of Computer Science and Technology Cloud and Distributed  - Volume 13 Issue 2 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals Inc. (USA) Online ISSN: 0975-4172

© 2013. Anukrati Dubey, Gunjita Shrivastava & Sandeep Sahu. This is a research/review paper, distributed under the terms of the Creative Commons Attribution-Noncommercial 3.0 Unported License http://creativecommons.org/licenses/by-nc/3.0/)

Download the Paper - LINK
    Blogger Comment
    Facebook Comment