This article proposes a secured intra cloud communication mechanism in which it is being tried to keep the data more secured over the intra cloud communication using a challenge text based communication.
By Anukrati Dubey, Gunjita Shrivastava & Sandeep Sahu
Cloud computing
is becoming a buzz word in computer industry and everyone is looking to
associate in one way or other with this brand new concept. It is a
very current topic and the term has gained a lot of traction being sported on
advertisements all over the Internet from web space hosting providers, through
data centers to virtualization software providers.
Such complex
technology and business models setting entails an extensive research and
provides the motivation towards writing this paper. The main goal is to “clear
the air on hybrid cloud computing security” and provide an unbiased and
independent, albeit critical outlook of the technology. Special emphasis is put
on the critical examination of each strategy as now more than ever in the face
of the global economic crisis, companies face higher refinancing and investment
costs and as any company thinking about adopting or moving to cloud computing
technology would do in practice; short-to medium term disadvantages of the
technology have to be pragmatically and carefully weighted out against any
hyped long-term potential efficiency achievements, be it strategic, technical
or cost related.
In order to
understand the vision, goals and strategy behind cloud computing, two key
concepts that form its foundations need to be explained first:
- Autonomic Computing
- Utility Computing
Autonomic
computing, the term initially being introduced by IBM's Senior Vice President
Paul Horn to the National Academy of Engineers at Harvard University in 2001,
represents a research aim towards achieving self-managing computing systems,
whose components integrate effortlessly.
Utility
computing is the second key concept that one encounters in all cloud computing
models. It is by no means a new concept as articulated in one form or another
as early as the 1960s and implies that it is only natural that at some point
computing power will be offered as a standardized service billed on actual
usage with very limited or no upfront set-up charges.
A scientific
definition is proposed by the GRIDS Lab at the University of Melbourne: "A
Cloud is a type of parallel and distributed system consisting of a collection
of interconnected and virtualized computers that are dynamically provisioned
and presented as one or more unified computing resources based on service-level
agreements established through negotiation between the service provider and
consumers."
Berkeley's defines it as: "Cloud Computing refers to both the
applications delivered as services over the Internet and the hardware and
systems software in the data centers that provide those services (Software as a
Service - SaaS). The data center hardware and software is what we will call a
Cloud. When a Cloud is made available in a pay-as-you-go manner to the public,
we call it a Public Cloud; the service being sold is Utility Computing"
Building blocks
of cloud computing:
- Storage-as-a-Service
- Database-as-a-Service
- Information-as-a-Service
- Process-as-a-Service
- Application-as-a-Service
- Integration-as-a-Service
- Security-as-a-Service
- Management/Governance-as-a-Service
- Testing-as-a-Service
Basics of Hybrid Cloud
Computing:
Image Attribute: Difference Between Private, Hybrid and Public Cloud Systems
1. A hybrid
cloud is a composition of at least one private cloud and at least one public
cloud. A hybrid cloud is typically offered in one of two ways: a vendor has a
private cloud and forms a partnership with a public cloud provider, or a public
cloud provider forms a partnership with a vendor that provides private cloud
platforms.
2. A hybrid
cloud is a cloud computing environment in which an organization provides and
manages some resources in-house and has others provided externally. For
example, an organization might use a public cloud service, such as Amazon
Simple Storage Service (Amazon S3) for archived data but continue to maintain
in-house storage for operational customer data. Ideally, the hybrid approach
allows a business to take advantage of the scalability and cost-effectiveness
that a public cloud computing environment offers without exposing
mission-critical applications and data to third-party vulnerabilities. This
type of hybrid cloud is also referred to as hybrid IT.
Challenges in
Hybrid Cloud Computing Here are some challenges to consider when setting up
hybrid clouds:
1.On Demand Start-up
and Shutdown
Your
infrastructure must be able to start up and shutdown cloud nodes on demand.
Usually you should have some policy implemented which listens to some of your
application characteristics and reacts to them by starting or stopping cloud
nodes. In simplest case, you can react to CPU utilization and start up new
nodes if main cloud gets overloaded and stop nodes if it gets under loaded.
2. Cloud-based
Node Discovery
The main
challenge in setting up regular discovery protocols on clouds is that IP
Multicast is not enabled on most of the cloud vendors (including Amazon and Go
Grid). Your node discovery protocol would have to work over TCP. However, you
do not know the IP addresses of the new nodes started on the cloud either. To
mitigate that, you should utilize some of the cloud storage infrastructure,
like S3 or Simple DB on Amazon, to store IP addresses of new nodes for
automatic node detection.
3.
One-Directional Communication
One of the
challenges in big enterprises is opening up new ports in Firewalls for
connectivity with clouds. Quite often you will only be allowed to make only
outgoing connections to a cloud. Your middleware should support such cases. On
top of that, sometimes you may run into scenario of disconnected clouds, where
cloud A can talk to cloud B, and cloud B can talk to cloud C, however cloud A
cannot talk to cloud C directly. Ideally in such case cloud A should be allowed
to talk to cloud C through cloud B.
4. Latency
Communication
between clouds may take longer than communication between nodes within the same
cloud. Often, communication within the same cloud is significantly slower than
communication within local data center. Your middleware layer should properly
react to and handle such delays without breaking up the cluster into pieces.
5. Reliability
and Atomicity
Many operations
on the cloud are unreliable and non-transactional. For example, if you store
something on Amazon S3 storage, there is no guarantee that another application
can read the stored data right away. There is also no way to ensure that data
is not overwritten or implement some sort of file locking. The only way to
provide such functionality is at application or middle-ware layers.
Security
problems faced by the cloud system about in the following five aspects:
First, it faces more
security attacks: due to the vast amounts of user data stored in the cloud
system, for attackers there has greater allure. If the attacker in some way
successfully attack cloud systems, it will bring devastating disaster for both
cloud providers and users; On the other hand, in order to ensure flexibility
and versatility services of the cloud, cloud systems provide users with more
open access interfaces, which also bring greater security threats.
Second, virtualization
technology: it not only brings cloud computing platform flexibly resources
configured, but also brings new security challenges. There is a need to solve
the problem that secure deployment of cloud platform based on the virtual
machine architecture. In a virtualized environment, the server is like a file
which is taken away easily, so the risk of disclosure increases. The
introduction of the virtualization platform has become new security
vulnerabilities. Once be hacked, all the virtual machines running on the
virtualization platform will be under control of attackers. By that time, the
cloud providers and users will suffer huge loss.
Third, ensure
continuity of the cloud platform services and high availability of user data
and business: Amazon data center downtime event, Google's Gmail failing to use
event and so on are associated with cloud computing availability. To a certain
extent, the events above discourage the enthusiasm of the enterprise to use
public cloud. Cloud computing service need to provide a fault tolerant
mechanism to backup user data to reduce the impact in application when the
original data is destroyed. In addition, the software itself may have loopholes
and a large number of malicious attacks happen, all these above greatly
increase the possibility of service interruption. How to protect the high
availability of software services and user application and how to provide
convenience security management to the thin-client user have become one of the
biggest challenges of cloud security.
Fourth, ensure the
safety and privacy of user data: user data stored in the cloud system, for
malicious attacks, the primary purpose is to get user privacy, and then to
obtain economic benefits. In this case, laws, regulations and processes are the
problems that are the most urgent to be solved, and relevant laws and
regulations should be established and improved to protect third-party security,
to meet requirements listed by companies, especially to clear responsibility
division when problems arise and to provide protection mechanisms as cloud service
providers exit. • Fifth, perfect the cloud standards: Interest-oriented IT
development process leads to cloud standards exist everywhere. Many
manufacturers have defined their own application standards and data formats,
forcing the user deploying IT system and their own business in accordance with
the framework set by different service provider. Ultimately, all of this leads
to business fragmented and chaotic system which are adverse to users'
application. In cloud computing, cloud computing security standards and
evaluation system provides an important technical and management support. And
interoperability between varieties of cloud services is essential to ensure the
cloud not to fall into isolated development situation and then promote common
progress. To a certain extent, the establishment of cloud standards decides the
future evolution of cloud computing.
With the advance
of cloud computing, hybrid cloud that integrate private and public cloud is
increasingly becoming an important research issue. Migrating cloud applications
from a busy host to an idle host needs an efficient way to guarantee the
performance in the geographical heterogeneous cloud environment. In this
article we propose an automatic, intelligent service migration framework on a
hybrid cloud based on agent technology. We build a prototype that integrated our
private cloud with public cloud. In the prototype, mobile agent technique is
exploited to manage all resources, monitor system behavior, and negotiate all
actions in the hybrid cloud, in order to achieve automatic, intelligent service
migration between the clouds. We demonstrate the service migration mechanism on
Hadoop platform between our platform and ITRI public cloud.
For data
security and privacy protection issues, the fundamental challenges are
separation of sensitive data and access control. Our objective is to design a
set of unified identity management and privacy protection frameworks across
applications or cloud computing services. From the studies of various research
papers and works done by various researchers it has been found that following
are the major areas of focus in the field of cloud computing:
1. Defining
Architecture: on the basis of the application areas.
2. Security of
communication over the cloud.
3. Integration
of services on various layers.
4. Inclusion of
Various network and communication devices being developed rapidly
Proposed
Algorithm:
Hybrid cloud, in
this way is more useful as they are combination of public and private clouds.
Such a system is obviously going to very less secured and will face more and
more security challenges. Primary security goal found in hybrid clouds is to
provide secured sharing of data between the public and private clouds i.e.
secured intra cloud communication. This article proposes a secured intra cloud
communication mechanism in which it is being tried to keep the data more
secured over the intra cloud communication using a challenge text based
communication. Various Steps involved are as follows:
Step 1: Cloud
‘A’ has to communicate with Cloud ‘B’. (Both ‘A’ and ‘B’ may be public, private
or combination). Both have a trusted environment already created between them
using SLA.
Step 2: Cloud
‘A’ sends a data request (DRQ) to Cloud ‘B’
Step 3: Cloud
‘B’ receives the DRQ and sends a challenge text (RID) encrypted using RSA
algorithm, to Cloud ‘A’.
Step 4: Cloud
‘A’ receives the RID and decrypts the same using its public key. The decrypted
text (VID) is sent to the Cloud ‘B’.
Step 5: Cloud
‘B’ if founds that the key is matching, it will send the encrypted data to
Cloud ‘A’ as desired by the Cloud ‘A’.
Step 6: Cloud
‘B’ if founds that the key is not matching, it will reject the request
instantly.
DRQ- Data
Request
RID-Reveal
Identification
VID – Verify
Identity
In the recent
era, cloud computing has evolved as a net centric, service oriented computing
model. Consumers purchase computing resources as on-demand basis and get worry
free with the underlying technologies used. Cloud computing model is composed
of three service models Software as a Service (SaaS), Platform as a Service
(PaaS) and Infrastructure as a Service (IaaS) and four deployment models
Public, Private, Community and Hybrid. A third party service provider, stores
& maintains data, application or infrastructure of Cloud user.
Relinquishing the control over data and application poses challenges of
security, performance, availability and privacy. Security issues in Cloud
computing are most significant among all others. Information Technology (IT)
auditing mechanisms and framework in cloud can play an important role in
compliance of Cloud IT security policies.
Publication
Details:
This is an
abridged report derived from a technical paper titled – “Security in Hybrid
Cloud” by Anukrati Dubey, Gunjita Shrivastava & Sandeep Sahu published at Global
Journal of Computer Science and Technology Cloud and Distributed - Volume 13 Issue 2 Version 1.0 Year 2013
Type: Double Blind Peer Reviewed International Research Journal Publisher:
Global Journals Inc. (USA) Online ISSN: 0975-4172
© 2013. Anukrati
Dubey, Gunjita Shrivastava & Sandeep Sahu. This is a research/review paper,
distributed under the terms of the Creative Commons Attribution-Noncommercial
3.0 Unported License http://creativecommons.org/licenses/by-nc/3.0/)
Download the
Paper - LINK