[go: up one dir, main page]
Skip to main content

Advertisement

Springer Nature Link
Log in

Utilizing a lightweight PKI mechanism to guarantee a secure service in a cloud environment

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Recently, cloud computing has become popular for smart societies because it made dynamical network without building a physical network. Despite recent research on the cloud, it is necessary to study security functions for the identification of fake VNFs and the encryption of communication between entities. Also, the VNFs can not only be attacked, but also perform malicious behavior such as botnets to disable user service. In this paper, we propose a lightweight PKI mechanism that detects the fake VNFs and guarantees data security through mutual authentication between VNFs. To evaluate the proposal, we built a MANO environment to test the performance of authentication and key generation for data security. In addition, we tested the performance of the detection for the DDoS attack by using real attack data. The LW_PKI guaranteed the reliability of a smart service by enhancing the security of the cloud environment.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. ETSI. DGS/NFV-MAN001 Network Functions Virtualisation (NFV) Management and orchestration, Sophia Antipolis (2014)

  2. Lopez DR (2014) Network functions virtualization: Beyond carrier-grade clouds, Optical Fiber Communications Conference and Exhibition (OFC), San Francisco

  3. Seo Sin-seok, Won Young J (2011) James Won-Ki Hong. Witnessing Distributed Denial-of-Service traffic from an attackers network, Network and Service Management(CNSM), pp 241–247

  4. Nayak SK, Mohanty S, Majhi B (2017) CLB-ECC: certificateless blind signature using ECC. J Inform Process Syst (JIPS) 13:392–397

    Google Scholar 

  5. Rivest RL, Shamir A, Adleman L (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun ACM 21(2):120126

    Article  MathSciNet  Google Scholar 

  6. Bellare Mihir, Desai Anand, Pointcheval David (1998) Phillip Rogaway. Lecture Notes in Computer Science, CRYPTO: Annual International Cryptology Conference 1462:26–45

  7. Park K-W, Han J, Chun JW, Park KH (2013) THEMIS: a mutually verifiable billing system for the cloud computing environment. IEEE Trans Serv Comput 6(3):300–313

    Article  Google Scholar 

  8. Acharya S, Tiwari N (2016) Survey of DDoS attacks based on TCP/IP protocol vulnerabilities. IOSR J Comput Eng (IOSR-JCE) 18(3):68–76

    Google Scholar 

  9. Kang Won Min, Moon Seo Yeon, Park Jong Hyuk (2017) An enhanced security framework for home applicances in smart home, Human-centric Computing and Information Sciences(HCIS), Volume 7. Issue. 6

  10. Das R, Karabade A, Tuna G (2015) Common network attack types and defense mechanisms, Signal Processing and Communications Applications Conference (SIU), pp 658–661

  11. Hussain Syed Mujtiba, Beigh Ghulam Rasool (2013) Impact of DDoS attack (UDP Flooding) on queuing models. In: 4th International Conference on Computer and Communication Technology (ICCCT) pp 210–216

  12. Gupta Neha, Jain Ankur, Saini Pranav, Vaibhav Gupta (2016) DDoS attack algorithm using ICMP flood, Computing for Sustainable Global Development (INDIACom), pp 4082–4084

  13. Moustis D, Kotzanikolaou P (2013) Evaluating security controls against HTTP-based DDoS attacks. In: 4th International Conference on Information Intelligence, Systems and Applications (IISA)

  14. Chen W, Yeung D-Y (2006) Defending against TCP SYN flooding attacks under different types of IP spoofing, networking. In: International Conference on Systems and International Conference on Mobile Communications and Learning Technologies

  15. Guenane F, Nogueira M, Serhrouchni A (2015) DDOS Mitigation Cloud-Based Service, IEEE Trustcom/BigDataSE/ISPA pp 1363–1368

  16. Mirkovic J, Reiher P (2004) A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput Commun Rev 34(2):39–53

    Article  Google Scholar 

  17. Keegan N, Ji S-Y, Chaudhary A, Yu B (2016) A survey of cloud-based network intrusion detection ana. Human-Cent Comput Info Sci 6:19

    Article  Google Scholar 

  18. Maulik U, Bandyopadhyay S (2002) Performance evaluation of some clustering algorithms and validity indices. IEEE Trans Pattern Anal Mach Intell 24(12):1650–1654

    Article  Google Scholar 

  19. Sehgal G, Garg DK (2014) Comparison of various clustering algorithms. IJCSIT 5:3074–3076

    Google Scholar 

  20. Saralajew S, Villmann T (2016) Adaptive tangent distances in generalized learning vector quantization for transformation and distortion invariant classification learning, IJCNN, pp 2672–2679

  21. Sharmila, Kumar M (2013) An optimized farthest first clustering algorithm. In: Nirma University International Conference on Engineering (NUiCONE)

  22. Bandyopadhyay S, Coyle EJ (2003) An energy efficient hierarchical clustering algorithm for wireless sensor networks. INFOCOM 3:1713–1723

    Google Scholar 

  23. Inokuchi R, Miyamoto S (2004) LVQ clustering and SOM using a kernel function. Int Conf Fuzzy Syst 3:1497–1500

    Google Scholar 

  24. Seo S-S, Won YJ, James W-KH(2011) Witnessing distributed denial-of-service traffic from an attackers network, Network and Service Management(CNSM), pp 241–247

Download references

Acknowledgements

This work was supported by Institute for Information and communications Technology Promotion (IITP) Grant funded by the Korea government(MSIT)(R0190-17-2009, Development of endpoint protection technology using white list and context-aware).

Author information

Authors and Affiliations

  1. JiranSoft Researh Center, 87, Daehak-ro, Yuseong-gu, Daejeon, Republic of Korea

    Sangho Park

  2. Department of Computer Engineering, Chungnam National University, 99, Daehak-ro, Yuseong-gu, Daejeon, Republic of Korea

    Hyunjin Kim & Jaecheol Ryou

Authors
  1. Sangho Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hyunjin Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jaecheol Ryou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hyunjin Kim.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Park, S., Kim, H. & Ryou, J. Utilizing a lightweight PKI mechanism to guarantee a secure service in a cloud environment. J Supercomput 74, 6988–7002 (2018). https://doi.org/10.1007/s11227-018-2506-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-018-2506-3

Keywords