Cloud Computing Security Challenges

and Approaches
What are the negatives to cloud
computing?
• Security: Many companies may not want to hand over
their data to an external organization to store, fearing that
they may not have the right security software to protect the
company’s data.

• Performance: There were several incidents that some

cloud-service providers temporarily went down or lost
customer’s data.
What is Cloud Security?

Cloud Security

 Agility  Gate-keeper
 Self-service  Standards
 Scale  Control
 Automation  Centralized

Cloud Security is security principles applied to protect data,

applications and infrastructure associated within the Cloud
Computing technology.
 Why is Cloud Security Important

• Increasing Usage of Cloud Services in Non-traditional Sectors

• Growing Adoption of Cloud Services in Government Departments
• Rise in Cloud Service-specific Attacks
• Growing Usage of Cloud
Services for Critical Data Storage
• Rise in Employee Mobility
 Concerns

At a Broad level, Two major Questions :

• How much secure is the Data?

• How much secure is the Code?

5
 Security Services

Confidentiality

Availability Integrity
6
Confidentiality

7
Integrity

8
Availability

9
Cloud Security Responsibilities
by Providers and Users

10
 Cloud Security !! A major Concern

• Security concerns arising because both customer data and

program are residing at Provider Premises.

• Security is always a major concern in Open System

Architectures
Customer
Data

Customer
Customer
Code

Provider Premises 11
Security Is the Major Challenge

12
Why Cloud Computing brings new threats?

• Cloud Security problems are coming from :

 Loss of control
 Lack of trust (mechanisms)
 Multi-tenancy

• These problems exist mainly in 3rd party management

models
 Self-managed clouds still have security issues, but not related to
above

13
Why Cloud Computing brings new threats?

Consumer’s loss of control

 Data, applications, resources are located with provider

 User identity management is handled by the cloud
 User access control rules, security policies and enforcement are
managed by the cloud provider
 Consumer relies on provider to ensure
• Data security and privacy
• Resource availability
• Monitoring and repairing of services/resources

14
Why Cloud Computing brings new threats?

Multi-tenancy :

Multiple independent users share the same physical

infrastructure

So, an attacker can legitimately be in the same physical

machine as the target

15
 Who is the attacker?

Insider?
• Malicious employees at client
• Malicious employees at Cloud provider
• Cloud provider itself

Outsider?
• Intruders
• Network attackers?

16
 Attacker Capability: Malicious Insiders

• At client
 Learn passwords/authentication information
 Gain control of the VMs

• At cloud provider
 Log client communication

17
 Challenges for the attacker

How to find out where the target is located

How to be co-located with the target in the same (physical)

machine

How to gather information about the target

18
 Cloud Computing Infrastructure
Security
• Infrastructure Security at the Network Level
• Infrastructure Security at the Host Level
• Infrastructure Security at the Application Level
• Note: We will examine IaaS, PaaS and SaaS Security issues
at Network, Host and Application Levels
 SECURITY PRINCIPLES
• Confidentiality: The prevention of unauthorized disclosure of
information that may be intentionally or unintentionally refers to the
confidentiality.
• Integrity: The concept of cloud information integrity is based on two
principles Prevention of modification of data from unauthorized
users and preventing the unauthorized modification of data by
authorised user.
• Availability: This Principle ensures the availability of cloud data and
computing resources when needed.
• Authentication: It refers to the process of testing the user’s identity
and ensures that users are who they claim to be.
• Authorization: It refers to the privileges that are granted to individual
or process for enabling them to access any authorized data and
computing resources.
• Accountability: This is related to the concept of non-repudiation
where the person cannot deny from the performance of an action. It
determines the action and behaviour of single individual within cloud
20
system.
 SECURITY CHALLENGES IN CLOUD
COMPUTING
• Before know about security management in cloud, it’s
necessary to analyse the various possible vulnerabilities
and attacks in cloud environment.
• Top security threats in cloud computing is classified as
network level, host level and application level.

21
 Network level security issues
• In public cloud architecture the data moves to or from the
organization, ensure confidentiality and integrity.
• The network level security risk is classified as three types
such as ensuring the data confidentiality, availability
and integrity.
• The data and recourses previously confined to a private
network are now exposed to the internet, share public
network belonging to a third-party cloud provider.

22
 Types of network level security
issues:
• Eavesdropping
• The unauthorized user access the data due to interception of
network traffic, it result in failure of confidentiality. The
Eavesdropper secretly listen the private conversation of others.
This attack may done over email, instant messaging, etc.
• Replay attack
• A replay attack is when the attacker is able to capture some of
your data packets on their way to the intended destination. They
will then try to re-use this information to attack your network.
You can mitigate this by using strong session security and digital
signatures.
• Its a network attack in which a valid data transmission is
maliciously or fraudulently repeated or delayed. The attacker
intercepts and save the old messages and later it send to one of
participants to gain access to unauthorized resources.

23
Reused IP address
• If user moves out of the network then same IP address is
reassigned and reused by other customer, so it will create
security risk to new user.
• A customer can’t assume that network access to its resources is
terminated upon release of its IP address.
• The old IP address is assigned to new user still the chance of
accessing the data by some other user.
• The address still exists in the DNS cache, it violating the privacy
of the original user.
• IP addresses are finite quantity and billable assert.
• There is a similar lag time between when physical (i.e., MAC)
addresses are changed in ARP (address resolution protocol)
tables and when old ARP addresses are cleared from cache, an
old address persists in ARP caches until they are cleared .

24
 DNS Attacks
• A key building block of the Internet is the DNS or Domain
Name System.
• This acronym actually conceals a whole range of technical
infrastructures, software and hardware required for the
domain name system to function correctly, which in turn
allows users to access websites and exchange e-mails
• It translate the domain name to an IP address, Since
domain name is easier to remember rather than IP
address.

25
• taking advantage of the communication back and forth
between clients and servers
• Cache poisoning – the attacker corrupts a DNS server by
replacing a legitimate IP address in the server’s cache with
that of another, rogue address in order to redirect traffic to
a malicious website, collect information or initiate another
attack. Cache poisoning may also be referred to as DNS
poisoning.
• The user using IP address is not feasible because has been
routed to some other cloud instead of the one he asked.
• The sender and a receiver get rerouted through some evil
connection. DNS security measures are taken, still the
route selected between the sender and receiver cause
security problem 26
27
 Type of DNS attack :
• Dos Attack
• Dos attack is an attack, where it force the system component to
limit, or even halt, normal services.
• The network is unavailable by flooding it , disrupting it, jamming
it, or crashing it.
• DoS attacks are attempts to make a given service impossible or
very hard to access.
• Attacks sometimes use brute force (saturating servers by
flooding them with simultaneous queries) or go for a more
subtle approach by exhausting a rare resource on the server.
• DoS is an attack in which a malicious bot sends more traffic to a
targeted IP address than the programmers who planned its data
buffers anticipated someone might send. The target becomes
unable to resolve legitimate requests. 28
• Distributed Denial of Service Attack
• Distributed Denial of Service attack is a DoS attack that
occurs from more than one source, and from more than
one location at the same time.
• DDoS attacks that comes from many "dummy" computers
at the same time to flood the server.
• This is harder to trace or so that they can use more
bandwidth.

29
 BGP (Border Gateway Protocol)
Prefix Hijacking
• BGP is crucial component of the Internet, responsible for determining
routing paths.
• BGP determines how data travels from its source to its destination.
• BGP is a protocol used to exchange routing information between
networks on the Internet.
• It is used to determine the most efficient way to route data between
independently operated networks, or Autonomous Systems.
• As such, BGP is commonly used to find a path to route data from ISP to
ISP.
• It is important to note that BGP is not used to transfer data, but rather
to determine the most efficient routing path.
• The actual transfer is accomplished using whatever protocol is
necessary, likely another member of the TCP/IP suite.
• By manipulating BGP, data can be rerouted in an attacker’s favour
allowing them to intercept or modify traffic.

30
• In technical terms, a collection of IP prefixes operated by
the same entity is referred to as an Autonomous System.
• Autonomous Systems are each assigned an Autonomous
System Number (ASN) by the Internet Assigned Numbers
Authority IANA . Let’s demonstrate:
• Here in Phoenix, I’m currently assigned an IP address from
my ISP, Cox Communications — assume this is 70.177.9.30.
This IP address belongs to the larger address space,
70.177.0.0/20, referred to as a prefix.
• The 70.177.0.0/20 prefix is owned by Cox
Communications, and is announced as part of AS22773.
AS22773 announces hundreds of prefixes, of which
70.177.0.0/20 is a part.

31
• BGP (Border Gateway Protocol) Prefix Hijacking using
BGP to manipulate Internet routing paths.
• Cybercriminals have taken advantage of this technique for
their own ends, such as traffic misdirection and
interception.
• It’s a type of network attack in which wrong
announcement on IP address associated with a
autonomous system (AS), so malicious parties get access to
the untraceable IP address.
• AS communicate using Border gateway protocol model.
Faulty AS broadcast wrongly about the IP associated with
it. In this case the actual traffic get routed to some other IP
than the intended one . 32
 Sniffer Attack
Sniffing involves capturing, decoding, inspecting and
interpreting the information inside a network packet on a
TCP/IP network.
The purpose is to steal information, usually user IDs,
passwords, network details, credit card numbers, etc.
Sniffing is generally referred to as a passive type of attack,
wherein the attackers can be silent/invisible on the
network. This makes it difficult to detect, and hence it is a
dangerous type of attack.
A sniffer is a piece of software that grabs all of the traffic
flowing into and out of a computer attached to a network
Data is flowing in network, and chance to read the vital information, it can
be traced and captured.
Sniffer program get recorded through the NIC (network Interface Card) that
the data/traffic linked to other systems. Its easily detect a sniffing system
running on a network is using ARP (Address resolution Protocol) and RTT
(round Trip time).
33
34
 Host Level Security issues:-

• Cloud service provider do not publicly share information

related to their host platforms, host operating systems, and
processes that are in place to secure the hosts, since
hackers can trying to intrude into the cloud service.

35
 Security concerns with the hypervisor
• Hypervisor is defined as controller called as Virtual machine manager
(VMM) that allows multiple OS runs on single machine at a time.
• If number of Operating system running on hardware platform, security
issues get increased, because single hardware unit is difficult to
monitor multiple operating systems.
• eg.:- guest system tries to run malicious code on the host system
and get control of the system and block other guest OS, even it can
make changes to any guest OS.
• Advanced cloud protection system can be developed, in order to
monitor the guest VMs and inter communication among the various
infrastructure components.
• Virtualization platform is software.
• Major virtualization platform vendors are VMware, Xen and
microsoft.
• Its important to secure the layer of software that sits between
hardware and virtual servers.
• The isolation of customer VMs from each other in a multitenant
environment, it is very important to protect the hypervisors from
unauthorized users.
• To protect the hypervisor, the Iaas customer should understand the
technology and security process controls instituted by the CSP. 36
 Virtual server Security

• Customers of Iaas have full access to the virtualized guest VMs that are
hosted and isolated from other by hypervisor technology.
• Virtual server may be accessible on the internet, so sufficient network
access preventive steps should be taken to restrict access to virtual
instances.
• The IaaS platform creates a risk due to self provisioning of new virtual
server, that leads to create insecure virtual servers.
• Securing the virtual server in the cloud requires strong operational
security procedures.

37
• Some recommendations are:
• Protect the integrity of the image from unauthorized users.
• Secure the private keys in the public cloud.
• Keep the decryption keys away from the cloud
• Do not allow password-based authentication for shell
access.
• Require role-based access password
• Run a host firewall and open only the minimum ports
necessary to support the services on an instance.
• Run only the required services and turn off the unused
services
• Enable system auditing and event logging,
• Secure the log events to a dedicated log server.
• Keep the log server separate with higher security
protection, including accessing controls 38
39
• rootkits: a set of software tools that enable an
unauthorized user to gain control of a computer system
without being detected.
• Rootkit is an application (or set of applications), that hides
its presence or presence of another application (virus,
spyware, etc.) on the computer, using some of the lower
layers of the operating system (API function redirection,
using of undocumented OS functions, etc.), which makes
them almost undetectable by common anti-malware
software.
• HookSafe, a hypervisor-based lightweight system that can
protect thousands of kernel hooks in a guest OS from being
hijacked. One key observation behind our approach is that
a kernel hook, once initialized, may be frequently read -
accessed, but rarely write -accessed.

40
Application level security threats:-
• Some company hosts an applications in internet that many
user use without considering about Where, how, by whom
the services are provided, so proper security mechanism
should adapt.

41
• SQL Injection attack
• Attackers inserted a malicious code into a standard SQL code
and it allow unauthorized person to download the entire
database or interact it in other illicit ways.
• The unauthorized user can access the sensitive data. This will be
avoided the usage of dynamically generated SQL in the code.

• Cross-site scripting [XSS]

• It embedding script tags in URLs and when user clicks on them,
the JavaScript get executed on machine. In dynamic websites,
some pop ups windows get opened and request the user to click
on that link, once user clicked the link the hacker get control and
access all our private information.

42
• EDoS
• An attack against the billing model that underlies the cost of
providing a service with the goal of bankrupting the service
itself. DoS attacks on pay-as-you-go cloud applications will
result dramatic increase in your cloud utility bill, increased
use of network bandwidth, CPU, and storage consumption.
• This type of attack is also being characterized as economic
denial of sustainability (EDoS).
• In an EDoS attack the goal is to make the cloud cost model
unsustainable and therefore making it no longer viable for a
company to affordability use or pay for their cloud based
infrastructure.

43
• Cookie Poisoning
• Cookies used to store User IDs. The two types of cookies are:
persistent and non-persistent.
• Persistent cookie is stored on the client hard-drive, hacker who
can access the client machine and easily access the cookies
• Non-Persistent cookie is stored in memory and more difficult
to access.
• Another attack is unauthorized person can change or modify the
content of cookies to access the application or web page.
• Cookies contain user identity credential information, one
unauthorized person access these details then they can able to
forge as an authorized user.
• This will be overcome by regular cookie cleanup.

44
• Backdoor and debug options
• Normally developers will enable the debugging option while publishing
the web site.
• So hacker can easily enter into the web-site and make some changes.
• To prevent this attack developer should disable the debugging option.

• Hidden field manipulation

• While user accessing the web page some fields are hidden and its used
by developer. The hidden fields in HTML forms convey important
information such as price, user ID etc.
• The attacker can save the catalogue page and change the value of
hidden field and posted on web page. This will be severe security
violation.

45
• Google Hacking
• Google search engine is the best option for the hacker
to access the sensitive information.
• Even the hacker hack the user's account. Generally they try
to find out the security loopholes on Google they wish to
hack and then after having gathered the necessary
information of the concerned system.
• A group of hackers in china hacks the login details of
various g-mail users.
• The security threats can be launched at the application
level and cause system downtime disabling the application
access even to the authorized users.
46
• Man in the middle attack
• This attack is also a category of eavesdropping.
• The attacker set up the connection between two user and tries to hear the
conversation or it provide false information between them.
• Tools like Dsniff, Cain, Ettercap, Wsniff, Airjack etc have developed to protect from
this attack.

• Dos Attack
• Dos attack the services assigned to the authorized users unable to use by them.
• The attack, large number of services request handled by the server exceeds become
unavailable to the authorized user.
• DoS attack increases bandwidth consumption besides causing congestion, Due to
overloading of the server with the requests .
• Making certain parts of the clouds inaccessible to the users.Intrusion detection
system (IDS) is the most popular method of defense against this type of attacks.

47
 Distributed Denial of services

• DDos is advanced version of DoS in terms of denying the services

running on a server is not able to handle it.
• Three functional units of DDos attacks: A Master, A Sleve and A Victim.
• Master being the attack launcher is behind all these attacks causing
DDoS, Slave is the network which acts like a launch pad for the Master.
• It provides the platform to the Master to launch the attack on the
Victim. Hence it is also called as coordinated attack.
• The DDoS attack is operational in two stages: the first one being
Intrusion phase and second one DDos tools.
• In intrusion phase the master tries to compromise the less important
machines to support in flooding the more important one.
• The installing DDos tools and attacking the victim server or machine.
• Ddos attack the services is unavailable to authorized user Its similar to
Dos Attack but the way of launching is different.
• DDos attack was experienced with CNN news channel website is
unable to access the site for a period of three hours.

48
49
Thank You

50