A Concept to Avoid and Minimize Security Risks in Cloud Computing - Essay Example

Fog Computing A Concept to Avoid and Minimize Security Risks in Cloud Computing Contents 3 Introduction 4 1Current System 5 2Suggested System 5 2.Clouds Safeguarding Through Fog 5 2.1User Behavior Profiling 6 2.2Decoy System 7 2.3Decoy Technology 7 2.4Detection of Malicious Attacker 9 2.4.1User Behavior Profiling 9 3.Fog Computing 9 3.1.Categorization of Fog Computing 9 3.2.Functioning of Fog Computing System 11 4.Conclusion 14 References 15 ABSTRACT A cloud is basically a network in which certain servers are attached in the form of cluster. It is a computing network that shares computers and resources. The users just have to pay for the usage rather than paying for local resources such as infrastructure etc. This is no doubt an exciting technology because of its cost efficiency and service effectiveness. This computing technology greatly influence the way people use computers and access to their personal data or information. However with this new communication and technology models, comes personal and business data security challenges. The main concern in cloud technology is its security and privacy. The existing protection mechanism like encryption failed to provide sufficient security especially from the insider attacks within the cloud network. To overcome this issue a new technology has been introduced called Fog Computing. After doing deep analysis it is apparent that fog computing is not considered as a substitute for cloud it is just an addition of the cloud computing system and introduce new applications and services. These applications ensure safety by isolating user data from each other. The foremost goal of this technology is to put data near to the ultimate consumer. 1. Introduction Today cloud computing is an effective computing network to manage private data centers. That is why it has been widely used by many enterprises for web applications and batch processing (Takahashi, 2010). This subscription based technology protects their data and allow them to use cloud resources whenever required. However the encryption method is not capable to protect the user data in cloud from illegal admission. The traditional database systems are developed in closed environments and users can access the data by using limited or fix network. Cloud Computing is a technology based service which is used for protecting data and for making use of the cloud resources anywhere anytime. Further Cloud Computing is designed with a collective pool of resources which manages private data centers for clients who are utilizing web application and batch processing services (Mowbray, 2009). The rapid growth of W.W.W enables users to register into cloud and access their database from anywhere in the world. Despite of its immense benefit this technology also comes up with certain security and privacy risks. To avoid this problem a new technology has been used which is known as fog computing (Dancher, 2009). Fog computing is a virtual platform which offers computing, networking and storage resources to the end-users. Fog computing is a new standard which provide a virtual IT infrastructure. The security solutions which are designed for cloud computing does not allow fog computing devices to balance their connectivity load at the verge of the network. Fog computing offers greater security and benefits while working with cloud. In this the user has to first register and sign up fog computing. He will then receive an e-mail or message that his account is being activated. Fog computing offers a range of applications and services that play a beneficial role while data managing and analysis (P.Allen, 2010) 1.1 Current System The existing security mechanism in cloud is encryption however it fails to save data from the hackers (Novak, 2014). It cannot identify if the user is approved or not, thus cloud computing safety is not reliable and emphasis on how to save data from unauthorized access. Encryption proved to be not safe as there are many cases of theft in cloud including the twitter incidence which was also on cloud network. However in 2010 and 2011 a new cloud computing technology was identified for hackers which aim to protect the user data in cloud network (Van Dijik & A.Juels, 2011). 1.2 Suggested System The anticipated procedure is to safe employer data in cloud was decoy document technology commonly known as Fog computing. This technique helps to protect data in cloud and detect and monitor any abnormal activity in data access patterns (M. Bowen, 2011). In this system when some hacker tries to access the user data a fake document is automatically created by the system and presented to the hacker. The document is pretty much alike the same so the hacker couldn’t identify the difference. The authentication is identified through a security question that either the user is authorized or not. If the use passes the security he is hen provided with original documents (S.J.Stolfo, 2011) 2. Clouds Safeguarding Through Fog Cloud services provides numerous methods to store and use files, documents and other data that can be accessed from anywhere whenever the users go online (F. Bonomi, 2011). The major issue in maintaining security of cloud is the method through which the data is accessible to only authorized users and no one else. The cloud fails to satisfy users in terms to secure their data. All the standard approaches for providing safety fail over time for some sort of reasons. The security risks included misconfiguration, buggy codes, improper implementations and inside attacks to the system. Even after building a trustworthy network did not seems to be enough as the inside attacks were continuous and data was damaged and lost and there was no means to get it back (M.J.Samella, 2003) One should be prepared for any such kind of coincidences. The main idea behind is that the data damage can be decreased by limiting the value of stolen information to the hacker. Therefore fog computing is introduced to give additional security features to cloud (P.Tavel, 2007). This preventive technique secures the user data through number of means which are discussed as below. 2.1 User Behavior Profiling This is a process of monitoring normal user behavior on cloud. This means that cloud can model that how much data or information is used by the user generally. Also that at the time and how the user accesses his data present in cloud (Danchev, 2009). The user performance is continuously monitored that whether the activity is happening as per routine or not. Any abnormal activity such as unusual path of accessing information or bulk downloading is being detected and informed to the user through e-mail or SMS. This kind of security profiling is usually used in fraud detection applications. Any abnormal cloud access can be determined by the scope and scale of data transformation (M. Bowen & S. Hershkop, 2009) 2.2 Decoy System Decoy data is the information that is gathered through documents, bogus information and honeypots and is used to detect any kind of unauthorized access. It actually presents the hacker with alternative information rather than original one. The presented document looks totally normal and legitimate (J. Pepitone, 2011). This change can only be identified by the legitimate user and he can alter the response through various means such as answering security question. This informs the cloud that it has mistakenly noticed unauthorized access (M. Bowen & S. Hershkop, 2011). In case of correct identification of unauthorized access the cloud protects the user information in two ways: (1) Through user validation and (2) by confusing the hacker with bogus and decoy documents. 2.3 Decoy Technology In decoy technology traps are placed within the files in system. These traps or decoy files are transferred from Fog computing location. This site offers automatically generated decoy forms such as tax or medical reports return forms, bank statements or receipts etc. The authorized user downloads these files and place in location that does not interfere in normal activities on computer (G.Forman, 2003). A hacker who is not familiar with the original files in the system will get the decoy files when he tries to reach the sensitive material. Careful monitoring of decoy files will inform the authentic user about any deception movement on the network (Madsen, et al., 2013). The documents which are decoyed includes a specific keyed in parameter in the header section of the document which is Hash Message Authentication Code (HMAC). This code allows the user to use these documents by verifying key specific to each worker. When a text is downloaded the HMAC ascertain if the document is a decoy or not. If the documents appear to be decoy an automatic trigger is generated. The benefits of engaging decoys includes detecting hacker’s activity, confusing the attacker with fake documents and the deterrence effect (Josang, A.Ismail & C.Boys, 2001). Figure 1 Decoy System (Dhande, 2015) The above mentioned figure is the concept to identify unauthorized access. In local file setting experiments reveal that combining both methods would yield better results. This security approach is quite beneficial for cloud network making the system more sustainable and transparent. 2.4 Detection of Malicious Attacker 2.4.1 User Behavior Profiling Authorized users are familiar with the files and documents of their system and where they are situated. So their exploration for targeted files is limited. A hacker who illegitimately tries to break in to the system is most likely to be unfamiliar with the files and their location so his search will be extensive and untargeted (Arrington, 2009). On the basis of this supposition the user profiling performance is based on user models which are developed with one class exhibiting method known as one-class provision vector machines. These model machines are capable of building classifier without sharing data to other users. Therefore the privacy and data of user is saved and any deviation from usual activity is monitored from the user baseline. So it can be assumed that this deviation is possibly a hackers attack. Previous experiments based on these assumptions revealed positive results with detecting masquerade activities with very low false positive results (Rocha, 2011) 3. Fog Computing 3.1. Categorization of Fog Computing Fog computing is an extremely developed virtualized stage that provides computing, storage and networking facilities in cloud computing network and is located quite on edge of network. These compute, storage and networking services act as building blocks in both cloud and fog networking (Bonomi, 2011). Fog however has number of features that makes it insignificant addition of the cloud. These characteristics are described below: Fog has on the edge location, low latency and has location awareness. Its origin can be traced in early applications of support which offer great services at the edge of network comprising programs which requires low latency such as games or video streaming. Its geographic distribution is quite in contrast as compare to centralized Cloud. Its services and targeted applications require wide deployments. For example the Fog network will play an active role in bringing high quality streaming into moving objects by using its proxies that support it (J. Sannella, 2003). It has large scale sensor networks and inherently distributed systems like smart grid s to monitor its environment. They require storage and computing resources. These sensor networks and smart grid system have a large number of nodes which are significant in wide geo- distribution. The fog network provides support for mobility so that there is effective communication between its applications and mobile devices. This support helps the LOSP protocol a mobility technique to help the host to identify identity from location. It also requires a distributed directory system (Stojmenovic & Wen, 2014). The fog network involves real-time connections rather than just batch processing. It has Prevalence of wireless access Fog network is heterogeneous because the fog notes appear in different form factor that create a variety of environments Fog networks are interoperable and federated this means they can provide continuous support to several services such as streaming. This network works with the cooperation of different providers. Hence Fog network interoperate and provide continuous support across different domains. This type of network provides support for online analysis and interaction with cloud. It is designed to play an important role in processing the data close to the source. 3.2. Functioning of Fog Computing System Fog computing system works against the hackers especially from malicious hackers this type of attacks are performed by company’s haters or in envy to some other employees on user site. Attacking data or hacking is quite easy for a malicious insider because he could easily get the passwords and cryptographic keys. This threat is quite common these days because of lack of clearness in cloud events. This means that the provider is unaware that how much access is provided to users and how the reports are made and analyzed ( Fr¨ohlich and J. Plate, 2000). The Fog Computing system is demonstrated in the Figure below Figure 2 Fog Computing (Dhande, 2015) Figure 2 demonstrate the actual concept of fog computing. There are two logins in this network i.e. admin login and user login. The admin login follows two steps which are entering username and password. After login in to the system successfully he can now do all his supervision work however before downloading any file from server it is required to answer the security query. If he answers the question correctly the cloud will download the original file only. However on wrong entry the decoy documents will appear to the hacker. Decoy technology has a specific working mechanism. For example if the original word is “MADAM” then it will replace some alphabets of the word like replacing M with A so the word become “AADAA”. If the hacker knows what has been replaced even then he could get the right word because it will become “MMAMM”. So in fog there is no chance of hacker in getting original document ( Dinh, H.T., Lee, C., Niyato, &D., Wang, 2013) The same procedure has to be followed by the user when he login to the system. User can perform certain operation like downloading a file, sending messages and e-mails and viewing alerts. Alerts are the streams that notify the details of any unauthorized activity on their personal data with detailed information of date time and kind of activity (Balfanz, 2002).The best thing about fog is that the user gets a SMS after each successful login. This makes him aware if anyone tries to login to his account. In addition every activity such as downloading a file etc on his fog account is also messaged to his number. The SMS contain information of IP address, date and time details so it would be easier to track the hacker if he tries to break in. The system was originally e-mail provision but then SMS technique was also implemented. This makes fog computing more safe and secure than traditional cloud computing (Damiani, E., et al, 2002). 4. Conclusion In this paper the researcher presented a new approach of Fog computing in solving security threat issues and insider data attack in cloud computing. It was proposed that data access can be monitored by using profiling user behavior technique to detect any unauthorized access. In addition decoy documents present in the cloud storage also serve as sensors to inform about illegitimate activity. Once the hacker is detected and verified he will then be presented with similar decoy files having bogus information to protect the original data. Such prevention strategy that is based on disinformation technology can provide a high level of security on cloud computing and social networks. Fog computing is not only producing decoy files but also providing storage for these files in cloud network. In short Fog’s decoy technique is actually minimizing the threat of hacking and inside attacks in cloud. . References Bonomi., F., 2011. Connected vehicles, the internet of things, and fog computing.. VANET . Bowman, M., Debray, S. K. & Peterson., L. L., 1993. Reasoning about naming systems. ACM Trans.. Program. Lang. Syst., 15(5), p. 795–825. Forman, G., 2003. An extensive empirical study of feature selection metrics for text classification. J. Mach. Learn, p. 1289–1305. Fr¨ohlich, B. & Plate, J., 2000. The cubic mouse: a new device for three-dimensional input.. n Proceedings of the SIGCHI conference on Human factors in computing systems, p. 526–531. Frevert, R. et al., 2006. Modeling and Simulation for RF System Design. s.l.:Springer Science & Business Media. Li, K.-C., Li, Q. & Shih, T. K., 2014. Cloud Computing and Digital Media: Fundamentals, Techniques, and Applications. s.l.:CRC Press. Madsen, H., Albeanu, G., Burtschy, B. & Popentiu-Vladicescu, F., 2013. Reliability in the utility computing era: Towards reliable Fog computing. s.l.:Systems, Signals and Image Processing (IWSSIP), 2013 20th International Conference. Mahmood, Z., 2014. Cloud Computing: Challenges, Limitations and R&D Solutions. s.l.:Springer. Mowbray, M., 2009. The Fog over the Grimpen Mire: Cloud Computing and the Law. s.l.: Hewlett Packard Development Company. Sannella, M. J., 2003. Constraint satisfaction and debugging for interactive user interfaces. Stojmenovic, I. & Wen, S., 2014. The Fog computing paradigm: Scenarios and security issues. s.l.:Computer Science and Information Systems (FedCSIS). Read More