You are on page 1of 5

Cloud Networking Security Threats

Damilola Yusuph
0817125
University of Bedfordshire
Department Of Computer Science and Technology.
Luton, United Kingdom
Damilola.yusuph@study.beds.ac.uk

Abstract— Cloud computing is an emerging technology paradigm
that has turned the technology world on its head and is becoming
increasingly one of the most attractive technologies areas due to
at least in part, to its flexibility, efficiency, data availability and
cost-savings. Conversely, despite the surge in activity and
interest, there is little focus on the networking aspects for
distributed clouds and its relevance is often undervalued. Cloud
networking is the management of computing and vital
connectivity capabilities in the network between distributed
cloud resources. This paper is aimed at developing an
understanding on cloud networking security and discusses the
multifarious security challenges involved for ensuring legitimate
usage of cloud networking resources and for preventing abuse
and nefarious use.
Keywords - cloud computing; network virtualisation; security;
cloud networking.

I.

INTRODUCTION

Cloud computing is a major computing trend in the present day
scenario with large scale adoption across many enterprises.
This is primarily due to its simplification of quick provisioning
and deployment of IT applications, influencing economy of
scale and multi-tenancy. Running applications in the cloud
offers a number of benefits such as lower cost through shared
computing resources, accessibility around the globe, flexibility,
no upfront infrastructure requirement and highly automated
process, thus applications with a highly variable workload are
well matched for the cloud. Virtualization has played a key role
to the notion of the cloud. Indeed, as the main enabler of data
center optimization allowing dynamically provisioning of
computing resources on demand to become a reality.
Cloud computing solutions typically necessitate adequate
access network solutions to be in place and rich interactive
applications are good examples of applications that rely heavily
on automatic network bandwidth provisioning since these
solutions involves getting more from less hardware which
requires more data transfers between database, storage and
application servers. Networking aspects for distributed clouds
is becoming a priority for the reason that, as the movement of
these applications into cloud becomes prevalent, more will be
demanded from existing networks in terms of capacity,
availability and quality therefore any limitations to the network
infrastructure will directly affect the application leading to
latency issues and poor performance due to speed. Hence,
efficient networks that can be expeditiously reconfigured and

optimized will empower the full advantage of the cloud
environment and is the envisioned concept of cloud
networking.
This article presents the vulnerabilities, challenges and security
threats of providing a cloud network system. Also, the research
challenges of the project SAIL (Scalable Adaptive Internet
Solutions) will be explored, along with their advantages and
shortcomings. The European project SAIL[1] whose
consortium comprises 25 operators from industry, academia
and institutions aims at designing technology to enhance the
limitations of the current internet architecture. For cloud
networking, the objective in SAIL is to develop scalable and
adaptive networking functions for applications with highly
variable demands that will facilitate on-demand management
and security of computing, storage and connectivity resources
in the network.
Besides cloud networking security challenges, more vital
security aspects of cloud computing would be considered.
Because cloud computing is founded on a virtual environment,
new exploits and threats avenue are introduced that can enable
criminals/attackers to steal confidential data from cloud user,
impersonate a legitimate cloud user after stealing their
credentials, interrupt services, penetrate the cloud network
infrastructure or obtain computing services. Example of these
attacks exploiting the vulnerabilities of accessibility,
virtualization and web applications includes drive by
downloads, SQL injections, data-stealing malware, VoIP free
calls and DDos attacks[2]. Cloud networking will not change
the continuity of unwitting security vulnerabilities and the
exploitation of it by attackers.
II.

FROM CLOUD COMPUTING TO CLOUD NETWORKING

Since its inception, cloud computing has now become the
current paradigm gaining considerable attention across the
computing, academia and communication industries but the
history of cloud computing still remains as intricate and fuzzy
as ever. The underlying concept of cloud computing dates back
to 1961, when computing pioneer Prof John McCarthy first
publicly proposed the idea of a computer time-sharing
technology whereby computing power and specific
applications would be sold through the utility business model
i.e water or electricity[3]. The key factors that have enabled the
current realization of the cloud computing vision includes the
introduction of infrastructure virtualization, existence of

thus solving the security issues that most influence the adoption of cloud computing. most especially when information technology governance necessitates robust information security governance and control concerning the accountability of cloud services and sensitive information that is brought to the cloud [14]. This elucidates that the cloud provider lacks control over the quality of an end-user’s network experience which is based on access to a shared medium. Despite network latency and performance issues like content delivery[8]. the security issues in cloud distinguish cloud infrastructure security. This helps reduce financial risks. From an end-user’s viewpoint. it allows the interconnection of geographically dispersed services across cloud infrastructures and connects users and devices to the services in the cloud. and comply with obligations and conditions of contractual terms with infrastructure providers because the network components and topology of these services are still largely static[9]. The interconnection between data centers owned by enterprises is typically implemented using leased lines to interconnect routers for a point-point virtual network providing guaranteed.g Hyper-V[7]. specifying and instantiating networks on demand in useful time. Deploying storage and process functions across a network that is close to the end-user as possible is more appropriate as it helps achieve optimal performance of applications and services as oppose to centralizing processing and storage functions in a single location which can lead to poor network conditions like latency. authentication and authorization. B. this refers to preventing the disclosure of information to unauthorized users. A. operational expenditure and capital expenditure for service providers since they pay for the services used on an as needed basis. Confidentiality of information and processes. security controls and measures for all organizations rely on the CIA Traid to empower their security strategy [15] 1. application and platform security [14]. SECURTITY THREATS Security is a leading barrier affecting the broad traction of cloud computing in practical application domains. To enhance confidentiality in information necessitates encryption. changing of physical path and migration of virtual machines from one or more place to another [13]. Network virtualization offers a simpler technology that enables the configuring of overlay networks without losing service continuity. this severely impacts the real time execution of certain cloud applications in a centralized infrastructure. Examples of applications that are deployed on geographically distributed clouds are content distribution and virtual desktop services. transactional web services and hosted IT systems are examples of currently deployed applications in the cloud infrastructure that is well suited for the Iaas architecture. but scalable. security processes. who a user is and what the user is allowed to do i. Virtualisation Technology Supporting Cloud Computing Current Infrastructure as a service (Iaas) delivers computing resources as a service using virtual machine hypervisors and server virtualization such as VMware[5]. efficiency and improved productivity [4]. Information Security Threats Information security refers to the confidentiality. network properties to access these resources and how their infrastructure should be distributed and interconnected. Cloud networking plays a key role in extending network virtualization beyond data centers by bringing two new remarkable features to cloud computing. risk. governance. Although. These are the key basic principles of information. Batch processing applications such as image rendering. it gives infrastructure services providers the opportunity to build large infrastructure that benefits from economies of scale. On the other hand. Separation of duties between software service providers and infrastructure service providers makes it easier generating services online and facilitates the scalability of the services rapidly as demand dictates. Xen[6]. and network storage virtualization which is implemented in networking equipment (switches and routers) e. integrity and availability problems areas that covers how content and system components are protected. Federal Einfrastructure dedicated to European Researchers Innovating in Computing Network Architecture FREDERICA[11]. there is also evidence of the prospect of cloud networking improving the productivity and control over the cloud computing deployment. integrity and availability of data (CIA TRAID). service providers will still enter into. III. Virtualization Technology Supporting Cloud Networking Network virtualization promotes innovation and reliability by displacing proprietary networking hardware. management processes security.e. All information threat. how can cloud service providers prevent abuse and how can the fulfillment of system properties be verified and audited. This is seen as the missing link to attaining the maximum benefits of virtualization and the broad traction of cloud computing. Cloud networking introduces new categories of threats and risks to cloud computing security issues as a result of its associated networking capabilities. In the literature. this is used to . flexible and static quality of service while the connectivity to the data center by the Iaas user is mainly handled by the internet or virtual private networks.internet/webs technologies and the development of universal high-speed bandwidth. and Concurrent Architectures are Better than One CABO[12] that will enable the facilitation of customized virtual end-end control and data planes. A geographically dispersed cloud enables better control over the end-user’s experience although more servers may be needed depending on the needs and usage patterns. pioneering initiatives have proposed several network virtualization frameworks and architectures such as Global Environments For Network Innovation GENI[10]. This provides cloud networking users the facility to specify their desired virtual infrastructure. The security challenges involved are explained below A. vulnerabilities. These security topics amass a great deal of confidentiality. compliance issues.

4. Availability: For any information to serve its purpose. This increased complexity can lead to accidentally creating security vulnerabilities and threats through improper configuration of virtual machines. and network authentication service. 5. This creates an attack surface for the hypervisor as it provides a single point of access to the virtual environment and may expose any trusted network through poorly designed access controls system. Unsecure Network Transfer: Migration of virtual machines from one physical node to another node using tradition or new protocols through the network can be exploited to attack the system. networks connecting clients to the service provider.prevent data processing. policy based control should be distributed to virtual infrastructures moving within the virtual environment. It is also possible for dormant VM to store sensitive data such as encryption keys. digital signatures and communication security are mechanisms used to provide data integrity. software. Cloud systems are business oriented in which sharing of resources and exchange of data is central. 2.t. In addition. In addition. . B. Though. Attacks against the availability of information are denial of service attacks(DDos). Other security controls that ensure confidentiality by restricting access to sensitive information includes cryptography. security controls. Virtualization Environment Threats Virtualization provides the ability to run multiple operating systems and applications concurrently on the same physical board and the sharing of their underlying hardware resources. Integrity: refers to the guarantee of data nonalteration. Cloud users must be indisputable certain that the data retrieved is consistent and correct with the one stored. intrusion detection. Privilege Escalation: A hacker can acquire the virtual system rights of another user and then attempt to elevate his/her level of access rights in order to attack another virtual system with a higher level of access rights using the hypervisor. therefore the risk of data breach through denial of service attacks will increase substantially. This indicates that when cloud user sends code and data to an arbitrary cloud. network authentication. Availability is an important and necessary component of information security therefore poses a high threat. One significant challenge is to define rules that manage the cloud networking access to the physical infrastructure.c Furthermore. Cloud virtualization environment threats are elucidated below [15] 1. the information must be readily accessible to authorized users. Authentication. 2. Integrity is compromised when information sent is willfully or accidentally modified in transit. new attacks arise and will need to be handled. network properties and also enforcing these rules will prove difficult due to the complexities of these environments. because dormant VM are not actively used. data and security controls should always be available. 3. it may be difficult to determine integrity where data and application are stored over volumes of hardware and the check sum mechanisms in place prevents us to ascertain that the data hasn’t been altered. 3. Dormant virtual machines: Inactive virtual machines poses viable threat as they don’t have up to date security patches. C. poor monitoring tools and poor patching allowing attackers to gain access to individual virtual machines. fault tolerance through redundancy and network security ensures information reliability and robustness. Configuration flaw: The convergence of multiple technologies and accumulation of several layers of networks and systems in the virtual system introduces a considerable amount of complexity for virtualized configuration. Communication Threats It is paramount to secure all network communication between virtual machines and distribution of virtual infrastructures as it can potentially be exposed to malicious users and network traffic. the presence of these vulnerabilities in a virtualized environment impacts significantly on the security of other replicated virtual components and consequently affects the entire cloud environment. they will not have a cryptography mechanism solution that enables users to be sure of the confidentiality of the information sent. Due to the integration and combined access to physical and virtual network infrastructure. Poor Access Controls: The hypervisor is the backbone of virtualized infrastructure and mediates hardware resources to virtual machines. It means cloud infrastructure. Firewalls. leaving them vulnerable to attack when brought back online. monitoring access to data is impossible and this creates a security risk through the loss of or access to the virtual machine. authentication credentials e. A Homomorphc cryptography scheme in [16] meets the encryption challenge by proving that sending sensitive encrypted data to cloud providers for processing is not sufficient instead it ensures that operations performed on an encrypted data results in an encrypted version of the processed data.

5. laws and regulations governing the cloud environment to ensure that they choose a suitable cloud service provider in order to effectively safeguard security of customer’s information.g a policy might specify which legal space a virtual infrastructure is allowed to be placed or migrated. Organizations will not only need to have an accurate understanding of cloud computing and cloud networking security risks but also understand the applicable rules.g for denial of service attacks. selfhealing resilience and extensible management.g. The cloud environment abounds with sensitive information therefore cloud service providers and organizations both have a role to play in the security responsibilities in cloud networking as responsibility for the delivery of security service cannot be entirely outsourced to the cloud provider alone. Once the attacker has managed to gain control of the session. reduced latency. distinguishing legitimate usage from misuse during the automated detection of these attacks is in itself a challenge. However. 4. it reduces risk as virtual infrastructures can be moved between physical host based on assigned policies e. or even attack other cloud users with little or no detection. providing illegal content and brute force password cracking. Malware Injection Attack: This is a type of security threat where an attacker creates a malicious virtual machine instance and adds it to the cloud system in order to redirect valid cloud user’s request to the malicious instance. Such attack could solve any particular purpose the attacker is interested in e. For example. Abuse and Nefarious use of Cloud Networking Capabilities The great amount of computational and communication resources made effortlessly available by cloud networking and cloud computing can be exploited and misused e. Denial of Service Attack (DDos): The risk is that an external attacker may launch a DDos attack by flooding the cloud service provider’s network with thousands of requests with the aim of exhausting network resources and interrupting services which as a result will make both cloud providers and individual users to become handicap to provide or receive services. 2. Although the benefits associated with cloud networking are numerous. as legal restrictions on movement applies [17] access to information or services that the user is entitled to and also carry out a wide range of malicious activity. THREATS TO INFRASTRUCTURE AND DATA A threat is any circumstance or event with the potential to adversely affect a system by exploiting security vulnerabilities in the system. large scale hacking.In doing so. it still struggles in gaining recognition for its merits due to the security deficiencies that exists. their impact on the cloud system is considerable given their level of access. management processes and administration. 3. TCP Session Hijacking Attack: This is a method whereby an attacker takes over a web session by stealing a session id between a trusted client and network server and then masquerades as the legitimate user. could gain total control of the cloud services. harvest confidential data. The legal space is to be taken into consideration when distributing virtual components because they may pass legal restrictions when moving to arbitrary physical cloud networking infrastructures. However for a malicious insider. gain unauthorized CONCLUSION Cloud networking surpasses traditional networks to redefine scalability of resources. Network Intrusion Attack: The risk associated with network intrusion is that an attacker may penetrate and damage or steal the user’s data by remotely exploiting vulnerabilities in the cloud service provider’s system or applications. IV. practices. Auditing can help detect and remediate this kind of malicious attacks by looking in the DNS traffic for domain names being served by a fast flux service. D.g exploit privileged access capabilities. Example of network transmission method vulnerable to eavesdropping attacks includes – mobile and wireless communication. Eavesdropping Attack: This threat poses a major threat to cloud infrastructure and data as communication channel between service provider and cloud user may be monitored. intercepted or modified by unauthorized parties. It promises to provide a flexible network infrastructure. legal aspects and lawful intercepts applies. The threats to the cloud network infrastructure and computing are summarized and listed below [[15]18[19] 1. integrity and availability. Cloud network hackers may take advantage of vulnerabilities that result of these threats by using well known techniques. an external attacker can mount an attack on the cloud infrastructure in order to gain access to resources by eavesdropping on incoming and outgoing communication using existing vulnerabilities on the system. insider and external attackers are often used interchangeably however in the case of cloud networking. it is a violation of the cloud networking customer security goals. While lawful intercepts are not examples of traditional malicious attacks. As cloud networking becomes more complex. gain access to resources or make data modifications. When analyzing cloud computing. guaranteed delivery. A threat to cloud networking and computing can either be intentional (deliberate and malicious) or accidental (human error) which can result in a partial loss of confidentiality. dynamic . he or she can do anything on the network e. spamming.

“A survey on security issues in service delivery models of cloud computing”. NY.and distributed. Tech.. Leordeanu. (2010). This security challenges can be grouped into virtualization security. University of California. Alan L. cloud networking can mitigate its security threats and misuse by adapting the security management tools and countermeasures in cloud computing. and Djamal Zeghlache.Vines. Issue 8. M. J. M. Enhancing Dynamic Cloud-based Services using Network Virtualization. R. Antoniu. Dani. REFERENCES [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] SAIL project website (2010). and H. UCB/EECS-2009-28.Krutz and R. 3. and P.google. K. Márcio Melo. Algorithms.. Paul Murray. S. Rev. pp.763767. [18] Sara Qalsar.vmware. G. Marten. K. 1 pp.eu/ S. and J. Kaushik Kumar. Hadi." Advances in Cryptology–EUROCRYPT .J. Houssem Medhioub. Cox. A. "Fully homomorphic encryption over the integers. \How to lease the internet in your spare time. pp. Konwinski. Hervé Debar. Rabkin.com/mail/?ui=2&view=bsp&v. M. 2011. Basescu. C. A.https://mail. Redmond. Issue 1. T. IEEE Computer Society. Rexford. Jae Woo Batni. Schoo. Shai Halevi. one can expect to see security incidents and new vulnerabilities that will make cloud networking susceptible to attack. and Vinod Vaikuntanathan. Journal of Network and Computer Applications.. pp. 2012. and Networks. March 2009. A.sail-project. pp. 34 . Stoica. No 9. Vol. 2011. Colombia. Feamster. URL http://www. 2010. .H. G.1”. With the continuous growth of cloud computing. ―A Layered Security Approach for Cloud Computing Infrastructure” 10th International Symposium on Pervasive Systems.: Above the clouds: A berke. cloud data protection.Bernoth. Albert Leon-Garcia.157 . International conference on Virtual execution environments. Bhatt. Chowdhury. URL http://www. SL Garfinkel Ed (1999) Fox.com Tejas P. 2011. pp. “Cloud Computing Software Security Fundamentals in Cloud Security: A Comprehensive Guide to Secure Cloud Computing. A. A.Vol 31.: MIT Centennial Speech of 1961 cited in Architects of the Information Society: Thirty-five Years of the Laboratory for Computer Science at MIT. Jose Renato Santos. 459–466.Ercan and A. Suman. Subashini and V. EECS Department.” in AINA. Rep. Tam. L. Ma. Volker Fusenig. R. S. Dhruva L. 61-64. cloud control with distribution transparency and secure operations.Cloud Computing: Network security threats and countermeasures Interdisplinary Journal of Contempoary Research in Business . R. Grith. ActiveCDN: “Cloud Computing meets Content Delivery Networks. doi: 10. Song. Victor Souza. (Dec 2009) URL . Gao. pp. Hao. D. Issue 1. 67–74. Vol. Cloud Security Alliance “Security Guidance For Critical Arees of Focus in Cloud Computing V2.“Managing data access on clouds: A generic framework for enforcing security policies. Armbrust.1109/I-SPAN. "Challenges for Cloud Networking Security. 40. I. SIGCOMM Comput. Zaharia. Joseph.. and G. “A Survey of Network Virtualization”.." In Proc. of the 6th International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities. Carpen-Amarie. Srinivasan Lee. "Virtualized Application Networking Infrastructure. "Achieving 10 Gb/s using safe and transparent network interface virtualization..2009. Lakshman.D. Henning Chulvrinne. stealth and targeted however. Katz.Patel “Survey on Vitulization with Xen Hypervior”.Yildiz." 2011. Patterson. Threats to the network may become sophisticated. Ram. New York City.” Computer Science Department.V.. Pinall.A.Abawajy.. T. Vol." SIGCOMM . Commun. 5 (2010). J. Kavitha. Craig Gentry. gaining comprehensive network security and visibility will be challenging. January 2012 [19] M. and Boutaba. Elsevier Computer Networks 54. A. Chow. 2010 Van Dijk. 2010 [17] C. International journal of Engineering Research & Technology. Lee. 1-11 McCarthy. 1. Bannazadeh. Peter. 61-70. Khan. Wiley. N. Vol. 24-43. Berkeley (2009) VMware (2010). Mukherjee. Yoshio Turner. R. and Scott Rixner. 2008 F. Kausar FiazK hawaja. Costan.L.ley view of cloud computing.