1 CHAPTER - ONE

INTRODUCTION

1.1 CLOUD COMPUTING

Information Technology practitioners always require rapid
application development and deplo yment, but it is very difficult to
build
business environment. The refore, the computing aspects of information
society have been revolutionized from distributed to cloud. Cloud is a
natural evolution of distributed computing and the general variation of
virtualization and Service Oriented Architecture ( SOA) [1]. Cloud
emphasizes on various service oriented architectures. Cloud computing

to tap into a vast network of computing resources through the Internet.

Cloud computing is now proving a bonus to IT users and developers b y
reducing time and effort required to deplo y the application [2]. Cloud
computing refers the means, where everything comes from computing
power to application, infrastructure , and the business processes. It is
delivered as service whenever , whatever, and wherever it is required.

NIST defines cloud computing as a model for enabling

ubiquitous, convenient, on -demand network access to a shared poo l of
configurable computing resources (e.g., networks, servers, storage,
applications, and services) that can be rapidl y provisioned and released
with minimal management effort s or service provider interaction [1, 3,
127]. This cloud model is composed of f ive essential characteristics
(i.e., on demand capabilities, broad network access, resource pooling,
rapid elasticit y, and measured services), three service models ( i.e.,
IaaS, SaaS, and PaaS), and four deployment models ( i.e., public,
private, h ybrid, and communit y) [ 1, 2, 127]. The importance of cloud
computing and its adoption can be best described in terms of its
underlying characteristics, delivery , and deplo yment models [ 1, 111].

1
 Chapter-One: Introduction

These models and characteristics lie at the top of each other, thereb y
forming a stack of a cloud [1, 3].

Amazon refers to cloud computing as , the on-demand delivery of

IT resources , and applications via the Internet with pay as you go
pricing [3]. Cloud provides rapid access to flexible and low cost IT
resources by supporting the critical operations of business applications.
With cloud computing, a
investments in hardware and spend a lot of time on the heavy lifting of
managing that hardware [5, 6, 126]. The Gartner Group defines cloud
computing as, a st yle of computing in which massivel y scalable IT -
related capabilities are provided as a service using the Internet
technologies to multiple external users [126].

The most common aspects for researchers in cloud computing are

cloud brokering, cloud workflow management s ystems, big data cloud
services, cloud anal ytics, cloud configuration and capacit y
management, mobile cloud architectures and models, IoT-cloud
integration, cloud standards, QoS for applications on clouds, privacy,
trust, and cloud securit y etc. Cloud securit y has been a significant
attention for organizations in securing data and useful information on
the cloud. Cloud securit y is still depend upon traditional approaches
such as, authentication, authorization, data confidentialit y, integrit y,
availability, and privacy issues, with some additional attacks [7, 112].
Cloud security faces different challenges and issues at various levels in
the form of vulnerabilities and attacks. These challenges include multi-
tenancy, cloud secure federation, secure information management,
service level agreement, vendor lock -in, loss of control,
confidentialit y, data integrit y and privacy, data intrusion,
virtualization vulnerabilities, cloning and resource pooling, motility of
data, VM hopping, XML signature attack, XSS attack, browser
securit y, SQL injection attack, and flooding attack [8, 9, 10]. Our
research work focuses on various aspects of cloud securit y such as,
authentication, authorization, reliabilit y, and data integrit y .

2
 Chapter-One: Introduction

1.2 CLOUD SERVICES

Cloud services are the numerous resource s that are provided over
the Internet. Standard services are accessed via standard platforms
(i.e., desktop, laptop, mobile etc .). There are three standard service
models used to describe cloud service delivery. These service models
are Software Platform Infrastructure ( SPI) model; i.e., Software as a
Service (SaaS) , Platform as a Service (PaaS), and Infrastructure as a
Service (IaaS) [1, 129]. These services are designed to provid e easy,
scalable access to applications, resources , and other services that are
full y managed b y CSP. SaaS is based on the concept of renting an
entire finished application from a service provider rather than bu ying,
installing, and running that software. Software licensing is not a
critical issue for the SaaS users. SaaS application s such as word
processors, CRM, application services etc. , are executed on the
Internet to process data and propagate information. Some convention al
services are also combined with third part y commercial services via
orchestration to create new application [7 , 10]. SaaS increases the
speed and reduces the hardware footprint . It also eliminates the version
compatibilit y [130, 131, 132]. Some challenges while using the SaaS
based application are governance and billing management,
synchronization of client -vendor migration etc. There are various
applications of SaaS such as , Google App from Google, ZohoOffice,
Microsoft Live, and
Oracle On-demand, etc. [133,134].

PaaS is all about providing a platform as a service via the

Internet upon which the applications can be developed and executed. It
works on pay as you go model in a distributed computing environment.
The concerns of PaaS are code and data privacy, securit y, and
scalabilit y [10, 134]. Some of its challenges are governance, vendor
lock-in, and connectivit y. Examples of PaaS are Amazon EC2, Etelos
Coghead, Microsoft Azure, Boomi, LongJump, Google App engine etc.

3
 Chapter-One: Introduction

IaaS is offered to provide on -demand computing and storage

capabilities. It is also based on a pay as you go model. The computing
resources (i.e., processor, memory, storage, and bandwidth) are
provided to users by the use of virtualization technology or Virtual
Machines (VM) [10]. It is based on utility computing architecture. It
reduces cost b y less hardware, less floor space from the smaller
hardware footprint, less cooling cost , and less power consumption.
Main challenges in IaaS are the portability of applications, maturit y of
system management tools, integration of service boundaries , and
scheduling of huge amount of resources a vailable at Cloud Service
Provider (CSP) side [134]. Examples of IaaS based applications are
HP-Electronic Data Systems (EDS), IBM BlueCloud, SunGrid, Jo yent
etc.

IaaS vendors deploy virtualization technologies that provide the

computing power, whereas Pa aS allows accessing an environment upon
which applications can be deployed. In IaaS, a VM is created for the
user application and all other things required b y the application rather
than being restricted to a certain development environment. The user
can select own choice of OS images, development environment , and
host it on the IaaS vendor in frastructure. In the same way, Data Center
or Data as a Service ( DaaS) provides data storage services with IT
infrastructure moving towards the cloud. It is feasible to offer
endeavor level data safet y and higher uptime guarantees at a reasonable
cost. In order to achieve this, DaaS solution has man y layers of built -in
redundancy features [ 133].

1.3 CLOUD DEPLOYMENT MODELS

Cloud computing d eployment depends upon whether the cloud is
a private, community, public, or h ybrid one. Cloud integrators play a
vital role in determining the right cloud path for a specific
organization [1, 6]. Fig. 1.1 shows the schematic deplo yment models
[11]. The deplo yment models are further discussed in subsequent
subsections.

4
 Chapter-One: Introduction

1.3.1 Public Cloud

A public cloud is a deplo yment model where cloud services are
potentiall y available to an y cloud service user and resources are
controlled b y the CSP. Public cloud may be owned, managed, and
operated b y a business, academic, government organization, or several
combinations of them. Public clouds a re provided b y a CSP and may
offer either a dedicated or shared operating environment with all the
benefits and functionalit y of elasticit y and the accountability model of
cloud [126]. The ph ysical infrastructure is generall y owned and
managed b y the designated CSP and it
data centers. All users share the same infrastructure pool with limited
configuration, securit y protections, and availabilit y. One of the
advantages of a public cloud is that they may be larger than an
enterprise cloud ; and hence, they provide an ability to scale seamlessl y
on-demand services.

Provisioned for open Public Private Used for single

use for public cloud cloud organization

Hybrid Communit y
cloud cloud
Composition of two Shared by
or more clouds different
organization

Figure 1.1: Cloud deployment models

5
 Chapter-One: Introduction

1.3.2 Private Cloud

The private cloud is defined as a cloud that can be owned,
managed and operated b y the organization. Third part y may also exist
on premises or off premises in the organization . The user can also give
authorized access to third parties for its benefit. Private clouds seek to
set a narrowly controlled boundary around the private cloud based on
limiting the users to a single organization [126]. Private clouds are
provided b y an organization or their designated services and offer a
dedicated operating environment with all the benefits and functionalit y
of elasticit y and utilit y model of cloud. Private clouds aim to address
concerns about data securit y and offer greater control, which is
typicall y lack in a public cloud [11].

1.3.3 Hybrid Cloud

Hybrid clouds are the combination of public and private . Hybrid
cloud facilitates transitive information exchange and possibl y
application compatibilit y and portabilit y across disparate cloud
services. It also offers and provides utiliz ation of standard or
proprietary methodologies regardless of ownership or location. With a
hybrid cloud, service providers ca n utilize third -part y cloud providers
in a full or partial manner, thereby increasing the flexibilit y of
computing [11]. Gartner Incorporation describes h ybrid cloud as a
policy-based and coordinated service provisioning, use and
management across a mixtur e of internal and external cloud services
[123].

1.3.4 Community Cloud

A communit y cloud is a n infrastructure that is shared among
several organizations from a specific group with common computing
concerns (i.e., banks or heads of trading firms) [114]. It is related to
regulatory compliance s such as, audit requirements, or it may be
related to performance requirements such as , hosting applications that
require a quick response time . The organizing principle for the

6
 Chapter-One: Introduction

communit y cloud may vary, but the members of the communit y

generall y share similar security, privacy, performance and compliance
requirements [124].

1.4 CLOUD SECURITY

Cloud services are used to make IT Infrastructure scalable,
reliable and cost -effective. Sometimes traditional data centers are
useful for the organization, but for the business agilit y and economical
reasons, cloud is an important option for the organization [12].
Although cloud computing emerges from existing technologies but its
computing models and characteristics raise d new securit y challenges
due to its advantages such as , on demand service, pay-as-you-go,
resource allocation etc. There exist critical securit y related
vulnerabilities and threats within the cloud computing environment.
The most common vulnerabilities of a cloud are in secure interface and
APIs, XSS attack or CSRF, resource allocation limitation,
susceptibilit y related to data, h ypervisors, VM network
accountabilit y and VMs image vulnerabilities [13, 20]. Cloud securit y
at all levels (e.g., host, network, application , and data levels) is the
major concern for IT industries to adopt cloud environment. The most
important threats of cloud computing are abused and its nefarious use,
shared technological issues, data loss or leakage, an account of service
hijacking, and unk nown risk profile [14].

The availabilit y, performance, malicious insiders, and outsider

attacks are the security issues and highlight the key research
challenges in cloud computing environment [14, 15]. Other issues
pertaining to data security are d ata location, data transmission, data
availability and data storage securit y [ 16]. Attackers know that access
to an application is the first step towards gaining access to the
important information stored, processed, or transmitted in the cloud
computing. Attac
applications. Several applications have pathetic access control
mechanisms which common with securit y vulnerabilities [ 17].

7
 Chapter-One: Introduction

Authentication is a primary securit y concern in cloud computing. The

mechanism s used for assuring proper communication s are verified for
enabling other securit y features such as , data confidentialit y and data
password or an y other authentication techniques such as , hardware
token, software token, digital certificates on smart cards and USB
tokens, out-of-band authentication and biometrics. There are various
protocols such as, OpenID, UMA, LDAP, Kerberos, RADIUS and
SAML, which provide support to build the authenticate frameworks
[18]. Cloud securit y is a large set of policies, technologies, controls,
and methods organized to protect data, applications, and the related
infrastructure of cloud computing.

Security has been one of the most challenging issues for the IT
executives , particularl y in clou d implementation. There exist numerous
securit y anxieties that prevent companies from captivating advantages
of the cloud. Several studies quote securit y as the primary level
confront for cloud users [ 19]. The security challenges are classified in
deplo yment models, service models and network, which are shown in
Fig. 1.2. The security issues of cloud computing have been exposed in
deployment and service models. The securit y challenges with respect to
the network are the most imported because for any Internet-based
services, a network is considered as the backbone for the cloud
computing.

1.5 OBJECTIVES
The research objectives of investigation of cloud adoption issues
and design of a secure cloud computing environment are as follows:

Performance analysis of various cloud computing tools and

technologies .
There are various tools available for the needs of an individual
or the organization for deplo yment of their cloud infrastructure plan.
Cloud infrastructure plan include tools such as , Eucalyptus,
OpenNebula, Nimbus, OpenStack, ABICLOUD, CloudSim, and

8
 Chapter-One: Introduction

CloudStack etc. [1]. These tools provide different services according to

Mesh, Sun network.com are built on service-based infrastructure.

These tools are different in storage capabilit y, comput ing services,
Web APIs etc. The infrastructure of these tools is based on the type of
services provided by them; such as,
PaaS, Microsoft Live Mesh based on Iaa S , and SunGrid based on IaaS
[2]. These tools focus on onl y private cloud computing environment.
Therefore, the aim of this objective is to perform comparative anal ysis
of cloud tools and technologies base d on different parameters . These
parameters are imported to manage and deplo y cloud in an y
infrastructure [2].

Cloud securit y c hallenges

Deplo yment model Service model Network issues

Cloning and Data leakage Browser security

resource pooling problem
Injection attack
Motilit y of data VM hopping
Flooding attack
Elastic Malicious attack
XML signature
Shared Shared attack
environment technological
issues Lock in
Unencrypted
XSS attack
data Service hijacking
Authentication Backup and Incomplete data
and identity deletion
storage
management

Figure 1.2: Classification of security challenges in cloud computing

9
 Chapter-One: Introduction

Design a framework for cloud environment with log maintenance

scheme to improve cloud security and also provide a solution for
authentication and authorization in cloud environment
Cloud computing is comprised of major demand from the every
group of an organization because of eas y availability and cost
effectiveness but security has remain a major challenges for the
practitioners . Authentication is constantly the biggest concerned for IT
industries to adopt cloud computing environment. The availabilit y,
performance, key logger attack, malicious insiders, outsider attacks
and service disruptions explore are the key research challenges at
authentication level [21]. The traditional user name and password is
not enough as a single factor for authentication . In this objective, w e
have proposed a secure cloud computing framework , which uses the
first factor as a crypt user name and password along with second
factor, i.e., M-pin authentication server, which is similar to ATM pin .
Also, this objective focuses on a solution to the threats that are the
major issues for the cloud adoption [22].

Investigation of location signature to improve the performance

of cloud computing.
The increasing demand of cloud computing in enterprise
architectures allows users to remotel y store their data and receive the
benefits of on -demand high -qualit y cloud applicati ons. The existing
cloud securit y approaches are limited to satisfy users for the demand of
cloud services and are observed to be insecure, complex , and costly. In
this objective, we have proposed a securit y approach for a cloud
environment using location s ignature and HTM L5 WebDB. In location

scripting languages and are managed with HTML5 WebDB at the client
side. The proposed approach can protect applications and data from
unauthorized access .

10
 Chapter-One: Introduction

Investigation of various virtualization tools for improvement in

virtualization aspects.
Cloud virtualization has created an enormous impact on IT and
networking worlds. Virtualization and its exclusive architecture have
numerous features and advantages over non -conventional virtual
machines. However, it has some new vulnerabilities and attacks on a
virtualization based cloud system. XSS based attack is among the top
cloud vulnerabilities. This exposure occurs when a user uses the input
from a cloud environment application without properly looking into
them. It allows an attacker to execute malicious scripts in the cloud
environment. The scripts execute harmful actions whe n a user visits the
exploited cloud. Existing approaches to mitigate this problem,
especiall y on effective detection of XSS vulnerabilities in the
application or prevention of real -time, XSS attacks are not enough.
Therefore, the survey of different vulner ability attacks on cloud
virtualization is performed and also a concept for the removal of XSS
vulnerabilities to secure the cloud environment is presented.

Develop a secure, reliable, and available application using

cryptographic algorithm.
Cloud computin g provides a service based environment for data
storage and resource sharing that are available to user through the
Internet with on -demand basis. Thus, users can access their data from
an y geographical location at an y time. Cloud environment also
provides better scalability, flexibilit y, high performance, availabilit y
and less storage cost as compared to other ph ysical storage of data.
Maintaining data integrity and security in the cloud environment is
difficult especially when the stored data is not compl etel y reliable, and
trustworth y. However, the security of stored data is the major concern
for organizations and individual user to adopt cloud based
environment. In this objective, we have proposed and enhanced the
functionalities of Third Part y Auditor (TPA) server to protect the
availability and integrit y of outsourced data in a cloud environment.
The proposed approach uses the functionality such as public

11
 Chapter-One: Introduction

verifiabilit y, metadata generation, data dynamics, storage access point,

encryption and decryptio n of data through RSA algorithm and IP range
in case of private cloud.

Design a suitable web service API for the secure cloud in mobile
cloud environment.
Cloud computing frameworks such as , Google App Engine,
Amazon Web Services, Windows Azure, and open source frameworks
such as, OpenStack have become increasingl y popular among
practitioners . Also, the growth in usage and deployment of smartphone
platforms and applications worldwide is increasing rapidl y . Mobile
Cloud Computing (MCC) promotes the use of cloud based services in a
mobile environment. Data and complex computing modules are
processed in clouds and mobile devices do not need a powerful
configuration such as, CPU speed and memory capacity. Mobile
devices are unable to utilize resources , communication delay, and
unexpected mobile vulnerabilities or attacks. These challenges have a
great effect in the improvement of service qualities of mobile cloud. In
this objective, the survey of different vulnerabilit ies and attacks on
mobile cloud computing are identified and also, we have designed a
secure mobile cloud storage environment through an encryption
algorithm. The proposed work focuses on the solution for the threats
that are the major issues for MCC adoption.

1.6 THESIS OUTLINE

The thesis on t he investigation of cloud adoption issues and
design of a secure cloud computing environment is organized into eight
chapters. The main focus of this thesis is to design and develop a
framework for secure cloud computing environments . The framework is
developed, experimented and applied for cloud service based
applications. The results observed are useful for discovering the
reliable and secure cloud computing environment. The proposed
framework is compared with the existing frameworks on the basis of
certain parameters. It is observed that the proposed framework is better

12
 Chapter-One: Introduction

than other frameworks in terms of providing response time , response

factor, and execution planning. The proposed framework is designed
and developed for the private cloud deplo yment m odel. The rest of the
chapters are described and organized as follows.

Chapter two presents the comparative studies on different cloud

tools, technologies, architecture , features, and deplo yment strategies .
Tools such as Eucalyptus, OpenNebula, Nimbus and OpenStack are
compared with respect to different parameters such as, cloud types,
compatibilit y, deployment strategies, scalabilit y, hypervisor support,
securit y management, scheduling, and p olicy algorithm, web interface
etc. From these comparative studie s, users will be able to select
appropriate cloud deplo yment strategy [21, 23].

Chapter three describes the design of architecture for secure two

factor authentication in cloud computing environment. Two factor
authentications broadl y divided in to two categories; first factor and
second factor authentication. In first factor, user name and password is
provid ed before access is granted to user to store and access data. First
factor authentication also includes certain entry level authentication
rules such as, policies, checkpoint , and access point. In second factor,
we include M-pin authentication server as a second factor . M-pin pin-
pad user interface pin and it is combined M-pin
user secret key and M-pin stored token along with the en
Authentication attacks and risks associated with different
authentication level are also discuss ed in Chapter three. It also
presents an architectural representation of two factors authentication
along with performance evaluation of different aspects (i.e., throughput
and ex ecution time) and logs based representation.

Chapter four discusses the literature for secure cloud environment

through location signature, and HTM L5 WebDB . In location signature,
pted via server side scripting
languages and managed with HTM L5 WebDB at the client side
scripting. Cloud securit y at different levels is also discuss ed in this

13
 Chapter-One: Introduction

chapter. Chapter four also presents HTML5 WebDB and encryption

algorithm modified with first factor registration model , and location
signature mapping .

Chapter five describes the literature for different virtualization

challenges and approaches . It also presents the cloud virtualization
securit y challenges and issues . The virtualization security challenges
include file sharing between hosts and guests , up-to-date snapshots,
network storage and h ypervisors issues, and separation of duties , and
administrator access . Various cloud vulnerabilities and threats are also
identified and compared. Chapter five also presents XSS or Cross-Site
Scripting attack and its terrible influence in cloud securit y. The
Chapter also discuss es t ypes of XSS attack, problem statement in XSS,
XSS detection and recovery in DOM, parsing in HTML, modification
of HTML parsing, and deployment of the filter. An experimental result
with different aspects such as , response time and response factor
anal ysis is also present ed in this Chapter.

Chapter six discusses the reliability in cloud server data storage.

Encryption algorithms for securit y are discussed with proposed
securit y algorithm using TPA. Architectural view of TPA is also
present ed, which specifies secure and reliable data verification. TPA
can periodicall y challenge the storage server to ensure the correctness
of the cloud data. TPA architecture is presented along with public
verifiabilit y, metadata generation, key generation, and data d ynamics.
Algorithm for the block append , delete, and update operations are also
present ed. The experimental result with cloud data storage reliabilit y
metrics and securit y evolution of cloud storage server also discuss ed in
this chapter.

Chapter seven reviews the literature on various MCC securit y

challenges and issues. Partitioning issues, execution delay, and
communication problem of MCC i s also discussed in Chapter seven. In
this chapter, architectural view of MCC along with mobile network,

14
 Chapter-One: Introduction

CSP, TPA, and mobile cloud storage is proposed for secure MCC
environment. Chapter seven also presents secure MCC storage with
encryption and decrypti on of data and illustration.

Finall y, Chapter eight provides the conclusion along with a

contribution of work presented in the area of cloud computing securit y.
The main references related to cloud computing security research are
also listed at the end o f the thesis.

15