e-ISSN: 2582-5208

International Research Journal of Modernization in Engineering Technology and

Science
Volume:04/Issue:01/ January-2022 Impact Factor- 6.752 www.irjmets.com

Security Threats of Cloud Computing

Mr. Gopala Krishna Sriram*1

*1 Software Architect, EdgeSoft Corp, McKinney, TX USA

ABSTRACT
Cloud computing is the most adopted technology of the current century. Large businesses, industries,
small organizations even individuals can leverage the numerous benefits of cloud computing services.
Cloud computing promises to provide all computing services to its users in a pay-as-you-use fashion.
Users can access all types of computing resources such as software's, infrastructure, networking
facilities without much skill, effort, and financial resources. Its potential power cloud computing
environment also suffers from some potential challenges; security is far the most challenging in the
cloud environment. Cloud computing data must be secured from attackers and malware. This research
provides some basic concepts related to cloud computing security and reveals its potential security
attacks.

Keywords: Cloud computing, Cloud Computing security, cloud computing security threats, cloud
computing security challenges., Etc.

I. Introduction
Cloud computing wraps up Information Technology (IT) with its mesmerizing services for businesses, the IT
industry and even individualizes. Small and large organizations can use cloud computing services for their
complete operation lifecycle. Businesses can leverage cloud computing services from deployment to development
and even marketing and maintenance. Cloud computing promises to provide a comprehensive set of services for all
kinds of business needs [1]. Essentially cloud computing provides the following services: Infrastructure as a
Service (IaaS). In IaaS, users access computing infrastructure services such as Hardware, networks, and other IT
infrastructures. IT infrastructure can be scaled up or down according to user requirements. For example, if the
user demands different machines, they can even access them by requesting cloud service providers. Platform as a
Service (PaaS), PaaS services provides users with a comprehensive development platform that includes an
operating system, development environment, database management system, decision support system, and many
more services for their business needs. Software as a Service(SaaS), SaaS services give users access to their
software user can use software for free or for a pre-decided compensation package. Other services include
Communication as a Service (CaaS), Hardware as a Service(HaaS) and many other services[2]. Widespread
research in the field of cloud computing is on the board. Researchers are exploring various aspects of cloud
computing to improve its performance. The focused research challenges are load balancing, infrastructure issues,
offloading, Quality of Service (QoS) improvement, privacy and security. Security is an ongoing research challenge
in the cloud computing world. Cloud computing faces data security, storage [3], infrastructure, and other services.
Data is the most valuable asset for every organization. Cloud service providers hold data for the required amount
of time on behalf of their users. Data stored on the cloud need to be secure from attackers and malwares[4, 5].
Along with the storage stage, precautionary measures must be adopted to secure data during their transfer period.
Cloud computing faces numerous security threats[1, 3]. This research will explore security requirements, potential
attacks and vulnerabilities, and their countermeasures.

www.irjmets.com @International Research Journal of Modernization in Engineering, Technology and Science

[1]
 e-ISSN: 2582-5208
International Research Journal of Modernization in Engineering Technology and
Science
Volume:04/Issue:01/ January-2022 Impact Factor- 6.752 www.irjmets.com

Fig 1: cloud computing service model

.
I. Background

This section will reveal preliminaries related to cloud computing security to understand reader about basic
terminology related to the cloud computing security spectrum.

Confidentiality:
Confidentiality in its core refers to the fact that data and services should only be available to the right authorized
person [6]. Confidentiality is essential for the cloud computing environment since organizations store their data
on cloud servers based on their trust in the service provider. Cloud servers need to make organizations
information confidential from sources other than data owners. Confidentiality needs to be guaranteed throughout
the life cycle of cloud data from data generation to transition and from storage to destruction.

www.irjmets.com @International Research Journal of Modernization in Engineering, Technology and Science

[2]
 e-ISSN: 2582-5208
International Research Journal of Modernization in Engineering Technology and
Science
Volume:04/Issue:01/ January-2022 Impact Factor- 6.752 www.irjmets.com

Fig 2: Confidentiality of cloud data

As shown in the figures above, the users who send their data to cloud servers need to ensure that their data is not
being seen or used by any unauthorized party.

Integrity:
The Integrity of cloud data means that any unauthorized party does not alter data sent to the cloud server from a
user. In other words, data received from the cloud user should be the same as that stored by the organization [7].
Cloud data integrality can be possible by making extensive care during transiting storing, and using stage of
data[8].

Fig 3: Integrity of cloud data

Authenticity:
Authenticity means that anything that comes from the cloud should be passed by an authorized source[9].
Authentication also refers to non-repudiation, meaning authenticated actions cannot be denied by any
unauthorized party. For instance, if a user receives a file, they should not refuse its receiving.

Availability:
Availability means that any service should be available for a specified period. It is the responsibility of cloud
service providers that their promised services will be available for the pre-defined period

www.irjmets.com @International Research Journal of Modernization in Engineering, Technology and Science

[3]
 e-ISSN: 2582-5208
International Research Journal of Modernization in Engineering Technology and
Science
Volume:04/Issue:01/ January-2022 Impact Factor- 6.752 www.irjmets.com

Threat:
The threat is a common term used in all fields. In a cloud computing environment, threats refer to potential
security violations that can be attempted to break security[10]. The threat can be either automatic or manual and
can exploit security frameworks.

Vulnerability:
Vulnerability can refer to a weakness or security loophole that can exploit security[11]. Vulnerability can be at any
place or stage of cloud computing. Cloud infrastructure can be vulnerable and security policies, Hardware, user
error.

Risk:
Risk is a possibility of failure or harm in performing any particular activity. The following can determine the risk to
factors:
 Probability of loss in response to performing any activity
 If IT resources compromise, how much loss can happen

II. Cloud computing Security attacks

This section will describe in detail about security attacks of cloud computing. Following is the list of some potential
security attacks in the cloud computing environment.

Traffic eavesdropping:

In traffic, eavesdropping data is interrupted by any illegitimate or malicious entity. Traffic eavesdropping can
occur during data transfer within a cloud environment or out of the cloud. The essential purpose of a traffic
eavesdropping attack is to break data confidentiality and trust between cloud service providers and their
customers.

Fig 4: Traffic eavesdropping scenario.

Fig 4 shows how malicious attackers copy messages between cloud consumers and cloud service providers.

www.irjmets.com @International Research Journal of Modernization in Engineering, Technology and Science

[4]
 e-ISSN: 2582-5208
International Research Journal of Modernization in Engineering Technology and
Science
Volume:04/Issue:01/ January-2022 Impact Factor- 6.752 www.irjmets.com

Malicious Intermediary:

A malicious intermediary is an advanced form of traffic eavesdropping[12]. In a malicious intermediary attack, the
compromised message is altered by the attacker; hence message comes to the cloud service provider changes from
the message sent from the cloud consumer.

Fig 5: malicious intermediary scenario.

As shown in figure 5, the message data is being altered by the malicious intermediary and their contents change in
consequence virtual server compromised.

Denial of Service (DOS) attack:

DOS is the most popular type of attack in the cloud environment and almost all networking circumstances [13].
The primary purpose of a DOS attack is to overload the network so that required services cannot be delivered.
There can be the following possible scenarios of DOS attacks.
 The workload is increased artificially by using artificially generated messages; all services are reserved for
this workload; hence, legitimate users cannot access cloud services.
 The network can also be overloaded by using its bandwidth so that traffic becomes slow
 An attacker generates excessive requests to overload cloud service resources.

www.irjmets.com @International Research Journal of Modernization in Engineering, Technology and Science

[5]
 e-ISSN: 2582-5208
International Research Journal of Modernization in Engineering Technology and
Science
Volume:04/Issue:01/ January-2022 Impact Factor- 6.752 www.irjmets.com

Fig 6: DOS attack scenario.

In the figures mentioned above, the attacker sends accusive messages to virtual server A; consequently, server A
becomes overloaded.

Virtualization attack:
In this attack virtual server is hijacked by the attacker, and hence they perform such actions that physical server
compromise. Virtualization attacks destroy the confidentiality, availability and Integrity of physical servers [14].

Fig 7: Virtualization attack.

There is a massive list of attacks on the cloud computing environment here we present only selected shortlisted
attacks that are more threatening for the cloud computing environment.

www.irjmets.com @International Research Journal of Modernization in Engineering, Technology and Science

[6]
 e-ISSN: 2582-5208
International Research Journal of Modernization in Engineering Technology and
Science
Volume:04/Issue:01/ January-2022 Impact Factor- 6.752 www.irjmets.com

III. Conclusion and future work

Cloud computing is the most adopted technology of this century. Cloud computing has gained immense popularity
because of its valuable services. Currently, almost all organizations are shifting toward cloud computing. Along
with its countless benefits, cloud computing also suffers from some potential challenges; security and privacy are
among the most panic problems for cloud computing service providers. Cloud computing services, particularly its
data, need to be secure against malicious activity. In this paper, we presented comprehensive detail about the
fundamental concepts of cloud computing security and explored common security threats.

IV. REFERENCES
[1] C. Almond, "A practical guide to cloud computing security," A white paper from Accenture and
Microsoft, 2009.
[2] M. Armbrust et al., "A view of cloud computing," Communications of the ACM, vol. 53, no. 4, pp. 50-
58, 2010.
[3] "Cloud Security Services - Cloud Computing Technology - Trend Micro USA - Trend Micro USA."
http://cloudsecurity.trendmicro.com/us/technology-innovation/index.html (accessed.
[4] F. Sabahi, "Cloud computing security threats and responses," in Communication Software and
Networks (ICCSN), 2011 IEEE 3rd International Conference on, 2011: IEEE, pp. 245-249.
[5] M. I. Tariq, "Towards Information Security Metrics Framework for Cloud Computing," International
Journal of Cloud Computing and Services Science (IJ-CLOSER), vol. 1, no. 4, pp. 209-217, 2012.
[6] "Establishing Trust in Cloud Computing.pdf."
http://incoming-proxy.ist.edu.gr/stfs_public/cs/msc/ReadingMaterial_MMSE-
SEPE_oct2011/00_newrefdocs/sepe/Establishing%20Trust%20in%20Cloud%20Computing.pdf
(accessed.
[7] C. Dinesh, "Data Integrity and dynamic storage way in cloud computing," arXiv preprint
arXiv:1111.2418, 2011.
[8] V. Kumar and G. Poornima, "Ensuring Data Integrity in Cloud Computing."
[9] M. Muhammad and G. A. Safdar, "Survey on existing authentication issues for cellular-assisted V2X
communication," Vehicular Communications, vol. 12, pp. 50-65, 2018.
[10] W. R. Claycomb and A. Nicoll, "Insider Threats to Cloud Computing: Directions for New Research
Challenges," in Computer Software and Applications Conference (COMPSAC), 2012 IEEE 36th Annual,
2012: IEEE, pp. 387-394.
[11] H. Mahajan and N. Giri, "Threats to Cloud Computing Security," in VESIT, International Technological
Conference-2014 (I-TechCON), 2014.
[12] F. R. Carlson, "Security Analysis of Cloud Computing," arXiv preprint arXiv:1404.6849, 2014.
[13] R. Chow et al., "Controlling data in the cloud: outsourcing computation without outsourcing control,"
in Proceedings of the 2009 ACM workshop on Cloud computing security, 2009: ACM, pp. 85-90.
[14] G. Huerta-Canepa and D. Lee, "A virtual cloud computing provider for mobile devices," in Proceedings
of the 1st ACM Workshop on Mobile Cloud Computing & Services: Social Networks and Beyond , 2010:
ACM, p. 6.

www.irjmets.com @International Research Journal of Modernization in Engineering, Technology and Science

[7]