A Secured Architecture for Mitigating Distributed Denial of Service Attack Integrating Internet of Things and Cloud Computing

Contents

Acknowledgement

List of Figures

List of Tables

Chapter -I
INTRODUCTION
1.1 Internet of Things
1.2 IoT Prognostications
1.3 Definitions on IoT
1.4 Cloud Computing
1.5 Definitions on Cloud Computing
1.6 Working Models of Cloud Computing
1.7 Deployment Models of Cloud Computing
1.8 IoT and Cloud Integration
1.9 Cloud Computing Security
1.10 Distributed Denial of Service
1.11 Taxonomy of Distributed Denial of Service Attack
1.12 Types of DDoS Attack
1.13 Aims and Objectives
1.14 Thesis Structure

Chapter -II
REVIEW OF LITERATURE
2.1 Distributed Denial of Service Attack
2.2 Security Architecture for Mitigating Distributed Denial of Service Attack
2.3 Mitigating Approaches for Distributed Denial of Service Attack
2.3.1 Captcha Methods for Mitigating DDoS Attack
2.3.2 Puzzle Approaches for Mitigating DDoS Attack
2.3.3 Optimization Algorithm for Mitigating DDoS Attack
2.3.4 IDPS System for Mitigating DDoS Attack
2.3.5 Firewall Approaches for Mitigating DDoS Attack

Chapter - III A SECURITY ARCHITECTURE FOR MITIGATING DISTRIBUTED DENIAL OF SERVICE(DDOS)ATTACK INTEGRATING INTERNET OF THINGS AND CLOUD COMPUTING
3.1 SMS_FIREWALL_DDoS Proposed Architecture
3.1.1 The Proposed Architecture Scope
3.1.2 Unique Features of the SMS_DDoS Architecture
3.1.3 SMS DDoS Architecture’s Principles and Techniques
3.2 Functional Components of the Proposed Architecture
3.3 CloudIoT Integrated Environment
3.3.1 IoT Things
3.3.2 Sensors
3.3.3 RFID
3.3.4 Sensor Reader
3.3.5 Sensor Networks
3.3.6 Gateway
3.3.7 Devices
3.3.8 MQTT
3.4 CloudIoT Integrated Environment
3.4.1 Cloud Platform
3.5 Secure User and Device Registration
3.6 Smart Mitigating Service
3.6.1 Smart Mitigating Service Firewall
3.6.2 First Verification Process of SMS_Firewall
3.6.2.1 Text Captcha
3.6.2.2 Image Captcha
3.6.2.3 Mathematical Captcha
3.6.2.4 I’m Not A Robot Captcha
3.6.2.5 Malware Detection System
3.6.3 Second Verification Process of SMS _Firewall
3.6.3.1 Jigsaw Image Puzzle
3.6.3.2 Client Puzzle Server
3.6.4 Intrusion Detection and Prevention System
3.6.4.1 Firefly Biological Behavior
3.6.4.2 Proposed CDDOSD and BFFO Model for DDoS Detection
3.6.5 Reverse Proxy
3.7 Functional Descriptions of SMS_ Firewall for DDoS Diagram
3.8 Secure User and Device Authentication
3.9 Secure Transaction between Cloud and Legitimate User
3.10 Functional Components Descriptions of SMS Firewall for DDoSFlow Diagram
3.11 Sequence Diagram of SMS_Firewall for DDoS Attack
3.11.1 Case Study - 1 : Smart Traffic
3.11.2 Case Study - 2 : Smart Hospital
3.11.3 Case Study - 3 : Smart Agriculture

Chapter IV SECURITY ALGORITHMS
4.1 Secure User and Device Registration Algorithm
4.2 Dynamic Captcha Algorithm
4.2.1 Text Captcha Algorithm
4.2.2 Image Captcha Algorithm
4.2.3 Math Captcha Algorithm
4.2.4 I’m Not A Robot Captcha Algorithm
4.3 Jigsaw Image Puzzle Algorithm
4.4 Binary Firefly Algorithm for Intrusion Detection and Prevention System
4.5 Intrusion Prevention and Traffic Load Balancing
4.6 Method for selecting DominantCloudServer
4.7 Secure Data between Legitimate User and CloudIoT
4.8 Secure User and Device Authentication
4.9 Key generation using ECC
4.10 Significance of the Proposed Algorithm

Chapter V EXPERIMENTAL STUDY AND RESULT ANALYSIS
5.1 Secure User and Device Registration
5.2 OpNet Simulation Tool
5.3 Exper i m ental S etup
5.4 Number of Request received by the Server for HTTP Application
5.5 Response Time for HTTP Applications
5.6 Server Performance
5.7 The average Throughput for HTTP
5.8 Attack Classification and Detection
5.9 Response Time Analysis
5.10 Analysis on Latency
5.11 Analysis on Overall System Throughput
5.12 Comparison of Public Key Cryptosystems

Chapter VI CONCLUSION AND

FURTHER RESEARCH DIRECTIONS

LIST OF RESEARCH PAPERS PUBLISHED

BIBLIOGRAPHY

ACRONYMS

ANNEXURE

CERTIFICATE

This is to certify that the thesis entitled, “A secured Architecture for Mitigating Distributed Denial of Service(DDoS) Attack Integrating Internet of Things and Cloud Computing”, submitted by E.Helen Parimala, Research Scholar, Department of Computer Science, St. Joseph’s College (Autonomous), Tiruchirappalli, in partial fulfillment of the requirements for the award of the degree of Doctor of Philosophy in Computer Science, has been carried out by her under my supervision and guidance. The above thesis is the original and independent work and the thesis has not been submitted earlier for the award of any degree of any university.

DECLARATION

I hereby declare that the thesis entitled “A secured Architecture for Mitigating Distributed Denial of Service(DDoS) Attack Integrating Internet of Things and Cloud Computing”, submitted in partial fulfillment of the requirements for the award of the degree of Doctor of Philosophy in Computer Science to the Bharathidasan University is my original research work. It has not previously formed the basis for the award of any degree, diploma, associateship, fellowship or any other similar recognition.

CERTIFICATE OF PLAGIARISM CHECK

Abbildung in dieser Leseprobe nicht enthalten

Report on plagiarism check, item with% of similarity is attached.

Signature of the Research Supervisor

ACKNOWLEDGEMENTS

“The LORD is my strong defender; he is the one who has saved me. He is my God, and I will praise him, my father’s God, and I will sing about his greatness.

(Exodus 15 :2)”

With a heart, full of love and gratitude to God the Almighty, I place on record my indebtedness to all those who have helped me to complete this research thesis. The voluminous research work of this magnitude has become a reality with the ardent support and cooperation of many personalities. It gives me immense pleasure to express my sincere thanks to all those who have directly or indirectly helped me in completing this research work.

At the very outset I cherish my deepest sense of gratitude and indebtedness to my Research Advisor, Dr. S. Albert Rabara M.Sc., Ph.D., Associate Professor Department of Computer Science, St. Joseph’s College, Tiruchirappalli for his excellent guidance and consistent patience, and for providing me with an excellent atmosphere for pursuing research . His timely help with appreciation, corrections, suggestions, and encouragement are terribly outstanding. I could not have imaged having a better advisor and mentor for my Ph.D., study. This Thesis would not have been possible if not for his guidance, advice, and unsurpassed knowledge. With a profound sense of gratitude, I extend my heartfelt thanks to my research advisor.

Besides my advisor, I would like to thank my doctoral committee members, Associate Professor Dr. J.G.R. Sathiaseelan and Assistant Professor Dr. S. Britto Ramesh Kumar, for spending their time reviewing my work and for making suggestions for the improvement of the dissertation. My research would not have been possible without their thoughtful advice and insightful comments.

I am grateful to Rev.Dr. Leonard Fernando S.J., Rector, St. Joseph's College (Autonomous), Tiruchirappalli, for his corroboratory presence and encouragement.

I owe my gratitude to Rev. Dr.S. Peter S.J., Secretary, for his dynamism and unwavering support.

I am extremely thankful to Rev. Dr.M.Arockiasamy XavierS.J., Principal, St. Joseph's College and Rev. Dr. F. Andrew, S.J., Former Principal, St. Joseph's College (Autonomous), Tiruchirappalli, for providing me a chance to pursue my doctoral programme in this prestigious institution.

My special thanks to Dr. D. P. Jeyapalan., Head, Department of Computer Science and the Faculty members of the Department of Computer Science, St. Joseph's College (Autonomous), Tiruchirappalli, for their constant support and encouragement in all my endeavours.

My wholehearted and sincere thanks are due to all staff members in the Department of Computer Science, St.Joseph’s college, Tiruchirappalli, for their continuous help rendered to me. I also express my thanks to the librarians and non-teaching staff of St. Joseph's College, Tiruchirappalli, for their deep interest and encouragement during the course of my study.

A special note of thanks to Mr. A. Vimal Jerald, Mr. Y. Sunil Raj and Sr. Daisy Premila Bai whose availability, generosity in sharing their knowledge and the readiness to offer timely help regardless of their routine schedule have made the effort successful. I am thankful to all my Fellow Research Scholars D.Akila, D.Sathya, Mr. V.K.Sanjeevi and Mr. K.Michael Raj whose thoughtfulness and the assistance extended for the completion of the thesis.

I owe my deepest gratitude towards my better half Mr. P.Andrew for his eternal support and understanding of my goals and aspirations. His infallible love and support has always been my strength. His patience and sacrifice will remain my inspiration throughout my life. Without his help, I would not have been able to complete much of what I have done and become who I am. I am also sincerely grateful to my family. I would like to thank my parents for their endless love and selfless dedications. I also wish to thank all my family members for their ceaseless support. I would not have finished this study without their understanding, encouragement and care.

I gratefully acknowledge the sincere efforts of Dr. John Bosco, Assistant Professor of English, for the encouragement and support to complete the thesis.

I express my deepest thanks to all my fellow researchers in St. Joseph’s College(Autonomous) Tiruchirappalli, for their constant support, motivation all the way through this period of my research work. I take this opportunity to thank all my friends whose love has encouraged and motivated me to complete my research work.

Finally, I express my deep gratitude to the ones who have contributed greatly to the completion of this thesis.

List of Figures

Abbildung in dieser Leseprobe nicht enthalten

List of Tables

Abbildung in dieser Leseprobe nicht enthalten

Abstract

I nternet of T hings (IoT) and C loud C omputing play a vital role in the field of I nformation T echnology. The goal of IoT is to link objects of heterogeneous in nature to avail smart services and application anywhere, anytime using any device. C loud C omputing allows computer users to conveniently rent access to fully featured applications, to software development and deployment environments, and to computing infrastructure assets such as network-accessible data storage and processing with its salient features of on-demand self-service, broad network access, resource pooling, rapid elasticity and measured Service. Though the Cloud and IoT have emerged as independent technology, merging these two technologies brings renaissance in the field of future networks and in building smart environment. This new evolvement is known as CloudIoT. One of the important challenges in CloudIoT is security. Challenges on the integration of the Cloud within IoT are to be a major bottleneck. The integration of security mechanism and data privacy are also a major concern. Any leakage of information from any of the CloudIoT could severely damage the privacy and authenticity of the users and data. Researchers all over the world put on efforts in integrating smart CloudIoT services to satisfy the needs of the CloudIoT Users. But no prominent architecture has been authenticated so far. Hence, it is imperative to design architecture to integrate CloudIoT smart services and applications to access smart services in a secured manner at anywhere anytime. The major challenges in implementing this scenario are security factors such as authenticity, confidentiality, integrity, and privacy. In network security, there are several types of attacks which can harm the network resources and services. D istributed D enial o f S ervice (DDoS) is one of the malicious attacks which can harm data communication in CoT potentially. There is a problem that may render customers to withdraw from the cloud services. Traditional DDoS attack aims at servers and/or the bandwidth of a network or a website in order to make them unavailable to their intended users. However, attackers can generate DDoS attack to harm the cloud resources in the same way as the cloud has a huge pool of resources which are larger than attackers resources. However, attackers can generate DDoS attack against the CloudloT users and network service providers. In this scenario, a huge amount of fake requests are sent to the users system. Hence, the provider can scale up the required infrastructure of the user in response to its high demand. This process will be reflected in the users bill. So users will find that the cloud is not affordable. Spreading the same feeling among many users will affect the cloud providers profit. It is a technical problem with an economic effect. Therefore, the solution of this problem must be a technical solution. A unique security method is proposed to counteract DDoS attack against a CloudloT U sers network and CloudloT Provider’s Network. It is a proactive technique that verifies the legitimacy of users in the beginning of accessing network and then providing an ongoing monitoring for the remaining packets using other security layers, in addition to hiding the protected servers locations and classifying users into four groups based on Two verification tests. It involves verifying the users legitimacy at the beginning and then monitoring their behavior using several methods and components in cloud customers networks in order to provide a secure and convenient cloud environment as well as reducing the response time for legitimate users. The SMS_FIREWALL_DDoS proposed architecture can be deployed in the CloudloT User’s network as a proactive method to avoid the effects of DDoS attacks and deployed on the CloudIoT provider’s side to shield it from DDoS attacks. However, the focus of this thesis is on protecting the CloudloT User’s network and CloudloT provider’s from DDoS and provide uninterrupted CloudloT services to legitimate CloudloT users. It can be considered as a contribution to the efforts to counteract such a threat against the CloudloT environment. Hence, S mart M itigating S ervice F irewall for DDOS Attack A rchitecture performs different actions against DDoS attackers moreover provide end to end security to CloudloT U ser and P rovider.

Chapter-I

INTRODUCTION

Our life had become much easier due to the boom in internet technology. It serves us in many ways not only by providing the fastest way to provide data but also by providing multiple benefits. The greatest benefit of the internet stands in uniting people all over the world with its enhanced communication. The estimation given by I nternet Live stats says that more than billion users will be found all over the world using the internet in the year 2019. This estimation reveals 50% of the people among the world’s total population uses internet.

The I nternet is the connection among the networks that depend on the physical infrastructure rather than their actual tangible entity. Moreover, hassle-free communication is also promoted by the internet where their interaction is very proactive through emails, SMS, chats, etc. Through the internet, any end terminal of the world could be connected, which is not similar to the normal telephone and post offices and they promote services entirely for 24*7 to all the people. The absence of the internet could be a challenge to the entire business world.

Billions of devices are connected with the traditional I nternet P rotocol (IP) suite (TCP/IP) that is interconnected computers with the global arrangement. This network is the composition of wireless, optical and electronic networking technologies gathering various fields such as public, academic, private and business sectors forming a worldwide scope. Several services based on the W orld W ide W eb application (WWW), hypertext files, e-mail, distributed systems, and communication A Secured Architecture for Mitigating Distributed Denial of Service(DDoS) Attack Integrating Internet of Things and Cloud Computing are promoted by the internet with their broad range of information [ Calbbretta et al., 2018 ]. Several hardware and software layers are composed of internet service technology, which controls several aspects of the framework. Resource sharing and communication are done within the millions of constrained devices through the internet platform [ Phuc et al., 2018 ]. But several challenges also tend to limit the use of the internet due to their privacy and security lacking issues such as viruses, encryption, reliability, theft identification, integrity, cyberbullying, confidentiality [ Akhunzada et al.,2016 ].

But still the internet forms the backbone for a novel infrastructure globally promoting worldwide information by diffusion and sharing and several physical entities are connected that could communicate and compute their capabilities with a wide range of technology and services [ AtZori et al.,2018 ].

This could pave the way for the novice services and also gives rise to the field of I nformation and C ommunication T echnology sector with new opportunities and applications that connects the virtual and physical realms. Therefore, a new perception of the I nternet of T hings (I o T) gives rise to the virtual world of information technology by integrating impeccably with the real world things.

1.1 Internet of Things

In the field of I nformation T echnology, I nternet of T hings (I o T) is a new paradigm that is defined with two important terms, "I nternet" and "T hings". I nternet is the set of interconnected computer networks that serves as the global system with the I nternet P rotocol suite (TCP/IP) for worldwide users. This network links several public, private, business, education and government globally, linked with the array of wireless electronic networking and optical technologies [ Pecori et al., 2017 ]. The term I o T was first introduced by a community member named Kevin Ashton, in the R adio F requency Id entification (RFID) development department and had found a huge development due to the utilization of mobile devices embedded communication, data analytics and c loud c omputing [ Gubbi et al., 2013 ]. RFID system plays a huge role in the I o T field, which comprises of several readers with more tags. These methodologies have separate digital identities combined with the network that enhances the automation in detecting something they are co-operated with. This provides the digitalized information and services that are processed at real-time with high speed [Mohammadi et al., 2018 ]. The I o T Applications is depicted in F igure1.1. Various sensors that are interconnected with one-another could communicate with the objects directly without the need of human intervention, forms the I o T. Sensors help in gathering several types of data that are provided by the machines and these machines are included within the "things".

Abbildung in dieser Leseprobe nicht enthalten

Figure 1.1 IoT Applications

Here the network communication protocol is interoperable in nature and the sensors are connected with the regular devices such as dishwasher, automobiles, ovens, fridges and several other smart devices that could interact with the users through the software co-operated with p ersonal c omputers (PC s) or mobile phones [ Perrone et al., 2017 ].Present State of I o T Network Architecture in F igure 1.2.

Abbildung in dieser Leseprobe nicht enthalten

Figure 1.2 Present State of IoT Network Architecture

Human life is transformed with the large implementation of I o T devices. In recent years, Smart homes are enabled with internet appliances with energy management devices and home automation components that promote high security with the efficiency of energy.

Healthcare services are promoted with the network-enabled medical devices that are fitted in the form of wearable jackets and offers daily monitoring of human health. S mart C ities idea cooperates with the intelligent traffic systems, networked devices and embedded sensors in the roads that help in minimizing energy consumption and congestion. With the development of smart phones, it helps in integrating several technologies and objects that are integrate with large-scale deployment with have certain security issues [ ShancangLi et al., 2019 ].

The main issues that fall with the IoT environment may be fraudulent user authentication, system configuration, management, verification, access control and information storage [ LeLiang et al., 2019 ]. For offering connections globally, the embedded sensors along with the smart phones offer the digital environment, which promotes life to be very adaptive, sensitive and responsive to all human requirements.

But still, lack of security tends to limit these devices. The user privacy may be compromised and the result is the leakage of information due to the intercepted and interrupted signals. These issues should be addressed to exclusively adopt the I o T network that builds up the confidence with the personal users [ Premsankar et al., 2018 ].

1.2 IoT Prognostications

The evolution of this technology tends the business industries and organizations to have the projections regarding the potential impact of the I o T technologies for the next ten years among the internet and the economy. Due to the devices connected through the internet, rapid growth in smart devices takes place.

By the year 2020, the prediction done by the analysts, Cisco, and Ericcson (Dave Evans and Hans Vestburg, respectively), says that the predicted rate of devices connected to the internet could be extended to 50 billion. But this estimation has been revised due to their difficulty in the confidence.

Evans predicted the rate of about 30 million and Ericcson predicted the rate of about 28 billion devices by the year 2021. This difficulty in the prediction occurred due to the inconsistency of the number of devices connected to the internet in recent times.

The difference among the I o T devices such as GSMA and m achine-to- m achine (M2M) is clearly stated by several analytical figures, which targets the cellular connectivity among M2M devices and also eliminate the consumer electronic computing devices that include e-readers, M2M connected technologies supporting universal I o T, smart phones, tablets etc [ Dhingra et al., 2019 ]. Before, the estimation was done regarding the connectivity among M2M to be 5 billion in the year 2014 and 27 billion during the year 2024 [ Machina et al., 2015 ].

On the other hand, Gartner in the year 2016 estimated to have 6.4 billion devices (other than the tablet, smartphones, and computers), the I nternational D ata C orporation predicted 9 billion (excluding the same as the previous case) and IHS predicted 17.6 billion (by including the excluded factor). This paves the notion of having a shift by the name “on the internet” with the real massive statement “T hings on the Net”, which tends to make all the activities smart. With the consideration of certain threats and potential impacts, certain I o T issues should also be considered.

1.3 Definitions on IoT

Certain definitions are promoted to the I o T technology by the researchers that are documented below:

The exact unique definition is not provided to the I o T technologies, accepted worldwide user community. However, several groups of people within the field of academics, research, innovation team, developing team and corporate have defined A Secured Architecture for Mitigating Distributed Denial of Service(DDoS) Attack Integrating Internet of Things and Cloud Computing I o T with the initial attribute given by Kevin Ashton, who is an expert in the field of digital innovation. The first version is through the word “internet” and the next version by the word “things”, which is “A comprehensive and open network with the integrated intelligent objects, which have the capability to auto-organize and acts on every situations with the collecting and reacting based on the information received through the changes in the environment".

IoT platforms form the devices to be very smart and the processing becomes intelligent with informative communication throughout the day. IoT refers to the interoperated connected devices with unique identifiable RFID technology [ Siegel et al., 2018 ].

IETF provides the statement of IoT as: “The idea of IoT falls to connect objects such as electrical, non-electrical or electronic devices to offer faultless communication and background services promoted by them ”. The interaction and co-operation could be done by sensors, RFID cards and actuators that materialize the I o T services to be better and accessible from anywhere at any time”.

W3C defines “Web of Things” as follows [W3C,” Web of Things”]: “The web technologies are the role of the W eb of T hings that make possible with the application and service development with the virtual representation and physical objects of I o T technology. The physical objects tagged with the NFC or bar code along with the actuators and sensors are all included with the development. The RESTFUL services are accessed by the HTTP web technologies and for naming objects as a basis for Linked data and rich descriptions, and Javascript API s for virtual objects acting as proxies for real-world objects ”.

The Smart America/Global cities description regarding IoT is given as: “Cyber­ P hysical Systems ( CPS ) — sometimes known as I o T , incorporates several smart systems and devices with the energy manufacturing, healthcare, and transportation sectors in several ways. Smart communities maximize the adaption of I o T technologies to improve the sustainability and efficiency of operation in enhancing the quality of life” [NIST, “Global City Teams”,2014].

SAP [Haller,” Internet of Things”,2009] gives the definition of IoT as: “A world of seamless integration of physical objects in the network that includes the active participation of business environment, where the interaction is done among the ‘Smart Objects’ through the query given to the internet and their state changes with the associated information concerning the security issues”.

Cisco labeled IoT with the definition: “Bringing people together, process thing and collects data to make the connectivity among the internet more relevant and valuable and this information are turned to actions, which produces new capacities and greater experiences with the unparalleled economic opportunity for individuals, business and countries ”.

According to the definition of ETSI for the M2M Communication states that, “The communication among the 2 or more entities that do not necessitate the human actions forms the M achine-to- M achine communication. This could automate the communication and the decision process”.

For the knowledge purpose, a well-defined I o T is stated as: “ A self-configuration global network infrastructure that have dynamic capabilities depending on the interoperable and standard communication protocols where the virtual and physical things have their own physical identities, attributes and uses intelligent interfaces with the virtual personalities, which is faultlessly gathered with the network information" [Kranenburg et al., 2008 ].

For communicating with the environment, social and user contexts, things have their identities with the virtual personalities, operating in the smart spaces with the interfaces. According to ITU “Advanced services enabled by the global infrastructure of the information society through the interconnection of virtual and physical entities based on the evolving and existing communication and information technologies" [ITU work on Internet of Things, 2015 ].

The [ IEEE 2014 ] describes I o T as a ” network of items collaborated with severed sensors that communicate through the internet". Simultaneously, the I nternet E ngineering T ask F orce (IETF), and another expert organization says that “According to the vision of IoT “thing” takes place in the form of actuators, sensors, computers, TVs, vehicles, food, medicines, etc” [Minerva et al.,2015 ]. The next generation of I o T takes place in the storage of data through the cloud-based environment that is known as the N ext G eneration I nternet [ Joshi et al., 2013 ].

1.4 Cloud Computing

Based on the requirement of several devices, c loud c omputing offers data processing sets commonly, which is then said to be internet-based distributed computing. This model of computing set enables pervasive and suitable on-demand networks with the pool of computing properties such as systems, storage, servers, and several utilities. However, the task of processing the enormous amount of data is made easy with the c loud c omputing technology integrated with the several I o T devices for the process of communication and offers on-demand resources [Mohanasundaram et al.,2018 ].

Through this technology, the following requirements could be attained: 1) services provided at a lower cost 2) performance is high 3) maximizes the computational power 4) open device accessibility and 5) versatility [ Botta et al., 2016 ]. But still, cloud users face several privacy and security issues that include identity management and several other varying challenges in IoT devices tend to the lost of transmitted data in the authentic node. Therefore, this could be avoided with the system complexity, encryption, physical security, security management approach, user identity and misconfiguration of software. C loud Computing’s main purpose is to use network­ wide configurable tools without installing them on a local PC with reduced management costs. The basic model of the cloud environment is shown in F igure 1.3.

Abbildung in dieser Leseprobe nicht enthalten

Figure 1.3 Basic Cloud Environment Model

1.5 Definitions on cloud computing

N ational I nstitute of S tandard and T echnologies (NIST) provided the essential aspects that are required in the field of cloud computing services [ Mell et al., 2009 ]. “C loud C omputing is the convenient model that promotes its device network access to the shared pool of communicating devices and does not need any management efforts and less human or service provider interaction. This is composed of three service models with four deployment models and five essential characteristics".

According to the author [YubiaoWang et al.,2018], CC is a computing service that provides a flexible virtualization tool that can be used digitally and can be extended according to user requirements. The claim stresses that CC uses virtualization software to provide consumers with its services based on their needs.

According to [ Zhang et al., 2014] CC is a computer model focused on parallel computing, distributed computing, and grid computing. Often CC can be constructed using the above-mentioned computing models which interpret concepts such as virtualization, utility computing, and CC 's three service layers.

1.5.1 Essential Characteristics

1.5.1.1 On-demand self-service: Without the service provider interaction, a consumer can unilaterally promote their server time and the storage space through the network. This means that the service could be automated and does not need any human intervention.

1.5.1.2 Broad network access: A standard mechanism could be used to get access over the network through the available capabilities that use thick or thin h eterogeneous client platforms (for instance, laptops, PDAs, mobile phones, etc.).

1.5.1.3 Resource pooling: A pool of computing resources by the providers could serve numerous consumers based on their demands with the help of a dynamically allocated multi-tenant model that had various physical and virtual resources. The customers could not able to receive the provider's location due to the sense of independence that does not occur any knowledge regarding the provider's place, country, data center or location. However, this could be indicated by a higher level of abstraction. Virtual machines, memory processing, bandwidth, and storage are certain resources that are included.

1.5.1.4 Rapid elasticity: Capabilities could be rapidly or provisioned elastically and it certain situations it could be provided automatically for the release to immediately scale in. For the customers, these provisions are provided at an unlimited rate so that they could purchase at any amount of time duration.

1.5.1.5 Measured Service: In a certain type of service (e.g., process, storage, bandwidth, etc,) cloud computing could involve leveraging the metering capability by automatically controlling and optimizing the resources. Moreover, transparency could also be promoted for both the consumers and providers by monitoring, reporting and controlling the usage of resources with the utilized services.

1.6 Working Models of Cloud Computing

According to [ Elliott et al., 2018], cloud architecture is specified by two working models. These are:

- Service Models
- Deployment Models

Service Models: According to [ Fernando et al., 2017] cloud computing has three service types. They are:

1.6.1 Cloud Software as a Service (SaaS): The application offered by the provider should be used by consumers that are promoted by the capability of the cloud infrastructure. They are handy with the client’s devices through the web-based mail or the web browsers. The operating system, network or servers with each application capabilities are not managed or controlled by the consumers except the configuration settings that are user-specific application limited.

1.6.2 Cloud Platform as a Service (PaaS): The application created or developed by the consumers is deployed through the capability offered by the cloud infrastructure, which is made possible with the help of the programming language and also the supported tools promoted to the users. The employed application that hosts the configuration of the environment will be managed by the customer however they don’t have the control of the servers, operating systems, and the network infrastructure.

1.6.3 Cloud Infrastructure as a Service (IaaS): Certain fundamental computing resources that include networks, storage and processing the provisions are the capabilities offered to the customers where they can deploy and run the arbitrary software that includes the applications and the operating system. But the consumers could not get access to the underlying cloud infrastructure but they could have access control over the storage, OS and the deployed applications with the minimum control of selective network components.

1.7 Deployment Models of Cloud Computing:

There are four deployment models in the cloud environment in line with [Rastegar et al., 2019]. The deployment model is depicted in F igure 1.4.

1.7.1 Private cloud: The cloud infrastructure could be operated by on/off-premises that are solely based on the type of the third party or the particular organization.

1.7.2 Community cloud: In here, the infrastructure will be shared by the specific supporting community or several organizations that have certain shared concerns (e.g., policy, the requirement of security, compliance, and mission). The cloud infrastructure could be operated by on/off-premises that are solely based on the type of the third party or the group of organizations.

1.7.3 Public cloud: In here, the cloud services will be available to the large industry group or the general public, in other words, it could be owned by an organization promoting the sale of cloud group services.

Abbildung in dieser Leseprobe nicht enthalten

Figure 1.4 Deployment models of Cloud Computing

1.7.4 Hybrid cloud: This infrastructure is the combination of two or more cloud groups (e.g., community, public or private). They are bound together with the proprietary technology or based on the standard but are said to be the unique entities enabling the portability of data and applications (e.g. load balancing among cloud).

According to the IEEE Standards Association (IEEE-SA)/ ‘cloud computing is defined in the form of two working drafts. One profile draft emphasizes various cloud ecosystems that include service providers, users, and cloud vendors. The other draft is the inter-cloud that promotes the functionality of the topology, interoperability governance from the cloud-to-cloud federation”.

1.8 IoT and Cloud Integration

Both the I o T and c loud c omputing are two individual technologies that come under the part of our daily lives. They are said to be the most important aspect of the future internet since their usage and adoption is said to be more persistent. However, the combination of I o T with the cloud environment is forecasted as troublesome in the certain deployed application scenario. According to the characterization of the virtual world, c loud c omputing is known for its unlimited storage capacity with its extraordinary process power. Moreover, merging these two individual technologies could bring a strong evaluation in future networks. With the unconstrained resources and capacities, the technological constraints could be compensated by the I o T with the enormous processing power and storage. Similarly, I o T could extend the scope of cloud computing services in a distributed and dynamic way of delivering novice services and applications to the real world in real-time [ Alessio et al., 2016 ].

A new conceptual framework that relates the cloud services with the IoT based smart objects promotes numerous smart applications. The field that involves the integration of the IoT with cloud services includes smart cities, health care, environment monitoring smart energy, smart metering, logistics, smart grids, etc. This integration tends to enhance the performance of these applications and with their availability of services, it could make the smart world that could offer the customer’s requirements anywhere at any time and any firm irrespective of their underlying technology. The major challenges concerning the integration of loT and cloud come under security, heterogeneity, reliability, privacy, performance, etc [Okonski et al., 2018 ].

loT has a major concern with the reliability, security, privacy, and performance that are widely categorized with real-world objects with limited processing power and storage. But, c loud c omputing has eliminated all the constraints of the loT that have unlimited storage and processing power since they are present virtually with their mature technology. Hence this new paradigm of integrating loT and cloud-based services could solve all the constraints of loT and take a rule of the future internet occupying the business communities and several large industries [ Chandni et al., 2017 ]. This new evolvement is known as CloudloT.

At the year of 2006, Google’s CEO Eric Shmidt gained popularity by using cloud computing services and it had a huge impact and got its attention within several IT industries. Due to the low cost, processing capacities and unlimited storage capability, c loud c omputing had realized and made evolution with the new computing model [ Boroojeni et al., 2017 ] and the general utilities had been provided by the virtual resources that are leashed with the on-demand fashion. Huge companies such as Facebook, Google, Amazon, etc, had been using these services over the internet for delivering the services and they had been benefitted both technically and economically. This disruptive technology had been used in several IT sectors with the profound implications for delivering their services through the internet. But still, technical related and business-based issues had found to be unsolved in these industries. The security-related issues identified in these service models and also the agreements based on the service-level would take away several potential users [Subashini et al., 2011].

The C loud-based loT paradigm could be affected by many potential threats that could affect their successful integration. This paradigm involves the transportation of data from real-time to the cloud environment. The important aspect of providing the necessary rules and authorized policies has not yet been resolved, which is the most important issues to be considered since the sensitive data should be accessed only by the authentic users and others should not gain the advantage of those authorized data [ Suciu et al., 2013 ].

The physical location of the data and the information based on the s ervice l evel a greements (SLAs) offered by the service provider could not be trusted due to the data that moves from the IoT applications to the cloud infrastructure [ Atlam et al., 2017 ]. Due to the multi-tenancy concept, there could be leakage with certain sensitive information. Due to the processing power constraints, the cryptography-based public keys could not be accessed by several layers that are forced by the IoT objects. Special attention is gained by the new challenges that include the possible attacks affecting the distributed systems, session riding, SQL injection, side-channel, cross­site scripting, etc. Virtual escape, as well as the session hijacking, is also certain important vulnerabilities that are necessarily considered [ Doukas et al., 2012 ].

Thus the combination of both the cloud and IoT could make several changes by making innovations in multiple fields that are due to their ubiquitous sensing services along with the processing power of streaming the sensed data beyond the capability. With the smart devices, the sensed data could be intelligently stored and used to actuate and monitor the situation in real-time.

This automated and predictive decision making is made possible with certain machine learning algorithms, artificial intelligence techniques, and novel data fusion algorithms and this could be implemented and distributed to the cloud platform. Due to this advancement, several evolvements could be seen in the field by developing smart cities, smart grid, smart transportation systems, etc. However, the several booms in the integrated field could also promote certain cons that should be necessarily avoided with the certain advanced network architecture integrated with several protocols that utilize the concept of big data for retrieving the data from the loT devices and store them in the cloud. This integration should take care of certain critical factors that include data security, privacy, reliability and Q o S [ Sivakumar et al., 2017 ].

1.9 Cloud Computing Security

The C loud C omputing architecture puts together three interdependent layers of infrastructure, platform and application [Lynda et al., 2018] C loud C omputing and its infrastructure are becoming more tempting targets for prospective intruders due to their decentralized and transparent nature [Venkatesh et al., 2018]. Many research defined security as one of the main problems of the adoption of cloud computing. Top providers for cloud computing such as Sony, Rackspace, Microsoft, and Amazon were all targets of attacks. Attacks targeting I nternet S ervice P roviders affect the ability of consumers to access cloud services, including cyberattacks targeting an Internet traffic company which also impacted A mazon in October 2016.

C loud c omputing's main challenges are security, data privacy, on-demand data availability, reliability, and latency. Privacy is perceived to be the cloud's key concern. There are many security issues with cloud service layers, such as data protection, network security, resource availability, etc. To accomplish them, attackers such as DoS attacks, buffer overflow attacks, DDoS attacks cross-site scripting attacks, etc. DDoS attacks are put as the top nine threats to CC.

1.10 Denial of Service Attack and Cloud Computing

Easy and affordable access to various computing facilities and providing services based on demand is one of the main features of C loud c omputing. Also, it provides low-cost features that give strong contention to conventional IT -based infrastructure. C loud has taken the majority of the applications in the IT industry, in the Government sector and other domains as well. When compared to the fixed infrastructure on­premise, cloud Infrastructure promises great advantages [Kandukuri et al., 2009]. These advantages include on-demand resource availability, pay as you go billing, better hardware utilization, no in-house depreciation losses, and, no maintenance overhead. Most of the questions are specifically related to data and business logic security [Kaufman et al.,2009].

The traditional non-cloud IT infrastructures have many security-related attacks. To cloud targeted severe attacks, their solutions are now applied. With no transparent control, the business logic and other forms of data are situated on a remote cloud server. In various non-cloud infrastructures, most security concerns are not the same as their previous versions. The D enial o f S ervice(DoS) attack is one such attack where there has been greater visibility [Zissis et al., 2010]. Customer service is provided traditionally, by these servers and they are attacked by the DoS attackers.

Active servers are flooded by DoS attackers by behaving like a l egitimate customer. Due to this, the service becomes absent as more amount of requests are pending and overflows the service queue. A variety of DoS attacks is D istributed DoS or DDoS where a particular service is been targeted by a group of attackers [Devine et al.2015].

A most prominent and fatal threat is the high rise in the number of report incidents of DDoS. A DDoS attack requires an attacker to gain control of a network of online machines in order to carry out an attack. Computers and other machines(such as l o T devices) are infected with malware, turning each one into a bot(or Z ombie). The attacker then has remote control over the group of bots, which is called a botnet [Neupane et al., 2018].

Once a botnet has been established, the attacker is able to direct the machines by sending updated instructions to each bot via a method of remote control. When the IP address of a victim is targeted by the botnet, each bot will respond by sending requests to the target, potentially causing the targeted server or network to overflow capacity, resulting in a denial of service to normal traffic. Because each bot is a legitimate internet device separating the attack traffic from normal traffic can be difficult [ Debroy et al., 2016].

The main conceptual model of information security was C onfidentiality, T ransparency, and A vailability. [Gupta et al., 2016] defined c onfidentiality as unauthorized information disclosure, i ntegrity as unauthorized information modification, and a vailability as unauthorized access denial.

In October 2019, Amazon's cloud computing division AWS has recently experienced a sustained DDoS attack that appears to have lasted about eight hours. The attack itself affected router 53 of the company DNS web service through other services also experienced outages as a result. AWS does offer its DDoS mitigation service called shield Advanced but it was unable to fully stop the attack. As a result of the attack, many AWS customers were unable to access the company’s S3 service and several AWS services were forced to rely on external DNS queries. An email sent out to AWS customers, during the time of the attack, confirmed that the DNS outage was caused by a DDoS attack. According to Amazon, its Shield Advanced DDoS mitigation did end up flagging some legitimate customer queries as m alicious ones and left users unable to connect. Due to the size of AWS and a large amount of web traffic it handles at all times, the DDoS attack that took its services offline was likely massive although don’t find out more until elfter a full investigation is complete. Targets of A pplication L ayer A ttacks are depicted in F igure 1.5. The chart below shows the percentage of respondents who received attacks on the application-layer targets listed. DDoS Attack Growth Estimate in the year 2020 is shown in F igure 1.6.

According to [ Yan et al., 2016 ], botnets are used to launch DDoS attacks. The attackers Pick the Botnets by snooping the network for compromised machines and using them as agents. Such machines are referred to as botnets or zombie computers. The host and zombie machines use spoofed IP addresses that make it difficult to locate the attacker and their origin. The main goal of this assault is to overwhelm the resources. Bandwidth, CPU cycles, memory, file descriptors, buffers, etc., can sometimes crash the database in the sense of CC resources.

Abbildung in dieser Leseprobe nicht enthalten

Figure 1.5 Targets of Application Layer Attacks

F igure 1.7 demonstrates a cloud-based DDoS example. A pplication l ayer DDoS is originating from low layers, these attacks use application-level protocols to overwhelm the resources of the victim, rendering them more undetectable. There is a need for tools to help prevent or at least detect these attacks with these threats to cloud Intrusion is generally described as an effective attack on the network or system. In a technical report on the art of intrusion detection, [ Daffu et al., 2016 ] described the attack as an aggression against another adversary, the attacker, by one opponent, the intruder.

Abbildung in dieser Leseprobe nicht enthalten

Figure 1.6 DDoS Attack Growth Estimate in year 2020.

The attacker is attacking with a clear objective in mind. From the point of view of a network maintainer, an attack is a series of one or more incidents that may have one or more security consequences. From the point of view of an attacker, an attack is a process to achieve a target. Direct and Indirect Effects of DDoS Attack in the Cloud is shown in F igure 1.8.

Abbildung in dieser Leseprobe nicht enthalten

Figure 1.7 DDoS Attack inCloud

Abbildung in dieser Leseprobe nicht enthalten

Figure 1.8 DDoS Attack in Cloud: Direct and Indirect Effects

1.11 Taxonomy of DDoS Solutions

Attack prevention, Attack detection, and attack mitigation and recovery are the three parts in the taxonomy of DDoS attacks. To prevent the attack, a simple “T uring Test” may help in the first instance when the requests come. Significant contributions in the domain of traffic monitoring and analysis are there. Some methods which are helpful in mitigation, as well as recovery, fall in the third stage. One of the proactive measures is the DDoS prevention in the cloud where requests of the suspected attackers are dropped or filtered even before they infect the server. No “presence of attack” state is available in the prevention methods and it is generally available only to attack detection and mitigation methods. Irrespective of whether the users are legitimate or illegitimate, prevention methods are applied. There is an overhead for the servers and the legitimate clients and this is because most of the methods are tested against their usability.

Abbildung in dieser Leseprobe nicht enthalten

Figure 1.9 DDoS attack prevention, detection and mitigation in cloud: A taxonomy

Most of these methods are tested against their usability, which DDoS attack prevention, detection, and mitigation in the cloud: a taxonomy is depicted in F igure 1.9. DDoS Protection in the cloud at various levels is shown in Figure 1.10.

Abbildung in dieser Leseprobe nicht enthalten

Figure 1.10 DDoS Protection in cloud at various levels

1.12 Types of DDoS Attacks

DDoS Attack types are divided into three categories. They are V olume- b ased a ttack, P rotocol b ased a ttack, A pplication layer-based attack. DDoS Attack is shown in F igure 1.11.

1.12.1.1 Application Layer DDoS attack

A pplication L ayer A ttacks [Rao et al., 2017] among the most dangerous and severe threats of all other types are the application layer attacks. Since the attack rate will always be as low as possible, this attack is difficult to detect and prevent.

S lowloris and R udy are some of the tools to deal with these attacks and HTTP GET Flood stands as the most common flooding attack.

Abbildung in dieser Leseprobe nicht enthalten

Figure 1.11 DDoS Attack

Abbildung in dieser Leseprobe nicht enthalten

Figure 1.12 Types of DDoS

Types of DDoS Attack is depicted in F igure 1.12.Few attempts to damage the server by overloading the resource-intensive request processing are slow and DNS query flood attacks are other kinds of attacks. Over usage costs for subscribers and operational damages, data loss for service providers is the major demerits when these kinds of attacks happen. It exceeds almost 200 Gbps when these attacks are launched. But with the modern infrastructure of the server, we can bring down to 20 to 40 Gbps.

1.12.1.2 HTTP Flood Attack

HTTP flood attacks [Ghafar et al., 2019] are a type of “Layer T” DDoSA ttack. L ayer 7 is the application layer of the OSI model, and refers to internet protocols such as HTTP.

It is the basis of browser based internet requests, and is commonly used to load webpage or to send from contents over the I nternet. Mitigating application layer attacks is particularly complex, as the malicious traffic is difficult to distinguish from normal traffic. HTTP Flood Attack is shown in F igure 1.13.

Abbildung in dieser Leseprobe nicht enthalten

Figure 1.13 HTTP Flood Attack

1.12.1.3 UDP Flood attack

Abbildung in dieser Leseprobe nicht enthalten

Figure 1.14 UDP Flood Attack

A UDP flood [Chugunkov et al., 2018] is a type of denial-of-service attack where a large number of U ser D atagram P rotocol packets are sent to a targeted server with the aim of overwhelming that device’s ability to process and respond. As a result of UDP flooding, the firewall shielding the targeted network can also become exhausted as a result of UDP flooding, resulting in a denial of service to legitimate traffic. UDP F lood is shown in F igure 1.14.

1.12.1.4 ICMP Flood Attack

A ping flood [ Marcos et al., 2018 ] is a denial-of-service attack in which the attacker attempts to overload a targeted machine with ICMP echo-request packets, rendering it inaccessible to normal traffic. The attack becomes a DDoS or distributed denial-of- service attack when the attack traffic comes from multiple devices. ICMP Flood Attack is shown in Figure 1.15.

Abbildung in dieser Leseprobe nicht enthalten

Figure 1.15 ICMP Flood Attack

1.12.1.5 Smurf Attack

A S murf a ttack [Mahjabin et al., 2017] is a distributed denial-of-service (DDoS) attack in which an attacker attempts to overwhelm a targeted ICMP packet server. Then the computer networks respond to the targeted database by making requests to one or more computer networks with the targeted device's spoofed IP address, amplifying the initial attack traffic and possibly overwhelming the target, making it unavailable. This attack vector is generally considered a fixed and no longer prevalent vulnerability. S murf A ttack is shown in F igure 1.16.

Abbildung in dieser Leseprobe nicht enthalten

Figure 1.16 Smurf Attack

1.12.1.6 PING of Death Attack

A P ing o f D eath a ttack [Yihunie et al., 2018 ] is a d enial- o f- s ervice (DoS) attack in which the attacker attempts to interrupt a targeted device by sending a packet larger than the total allowable length, causing the target computer to freeze or crash. Ping of Death's original attack is less common today. A similar attack, known as an ICMP flood attack, is more widespread. P ing o f D eath A ttack is shown in F igure 1.17.

Abbildung in dieser Leseprobe nicht enthalten

Figure 1.17 PING of Death Attack

The attacker sends messages with spoofed return addresses to the T ransmission C ontrol P rotocol (TCP) in this attack. This is flooded to the victim host's random port with multiple UDP packets causing the host to constantly listen to a request on that port. The host's constant listening to the port causes the hosts resources to be unavailable. TCPF lood A ttack is shown in F igure 1.18.

Abbildung in dieser Leseprobe nicht enthalten

Figure 1.1 8TCP Flood Attack

1.12.1.8 Volumetric Attacks

This class of attacks attempts to create congestion by using all the bandwidth available between the target and the wider Internet. By using a method of amplification or other means of creating massive traffic, such as requests from a botnet, vast amounts of data are sent to a target.

[...]