A Proficient Mechanism for Cloud Security Supervision in Distributive Computing Environment

Full Text (PDF, 1808KB), PP.57-77

Views: 0 Downloads: 0

Author(s)

Kamta Nath Mishra 1,*

1. Department of Computer Science & Engg., Birla Institute of Technology, Mesra, Ranchi, INDIA

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2020.06.05

Received: 9 Jul. 2020 / Revised: 20 Aug. 2020 / Accepted: 13 Sep. 2020 / Published: 8 Dec. 2020

Index Terms

Authenticated Encoding, Cipher Block Message Authentication, Cloud Management, Secure Cloud Networks

Abstract

In the existing epoch, the cloud-IoT integrated distributive computing is earning very high attractiveness because of its immense characteristics which can be divided into two categories namely essential and common characteristics. The essential characteristics of cloud-IoT computing are demand dependent like broad network access, self-service, resource pooling, and speedy elastic nature. The common characteristics of cloud-IoT computing are homogeneity, massive scale, virtualization, resilient computing, low cost software availability, service orientation, geographic independent computation, and advanced safety availability. The cloud-IoT dependent internetworked distributive computation is internet based computation environment in which infrastructure, application software, and various similar / dissimilar platforms are accessible in the cloud and the end users (businessman, developers) have the right to use it as the client. Cloud is a step from Utility Computing and several industries / companies are frequently using cloud based systems in their day-to-day work. Therefore, safety issues and challenges of cloud computing cannot be avoided in the current era. Hence, the researchers must develop high order authentication protocols for preventing the safety threats of cloud based data communication systems..
The proposed CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) based management of cloud-IoT integrated information is a two phase authenticated encoding (AE) mechanism. The first phase is worn for executing privacy computations, and the second phase is used for computing validation and truthfulness. Here, both the cycles use same encoding technique. It is well known to us that the CCM/CCMP is an amalgamation of two forms namely AES counter form and CBC- MAC (cipher-block-chain message authentication code) protocol form. The counter form is worn to carry out encoding which guarantees data privacy whereas CBC-MAC is worn to attain data legitimacy and reliability. In this investigation work the author has investigated and critically analyzed the CCMP dependent safe Cloud-IoT integrated distributive mechanism for data / information management. The proposed approach further improves the overall security and performance of cloud-IoT integrated computing networks. Further, the author has solved the challenges of cloud-IoT computing by studying and analyzing major cloud-IoT computing safety concerns, and safety threats which are expected in future generation cloud computing systems. In this paper, the author has proposed CCMP & CBC-HMAC (Cipher-Block-Chain key Hash-Message-Authentication-Code) encoding protocol can be efficiently used for providing information safety and preventing various attacks when the data is being transferred between the Cloud and a local network. The prevention mechanism for unauthorized access of data within the cloud is also presented whose performance is highly satisfactory. A secure and flexible framework to support self-organize and self register of consumer’s information in to the cloud network is designed and tested. The testing results of proposed analysis provides us very clear evidences that the PRF of CCMP is a superior and secure in contrast to that of CBC-HMAC.

Cite This Paper

Kamta Nath Mishra, "A Proficient Mechanism for Cloud Security Supervision in Distributive Computing Environment", International Journal of Computer Network and Information Security(IJCNIS), Vol.12, No.6, pp.57-77, 2020. DOI: 10.5815/ijcnis.2020.06.05

Reference

[1] Tao Feng, Yun Cheng, “Comprehensive Research and Application of Cloud Computing in Enterprises”, International Journal of Grid Distribution Computing, Vol.7, No. 6, pp.191- 200, 2014.

[2] http://cloudcomputing.sys-con.com/node/612375/print Accessed on May 5, 2016.

[3] http://www.nist.gov/itl/cloud/ Accessed on May 6, 2016.

[4] Mohammad Sajid, Zahid Raza, “Cloud Computing: Issues & Challenges”, International Conference on Cloud, Big Data and Trust, pp.35-41, 2013.

[5] Peter Mell, Timothy Grance, “The NIST Definition of Cloud Computing”, U.S. Department of Commerce, National Institute of Standards and Technology, pp. 1-3, 2011.

[6] The Stationery Office, “The Official Introduction to the ITIL Service Lifecycle”, OGC (Office of Government Commerce), United Kingdom, pp. 1-172, 2007.

[7] J. Van Bon, A. van der Veen, “Foundations of IT Service Management based on ITIL”, Vol. 3, Van Haren Publishing, Zaltbommel, 2007.

[8] M. Miller, “Cloud Computing: Web based applications that change the way you work and collaborate online”, Que Publication, 2008.

[9] D. C. Plummer, D. Smith, T. J. Bittman, D. W. Cearley, D. J. Cappuccio, D. Scott, R. Kumar, B. Robertson, “Gartner highlights five attributes of cloud computing, Gartner Report”, Vol. G00167182, pp. 1 5, 2009.

[10] R. Buyya, C. S. Yeo, S Venugopal, “Market oriented cloud computing: Vision, hype, and reality for delivering IT services as computing utilities”, in Proceedings of the 10th IEEE International Conference on High Performance Computing and Communications (HPCC 2008, IEEE CS Press, Los Alamitos, CA, USA), Dalian, China, September 25-27, pp. 1-9, 2008.

[11] D. Alger, “Build the Best Data Center Facility for Your Business”, Cisco Press, Indianapolis, USA, June 2005.

[12] P. Mell, T. Grance, “The NIST Definition of Cloud Computing”, version 15, National Institute of standards and Technology (NIST), Information Technology Laboratory, pp. 1- 3, 2009. Online Available On: www.csrc.nist.gov , Last Accessed On: July 21, 2017.

[13] Peter Mell. (2011) 'The NIST Definition of Cloud, Reports on Computer Systems Technology”, pp. 1-7, 2011. Online Available On: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf , Last Accessed On: July 21, 2017.

[14] D.K. Mishra. (Sept.2010) 'Tutorial: Secure Multiparty Computation for Cloud Computing Paradigm”, Second International Conference on Computational Intelligence, Modeling and Simulation, pp. 1-6, 2010.

[15] I. Foster, C. Kesselmann, “The Grid: Blueprint for a New Computing Infrastructure”, Morgan Kaufmann Publishers, USA, 1999.

[16] http://www.druva.com/documents/Druva-inSync-Security-Q115-R54-10062.pdf. Lat Accessed on: May 5, 2017.

[17] J. Barr, A. Narin, and J. Varia, “Building Fault-Tolerant Applications on AWS”, Amazon Web Services, pp.1-15, 2011.

[18] U. Khalid, A. Ghafoor, M. Irum and M. Awais Shibli, “Cloud Based Secure and Privacy Enhanced Authentication and Authorization Protocol”, Procedia Computer Science, Vol.22, pp. 680-688, 2013.

[19] D. Zissis, D. Lekkas, “Addressing Cloud Computing Security Issues”, Future Generation Computer Systems, Vol. 28, No. 3, pp.583-592, 2012.

[20] D. W. Chadwick, K. Fatema, “A privacy preserving authorization system for the Cloud”, Journal of Computer and System Sciences, Vol. 78, No. 5, pp. 1359-1373, 2012.

[21] A. Saldhana, R. Marian, A. Barbir, S. A. Jabbar, “OASIS Cloud Authorization (CloudAuthZ)”, International Journal of Multimedia and Ubiquitous Engineering, Vol. 9, No. 9, pp. 81-90, 2014.

[22] http://www.vmware.com/files/pdf/partners/vmware-public-cloud-security-wp.pdf?src=vcld-2012-1-blog-PCSA%20whitepaper-ex-41 Last Accessed on May 5, 2017.

[23] http://www.dell.com/learn/us/en/04/campaigns/data-protection, (2013-11-06) Last Accessed on: May 5, 2017.

[24] Wood K, Pereira E. (Nov.2010) “An Investigation into Cloud Configuration and Security”, International Conference for Internet Technology and Secured Transactions, pp. 1-6. 2010.

[25] ]http://searchsecurity.techtarget.com/definition/authentication-authorization-and-accounting Last Accessed On: May 5, 2017.

[26] Idris Ahmed, Anne James, Dhananjay Singh, “Critical analysis of counter mode with cipher block chain message authentication mode protocol—CCMP”, Security and communication Networks, Vol. 7, No. 2, pp. 293–308, 2013.

[27] M. Hogan, F. Liu, A. Sokol, J. Tong, NIST Cloud Computing Standards Roadmap – Version 1.0, Natl. Inst. Stand. Technol. Spec. Publ. 500- 291, pp. 1-63, 2011.

[28] R. Ahuja “SLA Based Scheduler for Cloud storage and Computational Services”, International Conference on Computational Science and Applications (ICCSA), pp.258-262, 2011.

[29] A. Albeshri, W. Caelli, “Mutual Protection in a Cloud Computing Environment”, 12th IEEE International Conference on High performance Computing and Communications (HPCC), pp. 641-646, 2010.

[30] Bellare, M., Kohno, T., Namprempre, C. “Authenticated encryption in SSH: provably fixing the SSH binary packet protocol”. In Altari, V., Jajodia, S., and Sandhu, R. (Eds.) Proceedings of 9th Annual Conference on Computer and Communications Security – CCS 2002,held 18 – 22 November 2002 in Washington, USA. New York: ACM Publication, pp1-11, 2002.

[31] Bellare, M., Kilian, J., Rogaway, P. “The Security of the Cipher Block Chaining Message Authentication Code”, Journal of Computer and System Science, Vol. 61, No. 3, pp. 362-399, 2001.

[32] Black, J., Rogaway, P. “A suggestion for Handling Arbitrary-Length Messages with the CBC-MAC”. In Bellare, M. (Ed.) Proceedings of 20th Annual International Conference of Advances in Cryptology – CRYPTO 2000, Lecture Notes in Computer Science 1880, held 20-24 August 2000 in Santa Barbara, USA. Berlin: Springer, pp 197 – 215.

[33] Rogaway, P. and Black, J. “A Block-Cipher Mode of Operation for Parallelizable Message Authentication”. In Knudsen, L. R. (Ed.) Proceedings of the International Conference on Theory and Applications of Cryptographic Techniques, Advances in Cryptology - EUROCRYPT 2002, Lecture Notes in Computer Science 2332, held 28 April -2 May 2002 in Amsterdam, Holland. Berlin: Springer, pp 384-397.

[34] Caballero, J., Yin, H., Liang, Z., and Song, D. “Polyglot: automatic extraction of protocol message format using dynamic binary analysis”. In Ning, P. (Ed.) Proceedings of the 14th ACM Conference on Computer and Communications Security - CCS 2007, held 28-31 October 2007 in Whistler, Canada. New York: ACM Publication, pp 317-329, 2007.

[35] Robert, A. E., Manivasagam, G., Sasirekha, N., Hemalatha, M. “Reverse Engineering for Malicious Code Behaviour Analysis using Virtual Security Patching”. International Journal of Computer Applications, Vol 26, issue 4, pp. 41-45, 2011.

[36] Alani, M. M. “Testing Randomness of Block-Ciphers using Diehard Test”, International Journal of Computer Science and Network Security, Vol 10, No. 4, pp 53-57, 2010.

[37] Whiting, D., Housley, R., and Ferguson, N. “AES Encryption & Authentication Using CTR Mode & CBC-MAC”. http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html#03. (Online available May 6, 2017)

[38] Whiting, D., Housley, R., and Ferguson, N. “AES Encryption & Authentication Using CTR Mode & CBC-MAC”. http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html#03 (Online available May 6, 2017)

[39] Whiting, D., Housley, R., and Ferguson, N. “AES Encryption & Authentication Using CTR Mode & CBC-MAC http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html#03 (Online available On: May 6, 2017).

[40] NIST Publication 2001 “Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications”. http://csrc.nist.gov/publications/nistpubs/800-22/sp-800-22-051501.pdf (Online available May 6, 2017).

[41] Johnson, D. H. “The Insignificance of Statistical Significance Testing”. The Journal of Wildlife Management, Vol. 63, No. 3, pp 763-772, 1999.

[42] Masson, M. E. J., and Loftus, G. R. “Using confidence intervals for graphically based data interpretation”, Canadian Journal of Experimental Psychology, Vol. 57, No. 3, pp. 203, 2003.

[43] Impagliazzo, R., and Naor, M. “Efficient Cryptographic Schemes Provable as Secure as Subset Sum”. Journal of Cryptology, Vol. 9, No. 4, pp 199-216, 1986.

[44] Kenny, C. “Random Number Generators: An evaluation and comparison of Random.org and some commonly used generators”. http://www.random.org/analysis/Analysis2005.pdf > (Online available May 6, 2017)

[45] Lipmaa, H., Rogaway, P., and Wagner, D. “Counter Mode Encryption”. http://www.cs.ucdavis.edu/research/tech-reports (Online available May 6, 2017)

[46] Marsaglia, G. “Diehard Battery of Statistical Test”. http://stat.fsu.edu/~geo/diehard.html (Online available May 6, 2017)

[47] S. Almulla, Y-Y Chon, “Cloud Computing Security management”, 2nd International Conference On Engineering Systems Management and Its Applications, pp.1-7, 2010.

[48] I. Ahmed, A. James, D. Singh, “Critical analysis of counter mode with cipher block chain message authentication mode protocol—CCMP”, Security and Communication Networks, Vol. 7, No. 2, pp. 293–308, 2014.

[49] Security Guide for Critical Area s of Focus in Cloud Computing V3.0 https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf Last Accessed on: July 2017

[50] F. Khodadadi, R.N. Calheiros, R. Buyya, “A Data-Centric Framework for Development and Deployment of Internet of Things Applications in Clouds”, Proc. of the 10th IEEE International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP 2015), Singapore, April 7-9, pp. 1-6, 2015.

[51] A. M. Alberti, V.H.O. F.ernandes, M.A.F. Casaroli, L.H.D. Oliveira, F. M.P. Junior, D.Singh, "A Nova Genesis Proxy/Gateway/Controller for Open Flow Software Defined Networks", in a workshop of Man SDN/NFV, 10th International Conference on Network and Service Management (CNSM 2014) in Rio de Janeiro, Brazil, November 17-21, pp. 1-5, 2014.

[52] D. Singh "Developing an Architecture: Scalability, Mobility, Control, and Isolation on Future Internet Services", Second International Conference on Advances in Computing, Communications and Informatics (ICACCI), Mysore, India, pp. 1873-1877, 2013.

[53] Singh Irish, Mishra K. N., A. Alberti, D. Singh, A. Jara, 9th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, pp. 301 -305, 2015.

[54] Kamta Nath Mishra, A Novel Mechanism for Cloud Data Management in Distributed Environment, A Book On Data Intensive Computing Applications for Big Data, IOS Press USA, pp. 386-413, January, 2018.