<str<strong>on</strong>g>Survey</str<strong>on</strong>g> <strong>on</strong> <strong>Privacy</strong> <strong>and</strong> <strong>Data</strong> <strong>Security</strong> <strong>Issues</strong> <strong>in</strong> <strong>Cloud</strong> Comput<strong>in</strong>gattackers ga<strong>in</strong> unauthorized access to a database <strong>and</strong>become able to access sensitive <strong>in</strong>formati<strong>on</strong>. At times, thehacker’s <strong>in</strong>put data is misunderstood by the web-site as theuser data <strong>and</strong> allows it to be accessed by the SQL server <strong>and</strong>this lets the attacker to have know-how of the functi<strong>on</strong><strong>in</strong>g ofthe website <strong>and</strong> make changes <strong>in</strong>to that. Techniques likeavoid<strong>in</strong>g the usage of dynamically generated SQL <strong>in</strong> thecode, us<strong>in</strong>g filter<strong>in</strong>g techniques to clean the user <strong>in</strong>put etc.has to be used to check the SQL <strong>in</strong>jecti<strong>on</strong> attacks.Cross Site Script<strong>in</strong>g (XSS) attacks: which <strong>in</strong>jectmalicious scripts <strong>in</strong>to web c<strong>on</strong>tents has become quitepopular s<strong>in</strong>ce the <strong>in</strong>cepti<strong>on</strong> of Web 2.0. A website can beclassified as static or dynamic. Static websites do not sufferfrom the security threats which the dynamic websites dobecause of their dynamism <strong>in</strong> provid<strong>in</strong>g multi-fold servicesto the users. C<strong>on</strong>sequently, these dynamic websites getvictimized by XSS attacks. Quite often it’s observed thatwhile work<strong>in</strong>g <strong>on</strong> net or surf<strong>in</strong>g, some pop ups or webpagesget opened up with the request of be<strong>in</strong>g clicked awayto view the c<strong>on</strong>tent c<strong>on</strong>ta<strong>in</strong>ed <strong>in</strong> them. Often eitherun<strong>in</strong>tenti<strong>on</strong>ally about the possible hazards or out ofcuriosity users clicks <strong>on</strong> these hazardous l<strong>in</strong>ks <strong>and</strong> thus the<strong>in</strong>trud<strong>in</strong>g third party gets c<strong>on</strong>trol over the user’s private<strong>in</strong>formati<strong>on</strong> or hack their accounts after hav<strong>in</strong>g known the<strong>in</strong>formati<strong>on</strong> available to them. Various techniques like:C<strong>on</strong>tent Based <strong>Data</strong> Leakage Preventi<strong>on</strong> Technology,Active C<strong>on</strong>tent Filter<strong>in</strong>g, Web Applicati<strong>on</strong> VulnerabilityDetecti<strong>on</strong> Technology have already been proposed. Thesetechnologies adopt various methodologies to detect securityflaw <strong>and</strong> try to fix them.Man <strong>in</strong> the Middle attacks: Here an <strong>in</strong>truder tries to<strong>in</strong>trude <strong>in</strong> an <strong>on</strong>go<strong>in</strong>g c<strong>on</strong>versati<strong>on</strong> between a sender <strong>and</strong> aclient to <strong>in</strong>ject false <strong>in</strong>formati<strong>on</strong> <strong>and</strong> to have knowledge ofthe important data transferred between them. Many toolsimplement<strong>in</strong>g str<strong>on</strong>g encrypti<strong>on</strong> technologies like: Ca<strong>in</strong>,Dsniff, Wsniff, Ettercap, Airjack etc. have been developed<strong>in</strong> order to provide safeguard aga<strong>in</strong>st them. Hence, securityat different levels is necessary <strong>in</strong> order to ensure properimplementati<strong>on</strong> of cloud comput<strong>in</strong>g such as: <strong>in</strong>ternet accesssecurity, server access security, data privacy accesssecurity, database security <strong>and</strong> program access security.Additi<strong>on</strong>ally, we need to ensure data security at networklayer, <strong>and</strong> data security at applicati<strong>on</strong> <strong>and</strong> physical layer toma<strong>in</strong>ta<strong>in</strong> a secure cloud.B. Network Level <strong>Security</strong>Networks are classified <strong>in</strong>to many types like: public orprivate, shared <strong>and</strong> n<strong>on</strong>-shared, small area or large areanetworks <strong>and</strong> each of them have a number of securitythreats to deal with. To guarantee network securityfollow<strong>in</strong>g po<strong>in</strong>ts such as: proper access c<strong>on</strong>trol,c<strong>on</strong>fidentiality <strong>and</strong> <strong>in</strong>tegrity <strong>in</strong> the network, <strong>and</strong> ma<strong>in</strong>ta<strong>in</strong><strong>in</strong>gsecurity aga<strong>in</strong>st the external third party threats should bec<strong>on</strong>sidered while provid<strong>in</strong>g network level security.[5]Problems related with the network level security <strong>in</strong>cludes:DNS attacks, Sniffer attacks, issue of reused IP address,Denial of Service (DoS) <strong>and</strong> Distributed Denial of Serviceattacks (DDoS) etc.DNS Attacks: A Doma<strong>in</strong> Name Server (DNS) serverperforms the translati<strong>on</strong> of a doma<strong>in</strong> name to an IP addresss<strong>in</strong>ce the doma<strong>in</strong> names are much easy to remember.Therefore, the DNS servers are needed. There are caseswhere the user has been routed to some other evil cloud<strong>in</strong>stead of the <strong>on</strong>e he asked for by hav<strong>in</strong>g called the serverby name <strong>and</strong> so us<strong>in</strong>g IP address is not always feasible.Us<strong>in</strong>g DNS security measures like: Doma<strong>in</strong> Name System<strong>Security</strong> Extensi<strong>on</strong>s (DNSSEC) reduces the effects of DNSthreats but still there are cases when these security measuresprove to be <strong>in</strong>adequate when the path between a sender <strong>and</strong>a receiver gets rerouted through some evil c<strong>on</strong>necti<strong>on</strong>. Itmay happen that the route selected between the sender <strong>and</strong>receiver cause security problems even after all the DNSsecurity measures are taken.Sniffer Attacks: These types of attacks are launched byapplicati<strong>on</strong>s that can capture packets flow<strong>in</strong>g <strong>in</strong> a network.The data that is be<strong>in</strong>g transferred through these packets canbe read if the data is not encrypted <strong>and</strong> there are chancesthat sensitive <strong>in</strong>formati<strong>on</strong> flow<strong>in</strong>g across the network can becaptured <strong>and</strong> traced. Through the NIC (Network InterfaceCard), a sniffer program ensures that the data/traffic l<strong>in</strong>kedto other systems <strong>on</strong> the network gets recorded.[11] This canbe achieved by plac<strong>in</strong>g the NIC <strong>in</strong> promiscuous mode <strong>and</strong><strong>in</strong> this mode it can track all data flow <strong>on</strong> the same network.A malevolent sniff<strong>in</strong>g detecti<strong>on</strong> platform can be used todetect a sniff<strong>in</strong>g system runn<strong>in</strong>g <strong>on</strong> a network based <strong>on</strong>RTT (round trip time) <strong>and</strong> ARP (address resoluti<strong>on</strong>protocol).Issue of reused IP Addresses: IP-address is basically af<strong>in</strong>ite quantity. Each node of a network is provided an IPaddress. A large number of cases have been observedrelated to re-used IP-address. When a particular user movesout of a network then the IP-address associated with him isassigned to a new user. This risks the security of the newuser as there is certa<strong>in</strong> time lag between the change of an IPaddress <strong>in</strong> DNS <strong>and</strong> the clear<strong>in</strong>g of that address <strong>in</strong> DNScaches. And thus, we can sometimes say that though the oldIP address is be<strong>in</strong>g assigned to a new user, the chances ofaccess<strong>in</strong>g the data by some other user is not negligible asthe address still exists <strong>in</strong> the DNS cache <strong>and</strong> the databel<strong>on</strong>g<strong>in</strong>g to a particular user may become accessible tosome other user violat<strong>in</strong>g the privacy of the orig<strong>in</strong>al user.BGP Prefix Hijack<strong>in</strong>g: Prefix hijack<strong>in</strong>g is a type ofnetwork attack <strong>in</strong> which a wr<strong>on</strong>g announcement related tothe IP addresses associated with an Aut<strong>on</strong>omous system(AS) is made <strong>and</strong> hence malicious parties get access to theuntraceable IP addresses. In the <strong>in</strong>ternet, IP space isassociated <strong>in</strong> blocks <strong>and</strong> will rema<strong>in</strong> under the c<strong>on</strong>trol ofAS’s. The <strong>in</strong>formati<strong>on</strong> of an IP c<strong>on</strong>ta<strong>in</strong>ed <strong>in</strong> its regime to allits neighbors can be broadcast by an aut<strong>on</strong>omous system.These AS communicate through the Border GatewayProtocol (BGP) model. At times, because of few errors, afaulty AS may broadcast wr<strong>on</strong>gly about the IPs related withit. In such case, the actual traffic gets routed to some IP otherthan the <strong>in</strong>tended <strong>on</strong>e. C<strong>on</strong>sequently, data is leaked orreaches to some other dest<strong>in</strong>ati<strong>on</strong> that it actually should not.C. Applicati<strong>on</strong> Level <strong>Security</strong>Applicati<strong>on</strong> level security refers to the usage of hardware<strong>and</strong> software resources to provide security to applicati<strong>on</strong>ssuch that the attackers are not able to get c<strong>on</strong>trol over theseapplicati<strong>on</strong>s <strong>and</strong> make desirable changes to their format. Inthe current day, attacks are launched, be<strong>in</strong>g masked as atrusted user <strong>and</strong> the system c<strong>on</strong>siders them as a trusted userallows full access to the attack<strong>in</strong>g party <strong>and</strong> gets victimized.The reas<strong>on</strong> beh<strong>in</strong>d this is that the obsolete network levelsecurity policies allow <strong>on</strong>ly the authorized users to accessthe specific IP address. With the technological progressi<strong>on</strong>,these security policies have become outdated as there havebeen <strong>in</strong>stances when the system’s security has beenbreached by access<strong>in</strong>g the system <strong>in</strong> the disguise of a132
Internati<strong>on</strong>al Journal of Eng<strong>in</strong>eer<strong>in</strong>g <strong>and</strong> Advanced Technology (IJEAT)ISSN: 2249 – 8958, Volume-2, Issue-5, June 2013trusted user. It’s quite possible to imitate a trusted user <strong>and</strong>corrupt entire data without even be<strong>in</strong>g noticed. Thus, it isnecessary to <strong>in</strong>stall higher level of security checks tom<strong>in</strong>imize these risks.Denial of Service Attacks: DoS attempts to make theservices assigned to the authorized users not able to be usedby them. In such an attack, the service becomes unavailableto the authorized user because the server provid<strong>in</strong>g theservice is flooded by a large number of requests lead<strong>in</strong>g tothe denial of service. Sometimes, we are unable to accessthe site <strong>and</strong> observe an error due to overload<strong>in</strong>g of theserver with the requests to access the site. This happenswhen the server exceeds its capacity to h<strong>and</strong>le the numberof requests[11]. The occurrence of a DoS attack <strong>in</strong>creasesb<strong>and</strong>width c<strong>on</strong>sumpti<strong>on</strong> <strong>in</strong> additi<strong>on</strong> caus<strong>in</strong>g c<strong>on</strong>gesti<strong>on</strong> <strong>and</strong>mak<strong>in</strong>g certa<strong>in</strong> parts of the clouds <strong>in</strong>accessible to the users.Us<strong>in</strong>g an Intrusi<strong>on</strong> Detecti<strong>on</strong> System (IDS) is the mostpopular method of defense aga<strong>in</strong>st this type of attacks.Cookie Positi<strong>on</strong><strong>in</strong>g: It <strong>in</strong>volves modify<strong>in</strong>g or chang<strong>in</strong>g thec<strong>on</strong>tents of cookie to make unauthorized access to awebpage or to an applicati<strong>on</strong>. Cookies mostly c<strong>on</strong>ta<strong>in</strong> theuser’s identity related credentials. Once these cookies areavailable, the c<strong>on</strong>tent of these cookies can be forged toimitate an authorized user. This can be avoided either byimplement<strong>in</strong>g an encrypti<strong>on</strong> scheme for the cookie data orby perform<strong>in</strong>g regular cookie cleanup.Hidden field manipulati<strong>on</strong>: While access<strong>in</strong>g a web-page,there are some fields that are hidden <strong>and</strong> c<strong>on</strong>ta<strong>in</strong> the pagerelated <strong>in</strong>formati<strong>on</strong> which are basically used by developers.These fields are highly pr<strong>on</strong>e to a hacker attack as they canbe changed easily <strong>and</strong> posted <strong>on</strong> the web-page. This results<strong>in</strong> severe security violati<strong>on</strong>s.Google Hack<strong>in</strong>g: Google is the best opti<strong>on</strong> for f<strong>in</strong>d<strong>in</strong>gdetails regard<strong>in</strong>g anyth<strong>in</strong>g <strong>on</strong> the net. Google hack<strong>in</strong>gmeans us<strong>in</strong>g Google search eng<strong>in</strong>e to trace sensitive<strong>in</strong>formati<strong>on</strong> that a hacker can use to his benefit whilehack<strong>in</strong>g a user’s account. Usually, hackers try to hit up<strong>on</strong>the security loopholes by prob<strong>in</strong>g out <strong>on</strong> Google about thesystem they wish to hack <strong>and</strong> then after hav<strong>in</strong>g collected theessential <strong>in</strong>formati<strong>on</strong>, the hacker carry out the hack<strong>in</strong>g ofthe c<strong>on</strong>cerned system. Sometimes, a hacker is not sure ofthe target. As an alternative, he tries to Google out thetarget based <strong>on</strong> the loophole he wishes to hack a systemup<strong>on</strong>. The hacker then searches for all the possible systemswith such a loophole <strong>and</strong> f<strong>in</strong>ds out those hav<strong>in</strong>g theloopholes he wishes to hack up<strong>on</strong>. These had been some ofthe security threats that can be launched at the applicati<strong>on</strong>level <strong>and</strong> cause a system downtime disabl<strong>in</strong>g the applicati<strong>on</strong>access even to the authorized users.[7]V. ENSURING SECURE CLOUD STORAGEIn order to secure the cloud aga<strong>in</strong>st the various securitythreats <strong>and</strong> attacks like: SQL <strong>in</strong>jecti<strong>on</strong>, Cross Site Script<strong>in</strong>g(XSS) attacks, DoS attacks, Google Hack<strong>in</strong>g <strong>and</strong> ForcedHack<strong>in</strong>g, the cloud service providers take up differenttechniques. Some st<strong>and</strong>ard techniques so as to detect theabove menti<strong>on</strong>ed attacks are as: avoid the usage ofdynamically generated SQL <strong>in</strong> the code, validat<strong>in</strong>g all userentered parameters, f<strong>in</strong>d<strong>in</strong>g the meta-structures used <strong>in</strong> thecode, removal <strong>and</strong> disallow<strong>in</strong>g unwanted data <strong>and</strong>characters, etc. For an optimized cost performance ratio, ageneral security framework needs to be worked out. Thema<strong>in</strong> criteri<strong>on</strong> to be fulfilled by the generic securityframework is to <strong>in</strong>terface with any type of cloudenvir<strong>on</strong>ment, <strong>and</strong> to be able to detect <strong>and</strong> h<strong>and</strong>lecustomized as well as predef<strong>in</strong>ed security policies.[3]<strong>Security</strong> Scheme<strong>Data</strong> Storagesecurity[12]User identitysafety <strong>in</strong> cloudcomput<strong>in</strong>gTrust model for<strong>in</strong>teroperability<strong>and</strong> security <strong>in</strong>cross cloud [2]Virtualizeddefence <strong>and</strong>reputati<strong>on</strong> basedtrustmanagementSuggestedApproachUseshomomorphictoken withdistributedverificati<strong>on</strong> oferasure-codeddata towardsensur<strong>in</strong>g datastoragesecurity <strong>and</strong>locat<strong>in</strong>g theserver be<strong>in</strong>gattacked.Uses activebundlesscheme,wherebypredicates arecompared overencrypted data<strong>and</strong> multipartycomput<strong>in</strong>g.1. Separatedoma<strong>in</strong>s forproviders <strong>and</strong>users, eachwith a specialtrust agent.2. Differenttrust strategiesfor serviceproviders <strong>and</strong>customers.3. Time <strong>and</strong>transacti<strong>on</strong>factors aretaken <strong>in</strong>toaccount fortrustassignment.1. Uses ahierarchy ofDHT-basedoverlaynetworks, withspecific tasksto beperformed byeach layer.2. Lowestlayer dealswith reputati<strong>on</strong>aggregati<strong>on</strong><strong>and</strong> prob<strong>in</strong>gcolluders. Thehighest layerdeals withvariousattacks.Strengths1. Supportsdynamicoperati<strong>on</strong>s <strong>on</strong>data blockssuch as:update, delete<strong>and</strong> appendwithout datacorrupti<strong>on</strong> <strong>and</strong>loss.2. Efficientaga<strong>in</strong>st datamodificati<strong>on</strong><strong>and</strong> servercollud<strong>in</strong>gattacks as wellas aga<strong>in</strong>stbyzant<strong>in</strong>efailures.Does not needtrusted thirdparty (TTP)for theverificati<strong>on</strong> orapproval ofuser identity.Thus theuser’s identityis notdisclosed. TheTTP rema<strong>in</strong>sfree <strong>and</strong> couldbe used forother purposessuch asdecrypti<strong>on</strong>.1. Helps thecustomers toavoidmalicioussuppliers.2. Helps theproviders toavoidcooperat<strong>in</strong>g/serv<strong>in</strong>gmalicioususers.Extensive useofvirtualizati<strong>on</strong>for secur<strong>in</strong>gcloudsLimitati<strong>on</strong>sThe security <strong>in</strong>case ofdynamic datastorage hasbeenc<strong>on</strong>sidered.However, theissues with f<strong>in</strong>egra<strong>in</strong>ed dataerror locati<strong>on</strong>rema<strong>in</strong> to beaddressed.Active bundlemay not beexecuted at allat the host ofthe requestedservice. Itwould leavethe systemvulnerable. Theidentityrema<strong>in</strong>s asecret <strong>and</strong> theuser is notgrantedpermissi<strong>on</strong> tohis requests.<strong>Security</strong> <strong>in</strong> avery large scalecross cloudenvir<strong>on</strong>ment.This scheme isable to h<strong>and</strong>le<strong>on</strong>ly a limitednumber ofsecurity threats<strong>in</strong> a fairly smallenvir<strong>on</strong>ment.The proposedmodel is <strong>in</strong> itsearlydevelopmentalstage <strong>and</strong> needsfurthersimulati<strong>on</strong>s toverify theperformance.133