In Defense of Cloud Computing: A Summary

Authors

  • Soo Lim Yongsan International School of Seoul
  • Taeyoon Kim

DOI:

https://doi.org/10.47611/jsrhs.v11i3.2893

Keywords:

Cloud Computing, DDoS, Man in the Middle, Phishing, Zombie Attack, Side-Channel Attack

Abstract

With the advancement of cloud computing, it became possible to effortlessly host data storage and retrieve it without being hampered by physical limitations. However, the hosting of such an astronomical amount of data, and the ease with which the said data is retrieved, brought in unwanted security risks and crucial information links. A multitude of breaching methods, including Distributed Denial of Service (DDos), Man in the Middle (MiTM), Phishing, Zombie Attacks, and Side-Channel Attacks, have forced computer security engineers to address each individual issue lest critical information is stolen or misused. This paper will introduce the concept of cloud computing, the advantages it brings to data storage and management, and the disadvantages and weaknesses which are inherent to this technology. Additionally, this paper will analyze the intruding mechanisms of the five previously mentioned cloud security attack methods and then subsequently introduce the security protocols utilized by either business or individual research groups to remedy the issue.

Downloads

Download data is not yet available.

References or Bibliography

Anouncia, S. M., & Wiil , U. K. (2019). Knowledge computing and its Applications: Knowledge manipulation and. SPRINGER Verlag, SINGAPOR.

Valentina Synenka, Top 10 Companies Using Cloud and Why. CustomerThink. (2021, August 31). Retrieved May 30, 2022, from https://customerthink.com/top-10-companies-using-cloud-and-why/

Zhou, M., Zhang, R., Xie, W., Qian, W., & Zhou, A. (2010). Security and Privacy in Cloud Computing: A Survey. 2010 Sixth International Conference on Semantics, Knowledge and Grids, 105-112.

Khan, R., McLaughlin, K., Laverty, D., & Sezer, S. (2017). Stride-based Threat Modeling for Cyber-physical systems. 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe), 26–29 September 2017; pp. 1–6. https://doi.org/10.1109/isgteurope.2017.8260283

Abdulsalam, Y. S., & Hedabou, M. (2021). Security and Privacy in Cloud Computing: Technical Review. Future Internet, 14(1), 11. https://doi.org/10.3390/fi14010011

Apple. Introduction to apple platform security. Apple Support (2022). Retrieved May 30, 2022, from https://support.apple.com/en-ie/guide/security/seccd5016d31/web

Rankin, K (2017, March 9). Two Factors are Better than One. Linux Journal. Retrieved May 30, 2022, from https://www.linuxjournal.com/content/two-factors-are-better-one

Google. (2022). Best practices for a more secure login in google cloud. Google. Retrieved May 30, 2022, from https://cloud.google.com/blog/products/identity-security/best-practices-for-a-more-secure-login-in-google-cloud

Google. ReCAPTCHA. Google (2022). Retrieved May 30, 2022, from https://www.google.com/recaptcha/about/

Wu, Z., Wang, C., & Zeng, H. (2011). Research on the comparison of flood DDoS and low-rate Ddos. 2011 International Conference on Multimedia Technology. https://doi.org/10.1109/icmt.2011.6002141

Imperva. What does ddos mean?: Distributed denial of service explained: Imperva. Learning Center. (2020, September 30). Retrieved May 30, 2022, from https://www.imperva.com/learn/ddos/denial-of-service/

Nomios Group (2021, Jan 21). Top 6 ddos protection solutions that should be on your Radar. Nomios Group. Retrieved May 30, 2022, from https://www.nomios.com/news-blog/top-ddos-protection-solutions/

National Cyber Security Centre (2020, Dec 16). Measures to counter ddos attacks. National Cyber Security Centre. Retrieved May 30, 2022, from https://www.ncsc.admin.ch/ncsc/en/home/infos-fuer/infos-unternehmen/aktuelle-themen/massnahmen-schutz-ddos.html

Javeed, D., & MohammedBadamasi, U. (2020). Man in the middle attacks: Analysis, motivation and prevention. International Journal of Computer Networks and Communications Security, 8(7), 52–58. https://doi.org/10.47277/ijcncs/8(7)1

Herzberg, A., & Shulman, H. (2012). Antidotes for DNS poisoning by off-path adversaries. 2012 Seventh International Conference on Availability, Reliability and Security. 2012, https://doi.org/10.1109/ares.2012.27

Sun, H.-M., Chang, W.-H., Chang, S.-Y., & Lin, Y.-H. (2009). DepenDNS: Dependable mechanism against DNS cache poisoning. Cryptology and Network Security, 174–188. https://doi.org/10.1007/978-3-642-10433-6_12

Bai, X., Hu, L., Song, Z., Chen, F., & Zhao, K. (2011). Defense against DNS man-in-the-middle spoofing. Web Information Systems and Mining, 312–319. https://doi.org/10.1007/978-3-642-23971-7_39

Salim, H., Li, Z., Tu, H., Guo, Z. (2012). A Client/Server Based Mechanism to Prevent ARP Spoofing Attacks. In: Tan, Y., Shi, Y., Ji, Z. (eds) Advances in Swarm Intelligence. ICSI 2012. Lecture Notes in Computer Science, vol 7332. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31020-1_30

Imperva. (2020, May 6). What is ARP spoofing: Arp cache poisoning attack explained: Imperva. Learning Center. Retrieved May 30, 2022, from https://www.imperva.com/learn/application-security/arp-spoofing/

Microsoft. (2022). What is middleware - definition and examples: Microsoft Azure. Microsoft Azure. Retrieved May 30, 2022, from https://azure.microsoft.com/en-us/overview/what-is-middleware/#:~:text=Middleware%20is%20software%20that%20lies,data%20management%20for%20distributed%20applications

Hussain, M. A., Jin, H., Hussien, Z. A., Abduljabbar, Z. A., Abbdal, S. H., & Ibrahim, A. (2016). DNS protection against spoofing and poisoning attacks. 2016 3rd International Conference on Information Science and Control Engineering (ICISCE). https://doi.org/10.1109/icisce.2016.279

Imperva. (2019, December 29). What is DNS spoofing: Cache poisoning attack example: Imperva. Learning Center. Retrieved May 30, 2022, from https://www.imperva.com/learn/application-security/dns-spoofing/

Ludena Romana, D., & Musashi, Y. (2007). Entropy Based Analysis of DNS Query Traffic in the Campus Network. Journal of Systemics, Cybernetics and Informatics. 6.

Fette, I., Sadeh, N., & Tomasic, A. (2006). Learning to detect phishing emails. https://doi.org/10.21236/ada456046

Segal, R.B., Crawford, J., Kephart, J., & Leiba, B. (2004). SpamGuru: An Enterprise Anti-Spam Filtering System. CEAS.

Halderman, J.A., Waters, B., & Felten, E.W. (2005). A convenient method for securely managing passwords. WWW '05.

Jendricke, U., & Markotten, D.G. (2000). Usability meets security - the Identity-Manager as your personal security assistant for the Internet. Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00), 344-353.

Sheng, S., Magnien, B., Kumaraguru, P., Acquisti, A., Cranor, L. F., Hong, J., & Nunge, E. (2007). Anti-Phishing Phil: The design and evaluation of a game that teaches people not to fall for phish. Proceedings of the 3rd Symposium on Usable Privacy and Security - SOUPS '07. https://doi.org/10.1145/1280680.1280692

IBM (2016, September 21). Kill cloud zombies before it's too late. Cloud computing news. Retrieved May 27, 2022, from https://www.ibm.com/blogs/cloud-computing/2013/05/31/cloud-zombies/

Kumar S., & Singh M. (2017) Detection and Isolation of Zombie Attack under Cloud Environment. Orient.J. Comp. Sci. and Technol;10(2) http://dx.doi.org/10.13005/ojcst/10.02.12

Siemons F., Security Concerns Around Zombie Cloud Infrastructure (2017). Retrieved May 30, 2022, from https://resources.infosecinstitute.com/topic/security-concerns-around-zombie-cloud-infrastructure/

Agbedemnab, P. A., Abdul-Mumin, S., & Abdulrahim, Z. (2020). Identifying and isolating zombie attack in cloud computing. Asian Journal of Research in Computer Science, 46–56. https://doi.org/10.9734/ajrcos/2020/v6i230157

Wright, G., & Gillis, A. S. What is a side-channel attack? SearchSecurity. (2021, April 6) Retrieved May 30, 2022, from https://www.techtarget.com/searchsecurity/definition/side-channel-attack#:~:text=A%20side%2Dchannel%20attack%20is,program%20or%20its%20code%20directly.

Zhang, T., Zhang, Y., & Lee, R.B. (2016). CloudRadar: A Real-Time Side-Channel Attack Detection System in Clouds. RAID.

Webroot. The dangers of hacking and what a Hacker. Webroot. Retrieved May 29, 2022, from https://www.webroot.com/us/en/resources/tips-articles/computer-security-threats-hackers

Dhillon, G. (2015). What to do Before and After a Cybersecurity Breach. The Changing Faces of Cybersecurity Governance Series.

Abdulsalam, Y. S., & Hedabou, M. (2021). Decentralized Data Integrity Scheme for preserving privacy in cloud computing. 2021 International Conference on Security, Pattern Analysis, and Cybernetics(SPAC). https://doi.org/10.1109/spac53836.2021.9539946

Published

08-31-2022

How to Cite

Lim, S., & Kim, T. (2022). In Defense of Cloud Computing: A Summary. Journal of Student Research, 11(3). https://doi.org/10.47611/jsrhs.v11i3.2893

Issue

Vol. 11 No. 3 (2022)

Section

HS Review Articles

Copyright (c) 2022 Soo Lim; Taeyoon Kim

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Copyright holder(s) granted JSR a perpetual, non-exclusive license to distriute & display this article.