_______________________________________________________________________________________________
Distributed Intrusion Detection System with the Integration of Encryption , Splitting-up approach and OTP for Cloud Security
1Punam D. Mate, 2Madhumita Chatterjee, 3Vijay Shelake
1Computer Dept. YTCE Mumbai, India
2Comp Dept. PIIT Navi Mumbai, India
3Comp. Dept. YTCEM, Mumbai, India
Abstract— Cloud Computing is designed to create a cloud framework for end users to easily access powerful and shared resources, software and information stored on specific server. However with the advent of internet, availability becomes key security issue as distributed denial of service attacks are growing day by day. Traditional IDS fails to counter such attacks. For addressing such problems of attacks encountered, we need to develop a system that improves the performance of IDS so that it act as Distributed IDS , when the DOS and DDoS attack is detected in a private cloud. We propose a “Distributed intrusion detection System with the integration of encryption , splitting-up approach and OTP security for Cloud Security. A model contains IDS Server Model(Main Server), Private Cloud Models and DDoS Attack Model.
Through this implementation Distributed Intrusion Detection System in Cloud Computing is proposed, investigated and evaluated.
Keywords-Cloud Computing, Intrusion Detection, OTP, DoS ,DDoS.
I. INTRODUCTION
Cloud computing is delivery model of computing resources over the internet. When we store our all type of data online, use mail or social networking sites, we are using cloud computing service. Cloud computing is defined as the processing, storage, management and accessing information on server. Cloud computing uses internet and remote server to maintain data and applications. For e.g. google has a private cloud for delivering many different services to its users like text translations, maps, email access, document applications, web analytics, and much more. There are three types of cloud computing service Models[1]:
1.1 Software-as-a-Service (SaaS).
The SaaS is a software distribution model in which application hosted by a vendor are made available to customers of cloud.
Example: Yahoo!, Gmail, Google Docs, etc.
1.2 Platform-as-a-Service (PaaS). The PaaS service model offers the services as operation and development platforms to the consumer. It also allows to host Hardware and software on its own infrastructure.
Example: Google Apps, SQL Azure, etc.
1.3 Infrastructure-as-a-Service (IaaS). IaaS Provides it‟s a computing infrastructure like physical machines or virtual machines and other resources such as storage space, networking services like firewalls on demands of user Examples: Amazon web services, EC2, Windows Azure, Google Compute Engine.
With these new computing and communications paradigms arise new data security challenges. Various research in cloud computing security have tried access to data by mechanisms such as access control and encryption etc. DOS attack is a kind of security attack in which attacker attempts to make the resources of the victim devices unavailable to its intended users.
Distributed Denial of Service (DDoS) is one of the security threat that harms the availability feature of cloud services. Encryption mechanism encrypts the whole data along with the cryptographic key. Encryption is one of the existing solution that deals with the protection of data with cryptographic key. This encryption can be done using various encryption algorithms like RSA, AES etc.
We propose a “Distributed intrusion detection System with the integration of multiple approaches such as encryption, spiting-up and OTP Cloud security.
On upload of data file, processing performed on user data includes,
Binary conversion is performed.
Splitting-up binary data in to number of parts.
AES Encryption is performed.
_______________________________________________________________________________________________
Saves binary parts of data on different cloud at random selection with authentication.
On download request by data owner for specific data file,
Server sends request to all clouds.
Cloud responds with parts of requested data file to server.
AES Decryption is performed.
Merges of all parts of data file.
Conversion from binary to original format is performed.
Mails OTP to user.
After entering valid OTP data file will be mailed to users account.
Attack on Cloud,
Alerts Server about attack.
Server takes proper action and notifies same to all clouds
Server Monitors every cloud at regular interval.
Updates database records with description of action taken against attack on data.
In this paper we firstly present background of IDS and its approaches of its implementations, In section III we have explained our proposed system “Distributed intrusion detection System with the integration of encryption , splitting-up approach and OTP security”
and explained its general functionality. Section IV discusses performance of proposed system section V explains Evaluation of Proposed system. Finally, a summary in the conclusion section is outlined. while presenting results further discussing recommendations for future work. The remainder of this Report is organized as follows:
II. RELATED WORK
Farhan Bashir Shaikh and Sajjad Haider have identified that security is biggest hurdle in wide acceptance of cloud computing. Users of cloud services are in fear of data loss and privacy. Researchers and IT security professionals must come forward and do more to ensure security and privacy to users. their study identifies top security concerns of cloud computing, these concerns are Data loss, Leakage of Data, Client„s trust, User„s Authentication, Malicious users handling, Wrong usage
of Cloud computing and its services Hijacking of sessions while accessing data [2].
Claycomb, W. R. (2012) has characterized a hierarchy of administrators within cloud service providers and also gave examples of attacks from real insider threat cases.
They discussed how cloud architecture let attackers to breach the security. They mentioned the key challenges faced by cloud providers and clients for securing their highly confidential data[3].
Data theft attacks are amplified if the attacker is a malicious insider. This is considered as one of the top threats to cloud computing by the Cloud Security Alliance [1].
Van Dijk and Juels have shown that fully homomorphic encryption, often acclaimed as the solution to such threats, is not a sufficient data protection mechanism when used alone [2].
F. Rocha and M. Correia outline how easy passwords may be stolen by a malicious insider of the Cloud service provider [7]. Chi-Chun Lo ,Chun-Chieh Huang and Joy Ku presents cooperative intrusion detection system for cloud computing network to reduce the impact of DoS attack. By doing this, if one of the cloud computing regions suffers from DoS attack, then cooperative IDS sends alert message to other IDS systems [6].
Distributed attacks could not be detected by the present available intrusion detection system, Han Li, Qiuxin Wu. propose a distributed intrusion detection model based on Cloud theory. It is composed by Intrusion Detection Agent subsystem and Data Aggregation subsystem [14].
Saeed M. Alqahtani Maqbool Al Balushi Robert John presents an Intelligent Intrusion Detection System for Cloud Computing (SIDSCC) service which results illustrate that IDS Server possesses an effective mechanism against ICMP packets that comes over SaaSCloud. It highlights the major vulnerabilities of SaaSCloud network, which is the rate of packets lost [5].
Jason Nikolai and Yong Wang shows that the proposed hypervisor-based cloud intrusion detection system does not require additional software installed in virtual machines and has many advantages compared to host- based and network based intrusion detection systems which can complement these traditional approaches to intrusion detection by presenting Hypervisor-based Cloud Intrusion Detection System [9].
Thus all the DIDS Systems shows different approaches to apply them on cloud but all DIDS Systems aims to avoid DOS and DDoS attacks. High volume of data can be handled by DIDs based on cloud theory but scalability is less. Using Multilevel and Hypervisor
based IDS systems increases cost of System but hypervisor system‟s framework does not require addition software to be installed on VM. Feature Extraction quality of Distributed IDS increases false detection rate of system. Collaborative IDS provides intrusion prevention along with detection but complex to implement, whereas Cooperative DIDS increases little computation effort compared with pure snort based IDS.
III. PROPOSED SYSTEM
Fig. 3.1 System Architecture
The aim of the present work is to propose “ DIDS system integrated with multiple approaches for cloud security”, in which whenever hacker attack to access data on any cloud, the notification alert will be send to central system. On alert, central system will decide the action to be raise on that cloud and instruct same to cloud. Central system will also implement response action at his own to prevent any further attack on central system and notify same to all clouds through Server.
Suppose, still hacker gets success to access the data, then also it is of no use for him. This is because the data on every cloud will be available in encrypted binary format which is a part of whole file, and it is not possible to get original data from any encrypted binary part of data.
The database at central system will be updated on every such attempt to prevent data in future. Every cloud will synchronize the database logs of such attack information with central system.
On attack Cloud system alerts server about attack using IDS present on the Cloud. Then server takes proper action and notifies same to all clouds. Server Monitors every cloud at regular interval and Updates database records with description of action taken against attack on data, Hence no need to send alert to server if same attack happens in the future as cloud will block the that attacker by comparing it with signature of attack in attack log file.
Splitting, Encryption of Data by AES makes data more Secure. Converting Data file into binary as soon as it is
uploaded and splitting in parts as per no of clouds reduces chance of getting whole data file even if attacker succeeds to get the data file. One Time Password(OTP) sent to Email ID will increases data Security one level up.
IV. IMPLEMENTATION MODEL
Problem Definition:
A] Identify the Cloud Environment of Private Clouds CSP= {pc1, pc2, pc3….}
Where,
„CSP‟ is a cloud service provider(main server) pc1, pc2, pc3…represents private clouds which are subset of/belongs to CSP
B] Identify Clients of CSP PU = {pu1, pu2, pu3 …}
Where,
„PU‟ is main set of users of CSP like pu1, pu2, pu3…
PU€ CSP (PU is a subset of CSP, such that CSP have multiple users/clients)
C] Identify the Business Data to be uploading F = {f1, f2, f3….}
Where,
„F‟ is main set of number of business data files like f1, f2, f3…
D] Identify attackers
AA = {aa1, aa2, aa3 …}
Where,
„AA‟ is main set of attackers who attacks on PC E] Evaluate the Algorithm
Algo = {al1, al2, al3, al4}
Where,
„Algo‟ is main set of algorithms al1, al2, al3
V. RESULT
a. When user uploads files it is stored randomly up to three private cloud parts in the following format.
Its access is only given to Admin.
Fig.5.1 Encrypted Part data
b. When intruder tries to send multiple request within one second.
_______________________________________________________________________________________________
Fig.5.2 DOS and DDOS attacks
c. Following reply is given back to the attacker without informing that he has been blocked.
Fig.5.3 reply back to an attacker.
d. Attacker has been blocked
Fig. 5.4 IP address blocked.
VI. PERFORMANCE ANALYSIS
Existing system: File uploaded is saved on single private Cloud, Hence below are, Limitations of Existing System
Does not Provide
Encryption of user data.
Distribution of user data on different Clouds.
Prevention of DDoS attack.
Performance is low.
No mechanism to protect user data If hacker get success to overcome/skip all security gates.
Proposed system: If attacker gets access to one part, He/she can‟t have complete file.
Fig.6.1 Data stored on single cloud region.
X- gain in %. Y-axis Features
Fig 6.2 Performance Analysis Graph: (Against Features)
Performance of Existing system is incresed approaximatly By 80 % by using Part data service.
0 5 10 15 20 25 30 35
Proposed System Existing System
X Axis – Steps in data processing; Y Axis – Time Fig. 6.3 Performance Analysis Graph: (Against Time
Factor)
Time required to process data by an existing system is more as compare to proposed system.
Table 6.1 Analysis of Existing and Proposed System.
VII. CONCLUSION AND FUTURE SCOPE
We have proposed Distributed intrusion detection System model with the integration of encryption, splitting-up and OTP for cloud security. Distributed IDs System for cloud computing illustrates that Central Server possesses an effective mechanism against DDoS attacks over SaaS Cloud. IDS on SaaS cloud detects attack and send alert to Server admin, Server updates attack log and notifies same to other SaaS cloud. Thus Each Cloud need not to send alert if same IP address is detected next time because it has been already blocked.
Encryption of Data by AES makes data more Secure.
Converting Data file into binary as soon as it is uploaded and splitting-up in parts as per no of clouds reduces chance of getting whole data file even if attacker succeeds to get the data file. One Time Password(OTP) sent to Email ID will increases data Security one level up.
In Future Work, OTP facility can be send to mobile instead of Email account making it most secure.
REFERENCES
[1] Cloud Security Alliance, “Top Threat to Cloud Computing V1. 0,” March 2010.
[2] Engr: Farhan Bashir Shaikh and Sajjad Haider ” Security Threats in Cloud Computing” 6th International Conference on Internet Technology and Secured Transactions, 11-14 December 2011, Abu Dhabi, UnitedArab Emirates, 978-1-908320- 00-1/11/$26. 00 ©2011 IEEE.
[3]. Claycomb, W. R. , & Nicoll, A. “Insider Threats to Cloud Computing: Directions for New Research Challenges”, In Computer Software and Applications Conference (COMPSAC), IEEE 36th Annual, 2012, July, pp. 387-394.
[4]. Yasir Ahmed Hamza1, Marwan Dahar Omar1 “ Cloud Computing Security: Abuse and
Nefarious Use of Cloud Computing”
International Journal of Computational Engineering Research, Vol, 03, Issue, 6,june 2013.
[5] Saeed M. Alqahtani, Maqbool Al Balushi and Robert John “An Intelligent Intrusion Detection System for Cloud Computing (SIDSCC)” 2014 International Conference on Computational Science and Computational Intelligence.
[6] Chi-Chun Lo, Chun-Chieh Huang and Joy Ku,”A Cooperative Intrusion Detection System Framework for Cloud Computing Networks”
1530-2016/10 $26. 00 © 2010 IEEE DOI 10.
1109/ICPPW. 2010. 46.
[7] F. Rocha and M. Correia, “Lucy in the sky without diamonds: Stealing confidential data in the cloud,” in Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, ser. DSNW
‟11. Washington, DC, USA: IEEE Computer Society, 2011, pp. 129–134.
[9] Jason Nikolai and Yong Wang "Hypervisor- based Cloud Intrusion Detection System".
[10] Jun-Ho Lee, Min-Woo Park, Jung-Ho Eom, and Tai-Myoung Chung “Multi-level Intrusion Detection System and Log Management in Cloud Computing”.
[11] Yasir Mehmood and Umme Habiba “Intrusion Detection System in Cloud Computing:
Challenges and Opportunities” 2013 2nd National Conference on Information Assurance (NCIA).
[12] Wikipedia the free encyclopedia://en. wikipedia.
org/wiki/Cloud_computing.
[13] Van Dijk and A. Juels, “On the impossibility of cryptography alone for privacy-preserving cloud computing,” in Proceedings of the 5th USENIX conference on Hot topics in security, ser.
HotSec‟10. Berkeley, CA, USA: USENIX Association, 2010, pp. 1–8. [Online] Available:
http://dl. acm. org/citation. cfm?id=1924931.
1924934.
[14] Han Li, Qiuxin Wu “A Distributed intrusion detection model based on cloud theory” 978-1- 4673-1857-0/12/$31. 00 ©2012 ieee.
[15] Stephen M. Specht and Ruby B. Lee „s Distributed Denial of Service:Taxonomies of Attacks, Tools and Countermeasures
