“The cloud” in Cloud Computing represents the concept of sharing Data & Information through a remote server. In a simple word, it is a hosted server, where personal data and applications are stored. It is an on-demand computing service that delivers from applications to storage and processing power. Cloud computing processes have occurred over the internet and its services are on a Pay-as-you-go basis. It has become a popular method of storing and sharing data remotely as it provides Flexibility, Cost efficiency, Ease of use, and Backup-Recovery of important data. Cloud service providers offer unconditional 24x7 support which is an excellent choice for companies to set up their own IT department without having one in-house.
In computer network diagrams, cloud computing is recognized as a combination of computer technology and internet-based development. Shared or Distributive computing has a fundamental concept including service location, hardware, operating systems, equipment is to a great extent irrelevant to its users. It is greatly believed that Cloud Metaphor was an old network schematic. The public telephone network, which is known as the Internet, used to be represented as a cloud. This oversimplification was just the basic stuff of the cloud. Cloud in cloud computing is known as a complex hidden infrastructure. It is like the cloud in the computer network diagram. It illustrates computational methods with the capabilities of IT services, having command over the mechanical foundation that encourages them, unrestricted access regardless of the knowledge of the backend (An 2019).
Several types of cloud computing existed in the market. Each of them has a significant role in the Business environment.
Infrastructure as a Service or IAAS is an infrastructure-based cloud service that provides access and authorization to use server storage or web architecture without purchasing. IAAS concept is beneficial for both the client and the service provider. It is an On-demand service for the growth & development of business. IAAS provides flexibility but this system has complexity as well. Amazon EC2 is an example of IAAS (Ahmed 2017).
(Aisha 2018)
Platform as a Service or PAAS is a modified version of IAAS. It is created inside the IAAS for rendering scalability and deployment. It helps to make expenses scalable and predictable for the end-user. PAAS can initiate applications with no stress and can develop porting within the existing application. But it has some negative impacts as well on trade-offs.
Software as a Service or SAAS is referred to as the most used and mature cloud computing service. This concept is and ends user application-based service that allows to support the software architecture and reduce the maintenance of software application running on the vendor’s computer. For example, Gmail is a SAAS that runs as a cloud (Bocchi 2014).
Cloud computing has benefited enterprise companies in many ways. It has reduced the cost and enhanced the focus on business competency. Cloud computing has general hype across the IT world, but it has some adverse effects too. It can be disadvantageous for smaller operations in terms of Data breaching and Denial of Service attacks. Cloud computing is sometimes criticized for its poor security practices.
A data breach is an incident where confidential and sensitive data are disclosed and accessed in an unauthorized way. Protected data are mostly accessed in unauthorized fashion and it may include some trade secrets, intellectual property, and Personal health information.
A data breach can occur in both Personal and Corporate life. Credit card information, Social security number exposure are a quite common type of data breach. Some corporate information like a Customer list, source code, client list details is another type of data breach. It is believed to be a data breach when an unauthorized person accesses confidential data of any organization. A data breach can result in complicated civil litigation or fine if identity id theft or government compliance is violated (Krishna 2016).
In a general sense, when an attacker hacks into a system and steals sensitive data out of the database is known as breaching of data. But not all data breaches are so dramatic. A data breach can happen if an unauthorized employee views information over the shoulder of an authorized employee. There are many ways of breaching data. It starts from weak passwords, exploited software, or even from stolen devices. Unauthorized data exposure can occur from connecting to wireless networks that capture details and sensitive information (Murali 2016). Social Engineering is a common form of Email phishing to gain access to the victim’s credentials. These credentials can be hacked and remain undetected for a long period. Similarly, this can happen to large organizations as well.
In the event of hacking and cybercrime, data breach leads toward exposure of government sensitive information on the internet.
(Hazem 2017)
Cybercriminals and hackers often cause massive data breaches which include government agencies and enterprise companies. But there are several similar cases where these organizations also accidentally leak their own sensitive and confidential data on the internet. These incidents involve misconfiguration in cloud services and proper access control typically known as an accidental data breach.
In 2012, Cloud Storage giant Dropbox had faced severe data breaches, but it was kept secret until 2016. It was brought into light that hackers have gained access to over 68 million user accounts and stolen username, email, and passwords, Which were later sold in the dark web using Bitcoins. These data and information were about 5 gigabytes in size which was estimated later dark web. Each of the credentials was equivalent to more than a thousand USD. Dropbox responded to this incident immediately and requested all its users to reset their password and other credentials. Thus Dropbox has improvised its commitments on data safety and security.
The largest high-profile data breaching incidents have hit the Apple cloud as well. Jennifer Lawrence and other high-profile celebrities were involved in this occurrence and had their personal information and private photos leaked. It was believed to be their device hack, but a twist came late on when security specialists had found that Apple’s cloud storage was compromised. Like Dropbox, apple requested users to change passwords and came up with better security solutions to send a notification when unauthorized activity is detected.
In the emerging cloud computing model, the DoS attack has become one of the most feared and major security challenges. DoS can be classified in numerous types. Each of these types is used for breaching cloud services, resources, service level, security agreements, and performance.
So, in a general sense, Denial of service is a cloud computing attack that prevents cloud services and resources from performing their normal services for a period. Whenever DoS attacks occur, cloud resources and services become compromised and DoS usually targets the network’s bandwidth (Fatima 2019).
DoS attack can be categorized as follow.
Bandwidth attacks
Connectivity attacks
Resource exhaustion
Limitation exploitation
Process disruption
Data corruption
Physical disruption
Connectivity attack results in “Request cannot be handled” error. It starts with flooding the victim by sending unlimited connection requests. These connection requests consume all the available resources in operating systems or cloud create a chaotic cloud environment. Similarly, the Bandwidth attack sends requests and traffic toward the victim to consume available network resources.
Software as a service cloud is the primary target for DoS attacks. DoS attacks exploit bugs and disrupt legitimate access over cloud storage. It also prevents users from accessing services as well. DoS attack on software services can never be traced as these attacks are often based on HTTP & HTTPS protocols. Initially, the DoS attack applies proxy servers and obfuscates the attack origin (Motta 2013).
(Cloudflare 2017)
DoS attacks are being changed day by day. It became stronger than before. Some of the new kind is Energy oriented DoS attack. It is a new kind of security breaching acts that directly affect and put impacts on cloud storage infrastructure and results in wasting energy and bandwidth as much as possible. There are some malicious activities included in this attack. It sends a high volume of workload and requests to keep the client fully busy handling requests. DoS on infrastructure has increased the cost of energy consumption and has an advert impact on greenhouse gas emission as well for the cloud storage providers (Linlin 2013).
Simple Object Access Protocol (SOAP) is an XML based protocol that is utilized by various web services components (Steve Ranger 2018).
There are numerous kinds of DoS attacks on Web services.
SOAP Array Attack: In this attack, web services are forced to send the clients exceptionally large SOAP messages.
XML attribute & element count Attack: SOAP messages that include both a high number of attributes and non-nested elements are sent to the target server.
Coercive Parsing Attack: High nested XML documents are sent to the target server and cause memory errors. It also caused high CPU usage when processing incoming requests.
Hash DoS: In this type of attack, the POST method is filled with many form variables and need hash processing.
(Anand 2019)
Attack Obfuscation: It utilizes XML encryption to veil message content from being assessed by the firewall or IDS. These scrambled substances can be utilized to dispatch different assaults, for example, oversize payload, coercive parsing or XML infusion, and encryption.
XML external entity & expansion DoS: Compiled with both XML bombing and large entity definition to destroy XML nesting capabilities.
Oversized Encrypted Attack: In this attack, the attacker uses large encrypted and digitally signed messages and sends them to the victim servers.
Metadata Spoofing: This attack is the introduction of information and metadata re-engineering.
WSDL Scanning: Web service description language is known as a method of specifying parameters. This attack can reveal sensitive information from WSDL and perform multiple attacks later (Mohsin 2019).
Instantiation Flooding Attack: When another solicitation message shows up, another occasion of the BPEL cycle is made and executes the directions given in the process depiction. An assailant can assault the BPEL motor by sending a surge of solicitations to a BPEL cycle
Indirect Flooding: When a web administration synthesis is focused with a flooding assault of legitimate solicitations, it will make work process settings for each approaching message; along these lines, it will begin executing an immense measure of work processes, simultaneously. Every one of these work processes causes calling other web administrations, and the BPEL motor causes flooding of the solicitations at these web administrations, excessively (Nazaz 2019).
Web Service Addressing Spoofing: When SOAP messages are sent to the servers, it contains a web service addressing header. These headers then cause SOAP response errors and flood the other web services.
Middleware Hijacking: This is a loop attack system that uses web service address spoofing methods to send the request to the target URL and in response, the server will try to answer the attacker’s request repeatedly.
In this method, X-DoS requests with XML messages are flooded into target web service and server-side resources. This attack can be launched using multiple hosts. It is also knowns as the DS-DoS attack. It is a distributive version of the X-DoS attack. The complexity of XML documents causes a crash in the webserver because the content in it is manipulated. Even small manipulated XML messages can contain a large number of requests to cause huge consumptions of server resources.
(Xantaro 2018)
SOAP is a cloud service protocol that is based on the HTTP & XML protocols. HX DoS attack is a serious threat in cloud storage because these attacks are operated based on HTTP & XML protocols. HX- DDoS is used to flood the communication channels on the cloud server which is a combination of both HTTP and XML messages.
To know more about this attacking method, we need to know how cloud computing works. The cloud-based services are supported by the application layers. Attackers often target this protocol layers to launch a DoS attack on the cloud. These kinds of attacks are almost untraceable and cause mass destruction in cloud networks. Deep packets inspections are the only method to detect such attacks (Sfondrini 2013).
Attackers break through the browser attacking application program and launch the H-DoS attack to compromise proxy restrictions and the server is unable to detect attacker identity due to web proxies.
In these DoS method, the assailant floods the casualty by sending HTTP messages, which contain distorted components with the contorted fields. This assault may cause weaknesses, for example, cradle flood or other security issues. Also, it requires littler traffic than H‐DoS and might be considered as an expected stream. Nonetheless, distinguishing deformed H‐DoS is more expensive than identifying customary H‐DoS, because IDS must apply profound parcel examination (DPI), which expends a great deal of processing assets. Additionally, playing out the profound bundle review drags out the postponement of HTTP demands and diminishes the nature of administration (QoS) of HTTP administrations
Conclusion
In conclusion, is can be said that though cloud computing has been established a long ago, it still at a relatively early stage of adoption. My corporate companies are still struggling with decision making and still considering when to adopt and which application to adopt. According to some estimation, we are only at 10% of the workload that has been moved to cloud storage. However, the usage of cloud computing and infrastructure will climb up as soon as companies get more comfortable with it. Cloud computing has brought revolutionary change in IT industry. Its benefits are now being realized well. It is a perfect solution for start-ups small and medium sized companies as they cannot afford costly server maintenance. To make the best out of it and overcome issues, strategic iterative approach should be taken to implementation, explore hybrid cloud solutions, involve business and IT teams, invest in a CIO, and choose the right BI SaaS partner. All this will ensure that the benefits of cloud business intelligence will far outweigh the challenges.
Comments