Cloud Computing : The Dark side
N. Sinha & S. Rastogi
I.T.S. Engineering College, Greater Noida, Uttar Pradesh, India
E-mail : nitishsinha107@gmail.com, shubham.rastogi762@gmail.com
service),application cloud (application, UML modeling
tools, or social networks as a service), and a business
cloud(for instance, business processes as a service)(see
www.thecloudcomputing.org/2009/2/).
Abstract – The Rapid growth of data has turned out to be a
very unstable for the cloud vendors. Such bulky data is
very difficult to handle and protect from malicious
hackers. Lack of security is the major problem to
overcome in wide adoption of cloud computing and
networking. The amount of threats and vulnerabilities
have also increased with time and organizations growth.
Cloud Computing has affected both consumers and cloud
vendors life. Everything nowadays is shared over the
network and until there is a security organization
safeguarding the network. This paper outlines the threats,
vulnerability and security organizations working to
improve the dark side of the cloud. These security
measures and organizations help us to create a safer
environment to work with. This will enable researchers
and IT professionals to know about users and vendors
concerns and critically analyse them.
In this new world of computing, users are
universally required to accept the underlying premise of
trust. In fact, some have conjectured that trust is the
biggest concern facing cloud computing [1]. Many
belief trust and security to be synonymous.
A. Threats in Cloud Computing:
Mervat Adib Bamiah, Sarfraz Nawaz Brohi
describes threats of cloud computing from Google's
perspective, stated in [2] as follows
Abuse and Nefarious use of cloud: Cloud providers
facilitate the users with various types of services such as
unlimited bandwidth and storage capacity. Spammers
and hackers get free opportunity to try their malicious
codes over the trial period of thecloud providers. For
example: flash files are installed to hide malicious codes
Keywords – Cloud computing; Security Issue, Threats,
Vulnerabilities,
I.
INTRODUCTION
The term "cloud" originates from the
telecommunication world of the 1990's when providers
began using Virtual Private Network (VPN) services for
data communication. VPN maintains the same
bandwidth as fixed networks with considerably less
cost. These networks supported dynamic routing which
allowed for a balanced utilization across the network
and increase in bandwidth efficiency, and led to the
coining of the term "telecom cloud". Cloud Computing
premise is very similar in that it provides a virtual
computing environment that's dynamically allocated to
meet user needs. Cloud computing shares its resources
among a cloud of service to consumers, partners and
vendors. By sharing resources at various levels this
platform offers services such as infrastructure cloud (for
example, hardware or IT infrastructure management),or
software cloud(such as software, middleware, or
traditional customer relationship management as a
Insecure interfaces and API's: The API's and
the codes of the cloud providers are not stable and
robust to prevent the basic confidentiality, integrity and
Malicious insiders: A Malicious insider can easily
obtain cryptographic keys, files and passwords to
commit fraud, damage or theft of information and
Virtualized technology: In order to maintain
security of users, cloud providers isolate the virtual
machines from one another so if any of them is
malicious, it will not affect other VM's. Hackers
normally target the hypervisor which resides between
the VM's and the h
phishing
Account or service hijacking: In this basically,
fraud and exploitation of software
ISSN (Print) : 2319 – 2526, Volume-2, Issue-5, 2013
39
International Journal on Advanced Computer Theory and Engineering (IJACTE)
vulnerabilities are put to practice to access premium
accounts by hackers.
The Fig.2 illustrates the challenges/issues ascribed
to the 'cloud'/on-demand model.
Fig.1: Security threat in Cloud [3]
B. An Aggressive response to threat
In fact, the response to cloud-based security
products and services has been fairly aggressive. Novell
has introduced the Novell Cloud Security Service. Part
of its Workload IQ system, it gives cloud providers the
ability to deliver secure access and compliance in the
cloud for their customers. “Security is the biggest
hindrance to cloud adoption that service providers
offering cloud services need to overcome,” says Antonio
Piraino, vice president of research, Tier 1 Research.
Novel currently has several beta deployments of its
cloud security service globally. In August, Novell said it
will target more than 200 IaaS, and 1,300 SaaS and
PaaS vendors to get them started with its technology.
Fig. 2 : Rating of issues ascribed to cloud [5]
II. THREAT VECTORS- WHAT TO WORRY
ABOUT IN SECURITY
Before categorizing new threats, it is important to
acknowledge that the structure of many cloud
architectures can mitigate or negate some current
security threats. If data are kept in the cloud, for
example, then a lost or stolen laptop is much less likely
to put sensitive information at risk. Standardized
interfaces could make security management easier
(ENISA, 2009), while the scale of a provider hosting
many parties can generate more information for better
threat monitoring. Centralized security management and
monitoring can be more effective than local efforts by
IT professionals with limited security experience.
Functionally, the Novel Cloud Security Service is
hosted in the cloud, either where the provider hosts its
application or via a Novell hosting partner. A user can
log on directly or via the enterprise identity system. The
service first verifies the identity and, if successful, will
generate an identity token in the format needed by the
SaaS provider. The user is now authenticated to the
SaaS service. Once inside the application, the
application connectors that are provided with the service
capture deep page-level user activity and provide the
audit stream for compliance purposes. WorkloadIQ is
Novell’s vision to deliver products for rapidly growing
intelligent workload management market, which the
market research firm IDC estimates is more than US$4.2
billion[4].
Some threat vectors are not new to cloud, but have
somewhat different dynamics. In classic IT architecture,
PCs inside the organization may be at risk of
compromise through a host of attack vectors exploiting
local applications such as browses or documents
viewers. If less data is stored locally, less isimmediately
at risk, but now the attacker could compromise
credentials to gain access to the user’s cloud privileges.
A compromise to an entire Gmail database probably
began with a compromised PC (Zetter, 2010). Similarly,
in an attack on the Twitter management team in 2009, a
compromised email password led to exposure of a wide
range of other important documents in other cloud
infrastructures (Lowensohn & McCarthy, 2009). Shared
authentication tokens can lead to brittle defences.
AT&T recently launched its latest cloud security
service to protect enterprise customers against
distributed denial-of-service (DDoS) attacks. The
system is based on Arbor Networks Inc. technology.
Webroot, another Internet security provider, recently
acquired Bright - Cloud, a Web content classification
and security service provider. Webroot plans to integrate
BrightCloud’s technology into its own proprietary
malware detection and SaaS technologies.
ISSN (Print) : 2319 – 2526, Volume-2, Issue-5, 2013
40
International Journal on Advanced Computer Theory and Engineering (IJACTE)
Organizations must be careful to safeguard data as
they move it around their organization, even without the
benefit of cloud computing. When they no longer need
data, it must be properly deleted, or else risk leaking
sensitive data to the outside (Garfinkel & Shelat, 2003).
When relying on a cloud service to handle data,
appropriate care must be made to arrange for
appropriate security management practices, such as
encryption and appropriate deletion.
Similarly, all organizations are vulnerable to an
insider attack from a trusted insider, but moving things
to the cloud can raise the costs of misplaced trust. A
cloud system with a well-thought out identity interface
and a clear access control system can restrict access and
foster accountability. However, a unified data system
with more people accessing more different types of data
through more applications can actually make it harder to
appropriately limit access and detect misuse (Sinclair &
Smith, 2008)[6].
Fig. 3 : Vulnerability in different vendors[10]
The Security has been a major issue for all the
vendor companies else no customer will purchase cloud
services. The stronger the network the better is the
security from the hackers. Intrusion will automatically
be very difficult for all the malicious software's which
make a way through the companies gateway without the
knowledge of the administrator. Some more issues for
cloud computing are as follows:
III. CLOUD VULNERABILITIES
Session Riding and Hijacking - Session hijacking
refers to use of a valid session key to gain
unauthorized access for the information or services
residing on a computer system[7].
Virtual Machine Escape- Cloud computing servers
user the same OS , enterprise and web applications
as localized virtual machines and physical servers.
The ability for an attacker or malware to remotely
exploit vulnerabilities in these systems is significant
Key Management - As the cloud is full of data so a
good encryption technique is required to
ensuresafety and the kept should be safely kept to
prevent the data from being leaked.
Destruction of data- When data is no longer
required, the data deleted may still exist and can be
Insecure Cryptography- Attackers can decode
any cryptographic mechanism or algorithm as main
methods to hack them are discovered. It's common
to find crucial flaws in cryptographic algorithms
implementations, which can twist strong encryption
into weak encryption or sometimes no encryptions
Data Integrity-Data can corrupt at any stage
and with any type of media. Data integrity can be
easily achieved in a standalone system with a single
database. Data integrity in such a system is
maintained via database constraints. Data generated
by cloud computing are kept in a cloud. So, it is
very difficult to check integrity of data by user
because the user has no control over data and their
Internet Dependency- Cloud computing is an
internet dependent technology where users are
accessing the services via web browser. What if
internet is not available or service is down, what
will happen to users systems and operations thatare
very critical and need to run 24 hours such as
Healthcare and Banking systems. In some Asianand
African underdeveloped countries where service of
internet is not considered as reliable enough, will
organizations adopt this paradigm to move their
Sharing of data - Data sharing is expanding the use
of the data. The data owners can authorize the data
access to one party and in turn the party can further
share the data to another party. This sharing can
create a serious problem like leakage of data to
unauthorised person. Therefore during the data
sharing specially when shared with the third party,
the data owner needs to consider whether the third
party continues to maintain the original protection
Fig.3. It depicts the variety of attacks performed on
various vendors by the hackers.
ISSN (Print) : 2319 – 2526, Volume-2, Issue-5, 2013
41
International Journal on Advanced Computer Theory and Engineering (IJACTE)
IV. CONCLUSION
Cloud computing is a new and emerging
information technology that changes the way IT
architectural solutions are put forward by means
ofmoving towards the theme of virtualization : of data
storage , of local networks as well as software . There
are many new technologies emerging at a rapid rate ,
each with technological advancements and with the
potential of making human’s life easier. Although cloud
computing has many advantages there are still many
security problem. The bond between service providers
and users is necessary for providing better cloud
security. In this paper we analyse the security issues,
threats and challenges in wide acceptance of cloud
computing, because there may be loss of data and
privacy. Researchers Scholars and IT security
professionals must press forward towards practical
achievements in security and privacy to users. Our study
identifies top security concerns of cloud computing,
these concerns are security risks, techniques, problems,
challenges and securityissues of cloud computing and its
services.
[3]
Amit Sangroya, Saurabh Kumar, Jaideep
Dhok,Vasudevavarma, ”Towards Analyzing Data
Security
Risks
in
Cloud
Computing
Environments,”;http://books.google.co.in/bo
oks?ISBN=3642120342.
[4]
Ron Schnelderman,” For Cloud Computing ,the
Sky is the limit”.
[5]
www.export.writer.zoho.com.
[6]
Jaydie Sen Innovation Labs, Tata Consultancy
Services limited, Kolkata, INDIA.
[7]
T. Schreiber, “Session Riding a Widespread
Vulnerability in Today's Web Applications”
[Online],Available:http://www.securenet.de/
papers/Session_Riding.pdf,
white
paper,
2004.[Accessed : 20-Jul-2011].
[8]
S.,Subashini, V. Kavitha ,“A survey on security
issues in service delivery models of cloud
computing”. Journal of Network and Computer
Applications, vol.34 , pp.1-11, 2011.
[9]
B. Grobauer, T. Walloschek, and E. Stocker,
“Understanding
Cloud
Computing
Vulnerabilities,” Security & Privacy, IEEE, vol.
9, no. 2, pp.50-57, 2011.
[10]
http://www.zdnet.com/blog/security/reportapplehad-the-most-vulnerabilities-throughout-20052010/6801.
V. REFERENCE
[1]
[2]
J.Urquhart,”The Biggest Cloud-Computing Issue
of 2009 is Trust,”C-Net News,7 Jan
2009;http://news.c.net.com/8301-19413_310133487-240.html.
Mervat Adib Bamiah ,Safraz Nawaz Brohi,
”Seven Deadly Threats and Vulnerabilities in
CloudComputing,
”;http://ijaest.iserp.org/.../16.IJA EST-Vol-no-9Issue-No-1/html.

ISSN (Print) : 2319 – 2526, Volume-2, Issue-5, 2013
42