Security Issues in Cloud Computing Solution of DDOS and Introducing Two-Tier CAPTCHA

Cloud computing is simply a metaphor for the internet. User does not requiredknowledge, control, and ownership in the computer infrastructure.User simply access or rent the software and paying only for what they use. Advantage of cloud computing is huge like Broad network access, Cost effectiveness, Rapid elasticity, Measured services, On -Demand service, Resource pooling , Location independence, Reliability, Energy saving and so on. But its global phenomenon that everything in this world has advantage as well as disadvantage, cloud computing also suffering from some drawback like security & privacy, Internet Dependency, Availability, And Current Enterprise Applications Can't Be Migrated Easily. I conclude that security is biggest hurdle in wide acceptance of cloud computing. U ser of cloud services are in fear of data loss, security and a vailability issues. At virtual level DDOS (Distributed Denial of Service Attack)is biggest threat of availability in cloud computing. In Denial of service attack an attacker prevent legitimate users of service from using the desired resources by flood a network or by consuming bandwidth .So authentication is need to distinguish legitimated clients from malicious clien ts, which can be performed through strong cryptographic verification (for a private server) or graphical Turing tests (for a public server). Where the authentication is performed by Graphical Turing Tests, which is widely used to distinguish human users from robots through their reaction. On the other hand, CAPTCHA (Completely Automated Public Turing Tests to Tell Computers and Humans Apart) is used for Graphical Turing Test. There are many OCR or Non -OCR based CAPTCHA’s are used widely but they are vulnerable to many attacks likePixel-Count Attack, Recognition by using OCR, Dictionary Attack, and Vertical Segmentation. This paper introduces a new CAPTCHA method called Two-Tier CAPTCHA.In this method CLAD node need to generate two things,first a alphanumeric CAPTCHA code with image. Second Query related to that CAPTCHA code. E.g. enter only Digit’s .We can increase the rate of its difficulty in order to improve its resistance against the attacks by ad ding more and more query and combination in database.The algorithm of this method makes it hard for bot programs which mean that it is more secure.This project has been implemented byASP.NET and PHP Language.

[1]  Jörg Schwenk,et al.  On Technical Security Issues in Cloud Computing , 2009, 2009 IEEE International Conference on Cloud Computing.

[2]  Jeff Yan,et al.  CAPTCHA Design: Color, Usability, and Security , 2012, IEEE Internet Computing.

[3]  George Kesidis,et al.  Denial-of-service attack-detection techniques , 2006, IEEE Internet Computing.

[4]  Sajjad Haider,et al.  Security threats in cloud computing , 2011, 2011 International Conference for Internet Technology and Secured Transactions.

[5]  Jeff Yan,et al.  CAPTCHA Security: A Case Study , 2009, IEEE Security & Privacy.

[6]  Stuart Harvey Rubin,et al.  Distributed denial of service attacks , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[7]  Lin Jingna An analysis on DoS attack and defense technology , 2012, 2012 7th International Conference on Computer Science & Education (ICCSE).

[8]  Simon Liu Surviving Distributed Denial-of-Service Attacks , 2009, IT Professional.

[9]  S. K. Dubey,et al.  Security and Privacy in Cloud Computing: A Survey , 2013 .

[10]  Scott F. Midkiff,et al.  Denial-of-Service in Wireless Sensor Networks: Attacks and Defenses , 2008, IEEE Pervasive Computing.

[11]  Avinash Sonule,et al.  Development of servers in cloud computing to solve issues related to security and backup , 2011, 2011 IEEE International Conference on Cloud Computing and Intelligence Systems.

[12]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[13]  C. Yeun,et al.  Cloud computing security management , 2010, 2010 Second International Conference on Engineering System Management and Applications.

[14]  M. Shirali-Shahreza,et al.  Question-Based CAPTCHA , 2007, International Conference on Computational Intelligence and Multimedia Applications (ICCIMA 2007).

[15]  Akihiro Nakao,et al.  DDoS defense as a network service , 2010, 2010 IEEE Network Operations and Management Symposium - NOMS 2010.

[16]  Mohammad Zulkernine,et al.  A Distributed Defense Framework for Flooding-Based DDoS Attacks , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[17]  Mrs. Sanjivani Sumant,et al.  Denial-Of-Service Attack Detection Technique Derived From Statistical Traffic Analysis , 2015 .

[18]  Ian Lumb,et al.  A Taxonomy and Survey of Cloud Computing Systems , 2009, 2009 Fifth International Joint Conference on INC, IMS and IDC.