Data in Transit Validation for Cloud Computing Using Cloud-Based Algorithm Detection of Injected Objects

The recent paradigm shift in the IT sector leading to cloud computing however innovative had brought along numerous data security concerns. One major such security laps is that referred to as the Man in the Middle (MITM) attack where external data are injected to either hijack a data in transit or to manipulate the files and object by posing as a floating cloud base. Fresh algorithms’ for cloud data protection do exist however, they are still prone to attack especially in real-time data transmissions due to employed mechanism. Hence, a validation protocol algorithm based on hash function labelling provides a one-time security header for transferable files that protects data in transit against any unauthorized injection. The labelling header technique allows for a two-way data binding; DOM based communication between local and cloud computing that triggers automated acknowledgment immediately after file modification. A two layer encryption functions in PHP was designed for detecting injected object; bcrypt methods in Laravel and MD5 that generate 32 random keys. A sum total of 1600 different file types were used during training then evaluation of the proposed algorithm, where 87% of the injected objects were correctly detected.

[1]  Mohammad Zulkernine,et al.  Information-Theoretic Detection of SQL Injection Attacks , 2012, 2012 IEEE 14th International Symposium on High-Assurance Systems Engineering.

[2]  Michael D. Ernst,et al.  Automatic creation of SQL Injection and cross-site scripting attacks , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[3]  Dwen-Ren Tsai,et al.  Optimum tuning of defense settings for common attacks on the web applications , 2009, 43rd Annual 2009 International Carnahan Conference on Security Technology.

[4]  Lwin Khin Shar,et al.  Defending against Cross-Site Scripting Attacks , 2012, Computer.

[5]  Dimitris Gritzalis,et al.  Securing cloud and mobility: A practitioner's guide , 2014, Comput. Secur..

[6]  M. Ponnavaikko,et al.  A solution to block Cross Site Scripting Vulnerabilities based on Service Oriented Architecture , 2007, 6th IEEE/ACIS International Conference on Computer and Information Science (ICIS 2007).

[7]  Hossain Shahriar,et al.  Design and development of Anti-XSS proxy , 2013, 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013).

[8]  Shih-Jen Chen,et al.  TransSQL: A Translation and Validation-Based Solution for SQL-injection Attacks , 2011, 2011 First International Conference on Robot, Vision and Signal Processing.

[9]  T. Matsuda,et al.  On the automatic detection algorithm of Cross Site Scripting (XSS) with the non-stationary Bernoulli distribution , 2012, The 5th International Conference on Communications, Computers and Applications (MIC-CCA2012).