A Secure Cloud-Based IDPS Using Cryptographic Traces and Revocation Protocol

Cloud computing is a revolutionary information technology, that aims to provide reliable, customized and quality of service guaranteed environments, where virtualized and dynamic data are stored and shared among cloud users. Thanks to its significant benefits such as: on demand resources and low maintenance costs, cloud computing becomes a trend in the area of new technologies that facilitates communication and access to information. Despite the aforementioned facts, the distributed and open nature of this paradigm makes privacy and security of the stored resources a major challenge, that limits the use and agreement of cloud computing in practice. Among the strong security policies adopted to address this problem, there are Intrusion Detection and Prevention Systems (IDPS), that enable the cloud architecture to detect anomalies through monitoring the usage of stored resources, and then reacting prevent their expansion. In this paper, we propose a secure, reliable and flexible IDPS mainly based on autonomous mobile agents, that are associated with tracing and revocation protocol. While roaming among multiple cloud servers, our mobile agent is charged with executing requested tasks and collecting needed information. Thus, on each cloud server a “cryptographic trace” is produced in which all behaviors, results and data involved in the execution are recorded, which allow to identify any possible intrusions and hence predict a response to prevent them or end their processing, through using a server revocation technique based on trust threshold.

[1]  Hai Jin,et al.  A VMM-based intrusion prevention system in cloud computing environment , 2013, The Journal of Supercomputing.

[2]  Peter Braun,et al.  Mobile Agents: Basic Concepts, Mobility Models, and the Tracy Toolkit , 2004 .

[3]  Agostino Poggi,et al.  JADE: a FIPA2000 compliant agent development environment , 2001, AGENTS '01.

[4]  Ajith Abraham,et al.  A Profile Based Network Intrusion Detection and Prevention System for Securing Cloud Environment , 2013, Int. J. Distributed Sens. Networks.

[5]  Jean-Philippe Aumasson On the pseudo-random generator ISAAC , 2006, IACR Cryptol. ePrint Arch..

[6]  Christopher J. Martinez,et al.  Detail Power Analysis of the SHA-3 Hashing Algorithm Candidates on Xilinx Spartan-3E , 2013 .

[7]  Al-Sakib Khan Pathan,et al.  IDPS: An Integrated Intrusion Handling Model for Cloud , 2012, ArXiv.

[8]  Lin Wu,et al.  A PEFKS- and CP-ABE-Based Distributed Security Scheme in Interest-Centric Opportunistic Networks , 2013, Int. J. Distributed Sens. Networks.

[9]  Kamalrulnizam Abu Bakar,et al.  Distributed Intrusion Detection in Clouds Using Mobile Agents , 2009, 2009 Third International Conference on Advanced Engineering Computing and Applications in Sciences.

[10]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[11]  William M. Daley,et al.  Digital Signature Standard (DSS) , 2000 .

[12]  Vijay Varadharajan,et al.  Intrusion Detection Techniques for Infrastructure as a Service Cloud , 2011, 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing.

[13]  Rajkumar Buyya,et al.  CloudSim: a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning algorithms , 2011, Softw. Pract. Exp..

[14]  Raphael C.-W. Phan Fixing the integrated Diffie-Hellman-DSA key exchange protocol , 2005, IEEE Communications Letters.

[15]  Giovanni Vigna,et al.  Cryptographic Traces for Mobile Agents , 1998, Mobile Agents and Security.

[16]  Damianos Gavalas,et al.  A mobile agent platform for distributed network and systems management , 2009, Journal of Systems and Software.

[17]  William Stallings,et al.  THE ADVANCED ENCRYPTION STANDARD , 2002, Cryptologia.

[18]  David L. Mills,et al.  Internet Engineering Task Force (ietf) Network Time Protocol Version 4: Protocol and Algorithms Specification , 2010 .

[19]  Song Fu,et al.  An Anomaly Detection Framework for Autonomic Management of Compute Cloud Systems , 2010, 2010 IEEE 34th Annual Computer Software and Applications Conference Workshops.

[20]  Thomas Wilhelm,et al.  Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research , 2007 .

[21]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .