K. E.

Society’s

Rajarambapu Institute of Technology, Sakharale

(An AutonomousInstitute Affiliated to Shivaji University, Kolhapur)

COMPUTER SCIENCE AND INFORMATION TECHNOLOGY

Third Year Year B.tech

“TOPIC NAME”
ISE I
Course Name :- IPR & Cyber Laws

Course Code :- CI309

By

Name of Student Enrollment Number

UNDER THE GUIDANCE OF

Prof. M. N. Mulla

Date:
Introduction :-
Example :
Security in Cloud Computing :-

Security in the cloud computing is a major challenge and retarding the proliferation of cloud
computing. Understanding the criticality involved in cloud security, various working groups
and standard organizations have been formed to take up cloud security. Cloud security
alliance (CSA), NIST, ENISA, etc. are some of the prominent groups working for the cloud
security and suggesting their recommendations, releasing the guidelines, to secure the cloud.
Among all the above groups, Cloud security alliance is entirely committed for the cloud
security. Many of the significant documents have already been published by CSA related to
the cloud security. To identify the major contemporary threats, CSA has published the report
on the top threats. Although, similar report was also published earlier in 2010 titling ‘Top
Threats to Cloud Computing V1.0’, but the new study was required due to the change in
methodologies by the attackers and to examine the current security trend in cloud computing.
The report is published with the title ‘The Notorious Nine Cloud Computing Top Threats in
2013’. In this study, CSA has reviewed thousands of article related to cloud threat, asked
from a number of experts and visited the different website. Correspondingly, the group has
identified the major threats on cloud computing that have significant impact in cloud
computing. In this most recent report, experts have identified the following nine critical
threats to cloud security:

1). Data Breaches

2). Data Loss
3). Account Hijacking
4). Insecure APIs
5). Denial of Service
6). Malicious Insiders
7). Abuse of Cloud Services
8). Insufficient Due Diligence
9). Shared Technology Issues.

Study on Cyber-Attack in Cloud Computing :-

Cloud resources are the attractive ground for the cyber-criminals due to the huge resources
available at the centralized place. Accessibility by anyone subscribing, and from anywhere is
highly suitable for cyber criminals. Now, they can access the resources from any part of the
world and any time, even the use of device is not restricting the usage of cloud resources.
Consequently, huge cloud resources under the disposal of adversary pose major threats to the
cloud and web users. They are utilizing cloud resources in many of their cyber-attacks

Categories of Cyber-Attack in Cloud :-

As per the study conducted by AlertLogic on its customer, it was observed that more than
45,000 security incidents were verified between April 2012 to Sept 2012. In this study, cloud
computing was categorized into hosted cloud and enterprise data center. Hosted model is
similar to public model where the resources are under the control of cloud provider. The other
model (enterprise model) is privately owned model where the resources are under the control
of the owner. Study revealed that hosted cloud security is better than the enterprise data
center. Cyber-attacks that are taking place in hosted data center and enterprises data center are
not same. However, for our study we have considered the common factors that are applicable
in both the model to compare them which is more secure. Study has considered the incidents
which are caused by malware/botnet, Brute force attack, and web app attack in hosted and
enterprise model.

S.No. Incident Descriptions Definitions

1 Malware/botnet Malicious software deployed on a host and gets involved in

unscrupulous activities, such as data destruction, information
gathering or creation of backdoors

2 Brute force Exploit attempts enumerating a large number of combinations

typically involving multiple credential failures, in hopes of
finding a weak door.

3 Web app Attack Attacks targeting the presentation, logic or database layer of
web apps

A Case Study :-

Information security is all about Confidentiality, Integrity & availability (CIA). Among the
CIA, administration is more focused on confidentiality and integrity due to the involvement
of regulatory compliances. Lack of focus on availability makes it more vulnerable to attacks.
Recent attacks that took place in cloud are the examples of security hole exploited by cyber-
criminals. Cyber attackers resort the cloud and leveraging it various platforms for malware
infection and data ex-filtration. DBaaS is one of the services that are attacked by the cyber-
crime This is revealed by the recent study titling ‘Assessing the threat of DBaaS landscape’
carried out by security outfit Imperva to analyze how the DBaaS is affected by the cyber
criminals.

Identifying the Major Factors of Cyber Crime :-

To study the major breaches in cyberspace particularly cloud computing, we have identified
the factors that can have significant impact on cloud security. To attain this objective, we
have reviewed the literature published in prominent research journals. Further, we have also
reviewed the publications from the varieties of working groups active in this domain
including cloud security alliance, ENISA, NIST, etc. Survey and findings of security
organizations, for instance Kaspersky, Micro-trend, and McAfee has been extensively
reviewed.
By reviewing the literature it is revealed that DDoS is the major threat in cloud computing
and need to be addressed at appropriate level. In DDoS, legitimate users are denied the
resources due to the excessive use by nonlegitimate users. Further identified the other
characteristics of DDoS attack and revealed that average DDoS exist for 19 hours. It further
highlights that 28% of the threats generate from the US while 35% from china. Released the
demographic report on how the Denial of services effecting the users globally. Whereas have
identified phishing as major threat. Study reveals that major frauds are taking place due to the
phishing attacks and same is growing at phenomenal rate. Spear phishing is also an appealing
method to the cyber attackers for attacking the various users reveals Threat Sim.
From the above review it is concluded that DDoS and Phishing are the major threats and need
extensive study for their occurrences and damage caused.

Phishing Attacks in Cloud :-

In the phishing attacks, users are working on a fraudulent side that appears to be legitimate
site. Phishing sites are createdto obtain the users credential. The other phishing attack is
through the e-mail, where users received the e-mail from theadversaries. E-mail received
appears as legitimate mail from the known source. Such mails provide very concise or
noinformation and provides the link to know more about it. Once clicked on the embedded
link sent, malware gets installed on the user’s PC. A number of phishing attacks have already
occurred in the cloud. Some of them have been discussed in the upcoming sub-section.

Longline Phishing :-

Longline phishing is a new type of attack that is occurring in the cloud. In this type of attack,
adversaries take theadvantage of email services and sought the personal information from the
users. Attackers sent the mail to the cloud usertricking him to click the link

Phishing Attack on Dropbox :-

Phishing attack is also uncovered in Dropbox users account by the security firm Appriver.
This attack phishes victim’s password via bogus email once succeeded then users computers
are infected with malware. They send an official appearing mail to reset the password once
clicked by the user on the reset button a malware gets installed on the user’s browser.

Phishing Attack on Amazon and Apple :-

One of the major data breach occurred with Apple and Amazon. In this breach, Honan’s
accounts on Apple and Amazon were compromised. In these attacks, victim has lost all his
information stored in his account. Additionally, he has lost the photo and video of his 18 year
daughter, which he has not stored anywhere else.

DDoS Attack in Cloud Computing :-

Distributed denial of services is the other category of prominent cyber-attack that is taking
place in cloud computing. Distributed denial of services attack is the cyber-attack in which a
number of computers are used to attack the single destination. Compromised computer are
known as Zombie. Due to DDoS, legitimate users are denied the resources, since they are
utilized by non-legitimate users. DDoS exploit the volumetric technique or the amplification
technique. In the volumetric technique huge volume of traffic is directed to the network in
order to consume the bandwidth or resource-sapping exhausts. State exhaustion attacks such
as TCP SYN flood, and idle session attacks are the example of misuse of state nature of TCP
and causes the resource exhaustion. In the amplification technique, attackers take the help of
victim to increase the traffic. An amplification technique, attacker exploits the attacked
resource. Attacked botnet send out a DNS query of about 60 bytes to an open recursive DNS
resolver that respond with response message up to 400 bytes, increasing the amount of traffic
by more than the factor of 60. Upcoming sub-section discussed the major DDoS attacks that
have already been caused

Jurisdiction:-

Conclusion :-

Security in cloud computing is a critical issue considering the privacy and regulatory acts. A
number of organizations and working group are putting their efforts to strengthen the security
in cloud computing. Working groups are releasing their drafts and report on critical security
threats and recommending various methods to counter them. Although various study reveals
that hosted model is more secure relative to the on-premises cloud model. Yet, many attacks
are targeting the hosted model to exploit the vulnerabilities. DDoS and Phishing are the major
method employed to attack the cloud. Finally, in the light of phishing and DDoS attack that
took place in many of the cloud revealed, it can be concluded that they are causing huge
financial losses, damage to privacy of data. Although a number of solutions are existing that
are countering various attacks, still there is further need to strengthen the security in hosted as
well as on premises cloud, in order to restore the confidence of user.