Cyber Security and Network Security E-Book

Table of Contents

Cover

Title Page

Copyright

Dedication

Preface

Acknowledgments

1 Securing Cloud-Based Enterprise Applications and Its Data

1.1 Introduction

1.2 Background and Related Works

1.3 System Design and Architecture

1.4 Methodology

1.5 Performance Analysis

1.6 Future Research Direction

1.7 Conclusion

References

2 High-Performance Computing-Based Scalable “Cloud Forensics-as-a-Service” Readiness Framework Factors—A Review

2.1 Introduction

2.2 Aim of the Study

2.3 Motivation for the Study

2.4 Literature Review

2.5 Research Methodology

2.6 Testing Environment Plan

2.7 Testing

2.8 Recommendations

2.9 Limitations of Present Study

2.10 Conclusions

2.11 Scope for the Future Work

Acknowledgements

References

3 Malware Identification, Analysis and Similarity

3.1 Introduction

3.2 Background and Related Works

3.3 Proposed System Design Architecture

3.4 Methodology

3.5 Performance Analysis

3.6 Future Research Direction

3.7 Conclusion

References

4 Robust Fraud Detection Mechanism

4.1 Introduction

4.2 Related Work

4.3 Conclusion

References

5 Blockchain-Based Identity Management Systems

5.1 Introduction

5.2 Preliminaries

5.3 Blockchain-Based Identity Management System

5.4 Discussion

5.5 Conclusion

5.6 Future Scope

References

6 Insights Into Deep Steganography: A Study of Steganography Automation and Trends

6.1 Introduction

6.2 Convolution Network Learning

6.3 Recurrent Neural Networks

6.4 Long Short-Term Memory Networks

6.5 Back Propagation in Neural Networks

6.6 Literature Survey on Neural Networks in Steganography

6.7 Optimization Algorithms in Neural Networks

6.8 Conclusion

References

7 Privacy Preserving Mechanism by Application of Constrained Nonlinear Optimization Methods in Cyber-Physical System

7.1 Introduction

7.2 Problem Formulation

7.3 Proposed Mechanism

7.4 Experimental Results

7.5 Future Scope

7.6 Conclusion

References

8 Application of Integrated Steganography and Image Compressing Techniques for Confidential Information Transmission

8.1 Introduction

8.2 Review of Literature

8.3 Methodology Used

8.4 Results and Discussion

8.5 Conclusions

References

9 Security, Privacy, Risk, and Safety Toward 5G Green Network (5G-GN)

9.1 Introduction

9.2 Overview of 5G

9.3 Key Enabling Techniques for 5G

9.4 5G Green Network

9.5 5G Technologies: Security and Privacy Issues

9.6 5G-GN Assets and Threats

9.7 5G-GN Security Strategies and Deployments

9.8 Risk Analysis of 5G Applications

9.9 Countermeasures Against Security and Privacy Risks

9.10 Protecting 5G Green Networks Against Attacks

9.11 Future Challenges

9.12 Conclusion

References

10 A Novel Cost-Effective Secure Green Data Center Solutions Using Virtualization Technology

10.1 Introduction

10.2 Literature Survey

10.3 Problem Statement

10.4 Green it Using Virtualization

10.5 Proposed Work

10.6 Conclusion

Acknowledgments

References

11 Big Data Architecture for Network Security

11.1 Introduction to Big Data

11.2 Technology Used to Big Data

11.3 Working Process of Techniques

11.4 Proposed Work

11.5 Comparative Analysis

11.6 Conclusion and Future Scope

References

About the Editors

Index

Also of Interest

End User License Agreement

Guide

Cover

Table of Contents

Title Page

Copyright

Dedication

Preface

Acknowledgment

Begin Reading

About the Editors

Index

Also of Interest

End User License Agreement

Pages

vii

ii

iii

iv

v

xv

xvi

xvii

xviii

xix

xx

xxi

xxiii

xxiv

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

269

270

271

272

273

274

275

276

277

278

279

280

281

283

284

285

Scrivener Publishing

100 Cummings Center, Suite 541J

Beverly, MA 01915-6106

Advances in Cyber Security

Series Editors: Rashmi Agrawal and D. Ganesh Gopal

Scope: The purpose of this book series is to present books that are specifically designed to address the critical security challenges in today’s computing world including cloud and mobile environments and to discuss mechanisms for defending against those attacks by using classical and modern approaches of cryptography, blockchain and other defense mechanisms. The book series presents some of the state-of-the-art research work in the field of blockchain, cryptography and security in computing and communications. It is a valuable source of knowledge for researchers, engineers, practitioners, graduates, and doctoral students who are working in the field of blockchain, cryptography, network security, and security and privacy issues in the Internet of Things (IoT). It will also be useful for faculty members of graduate schools and universities. The book series provides a comprehensive look at the various facets of cloud security: infrastructure, network, services, compliance and users. It will provide real-world case studies to articulate the real and perceived risks and challenges in deploying and managing services in a cloud infrastructure from a security perspective. The book series will serve as a platform for books dealing with security concerns of decentralized applications (DApps) and smart contracts that operate on an open blockchain. The book series will be a comprehensive and up-to-date reference on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations.

Publishers at Scrivener Martin Scrivener ([email protected]) Phillip Carmical ([email protected])

Cyber Security and Network Security

Edited by

and

This edition first published 2022 by John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USA and Scrivener Publishing LLC, 100 Cummings Center, Suite 541J, Beverly, MA 01915, USA © 2022 Scrivener Publishing LLCFor more information about Scrivener publications please visit www.scrivenerpublishing.com.

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, except as permitted by law. Advice on how to obtain permission to reuse material from this title is available at http://www.wiley.com/go/permissions.

Wiley Global Headquarters111 River Street, Hoboken, NJ 07030, USA

For details of our global editorial offices, customer services, and more information about Wiley products visit us at www.wiley.com.

Limit of Liability/Disclaimer of WarrantyWhile the publisher and authors have used their best efforts in preparing this work, they make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives, written sales materials, or promotional statements for this work. The fact that an organization, website, or product is referred to in this work as a citation and/or potential source of further information does not mean that the publisher and authors endorse the information or services the organization, website, or product may provide or recommendations it may make. This work is sold with the understanding that the publisher is not engaged in rendering professional services. The advice and strategies contained herein may not be suitable for your situation. You should consult with a specialist where appropriate. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read.

Library of Congress Cataloging-in-Publication Data

ISBN 9781119812494

Cover image: Pixabay.com

Cover design by Russell Richardson

Set in size of 11pt and Minion Pro by Manila Typesetting Company, Makati, Philippines

Printed in the USA

10 9 8 7 6 5 4 3 2 1

Dedication

This book is dedicated to my parents, my spouse, my elder sister and my son Arnab Pramanik.

Dr. Sabyasachi Pramanik

To my parents Mr. Dulal Chandra Samanta, Mrs. Ambujini Samanta, my elder sister Mrs. Tanusree Samanta and daughter Ms. Aditri Samanta.

Dr. Debabrata Samanta

To my parents Mr. Madhava Rao R, Mrs. Padma M Rao from whom I learnt the Intonation.

Dr. M. Vinay

To my parents Mr. Nilay Guha, Mrs. Shila Guha; my uncles Mr. Malay Guha and Mr. Pralay Guha; My wife Mrs. Gargee Chakraborty and daughter Ms. Arohi Guha.

Abhijit Guha

Preface

This book focuses on the “interdisciplinarity” of cyber security and network security which contributes to the emerging dialogue on the direction, content and techniques involved in the growth and development of cyber security and network security education and training. The book “Cyber Security and Network Security: Advances, Applications and Emerging Trends” presents the latest methodologies and trends in detecting and preventing cyber and network threats. Investigating the potential of current and emerging security technologies, this publication is an all-inclusive reference source for academicians, researchers, students, professionals, practitioners, network analysts, and technology specialists interested in the simulation and application of cyber and computer network protection. It presents theoretical frameworks and the latest research findings in cyber security and network security technologies while analyzing malicious threats which can compromise cyber and network integrity. It discusses the security and optimization of cyber and computer networks for use in a variety of disciplines and fields. Touching on such matters as mobile and VPN security, IP spoofing, and intrusion detection, this edited collection emboldens the efforts of researchers, academics, and network administrators working in both the public and private sectors. This edited compilation includes chapters covering topics such as attacks and countermeasures, mobile wireless networking, intrusion detection systems, next-generation firewalls, and more. Information and communication systems are an essential component of our society, forcing us to become dependent on these infrastructures. At the same time, these systems are undergoing a convergence and interconnection process that, besides its benefits, raises specific threats to user interests. Citizens and organizations must feel safe when using cyberspace facilities in order to benefit from its advantages.

The current trends and future directions of diverse Cyber security and Network Security Research with applications in various domains are covered in this book. Assaults on computers are gradually becoming one of the most common problems on the planet. As the scope of digital misbehavior grows, it is critical to look into fresh techniques and advancements that can aid ensure the internet network’s security. Continuous technological advancements have necessitated a deliberate approach to security challenges.

Chapter 1 explores that data security, both inside and outside client devices, is a very important problem in today’s society, which is primarily operated through programs interacting over the internet. The MSME sector and new businesses are primarily moving to the cloud to take advantage of the emerging virtual market prospects and to change their work culture to the online arena. As a result, workplace communication that previously took place behind closed doors and in locked storage rooms with data has transitioned to a more public setting, with files being sent through the public internet to public facing servers. As many of the servers for Public/Hybrid Cloud models are owned jointly by two or more parties/stakeholders, this creates a whole new set of security and compliance issues. As a result, data in transit, i.e. data moving in and out of the cloud, as well as data at rest, i.e. data stored in the cloud, must be encrypted so that no third party can access it without the owner’s permission. Data from a client application, such as an Enterprise Communication Application, would be encrypted using updated algorithms and accessible securely through a set of Access Control capabilities with Least Privilege Access Policies in this suggested study model. The data is then packaged and sent over SSL Layers to a server-side application instance running in a public cloud (here)/private cloud, which decrypts the data and sorts it accordingly before saving it to object-based storages, NoSQL databases, and ledger databases with high availability and security at rest. The data at rest is further encrypted, and when requested, it can be packaged and given back to the client application with the essential encryption in transit conditions met. The transactions are carried out using role-based assigning systems and least access privilege access mode, thus obliterating the ideas of data eavesdropping, personal security risks, and so on.

Chapter 2 discusses the use of cloud technology which has grown in recent years. Cloud computing has become an essential component of modern life. Many businesses have been attracted to relay because of the on-demand service providing flexibility enabled by cloud technology. It is not necessary to purchase servers, databases, or other advanced technologies in order to start a new business. Simultaneously, data security in the cloud is extremely concerning and necessitates some attention. With the use of the user’s cloud records, switches, and routers, cybercriminals can gain access to the user’s systems in a variety of methods. Cloud computing is distributed computing, and it is impossible to imagine cloud computing without these techniques. The security procedures are still in their infancy. Identifying the cyber criminal’s cybernetic proof is critical. Cloud service providers rarely give cloud security analysts access to cloud logs or virtual machine instances. For cyber criminals to abuse cloud computations at any time, they only need cybernetic evidence. To prevent cyber criminals from intruding, security procedures must be strengthened. Cloud forensics is one approach to carry out such tasks. There is a lot of research going on in this subject, but there are still a lot of problems to tackle. HPCBC is a high-performance cluster-based computing (HPCBC) technology that can be employed in IoT and AI applications instead of supercomputers. HPCBC uses a parallel processing system. Cloud forensics could be given a new direction with the support of high-performance cluster-based computing, according to this article. Simultaneous imaging and upload, as well as encryption, are available for the files. With the Remote desktop connection, the files should be processed in real-time stream processing. This survey article offers a variety of perspectives on cloud forensic methods and methodologies.

Chapter 3 includes that in the last few decades, cyber-attacks have become far more common. According to statistics, 12.4 million attacks were documented in 2009, and this number has since climbed to 812.67 million known occurrences in 2018. To be fair, these are merely the documented cases; there are many more. Small cyber attacks to massive Ransom ware attacks or a mix of several complex cyber attacks that include advanced exploitation techniques and persistence capacity for long-term infiltration campaigns. However, the deployment of malware was a common thread in all of the cyber attacks that have occurred thus far. To counter these attacks, we must first comprehend malware’s basic structure, functionality, and impacts on the target. This paper gives an in-depth look at malware architectures by studying the malware using a technique known as malware analysis, as well as other related methods that vary based on the type of malware and a closer look at several types of malware, as well as certain well-known malware methods.

Chapter 4 discusses that fraud is one of the most common sources of substantial financial consequences in today’s society, not just for businesses but also for individual customers. The extraction of user profiles based on previous transaction data and then deciding whether or not an incoming transaction is a fraud based on those profiles is an important approach of detecting fraud. The suggested block-chain technology enables certified users to securely store, review, and exchange digital data, facilitating the development of trust, integrity, and transparency in online commercial connections. Block-chain systematically examines the resilience of block-chain-based reputation systems, with a focus on the secure and reliable extraction and transfer of data to customers. Block-chain uses cryptographic hashes generated from summarized shopping blocks that are signed and sent to enable a safe and secure online buying experience without the need for third-party intervention.

In Chapter 5, it is shown that the demand for blockchain-based identity management systems is especially evident in the internet age; we’ve been dealing with identity management issues since the internet’s inception. Privacy, security, and usability have all been cited as major concerns. User identities are organized using identity management systems (IDMSs), which also manage authentication, authorization, and data interchange over the internet. In addition to a lack of interoperability, single points of vulnerability, and privacy concerns, such as allowing bulk data collection and device tracking, traditional identity management systems suffer from a lack of interoperability, single points of vulnerability, and privacy concerns. Blockchain technology has the potential to alleviate these problems by allowing users to track who owns their own IDs and authentication credentials, as well as enabling novel information ownership and administration frameworks with built-in control and consensus methods. As a result, the number of blockchain-based identity management solutions, which can benefit both enterprises and clients, has been fast expanding. We’ll classify these frameworks using scientific criteria based on differences in blockchain architecture, administration methods, and other important features. Context is provided by scientific classification, which includes the depiction of significant concepts, evolving principles, and use cases, as well as highlighting important security and privacy concerns.

In Chapter 6, the concept of feed forward networks is introduced which serve as the foundation for recurrent neural networks. Simple writing analysis is the best analogy for RNN, because the prediction of the next word is always dependent on prior knowledge of the sentence’s contents. RNN is a form of artificial neural network that is used to recognize a sequence of data and then analyze the results in order to predict the outcome. The LSTM is a type of RNN that consists of a stack of layers with neurons in each layer. This article also goes into the issues that each technology has as well as possible remedies. Optimization algorithms alter the features of neural networks, such as weights and learning rates, to reduce losses. Optimization Algorithms in Neural Networks is one of the sections. A section dedicated to some of the most current in-depth studies on Steganography and neural network combinations. Finally, for the prior five years, we give an analysis of existing research on the current study (2017 to 2021).

In Chapter 7, it has been found that cyber physical systems (CPS) will be used in the majority of real-time scenarios in the future. The use of such technologies is unavoidable in order to make the world smarter. However, as the use of such technologies grows, so does the need for improved privacy. Users will not be easily used to such systems if the privacy component is compromised. Because Cyber Physical Systems use a variety of heterogeneous sensor data sources, incorporating a high level of privacy is becoming increasingly difficult for system designers. The applicability of the precise penalty function and its benefits in increasing the privacy level of cyber physical systems will be presented in this chapter. We’ll compare this to existing privacy-preserving strategies in cyber-physical systems and discuss how our suggested privacy framework could be improved in the future.

In Chapter 8, the increasing demands for the preservation and transit of multi-media data have been a part of everyday life over the last many decades. Images and videos, as well as multimedia data, play an important role in creating an immersive experience. In today’s technologically evolved society, data and information must be sent rapidly and securely; nevertheless, valuable data must be protected from unauthorized people. A deep neural network is used to develop a covert communication and textual data extraction strategy based on steganography and picture compression in such work. The original input textual image and cover image are both pre-processed using spatial steganography, and then the covert text-based pictures are separated and implanted into the least significant bit of the cover image picture element. Following that, stego-images are compressed to provide a higher-quality image while also saving storage space at the sender’s end. After that, the stego-image will be transmitted to the receiver over a communication link. At the receiver’s end, steganography and compression are then reversed. This work contains a plethora of issues, making it an intriguing subject to pursue. The most crucial component of this task is choosing the right steganography and image compression method. The proposed technology, which combines image steganography and compression, achieves higher peak signal-to-noise efficiency.

Chapter 9 shows the number of mobile network-connected devices is steadily increasing. The 5G network will theoretically provide a speed of 20 gigabits per second, allowing customers to access data at a rate of 100 megabits per second. Around the world, there are estimated to be 5 billion gadgets. With the advancement of wearable technology, a typical client can now carry up to two network-connected devices or engage in D2D communication. Clients are attracted to the 5G network because it advertises reduced inertness information correspondence, faster access and data transfer rates, and a more secure nature. As the number of supporters grows, concerns about information and computerized assurance will grow in order to keep up with the integrity of data security. Similarly, with any type of data security, there are always concerns about the safety of clients and their sensitive information. This chapter will discuss how to secure the diverse structures that are associated with networks, where these networks are vulnerable to compromise, well-known attack tactics, and how to avoid technical discrepancies.

Chapter 10 has explored the modern Information Technology environment necessitates increasing the value for money while ignoring the potency of the gathered components. The rising demand for storage, networking, and accounting has fueled the growth of massive, complex data centers, as well as the big server businesses that manage several current internet operations, as well as economic, trading, and corporate operations. A data centre can hold thousands of servers and consume the same amount of electricity as a small city. The massive amount of calculating power required to run such server systems controls a variety of conflicts, including energy consumption, greenhouse gas emissions, substitutes, and restarting affairs, among others. This is virtualization, which refers to a group of technologies that cover a wide range of applications and hobbies. This can be applied to the sectors of hardware and software, as well as innovations on the outskirts of virtualization’s emergence. This study demonstrates how we proposed using virtualization technologies to gradually transform a traditional data centre structure into a green data centre. This study looks into the reasons for the price profits of supporting virtualization technology, which is recommended by practically every major company in the market. This is a technology that can drastically reduce capital costs in our environment while also almost committing to low operating costs for the next three years while pursuing the finance. We’ll talk about value in terms of cost and space, with space equating to future cost.

The security of big data is being studied, as well as how to keep the performance of the data while it is being transmitted over the network. There have been various studies that have looked into the topic of big data. Furthermore, many of those studies claimed to provide data security but failed to maintain performance. Several encryption techniques, including RSA and AES, have been utilized in past studies. However, if these encryption technologies are used, the network system’s performance suffers. To address these concerns, the proposed approach employs compression mechanisms to minimize the file size before performing encryption. Furthermore, data is spit to increase the reliability of transmission. Data has been transferred from multiple routes after the data was separated.

If any hackers choose to collect that data in an unauthentic method, they will not be able to obtain complete and meaningful data. By combining compression and splitting mechanisms with big data encryption, the suggested model has improved the security of big data in a network environment. Furthermore, using a user-defined port and various pathways during the split transmission of large data improves the dependability and security of big data over the network projects in Chapter 11.

Acknowledgments

We express our great pleasure, sincere thanks, and gratitude to the people who significantly helped, contributed and supported to the completion of this book. Our sincere thanks to Fr. Benny Thomas, Professor, Department of Computer Science and Engineering, CHRIST (Deemed to be University), Bengaluru, Karnataka India, and Dr. Arup Kumar Pal, Assistant Professor, Department of Computer Science and Engineering, Indian Institute of Technology (Indian School of Mines) Dhanbad, Jharkhand India for their continuous support, advice and cordial guidance from the beginning to the completion of this book.

We would also like to express our honest appreciation to our colleagues at the Haldia Institute of Technology Haldia, West Bengal, India, and CHRIST (Deemed to be University), Bengaluru, Karnataka India, for their guidance and support.

We also thank all the authors who have contributed some chapters to this book. This book would not have been possible without their contribution.

We are also very thankful to the reviewers for reviewing the book chapters. This book would not have been possible without their continuous support and commitment towards completing the chapters’ review on time.

To all of the team members at Scrivener Publishing, who extended their kind cooperation, timely response, expert comments, and guidance, we are very thankful to them.

Finally, we sincerely express our special and heartfelt respect, gratitude, and gratefulness to our family members and parents for their endless support and blessings.

Sabyasachi Pramanik

Department of Computer Science and Engineering, Haldia Institute of Technology, Haldia, West Bengal, India

[email protected]

Debabrata Samanta

Department of Computer Science, CHRIST (Deemed to be University) Bengaluru, Karnataka

[email protected]

M. Vinay

Department of Computer Science, CHRIST (Deemed to be University), Bangalore, India

[email protected]

Abhijit Guha

First American India Private Limited, Bangalore, India

[email protected]

1Securing Cloud-Based Enterprise Applications and Its Data

Subhradip Debnath*, Aniket Das and Budhaditya Sarkar

Department of Computer Science, Institute of Engineering and Management, Maulana Abul Kalam Azad University of Technology, Kolkata, West Bengal, India

Abstract

In today’s world that is mostly through applications interacting over the internet, data security both inside and outside the client devices is a very critical topic. MSME sector and the new enterprises coming up are mostly shifting to the cloud space for grabbing up the opportunities of the virtual market that are coming up and shifting their work culture to the online space. Thus, the enterprise communication that was mainly happening in offline methods, behind closed doors, and locked storage rooms with files has now shifted to a more public space, files being routed through the public internet to public facing servers. Resulting in a whole new domain of security and compliance problems as many of the servers for Public/Hybrid Cloud models fall under a joint ownership between two or more parties/stakeholders. Thus, securing the data in transit, i.e., coming in and out of the cloud, and the data in rest, i.e., the data lying inside the cloud, needs to be encrypted such that no third party can access it without the consent of its owner. In this proposed research model, it is proposed that data from a client application as in an enterprise communication application are encrypted using modified algorithms which would be accessible securely through a series of access control functionalities with least privilege access policies. The data is further packed up and are transported over the SSL layers to an server side application instance running in a public cloud (here)/private cloud which shall decrypt the information coming through and sorts the data accordingly and further saves them into the object-based storages, NoSQL, and Ledger databases with high availability and security at rest. The data at rest is further encrypted, can be packed up, and sent back to the client application when requested with necessary encryption in transit criteria fulfilled. The transactions are carried out using role-based assigning systems and least access privilege access mode, thus successfully stopping the concepts of threats to privacy, data eavesdropping, threat to personal security, etc.

Keywords: Enterprise, architecture, secure, application, data, cloud, encryption, threats

1.1 Introduction

Human life is driven by data. In this century, every business decision that is undertaken is based on derivations of data collected over the years. Data warehouses and databases are overflowing with ever growing data, but the main concern at this point of time is the security of both data in transit, i.e., being sent over the public internet and the security of the data at rest. Security of the data does not only mean about its confidentiality but also its availability and integrity.

Due to the rapidly growing virtual market, data is at its abundance as starting from the startup companies, companies from the MSME sector and even the traditional core large companies are shifting and changing their business model to adapt to cloud. Thus, security of the applications along with the data has become a necessity rather than a choice.

Due to the rapidly increasing demands, which are producing a large amount of data, the users are facing problems of securely storing that data in a searchable format. Studies have also suggested that security and privacy are among the major factors of influencing a consumer’s trust [1, 2]. Some researchers have worked upon the concept of securing the data through blockchain. However, blockchain integration makes the computations required, and unnecessarily complex and large computations of the blockchain are quite unnecessary when thinking of saving data that are important but come in too frequently. This concept was not introduced to just storing data cryptographically but from the concept of “transfer of assets from peer to peer”.

Thus, in our proposed model, our objective is to help the data from users, (here) an enterprise software transfer their data through the public network by the use of a web-based software, facilitating encrypted communications over the public channels and keeping unnecessary computations to its bare minimum. Data, be it object-based or text or JSON data structure, can be passed through the system and can be checked up for malware. If the data transmitted is seen to be coming in through valid credentials and passes the security checks, then it would be stored in the NoSQL databases. For object-based files, the files would be checked for security exploits, and after passing the checks, it would be checked if the files could be scaled down and they would be saved over in the object storage buckets. Logs would be generated for every action undertaken by the user after log in and those corresponding logs would be added on to immutable ledger databases for further audits and checks with timestamps, so that every user in the system is accountable for their actions.

The proposed system has a highly scalable and available architecture. The number of systems provisioned in the architecture can grow/shrink according to the load. The proposed system is developed keeping in mind that the data stored can be queried easily, so that it can serve as a better alternative to the proposed blockchain systems that are being proposed widely. The suggested architecture can also check for intrusion and can perform malware analysis, spam detection, etc.

1.2 Background and Related Works

Every device produces metadata based on the client’s request. For securing cloud base applications, metadata exchange is also necessary to maintain nondisrupting service. Any hacker can easily take advantage of those metadata and use that for any malicious intention like malware injection and many others. In this case, a hacker needs to inject malicious code or service of the valid instance running in the cloud. If the hacker is successful, then the cloud will suffer from deadlocks and eavesdropping which forces real users to wait until the process is not completed. This type of attack is also known as metadata spoofing attack. In this way, anyone can get access to the cloud easily [3, 4].

Imagining that Raspberry Pi is connected to the internet using a wireless router and it sends data to the cloud. Here, if any hacker joins the network, then he places himself between two communicating parties and relaying messages for them. Here, the hacker is also getting full access to the data, and he can also monitor and change the contents of messages.

SQL injection is an attack that toxins dynamic SQL statements to comment out certain parts of the statement or append a condition that will ceaselessly be true. It takes advantage of the planning flaws in poorly designed net applications to require advantage of SQL statements to execute malicious SQL code. Thus, in our proposed approach, we have used a NoSQL database. In a NoSQL database, traditional SQL injection should not cause a risk to the system.

If only HTTPS is used and data is not encrypted, then it is in readable form before being sent to a private network, so it can be manipulated by any third person intriguing in the system. So, SSL Certificate (Secure Socket Layers) is used which ensures that it remains impossible for anyone else other than the receiver and sender to read the data by using encryption algorithms already integrated in it. However, HTTPS can be decoded using SSL man in the middle (MITM) through various ways. One of them is enabling the packet routing feature on hacker machines and running a DNS spoof so that the victim connects to hacker machine through HTTP/ HTTPS port [5].

In the paper “Security Enhancement for Data Migration in the Cloud”, J. R. N. Sighom et al. discussed regarding securing data in the cloud are one of the key roles. To maintain the privacy and security of data, researchers have combined several encryption algorithms like IDA (Information Dispersal Algorithm), SHA 512 (Secure Hash Algorithm), and AES 256 (Advanced Encryption Standard). The encrypted data is split into several parts. During the decoding process, the validation stages are observed first. IDA is used after the reconstruction of encrypted data, and it is reconverted into the initial data using AES 256. Consistent with the result, the common execution time is higher when the decoding time process is verification 1.453 [6].

Researchers have also tried to improve the security of data in the cloud by using the DES (Data Encryption Standard) and AES (Advanced Encryption Standard) algorithm together. Cloud computers well describe the set of resources or services that it offers on the internet, to meet the requirements of cloud providers [7].

Cloud computing systems have come a long way in implementing and executing applications in a sandboxed environment minimizing threat, and maximizing reliability, scalability, availability, and security. Although there has been much research to make the cloud platforms interoperable in between multiple organizations by organizing and reorganizing the cloud federation [8, 9], i.e., giving the companies the power to collaborate and share resources among each other. Multiple federation architecture is being proposed such as cloud brokering, aggregation, and cloud bursting and is worked upon to find out the most suitable among them [10]. However, there have been issues of portability and interoperability among them [11]. Primarily, the partially coupled federation is being followed where the company private servers and the services hosted on the public cloud are interoperable and there is an understanding and sharing of resources between the servers depending on the flow of traffic and load.

1.3 System Design and Architecture

1.3.1 Proposed System Design and Architecture

Figure 1.1 Proposed system design architecture.

1.3.2 Modules

1.3.2.1 Compute Instances

Amazon Elastic Compute Cloud, commonly known as EC2, is a computer service provisioning virtual servers on demand. The instances can be autoscalable based on requirements, and it is highly flexible as one instance can be launched in a few minutes and configured to cater the needs. The web server applications are hosted on the servers. The servers are configured to be autoscalable and to scale out on the occasion of high traffic or load. On the occasion that the CPU or memory remains unutilized, then the autoscaling further kicks in to scale-in the number of compute instances to save resources. Figure 1.1 shows proposed system design architecture.

1.3.2.2 API Gateway

Provisioned in the VPC, the API Gateway facilitates the use of REST API to congregate data requested from the web application and provides public endpoints for further future expansion of the client side architecture.

1.3.2.3 Storage Bucket (Amazon S3)

In our proposed architecture, we are using Amazon Simple Storage Service (Amazon S3) which provides secure, high-scalable, and durable object storage. Simply log in and seamlessly move and share data stored in S3 across any storage resources employing a unified, intuitive interface. Here, we are storing the data like large files and databases, which is being shared among themselves. In our proposed model, we have stored the static data or data in rest (i.e., object) in Amazon S3.

1.3.2.4 Lambda

AWS Lambda is a compute service which gets activated on demand. In our proposed model, we have used AWS Lambda for size reduction of files by compressing them as much as possible before getting stored in a storage bucket. Whenever an object is sent to a storage bucket from the server, lambda is called. It takes the object from the storage bucket and reduces the size by compressing them and stores them in another storage bucket, data being encrypted at rest.

1.3.2.5 Load Balancer

Load unbalancing is a serious problem that inhibits the performance and efficiency of compute resources. In our proposed model, the load balancer distributes the incoming traffic or load among the compute instances equally to maintain the balance of the server. Problems like server overload or under-load can be avoided using load balancer. Load balancer improves the real-time necessary constraint parameters like response time, execution time, and system stability [12].

1.3.2.6 Internet Gateway

In our proposed model, the Internet Gateway links the Virtual Private Cloud (VPC) with the public internet.

1.3.2.7 Security Groups

Security groups are instance level firewalls. Security groups can be configured to stop incoming and outgoing traffic in instances. In our proposed model, an advantage of using security groups is that it is a straight full service which means any rule applied to incoming rules will also be applied in outgoing rules.

1.3.2.8 Autoscaling

Autoscaling feature helps in cost saving and efficient use of resources without human intervention. In our proposed model, autoscaling determines performance metrics which acts as good indicators for conveying the load on a resource. Autoscaling performs operations on CPU utilization, bandwidth usage, and memory utilization. Here, the user need not overprovision a server to meet the needs during high usage. During peak demands, autoscaling automatically increases computing services and other necessary resources and decreases during low usage periods, thus saving cost and optimum utilization of services and resources [13].

1.3.2.9 QLDB

Amazon QLDB is a ledger database that provides an immutable, verifiable, transparent, and cryptographically transaction log centrally. It can be used to track and any application data change over time.

However, relational databases are not immutable and changes are hard to track and verify. Alternatively, blockchain frameworks can be used as a ledger but it adds complexity as an entire blockchain network needs to be set up and the nodes are required to validate each transaction before it can be added to the ledger.

With Amazon QLDB, effort of building your own ledger-like applications is eliminated. QLDB is immutable; it cannot be altered or deleted and can be easily verifiable if any unintended modifications are made. QLDB provides SQL-like API, a flexible document data model, and full support for transactions. With QLDB data can be replicated to other AWS services to support advanced analytical processing. QLDB is serverless so it is scalable according to my needs so I pay for what I use. In our proposed model, all the records of data and various other files are stored and maintained in QLDB.

1.3.2.10 NoSQL Database

In our proposed model, we have chosen NoSQL databases as it is perfect for our applications requiring flexibility, high-performance, scalability, and highly functional databases since it does not have any schema. The document type/JSON type files are stored in this database.

Sensitive data are secured using encryption algorithms mentioned in our architecture. The JSON files are being encrypted before getting stored inside the database.

1.3.2.11 Linux Instance and Networking

Instances widely provided by the public cloud provider services can be used or virtualized compute instances can be provisioned for hosting the application on private servers. In this project, we have used an AWS EC2 instance to set up the server side application on the instance for the client devices to communicate and transmit the messages. EC2 also provides additional security, and moreover, the compute capacity is easily resizable according to the demand.

Private servers can also be spun up if not going through with public cloud providers. The instances need to be spun up with updated hypervisors keeping scalability and durability in mind. Networking needs to be managed internally in that case and NAT gateways need to be set up to facilitate communication of the virtual instances through a public facing IP.

1.3.2.12 Virtual Network and Subnet Configuration

A specific virtual private network is required to be configured for the application spanning two or more availability zones for higher availability and application reliability. One public subnet and two private subnets need to be launched for each of the availability zone that we have accounted for. Private subnets would contain the user access and data, and the storage services and only the web application instances that are launched into the public subnet would be allowed to access. The application instances would be able to access the services provisioned into the private subnets through the private endpoints which are not exposed to the public internet. Thus, all the user/application data residing in the system cannot be accessed without prior authentication and authorization through the public endpoint.

1.4 Methodology

1.4.1 Firewall

In our proposed architecture, every incoming and outgoing data coming inside or going outside the cloud needs to be passed through the network firewall or VPC. Network firewall prevents several attacking problems like data exfiltration, insider attack, and many more. Here, we have created policies which are suitable for the organization. Every incoming and outgoing package can be blocked, filtered, and monitored. In addition, if any malicious activity is detected, then that can be blocked easily without affecting the entire system.

1.4.2 Malware Injection Prevention