Advertisement

A Secure Cloud-Based IDPS Using Cryptographic Traces and Revocation Protocol

  • Hind IdrissiEmail author
  • Mohammed Ennahbaoui
  • Said El Hajji
  • El Mamoun Souidi
Conference paper
  • 684 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10194)

Abstract

Cloud computing is a revolutionary information technology, that aims to provide reliable, customized and quality of service guaranteed environments, where virtualized and dynamic data are stored and shared among cloud users. Thanks to its significant benefits such as: on demand resources and low maintenance costs, cloud computing becomes a trend in the area of new technologies that facilitates communication and access to information. Despite the aforementioned facts, the distributed and open nature of this paradigm makes privacy and security of the stored resources a major challenge, that limits the use and agreement of cloud computing in practice. Among the strong security policies adopted to address this problem, there are Intrusion Detection and Prevention Systems (IDPS), that enable the cloud architecture to detect anomalies through monitoring the usage of stored resources, and then reacting prevent their expansion. In this paper, we propose a secure, reliable and flexible IDPS mainly based on autonomous mobile agents, that are associated with tracing and revocation protocol. While roaming among multiple cloud servers, our mobile agent is charged with executing requested tasks and collecting needed information. Thus, on each cloud server a “cryptographic trace” is produced in which all behaviors, results and data involved in the execution are recorded, which allow to identify any possible intrusions and hence predict a response to prevent them or end their processing, through using a server revocation technique based on trust threshold.

Keywords

Cloud computing IDPS Mobile agent Cryptographic traces Revocation protocol 

References

  1. 1.
    Mell, P., Grance, T.: The NIST definition of cloud computing (2011)Google Scholar
  2. 2.
    Galante, J., Kharif, O., Alpeyev, P.: Sony network breach shows Amazon clouds appeal for hackers (2011)Google Scholar
  3. 3.
    Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS). NIST Special Publication, 800, p. 94 (2007)Google Scholar
  4. 4.
    Gavalas, D., Tsekouras, G.E., Anagnostopoulos, C.: A mobile agent platform for distributed network and systems management. J. Syst. Softw. 82(2), 355–371 (2009)CrossRefGoogle Scholar
  5. 5.
    Gupta, S., Kumar, P., Abraham, A.: A profile based network intrusion detection and prevention system for securing cloud environment. Int. J. Distrib. Sens. Netw. 2013, 1–12 (2013)Google Scholar
  6. 6.
    Tupakula, U., Varadharajan, V., Akku, N.: Intrusion detection techniques for infrastructure as a service cloud. In: IEEE International Conference on Dependable, Autonomic and Secure Computing, pp. 744–751 (2011)Google Scholar
  7. 7.
    Jin, H., Xiang, G., Zou, D., Wu, S., Zhao, F., Li, M., Zheng, W.: A VMM-based intrusion prevention system in cloud computing environment. J. Supercomput. 66(3), 1133–1151 (2013)CrossRefGoogle Scholar
  8. 8.
    Smith, D., Guan, Q., Fu, S.: An anomaly detection framework for autonomic management of compute cloud systems. In: 34th Annual Computer Software and Applications Conference Workshops (COMPSACW), Seoul, pp. 376–381 (2010)Google Scholar
  9. 9.
    Alsafi, H.M., Abduallah, W.M., Pathan, A.S.K.: IDPS: an integrated intrusion handling model for cloud computing environment. Int. J. Comput. Inf. Technol. (IJCIT) 4(1), 1–16 (2012)Google Scholar
  10. 10.
    Dastjerdi, A.V., Bakar, K.A., Tabatabaei, S.G.H.: Distributed intrusion detection in clouds using mobile agents. In: Third International Conference on Advanced Engineering Computing and Applications in Sciences, Sliema, pp. 175–180 (2010)Google Scholar
  11. 11.
    Mills, D., Martin, J., Burbank, J., Kasch, W.: Network time protocol version 4: protocol and algorithms specification no. RFC5905 (2010)Google Scholar
  12. 12.
    Vigna, G.: Cryptographic traces for mobile agents. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 137–153. Springer, Heidelberg (1998). doi: 10.1007/3-540-68671-1_8 CrossRefGoogle Scholar
  13. 13.
    Phan, R.W.: Fixing the integrated Diffie-Hellman-Dsa key exchange protocol. Commun. Lett. IEEE 9(6), 570–572 (2005)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Aumasson, J.: On the pseudo-random generator ISAAC. IACR Cryptology ePrint Archive 2006, p. 438 (2006)Google Scholar
  15. 15.
    Jaffar, A., Martinez, J.C.: Detail power analysis of the SHA-3Hashing algorithm candidates on Xilinx Spartan-3E. Int. J. Comput. Electr. Eng. 5(4), 410–413 (2013)CrossRefGoogle Scholar
  16. 16.
    Announcing the Advanced Encryption Standard (AES). FIPS Publication 197, NIST (2001)Google Scholar
  17. 17.
    Gallagher, P.: Digital signature standard (DSS). Federal Information Processing Standards Publication, FIPS PUB, 186–3 (2009)Google Scholar
  18. 18.
    Calheiros, R.N., Ranjan, R., Beloglazov, A., DeRose, C.A.F., Buyya, R.: CloudSim: a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning algorithms. Softw. Pract. Experience 41(1), 23–50 (2010). Wiley publishersGoogle Scholar
  19. 19.
    Bellifemine, F., Poggi, A., Rimassa, G.: JADE: a FIPA2000-compliant agent development environment. In: The 5th International Conference on Autonomous Agents, pp. 216–217. ACM, Montreal (2001)Google Scholar
  20. 20.
    Braun, P., Rossak, R.: Mobile Agents: Basic Concepts, Mobility Models and the Tracy Toolkit. Elsevier, San Francisco (2005)Google Scholar
  21. 21.
    Maynor, D.: Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research. Elsevier, San Francisco (2011)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Hind Idrissi
    • 1
    Email author
  • Mohammed Ennahbaoui
    • 1
  • Said El Hajji
    • 1
  • El Mamoun Souidi
    • 1
  1. 1.Laboratory of Mathematics, Computing and Applications (LabMIA), Faculty of SciencesMohammed-V University in RabatRabatMorocco

Personalised recommendations