Internet of Things (IoT) and Cloud Computing play a vital role in the field of Information Technology. The goal of IoT is to link objects of heterogeneous in nature to avail smart services and application anywhere, anytime using any device.
Cloud Computing allows computer users to conveniently rent access to fully featured applications, to software development and deployment environments, and to computing infrastructure assets such as network-accessible data storage and processing with its salient features of on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Though the Cloud and IoT have emerged as independent technology, merging these two technologies brings renaissance in the field of future networks and in building smart environment.
This new evolvement is known as CloudIoT. One of the important challenges in CloudIoT is security. Challenges on the integration of the Cloud within IoT are to be a major bottleneck. The integration of security mechanism and data privacy are also a major concern. Any leakage of information from any of the CloudIoT could severely damage the privacy and authenticity of the users and data. Researchers all over the world put on efforts in integrating smart CloudIoT services to satisfy the needs of the CloudIoT Users. But no prominent architecture has been authenticated so far.
Hence, it is imperative to design architecture to integrate CloudIoT smart services and applications to access smart services in a secured manner at anywhere, anytime. The major challenges in implementing this scenario are security factors such as authenticity, confidentiality, integrity, and privacy. In network security, there are several types of attacks which can harm the network resources and services. Distributed Denial of Service (DDoS) is one of the malicious attacks which can harm data communication in CoT potentially.
There is a problem that may render customers to withdraw from the cloud services. A traditional DDoS attack aims at servers and/or the bandwidth of a network or a website in order to make them unavailable to their intended users. However, attackers can generate DDoS attack to harm the cloud resources in the same way as the cloud has a huge pool of resources which are larger than attackers resources.
Inhaltsverzeichnis (Table of Contents)
- Chapter -I INTRODUCTION
- 1.1 Internet of Things
- 1.2 IoT Prognostications
- 1.3 Definitions on IoT
- 1.4 Cloud Computing
- 1.5 Definitions on Cloud Computing
- 1.5.1 Essential Characteristics
- 1.5.1.1 On-demand self-service
- 1.5.1.2 Broad network access
- 1.5.1.3 Resource pooling
- 1.5.1.4 Rapid elasticity
- 1.5.1.5 Measured Service
- 1.6 Working Models of Cloud Computing
- 1.7 Deployment Models of Cloud Computing
- 1.8 IoT and Cloud Integration
- 1.9 Cloud Computing Security
- 1.10 Distributed Denial of Service
- 1.11 Taxonomy of Distributed Denial of Service Attack
- 1.12 Types of DDoS Attack
- 1.12.1.1 Application Layer DDoS attack
- 1.12.1.2 HTTP Flood Attack
- 1.12.1.3 UDP Flood attack
- 1.12.1.4 ICMP Flood Attack
- 1.12.1.5 Smurf Attack
- 1.12.1.6 PING of Death Attack
- 1.12.1.7 TCP Flood
- 1.12.1.8 Volumetric Attacks
- 1.12.1.9 DNS Amplification Attack
- 1.12.1.10 Protocol Attacks
- 1.12.1.11 Syn Flood Attacks
- 1.13 Aims and Objectives
- 1.14 Thesis Structure
- Chapter -II REVIEW OF LITERATURE
- 2.1 Distributed Denial of Service Attack
- 2.2 Security Architecture for Mitigating Distributed Denial of Service Attack
- 2.3 Mitigating Approaches for Distributed Denial of Service Attack
- 2.3.1 Captcha Methods for Mitigating DDoS Attack
- 2.3.2 Puzzle Approaches for Mitigating DDoS Attack
- 2.3.3 Optimization Algorithm for Mitigating DDoS Attack
- 2.3.4 IDPS System for Mitigating DDoS Attack
- 2.3.5 Firewall Approaches for Mitigating DDoS Attack
- Chapter III A SECURITY ARCHITECTURE FOR MITIGATING DISTRIBUTED DENIAL OF SERVICE(DDOS)ATTACK INTEGRATING INTERNET OF THINGS AND CLOUD COMPUTING
- 3.1 SMS_FIREWALL_DDoS Proposed Architecture
- 3.1.1 The Proposed Architecture Scope
- 3.1.2 Unique Features of the SMS_DDoS Architecture
- 3.1.3 SMS_DDOS Architecture
- 3.2 Functional Components of the Proposed Architecture
- 3.3 CloudIoT Integrated Environment
- 3.3.1 IoT Things
- 3.3.2 Sensors
- 3.3.3 RFID
- 3.3.4 Sensor Reader
- 3.3.5 Sensor Networks
- 3.3.6 Gateway
- 3.3.6.1 Information types
- 3.3.6.2 Metadata
- 3.3.6.3 Operational information
- 3.3.7 Devices
- 3.3.8 MQTT
- 3.4 CloudIoT Integrated Environment
- 3.4.1 CloudIoT Platform
- 3.4.1.1 Web Server
- 3.4.1.2 Sql Server
- 3.4.1.3 Application Server
- 3.4.1.4 Cloud Services
- 3.4.1.5 Smart Mitigating Database Server(SM_DS)
- 3.4.1.6 DNS Server
- 3.5 Secure User and Device Registration
- 3.6 Smart Mitigating Service_Firewall
- 3.6.1 SMS_Firewall
- 3.6.2 First Verification Test: CAPTCHA (The Completely Automated Public Turing test to Tell Computers and Humans Apart) Test
- 3.6.2.1 Text Captcha
- 3.6.2.2 Image Captcha
- 3.6.2.3 Mathematical Captcha
- 3.6.2.4 I m Not a Robot Captcha
- 3.6.2.5 Malware Detection System
- 3.5.3 Second Verification Test :Jigsaw Image Puzzle Test
- 3.6.3.1 Jigsaw Image Puzzle
- 3.6.3.2 Client Puzzle Server
- 3.6.4 Intrusion Detection and Prevention System
- 3.6.4.1 Firefly Biological Behavior
- 3.6.4.2 Proposed CDDOSD and BFFO Model for DDoS Detection
- 3.6.5 Reverse Proxy
- 3.7 Functional Descriptions of Sms_Firewall Diagram
- 3.8 Secure User and Device Authentication
- 3.9 Secure Data Transaction between Cloud and Legitimate Users
- 3.10 Functional Components Descriptions Flow Diagram
- 3.9 Sequence Diagram of SMS_DDoS Attack
- 3.11.1 Case Study-1: Smart Traffic
- 3.11.2 Case Study-2: Smart Hospital
- 3.11.3 Case Study-3: Smart Agriculture
- Chapter - IV Security Algorithm
- 4.1 Secure User and Device Registration
- 4.2 Dynamic Captcha with equal probability proposed Algorithm
- 4.2.1 Text Captcha Algorithm
- 4.2.2 Image Captcha Algorithm
- 4.2.3 Math Captcha Algorithm
- 4.2.4 I M NoT A ROBOT Captcha Algorithm
- 4.3 Image Jigsaw Puzzle Algorithm
- 4.4CDDOSD Algorithm(Intrusion Detection Algorithm)
- 4.5 Intrusion Prevention and Traffic Load Balancing Firefly Algorithm
- 4.6 Algorithm Method for selecting DominantCloudServer
- 4.7 Secure User and Device Authentication
- 4.8 Secure Data Transaction between Cloud and Legitimate Users
- 4.9 Key Generation Algorithm
- 4.10 Significance of the Proposed Security Algorithms
- CHAPTER V EXPERIMENTAL STUDY AND RESULT ANALYSIS
- 5.1 Secure User and Device Registration
- 5.2 OpNet Simulation Tool
- 5.3 Experimental Setup
- 5.4 Number of Requests received by the server for HTTP applications
- 5.5 Response time for HTTP applications
- 5.6 Server Performance
- 5.7 The average throughput for HTTP packets that are transferred between the firewall and the server
- 5.8 Attack classification and Detection
- 5.9 Response Time Analysis
- 5.10 Analysis on Latency
- 5.11 Analysis on Overall System Throughput
- 5.12 Comparison of Public Key Cryptosystems
- CHAPTER VI CONCLUSIONS AND FUTURE DIRECTIONS
- 6.1 Conclusions
- 6.2 Future Directions
Zielsetzung und Themenschwerpunkte (Objectives and Key Themes)
This research aims to propose a secure architecture for mitigating DDoS attacks in a CloudIoT environment. The study aims to develop an end-to-end security mechanism, framework, and algorithms that effectively reduce the impact of DDoS attacks, improve service availability and profitability, and classify incoming network traffic into attack and non-attack categories.
- DDoS Attack Mitigation in CloudIoT Environment
- End-to-End Security Framework
- Traffic Classification and Detection
- Performance Optimization and Response Time Reduction
- Application of Firefly Algorithm for Intrusion Prevention and Load Balancing
Zusammenfassung der Kapitel (Chapter Summaries)
- Chapter 1 introduces the concepts of IoT and cloud computing, highlights the challenges of integrating these technologies, and emphasizes the significance of DDoS attacks in the CloudIoT environment. It defines the research objectives and outlines the thesis structure.
- Chapter 2 provides a comprehensive review of existing research on DDoS attack mitigation techniques, including captcha methods, puzzle approaches, optimization algorithms, intrusion detection and prevention systems, and firewall approaches. This chapter analyzes the strengths and weaknesses of these existing solutions, paving the way for the development of a more robust architecture.
- Chapter 3 presents the proposed architecture, "Smart Mitigating Service Firewall for Distributed Denial of Service Attack (SMS_FIREWALL_DDoS)", which is designed to protect CloudIoT users and providers from DDoS attacks. The architecture employs a two-step verification process using Dynamic Captcha and Jigsaw Image Puzzle tests to differentiate legitimate users from malicious bots. The chapter further delves into the key components of the architecture, including the Malware Detection System, Client Puzzle Server, Intrusion Detection and Prevention System (IDPS), and Reverse Proxy. The chapter also presents a case study illustrating the application of the proposed architecture in real-world scenarios.
- Chapter 4 discusses the various security algorithms developed for the proposed architecture. This includes algorithms for secure user and device registration, Dynamic Captcha, Jigsaw Image Puzzle, Binary Firefly Algorithm for intrusion prevention and traffic balancing, and secure data transaction using Elliptic Curve Cryptography (ECC).
- Chapter 5 focuses on the experimental study and result analysis of the proposed architecture. It utilizes the OpNet simulation tool to validate the performance of the architecture. This chapter presents detailed performance metrics, including response time, latency, and overall system throughput. It also compares the performance of ECC and RSA cryptosystems.
Schlüsselwörter (Keywords)
This work explores the intersection of Cloud computing, the Internet of Things (IoT), and network security, with a focus on mitigating Distributed Denial of Service (DDoS) attacks. Key themes include secure user and device authentication, dynamic captcha algorithms, jigsaw image puzzle algorithms, binary firefly optimization, intrusion detection and prevention systems, reverse proxy technology, and Elliptic Curve Cryptography (ECC).
- Quote paper
- Dr. Helen Parimala (Author), 2019, A Secured Architecture for Mitigating Distributed Denial of Service Attack Integrating Internet of Things and Cloud Computing, Munich, GRIN Verlag, https://www.grin.com/document/1306455