Internet of Things (IoT) and Cloud Computing play a vital role in the field of Information Technology. The goal of IoT is to link objects of heterogeneous in nature to avail smart services and application anywhere, anytime using any device.
Cloud Computing allows computer users to conveniently rent access to fully featured applications, to software development and deployment environments, and to computing infrastructure assets such as network-accessible data storage and processing with its salient features of on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Though the Cloud and IoT have emerged as independent technology, merging these two technologies brings renaissance in the field of future networks and in building smart environment.
This new evolvement is known as CloudIoT. One of the important challenges in CloudIoT is security. Challenges on the integration of the Cloud within IoT are to be a major bottleneck. The integration of security mechanism and data privacy are also a major concern. Any leakage of information from any of the CloudIoT could severely damage the privacy and authenticity of the users and data. Researchers all over the world put on efforts in integrating smart CloudIoT services to satisfy the needs of the CloudIoT Users. But no prominent architecture has been authenticated so far.
Hence, it is imperative to design architecture to integrate CloudIoT smart services and applications to access smart services in a secured manner at anywhere, anytime. The major challenges in implementing this scenario are security factors such as authenticity, confidentiality, integrity, and privacy. In network security, there are several types of attacks which can harm the network resources and services. Distributed Denial of Service (DDoS) is one of the malicious attacks which can harm data communication in CoT potentially.
There is a problem that may render customers to withdraw from the cloud services. A traditional DDoS attack aims at servers and/or the bandwidth of a network or a website in order to make them unavailable to their intended users. However, attackers can generate DDoS attack to harm the cloud resources in the same way as the cloud has a huge pool of resources which are larger than attackers resources.
Table of Contents
Chapter -I INTRODUCTION
1.1 Internet of Things
1.2 IoT Prognostications
1.3 Definitions on IoT
1.4 Cloud Computing
1.5 Definitions on Cloud Computing
1.6 Working Models of Cloud Computing
1.7 Deployment Models of Cloud Computing
1.8 IoT and Cloud Integration
1.9 Cloud Computing Security
1.10 Distributed Denial of Service
1.11 Taxonomy of Distributed Denial of Service Attack
1.12 Types of DDoS Attack
1.13 Aims and Objectives
1.14 Thesis Structure
Chapter -II REVIEW OF LITERATURE
2.1 Distributed Denial of Service Attack
2.2 Security Architecture for Mitigating Distributed Denial of Service Attack
2.3 Mitigating Approaches for Distributed Denial of Service Attack
2.3.1 Captcha Methods for Mitigating DDoS Attack
2.3.2 Puzzle Approaches for Mitigating DDoS Attack
2.3.3 Optimization Algorithm for Mitigating DDoS Attack
2.3.4 IDPS System for Mitigating DDoS Attack
2.3.5 Firewall Approaches for Mitigating DDoS Attack
Chapter -III A SECURITY ARCHITECTURE FOR MITIGATING DISTRIBUTED DENIAL OF SERVICE(DDOS) ATTACK INTEGRATING INTERNET OF THINGS AND CLOUD COMPUTING
3.1 SMS_FIREWALL_DDoS Proposed Architecture
3.1.1 The Proposed Architecture Scope
3.1.2 Unique Features of the SMS_DDoS Architecture
3.1.3 SMS_DDOS Architecture's Principles and Techniques
3.2 Functional Components of the Proposed Architecture
3.3 CloudIoT Integrated Environment
3.3.1 IoT Things
3.3.2 Sensors
3.3.3 RFID
3.3.4 Sensor Reader
3.3.5 Sensor Networks
3.3.6 Gateway
3.3.7 Devices
3.3.8 MQTT
3.4 CloudIoT Integrated Environment
3.4.1 Cloud Platform
3.5 Secure User and Device Registration
3.6 Smart Mitigating Service
3.6.1 Smart Mitigating Service Firewall
3.6.2 First Verification Process of SMS_Firewall
3.6.2.1 Text Captcha
3.6.2.2 Image Captcha
3.6.2.3 Mathematical Captcha
3.6.2.4 I'm Not A Robot Captcha
3.6.2.5 Malware Detection System
3.6.3 Second Verification Process of SMS _Firewall
3.6.3.1 Jigsaw Image Puzzle
3.6.3.2 Client Puzzle Server
3.6.4 Intrusion Detection and Prevention System
3.6.4.1 Firefly Biological Behavior
3.6.4.2 Proposed CDDOSD and BFFO Model for DDoS Detection
3.6.5 Reverse Proxy
3.7 Functional Descriptions of SMS_ Firewall for DDoS Diagram
3.8 Secure User and Device Authentication
3.9 Secure Transaction between Cloud and Legitimate User
3.10 Functional Components Descriptions of SMS_Firewall for DDoSFlow Diagram
3.11 Sequence Diagram of SMS_Firewall for DDoS Attack
3.11.1 Case Study - 1 : Smart Traffic
3.11.2 Case Study - 2 : Smart Hospital
3.11.3 Case Study - 3 : Smart Agriculture
Chapter IV SECURITY ALGORITHMS
4.1 Secure User and Device Registration Algorithm
4.2 Dynamic Captcha Algorithm
4.2.1 Text Captcha Algorithm
4.2.2 Image Captcha Algorithm
4.2.3 Math Captcha Algorithm
4.2.4 Captcha Algorithm
4.3 Jigsaw Image Puzzle Algorithm
4.4 Binary Firefly Algorithm for Intrusion Detection and Prevention System
4.5 Intrusion Prevention and Traffic Load Balancing
4.6 Method for selecting DominantCloudServer
4.7 Secure Data between Legitimate User and CloudIoT
4.8 Secure User and Device Authentication
4.9 Key generation using ECC
4.10 Significance of the Proposed Algorithm
Chapter V EXPERIMENTAL STUDY AND RESULT ANALYSIS
5.1 Secure User and Device Registration
5.2 OpNet Simulation Tool
5.3 Experimental Setup
5.4 Number of Request received by the Server for HTTP Application
5.5 Response Time for HTTP Applications
5.6 Server Performance
5.7 The average Throughput for HTTP
5.8 Attack Classification and Detection
5.9 Response Time Analysis
5.10 Analysis on Latency
5.11 Analysis on Overall System Throughput
5.12 Comparison of Public Key Cryptosystems
Chapter VI CONCLUSION AND FURTHER RESEARCH DIRECTIONS
Research Objectives and Key Topics
This research aims to design and implement a secure, proactive architecture (the "Smart Mitigating Service Firewall") to mitigate Distributed Denial of Service (DDoS) attacks within Cloud-based Internet of Things (CloudIoT) environments, focusing on ensuring user authenticity and reducing latency for legitimate users.
- Integrated security architecture for CloudIoT environments
- Advanced DDoS mitigation using Dynamic Captcha and Jigsaw Puzzle tests
- Traffic load balancing and optimization via Binary Firefly Algorithms
- End-to-end data security utilizing Elliptic Curve Cryptography (ECC)
- Experimental validation through OpNet simulations for performance and throughput
Excerpt from the Book
SMS_FIREWALL_DDoS Proposed Architecture
After presenting and evaluating various of the existing solutions that are projected to counteract attacks of DDoS in the previous chapter, the proposed architecture will be presented to counteract such attacks. The proposed architecture is built on strong aspects of the obtainable solutions and prevents their vulnerabilities in order to propose a network security technique that can enhance networks capabilities to defeat malicious attacks. So, the proposed solution can be considered as a proactive prevention method for the cloud providers by protecting their edges which are their customer's networks and cloud from DDoS Attacks. A literature review has identified a number of methods designed to combat these attacks. Nonetheless, these approaches test all packets coming from the source and require further response time or only test the first packet without a screening procedure that is inadequate to protect the system.
Reducing the Response Time is a very significant aspect besides providing a strong security method in opposition to malicious attacks. Highlighting on the significance of such aspects as the organizations should give a balance between protection and convenience for its users in order to facilitate a protected user right to use to the set of connections to acquire their requested services. To answer the above crisis, the planned clarification is expected to authenticate the authenticity of users at the beginning of accessing the network and then conducts another verification in order to tighten the protection process without triggering the users attention.
Summary of Chapters
Chapter -I INTRODUCTION: Provides background on IoT, Cloud Computing, and current DDoS threats, establishing the motivation and objectives for the research.
Chapter -II REVIEW OF LITERATURE: Examines existing security architectures and DDoS mitigation techniques, identifying gaps and the need for a new integrated approach.
Chapter III A SECURITY ARCHITECTURE FOR MITIGATING DISTRIBUTED DENIAL OF SERVICE(DDOS) ATTACK INTEGRATING INTERNET OF THINGS AND CLOUD COMPUTING: Details the proposed design of the Smart Mitigating Service Firewall and its core components for DDoS mitigation.
Chapter IV SECURITY ALGORITHMS: Explains the mathematical and computational algorithms developed, including Dynamic Captcha, Jigsaw Puzzles, and Firefly-based optimization.
Chapter V EXPERIMENTAL STUDY AND RESULT ANALYSIS: Presents the evaluation of the proposed framework using OpNet simulations to demonstrate effectiveness in throughput and latency.
Chapter VI CONCLUSION AND FURTHER RESEARCH DIRECTIONS: Summarizes the thesis findings and suggests future directions for enhancing quality of service and security.
Keywords
Distributed Denial of Service, DDoS, Internet of Things, IoT, Cloud Computing, CloudIoT, Smart Mitigating Service Firewall, Network Security, Captcha, Jigsaw Puzzle, Binary Firefly Algorithm, Elliptic Curve Cryptography, ECC, Traffic Load Balancing, OpNet
Frequently Asked Questions
What is the core focus of this research?
The research is primarily concerned with creating a secured architecture to protect CloudIoT environments against Distributed Denial of Service (DDoS) attacks.
What are the central thematic areas?
The study covers IoT and Cloud integration, network security protocols, DDoS attack classification, mitigation strategies, and experimental performance analysis in cloud environments.
What is the primary objective of this thesis?
The goal is to design an end-to-end security mechanism (the Smart Mitigating Service Firewall) that distinguishes legitimate traffic from malicious requests while maintaining high availability and low latency.
Which scientific methodology is employed?
The author uses a hybrid approach combining defensive firewalls, multi-stage user verification (Dynamic Captcha and Jigsaw Puzzles), and bio-inspired optimization algorithms (Binary Firefly Algorithm).
What topics are discussed in the main part of the thesis?
The main chapters cover the proposed system architecture, the design of dynamic verification algorithms, traffic balancing techniques, and experimental setup using the OpNet simulation tool.
Which specific keywords define this work?
The work is defined by terms such as DDoS, CloudIoT, Firefly Algorithm, Captcha, Jigsaw Puzzle, Elliptic Curve Cryptography, and Intrusion Detection.
How does the proposed architecture handle DDoS attacks?
It utilizes a proactive filtering approach at the network edge to verify user legitimacy via two stages of authentication, combined with IDPS-driven traffic management.
What role do bio-inspired algorithms play in this work?
Binary Firefly Algorithms are used for traffic load balancing and intrusion detection by identifying "dominant" versus "submissive" system states during an attack scenario.
What is the significance of the "Jigsaw Image Puzzle" mentioned?
It acts as the second, more robust layer of verification after the initial Captcha test, specifically designed to be easily solved by humans but difficult for automated botnet software.
How is the security of user authentication maintained?
The architecture employs Elliptic Curve Cryptography (ECC) to generate self-signed ECDSA certificates, ensuring data integrity and confidentiality for transactions between the user and the cloud.
- Citar trabajo
- Dr. Helen Parimala (Autor), 2019, A Secured Architecture for Mitigating Distributed Denial of Service Attack Integrating Internet of Things and Cloud Computing, Múnich, GRIN Verlag, https://www.grin.com/document/1306455
