A Multilayer Security Framework for Cloud Computing in Internet of Things (IoT) Domain

,


Introduction
Cloud computing is considered as a blessing of modern technology which has secure cloud computing systems that identifies the security requirements, attacks, threats and concerns associated to the deployment of the clouds [6].They also proposed that cloud security is not just a technical problem, but also involves standardization, supervising mode, laws and regulations, and many other aspects.Cloud computing is associated with development opportunities and challenges, along with the security problem must be solved step by step.Ukil et al. have analyzed security problems in cloud computing [7].They proposed a framework satisfying cloud security ensuring the confidentiality, integrity and authentication of data.They provide security architecture and necessary security techniques for cloud computing infrastructure.
Hu et al. present a Law-as-a-Service (LaaS) model for automatic enforcing of legal policies to handle queries for cloud service providers (CSPs) and their customers [8].The law-aware super-peer acts as a guardian providing data integration and protection.Sun et al. present a dynamic multidimensional trust model in the basis of time-variant comprehensive evaluation multi-dimensional method [9].In [2] the authors proposed a generic security management framework allowing providers of cloud data management systems to define and enforce complex security policies.They designed the framework to detect and stop a large number of attacks defined through an expressive policy description language and to be easily interfaced with various data management systems.They showed that they can efficiently protect a data storage system by evaluating their security framework on top of the BlobSeer data management platform.The benefits of preventing a DoSattack targeted towards BlobSeer were evaluated through experiments performed on the Grid5000 test bed.The work in [3] investigated the problem of assuring the customer of the integrity (i.e.correctness) of his data in the cloud.The cloud should provide a way for the user to check if the integrity of his data is maintained or is compromised since the data is physically not accessible to the user.The authors provided a scheme which gives proof of data integrity in the cloud which the customer can employ to check the correctness of his data in the cloud.In [4] the author discussed some security and privacy issues in Cloud computing and suggested four methods for cloud security and privacy including Access control method, policy integration, identity management method and user control method.
In [10] the authors discussed the security issues in a Cloud computing environment.They focused on technical security issues arising from the usage of cloud services.They discussed security threats presented in the cloud such as VM-Level attacks, isolation failure, management interface compromise and compliance risks and their mitigation.In [11] the authors analyzed vulnerabilities and security risks specific to cloud computing systems.In [12] the author discussed some vital issues to ensure a secure cloud environment.This included a basic view of security policies (e.g., inside threats, access control and system portability), software security (e.g., virtualization technology, host operating system, guest operating system and data encryption) and hardware security (e.g., backup, server location and firewall).The author concluded that an important issue for the future of cloud security is the use of open standards to avoid problems such as vendor lock-in and incompatibility.
La'Quata Sumter et al. [8] illustrate the rise in the scope of cloud computing has brought fear about Internet security and the threat of security in cloud computing is continuously increasing.In [9] Meiko Jensen has shown that in order to improve the security of cloud computing, the security capabilities of both web browsers and web service frameworks, should be strengthened.This can best be done by integrating the latter into the former.They focus on special type of Denial of Service attacks on network based service that relies on message flooding techniques, overloading the victims with invalid requests.They describe some well-known and some rather new attacks and discuss commonalities and approaches for countermeasures.Armbust M Fox et al. [12] discuss that resources should be virtualized to hide the implementation of how they are multiplexed and shared.Shaping the security of critical systems is very important.
Addressing the security issues faced by end-users is extremely mandatory, Researchers and professionals must work on the security issues associated with cloud computing.Strong security policies must be designed to ensure data is safe and prevented from unauthorized access, in both corporate data centers and in the cloud servers.M. Okuhara et al. [13] explain how customers, despite their deep-seated concerns and uneasiness about cloud computing, can enjoy the benefits of the cloud without worry if cloud services providers use appropriate architectures for implementing security measures.They also describe the security problems that surround cloud computing and outline Fujitsu's security architecture for solving them.In [14] author discusses the fundamental trusted computing technologies on which latest approaches to cloud security are based.In [15] argues that, with continued research advances in trusted computing and computation supporting encryption, life in the cloud can be advantageous from a business-intelligence standpoint, over the isolated alternative that is more common nowadays.
Many researchers have proposed various security frameworks carried out relating to the security issues in cloud computing in numerous ways.However, they do not propose a quantitative approach to analyze and evaluate privacy and security in cloud computing systems.This research primarily aims to analyze and evaluate the most known cloud security problems in cloud computing systems and we focus on a few threats and attacks and try to mitigate these security problems by developing algorithms.

Overview of Cloud Computing
As with any new technology, the definition of cloud computing is changing with the evolution of technology and its services.No standard definition for cloud Journal of Computer and Communications computing has yet been agreed upon, especially since it encompasses so many different models and potential markets, depending on venders and services.In the simplest of terms, cloud computing is basically internet-based computing.
The term "Cloud" is used as a metaphor for the Internet, and came from the well-known cloud drawing that was used in network diagrams to depict the Internet's underlying network infrastructure.The computation in the internet is done by groups of shared servers that provide on-demand hardware resources, data and software to devices connected to the net.The National Institute of Standards and Technology NIST, gives a more formal definition: "Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction".NIST also notes that this definition will probably change over time.Cloud computing architecture has three main deployment models which are Private, Public and Hybrid Cloud.The services provided by Cloud computing can be categorized into three service models, Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).These three models often abbreviated as the SPI Service framework (i.e.SPI is short for Software, Platform and Infrastructure) are the basis of all services provided by Cloud computing.

Infrastructure-as-a-Service
IaaS service model is the lowest level of service provided to the client.In this service model, the Cloud computing client is provided with controlled access to the virtual infrastructure.Using this access, the client can install operating system and application software.From the client's point of view, this model is similar to renting the hardware from a service provider and letting the service provider manage the hardware.This model requires the client to have highly experienced network engineer(s).Handling everything from the operating system and up is a big responsibility that most clients decline to handle, especially because of the security burdens.Thus, this model is not of high preference in the Cloud computing client's society.

Platform-as-a-Service
In PaaS, the operating system and all platform-related tools (like compilers) are already installed for the client.These pre-installed components are also managed by the cloud service provider.Clients have the freedom of installing additional tools based on their needs.However, the control over the infrastructure is retained by the service provider.The client controls applications development, configuration, and deployment.The major difference between this model and traditional web hosting is rapid provisioning.Traditional web hosting is managed manually and requires human intervention when the demand increases or decreases.On the other hand, provisioning in Cloud computing is automatic and rapid.Thus, it does not require any human interventions.

Software-as-a-Service
SaaS model focuses on the application level and abstracts the user away from infrastructure and platform details.Usually, applications are provisioned via thin client interfaces such as web browsers or even mobile phone apps.Microsoft's Outlook.com is a clear example of this.An organization can adopt Outlook.comelectronic mail service and never bother with hardware maintenance, service uptime, security, or even operating system management.The client is given control over certain parameters in the software configuration, for example, creating and deleting mailboxes.These parameters can be controlled through the interface of the application.Cloud computing's key security requirements coupled with Cloud computing deployment models and Cloud computing service delivery models and can be seen in context as a guideline to assess the security level.In Table 1 compulsory requirements are represented by the "√" symbol and optional requirements are represented by the "×" symbol.

Proposed Security Model and Framework
In this subsection, we describe security model for Cloud computing against threats mentioned in previous section, which focuses on scalability and security.
The model is shown in Figure 1 and it consists following security units.Table 2 shows the list of threat which was addressed in this framwrok.
User can be certificated by the 3rd party certificate authority, then can be issued token for service by End User Service Portal.After joining service portal, user can purchase and use cloud services which are provided by single service provider.End User Service Portal which is composed access control, security policy, Key management, service configuration, auditing management, and virtual environments provides secure access control using Virtual Private Network (VPN) and cloud service managing and configuration.Table 1.Key security requirements coupled with cloud computing deployment models and cloud computing service delivery models.

Cloud Deployment Models
Private/Community Cloud Public Cloud Hybrid Cloud

Evaluation of the Proposed Framework
For implementing the proposed security framework we have developed an Own-Cloud platform using a 64-bit quad-core processor based embedded system (Raspberry pi) where an external hard drive is used as the cloud storage.
Raspberry pi based personal cloud server allows real time data transfer without any data rate limitation as user is the only one who can use it.The server is built based on a local sensor network, meaning that the Raspberry Pi and sensor node are on the same network.However, user can access his cloud server from anywhere outside the server network by a process called port forwarding.The size of the database depends largely on the size of the hard drive mounted on the Raspberry Pi.For this prototype we have used a 32 GB SD-card for cloud storage.
However, for larger database, we can use portable hard disc of any size.Raspberry pi based Own-Cloud platform is quite literally as any analytics, machine How to cite this paper: Mamun-Ibn-Abdullah, M. and Kabir, M.H. (2021) A Multilayer Security Framework for Cloud Computing in Internet of Things (IoT) Journal of Computer and Communications surveys related to the security issues.They propose some security strategies to develop and deploy a qualitative security management framework on cloud computing systems.Kashif et al. proposed a security model and framework for

Figure 2 .
Figure 2. Proposed attack and mitigation method.

Table 2 .
List of threats which meet the proposed framework.

Table 3 .
Proposed mitigating algorithm for the multilayer framework.
learning algorithms or signal processing techniques can be implemented using the vast variety of Python libraries built for those purposes.We have developed two algorithms which have been deployed in the own-cloud for mitigating the