Multi-defense Framework for Mitigating Man in the Cloud Attack (MitC)

Prabakeran Saravanan*, K. Swarnapriya **, Remina Agnes Priscilla ***
*-***Department of Computer Science & Engineering, K. C. G College of Technology, Chennai, Tamilnadu, India.
Periodicity:June - August'2019
DOI : https://doi.org/10.26634/jcom.7.2.15674

Abstract

Cloud computing is the technology of forming a network of remote servers hosted on the Internet to manage process and store data. This technology has its own drawback from the security point of view. This research work aims to address the most recent attack called the man in the cloud attack and the possible solution to overcome it. The attack is tried to be defended at multilevel, so that we can protect our system to the at most level. The first level is to notify the user by detecting the phishing sites, through which the malware is sent into the user's system. At the second level, the user's token id is encrypted, so that the switching of credentials can be avoided.

Keywords

Man in the Cloud (MITC) Attack, Cloud Computing, Switcher, Tokens, Random Forest Algorithm, RSA, IDEA.

How to Cite this Article?

Saravanan, P., Swarnapriya, K., Priscilla, R. A.(2019). Multi-defense Framework for Mitigating Man in the Cloud Attack (MitC), i-manager's Journal on Computer Science, 7(2), 8-18. https://doi.org/10.26634/jcom.7.2.15674

References

[1]. Chennam, K. K., Muddana, L., & Aluvalu, R. K. (2017, May). Performance analysis of various encryption algorithms for usage in multistage encryption for securing data in cloud. In 2017 2nd IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT) (pp. 2030-2033). IEEE.
[2]. Dataaspirant. (2017). The Random Forest Algorithm works in machine learning. Retrieved from http://dataaspirant.com/2017/05/22/random-forestalgorithm- machine-learing/
[3]. Github. (n.d). frankosterfeld/qtkeychain: Platform-independent QtAPI for storing passwords securely. Retrieved from https://github.com/frankoster feld/ qtkeychain
[4]. Guleria, S., & Vatta, D. S. (2013). To enhance multimedia security in cloud computing environment using crossbreed algorithm. International Journal of Application or Innovation in Engineering and Management (IJAIEM), 2(6), 562-568.
[5]. Imperva, (n.d). Man in the Cloud (MITC) Attack. Retrieved from https://www.imperva.com/docs/HII_Man_ In_The_Cloud_Attacks.pdf
[6]. Islam, M., & Chowdhury, N. K. (2016). Phishing websites detection using machine learning based classification techniques. In 1st International Conference on Advanced Information and Communication Technology.
[7]. James, J., Sandhya, L., & Thomas, C. (2013, December). Detection of phishing URLs using machine learning techniques. In 2013 International Conference on Control Communication and Computing (ICCC) (pp. 304-309). IEEE.
[8]. Kao, C. H., Dai, J. H., Ko, R., Kuang, Y. T., Lai, C. P., & Mao, C. H. (2016, December). MITC Viz: Visual Analytics for Man-in-the-Cloud Threats Awareness. In 2016 International Computer Symposium (ICS) (pp. 306-311). IEEE.
[9]. Khan, N., & Al-Yasiri, A. (2016). Identifying cloud security threats to strengthen cloud computing adoption framework. Procedia Computer Science, 94, 485-490.
[10]. Liang, X., Shetty, S., Zhang, L., Kamhoua, C., & Kwiat, K. (2017, June). Man In The Cloud (MITC) defender: Sgxbased user credential protection for synchronization applications in cloud computing platform. In 2017 IEEE 10th International Conference on Cloud Computing (CLOUD) (pp. 302-309). IEEE.
[11]. OneConnect. (2017). Prevention of Man in the Cloud (MITC) Attack. Retrieved from https://www.one connectinc.com/how-to-prevent-man-in-the-cloudattacks/
[12]. OwnCloud (2019). The last cloud collaboration platform you'll ever need. Retrieved from https://own cloud.org/
[13]. Ramachandran, M. (2016). Software security requirements management as an emerging cloud computing service. International Journal of Information Management, 36(4), 580-590.
[14]. Saravanan, P., Sethukarasi, T., & Indumathi, V. (2018a). An efficient software defined network based cooperative scheme for mitigation of Distributed Denial of Service (DDoS) Attacks. Journal of Computational and Theoretical Nanoscience, 15(6-7), 2221-2226.
[15]. Saravanan, P., Sethukarasi, T., & Indumathi, V. (2018b). authentic novel trust propagation model with deceptive recommendation penalty scheme for distributed Denial of Service attacks. Journal of Computational and Theoretical Nanoscience, 15(6-7), 2383-2389.
[16]. Saravanan, P., Sethukarasi, T., & Indumathi, V. (2018c). Two level trust propagation model with global weighted index for detecting and mitigating denial of service. TAGA Journal of Graphic Technology, 14, 2491- 2504.
[17]. Saravanan, P., & Sethukarasi, T. (2019). Optimal hop selection based novel trust based DDoS attack removal framework for reliable and secured transmission of data in VANETs. Wireless Personal Communications, 1-29.
[18]. Seahorse. (2005). A gnome encryption interface. Retrieved from https://wiki.gnome.org/Apps/Seahorse
[19]. Shahzad, F. (2014). State-of-the-art survey on cloud computing security challenges, approaches and solutions. Procedia Computer Science, 37, 357-362.
[20]. Singh, A. P., & Pasupuleti, S. K. (2016). Optimized public auditing and data dynamics for data storage security in cloud computing. Procedia Computer Science, 93, 751-759.
[21]. Suguna, M., Anusia, R., Shalinie, S. M., & Deepti, S. (2017, March). Secure identity management in mobile cloud computing. In 2017 International Conference on Nextgen Electronic Technologies: Silicon to Software (ICNETS2) (pp. 42-45). IEEE.
[22]. UCI. (2007). Machine Learning Repository. Retrieved from http://archive.ics.uci.edu/ml/index.php
[23]. Wang, Q., Wang, C., Ren, K., Lou, W., & Li, J. (2011). Enabling public auditability and data dynamics for storage security in cloud computing. IEEE Transactions on Parallel and Distributed Systems, 22(5), 847-859.
[24]. Zimba, A., Hongsong, C., & Zhaoshun, W. (2016, October). Attack tree analysis of Man in the Cloud attacks on client device synchronization in cloud computing. In 2016 2nd IEEE International Conference on Computer and Communications (ICCC) (pp. 2702-2706). IEEE.
If you have access to this article please login to view the article or kindly login to purchase the article

Purchase Instant Access

Single Article

North Americas,UK,
Middle East,Europe
India Rest of world
USD EUR INR USD-ROW
Online 15 15

Options for accessing this content:
  • If you would like institutional access to this content, please recommend the title to your librarian.
    Library Recommendation Form
  • If you already have i-manager's user account: Login above and proceed to purchase the article.
  • New Users: Please register, then proceed to purchase the article.