Node Verification to Join the Cloud Environment Using Third Party Verification Server

Currently, cloud computing is facing different types of threats whether from inside or outside its environment. This may cause cloud to be crashed or at least unable to provide services to the requests made by clients. In this paper, a new technique is proposed to make sure that the new node which asks to join the cloud is not composing a threat on the cloud environment. Our new technique checks the node before it will be guaranteed to join the cloud whether it runs malwares or software that could be used to launch an attack. In this way the cloud will allow only the clean node to join it, eliminating the risk of some types of threats that could be caused by infected nodes. Keywords—Cloud computing, Cloud security, Network security, Node scanning.


Introduction
Cloud computing is considered the phenomena of the century, as it provides different types of supports/services to the organizations as a software manifestation [1][2][3].A three types of services could be provided by the cloud providers; Software as a ser-iJIM -Vol.11, No. 4,2017 vice SaaS, platform as a service PaaS and infrastructure as a service IaaS [4][5][6].More about the cloud services is discussed in section 2.
Nowadays, cloud environment witnesses a different types of threats and attacks which targeting its infrastructure including the virtual machines and the supported softwares as well as the clients/users data [7][8][9][10][11].Therefore, different security measures had been implemented in the cloud environment such as firewalls, IDS and IPS as a try to secure it [12].However, the used security measures are still insufficient to secure the cloud environment as the number of attacks is increasing [13].In addition, it focuses on the cloud environment and the clients who are already connected to the cloud neglecting checking the clients for security threats before joining the cloud.
On the other hand, the availability of the cloud environment is considered one of the most important challenges the cloud providers face since the cloud concept had been introduced [14,15].Where, the cloud service providers should have a balance between the availability of the cloud services and the security measures they use.
As most of the used security measures in the cloud tries whether to detect or prevent attacks of the nodes that are connected to the cloud environment; The previously unknown security related information about the nodes that request to join the cloud environment may compose a threat on the cloud environment components [14].Therefore, a prior collection of security related information about the node will help the cloud to make decision of allowing the node to join the cloud or not.
If the cloud could have a prior security related information, it will be able to decide whether the node which requested to join the cloud composes a threat on the cloud environment components or not.The node could be whether infected by a malware or running software that may be used to launch some types of attacks.In addition, the attacker who wants to launch an attack needs to run some attack tools on his/her machine.Therefore, if we could detect these hacking tools and malwares remotely before launching the attack, then we can prevent this attacker from entering the target cloud and causes troubles.
Thus, many security concerns should be highlighted regarding adding new nodes to cloud.Therefore, adding new node to the cloud environment shouldn't be On-The-Fly step.Each node should be verified and checked before it got trusted to join the cloud environment [16].
As a result, if the cloud could be able to make a decision to allow or forbid the node from joining the cloud, then the risk of adding new node to the cloud that may compose a security threat will be decreased.

Cloud Computing Architecture
The NIST has defined the cloud as an on demand model that enables client/users to access a shared pool of customized computing resources minimizing the management efforts of the provided resources [17].
Based on the NIST definition, cloud model is composed of the following components: http://www.i-jim.orgPaper-Node Verification to Join the Cloud Environment Using Third Party Verification Server

Essential Characteristics
A five essential characteristics and features should be existed in the cloud model to serve its goals.This section introduces a detailed discussion of these characteristics.
! On-demand self-service: Clients can use the provided services of the cloud automatically whilst no need for supervision of the service provider.!Broad network access.The ability to use the cloud services over network using heterogeneous clients platforms.!Resource pooling.A pool of resources are provided for multi-clients, such as, processing, memory, or storage.Whilst, the clients has no knowledge of an exact location of the provided resources.!Rapid elasticity.The ability to accommodate the clients on-demand services rapidly, while the clients feel like the capabilities are unlimited and could be used any time, regardless of the quantity.
! Measured service.The ability to monitor and control the usage of the provided resources by the cloud (i.e.storage) for the purpose of transparency between the provider and the clients.

Service Models
Following is a discussion of the three service models that are provided by the cloud.
! Software as a Service (SaaS).Is to provide the clients with an applications to be used while it is running on the cloud servers instead of the clients' machines.Thus, the clients have no control over the underlying cloud infrastructure.Google Docs (http://docs.google.com) is an example of the SaaS.!Platform as a Service (PaaS).The ability of providing the clients with a set of supported programming language to be able to build their own applications.!Infrastructure as a Service (IaaS).To provide the user with the needed resources to deploy and run their own applications including operating systems.In IaaS, the clients has the ability to access the underlying infrastructure using the virtual machines.

Deployment Models
A four deployment models are introduced to deploy the cloud environment, following is a detailed discussion of them.
! Private cloud.The cloud is used by a specific users and limited to a particular organization.The cloud owned and managed either by the organization or a third party.!Community cloud.The community could be a number of different organizations who may share the cloud for a specific purpose.The cloud could be owned by the community, one organization or even owned by a third party.

Related Work
Many researchers have proposed an IDS techniques to detect intrusions inside the cloud environment.This section discusses some of these techniques.
A real time IDS is proposed by [18] by installing it on a virtual switch inside the cloud environment.The proposed IDS filters the ingoing and the outgoing packets from/to the cloud environment.It uses a predefined rule database for well-known intrusions.The proposed IDS is able to detect intrusions and notify the virtual server to take the correct action based on the attack type.[8] Have proposed an integrated IDS with cloud environment, by combining the advantages of distributed system and the characteristics of the cloud computing.The proposed technique relies on the snort DB for the purpose of misuse detection.They deployed a network based IDS to observe the network, transport and application layer internal as well as the external activities in the cloud environment.
[19] have proposed a mobile based IDS in the cloud environment by deploying the virtual neighborhood observation.The idea of the proposed technique is to detect the intrusions of the cloud applications and virtual machines that are outside the organization using mobile agents.Therefore, the mobile agents will collect the attack information from the monitored virtual machines for further analysis.Which as a result, introduces more load as the number of virtual machines increases.
A multi-threaded NIDS has been proposed by [20] for a distributed cloud environment.The proposed technique monitors and captures the ingoing and outgoing packets of the types (ICMP, TCP, IP, and UDP).The captured packets will be analyzed against a signature database which contains signatures of a well-known intrusion.The multithread architecture is used to improve the detection performance as the IDS should work as a real time application.Afterward, if an intrusion is detected; the third party monitoring and advisory service will generate a report and alert the cloud service provider.
[21] have introduces an IDS as a service (CIDSS) which is integrated with the cloud environment.The main goal of this serves is to keep the clients secure against attacks that may target the cloud environment.It composed of IDS agents that are integrated in the network segment in addition to a central detection engine which is fed by a group of agents.This as a result, makes it as a distributed structure adapting the scalability of the cloud environment.
An IDS for cloud environment has been proposed by [22].The proposed technique is composed of four components.The first is the local data collector which collect data from the distributed agents that are located on the network segments.The second is the local analyzer which analysis the collected data by the local data collector, for the purpose of intrusion detection and generating alerts.The remote data collector is the third component which collects the captured data by critical agents and the ones that run security measures.And the fourth component is the cloud computing data center which in turn is composed of Global Analyzer(GA),Network resources collectors(NC),Global Intrusion database(GIDB).This proposed technique suffers from the scalability problem as its performance gets reduced as the cloud environment getting grow.
Finally, the proposed security measures and IDS techniques that deal with the cloud environment are only able to detect the intrusions while they are inside the cloud environment.

Proposed Technique
The cloud server has to make sure that the nodes which join the cloud don't compose any threat on the cloud environment.Therefore, our proposed technique aims to check whether the node which asks to join the cloud is clean of attacking tools as well as malwares or not.
As shown in Fig. 1, once the user asks to join the cloud environment, the cloud server will redirect the user to a third-party-verification (TPV) server.Which in turn will scan the user's machine for any of the malicious softwares including attack tools.If the result shows that the node is clean; then user request will be accepted to join the cloud.Otherwise, the request will be refused because the user's machine is infected with malicious software.Fig. 2 illustrates the sequence diagram of the proposed technique.

Results and Discussion
In this section, two scenarios will be discussed.

Scenario #1 A clean node asks to join the cloud environment.
Once the node A asks to join the cloud environment, the cloud server redirected it to the (TPV) server to be scanned for any infection.After the (TPV) server scanned the node A for infection (malware).
The (TPV) server found the target node clean (malware free).Afterward, the result is sent to the cloud server to make the decision and since the result showed that the node A is clean; the cloud will accept the node request to join the cloud as shown in Fig. 3.

5.2
Scenario #2 An infected node asks to join the cloud environment.
As illustrated in Fig. 4, the node B asks to join the cloud environment, then the cloud server redirected it to the (TPV) server to be scanned for any infection.After the (TPV) server scanned the node B for infection (malware).
The (TPV) server found that the target node is infected with some types of malwares.Then, the scanning result is sent to the cloud server to make the decision.And since the scanning result showed that the target node is infected, then the node request to join the cloud will be refused.An analysis of the proposed technique will be discussed in this section.While the TPV server will scan the node when attempting to join the cloud, then: • Only the clean nodes (not infected by malware) will be allowed to join the cloud environment.
• The cloud virtual machines as well as other clients' machines will be safe and protected from malware infection and threats Definition 1 (Environment Security) The cloud environment is safe and secure from outsider as well as insider attacks and threats.
Theorem 1.The usage of TPV server makes the cloud environment secure against insider as well as outsider attacks and threats according Definition 1.
Proof.Here, we will prove that the cloud virtual machines as well as the existed nodes in cloud environment are secure against insider as well as outsider attacks and threats.As the TPV server scans the node which asks to join the cloud environment; only the clean nodes are allowed to join the environment.Consequently, the cloud environment will be safe and secure against insider as well as outsider attacks and threats.

Conclusion
The proposed technique makes it possible to distinguish between the nodes that run malicious softwares and attack tools from the clean ones.Which in turn reduces the risk of adding new nodes that may compose a threat to the cloud environment.Using the proposed technique, the decision making process of adding new node to the cloud environment became easier and proactively could eliminate the threats that may affect the cloud performance.

Fig. 3 .Fig. 4 .
Fig. 3. Clean node asks to join the cloud environment Paper-Node Verification to Join the Cloud Environment Using Third Party Verification Server !Public cloud.It is open for the general public clients and could be owned by any organization (i.e.academic).!Hybrid cloud.It is a combination of two or more of the aforementioned cloud infrastructures (private, public, or community).And they are bounded together using a suitable technology.