Cloud and internet-of-things secure integration along with security concerns

ABSTRACT


INTRODUCTION
Cloud computing is a contemporary technology which gives convenient to on-demand network access for sharing and pooling of resources on the network like storage servers and different application services for both application and hardware.The application serves as facilities on the internet with the hardware and system software work in the data centers for storage and other applications.People are adopting new technology to achieve their required goals [1].Cloud computing allows people to get a huge amount of data at high speed and large memory storage.Cloud data center consists of physical and virtual infrastructure resources which include servers, virtual machines (VMs), network infrastructure, and different resources [2].Data centers (DC) are normally used to control various activities such as VM creation and destruction, routing of the user request, network management, resource utilization, and load balancing technique.Cloud computing architecture comprises of two main parts which are front end and back end where different components in term of storage, runtime, service and security work in back-end application and service work in front end [3], [4].Cloud computing architecture consists of four layers.All layers are important due to their different operation and connectivity with each other.Different layers play important role for cloud computing.There are four types of cloud computing which are used in different field of life with specific rule and respective.Cloud computing is a general term for anything that involves in delivering hosted services over the internet.Cloud providers are Int J Inf & Commun Technol ISSN: 2252-8776  Cloud and internet-of-things secure integration along with security concerns (Arif Ullah) 63 competing with each other and they constantly expand their services in order to differentiate themselves [5], [6]. Figure 1 present the structure of cloud computing.Cloud computing is named as such because the information being accessed is found remotely in the cloud or a virtual space.Cloud computing has succeeded in bringing change in different field of life.Main characteristic of cloud computing are availability, scalability, cloud security, cloud automation and virtualization [7].Approval rating of cloud computing as an emerging technology has been enhanced significantly and these days, there are many cloud storage and computing providers who offer their services regarding IaaS, PaaS, and SaaS.Despite these considerable benefits there are serious concerns and challenges about this new technology [8].Which are mention in Table 1 and Figure 2. Table 1 present all those challenges which are facing by cloud computing but one of the main issues is security in cloud computing.In this paper we cover all those security issue and their improvment technique for cloud computing.

INTERNET OF THINGS
Internet of thing (IoT) consists of self-configuration node they are connected with dynamic and with global network infrastructure.It comprises of small thing with limited storage and processing system.IoT refers a broad vision.Thing such ways that every day object is place environment are interconnected with each other with the help of internet [10].As we know that IoT is important source of big data.Smart city is the main scores of data like industry, agriculture, traffic, transport, medical, public department and social, media.According to the process of data achievement and transmission in IoT the network architecture are divided in to three and five layers which are sensing layer, network layer and application layer [11].Main element required for building IoT some of the main elements used for building IoT are, unique identification for each smart device, sensing devices, communication, data storage, analytics and visualization.Sensing devices each device contains sensing elements which used for different parameter like, sound level, motions, amount air, humidity and many more purpose [12].In sensor network large number of nodes are installed for the requirement of interest.These smart sensor nodes are developed with the help of micro electro mechanical system and used for required purpose.Unique identification for each smart device IoT consists of unique identification number or label which are used to connection or used for uniqueness Ipv4 and ipv6 and other protocols are used for communication in IoT.Communication sense device sent data in to data base after collection of them through different communication mechanism, like near field communication (NFC), Wi-Fi, ultra-wide band (UWB), Z-wave, 3G, 4G, LTE-A data storage and analytics.IoT store large number of data for different environment and these data need to analysis then after they forward to data base.For analysis  Cloud computing and IoT are two different technologies with different architecture and characteristics both are important part in our life.Cloud computing is new technology that has significantly changed over the last decade.The deliveries of virtualized IT resource over the internet are performed with the help of it.These services are delivered with the rule of pay and gain on demand with real time service [16].IoT become the next generation of technology it allows billions of internet device are connected and communicate with each other with specific rule and regulation it improves the quality of our daily life.Due to the modern world requirement these two technologies are merging together and know as cloud IoT paradigm.Cloud computing get more attraction and effectiveness due to the Integration with IoT in real world with distributed manner [17].Table 2 shows the difference of both technologies.Table 2 shows the main difference of both technologies according to these differences they are managing to work together with specific rules and communication devices.

INTEGRATION RULE OF CLOUD COMPUTING AND INTERNET OF THING
After the study of literature, the integration of cloud computing with IoT consists of three steps which are minimal integration, partial integration and full integration.In minimal integration strategy this layer provided different layer that produce connection with cloud computing and IoT.It allows basic service like web, sensing storage and share these can be achieved with the help of these layers [19].Partial integration in this integration not only middleware layer or platform layer are developed it provide smart object service provider.Its main role is to provide connection smart device connected with cloud computing and control them by multi-tenant approach.This layer provides virtualization for smart device [20].Figure 3 present the integration of cloud computing and IoT [21].
The final stage of level integration is known as full integration strategy.This process merge new service models that contain or conversional all cloud computing layer.Simple we can say all layer are working collectively in this section [22].Different heterogeneous network and framework and system with different patterns of communication like system to system, human to system and system to human.Cloud IoT is new birth of technology which service with different application that can impact in different field of life [23].

SECURITY ISSUES IN IOT AND CC
There is no doubt that the convenience and low cost of cloud computing services have changed our daily lives; however, the security issues associated with cloud computing make us vulnerable to cybercrimes that happen every day.The occurrence of the IoT has also dramatically altered the appearance of cyber threat.Security threats and vulnerabilities of IoT, industrial challenges, main reasons of cyber-attacks, cyber security requirement and some cyber security measures [24].Some of the main security threats of both technologies are mention below.Table 3 present the security issue in cloud computing.Malware attacker on VM: VM is one the main element of cloud computing as we know that virtualization is important section of cloud computing.When user sent data or request data from VM there will be unwanted VM based various or toolkit are used these kind of virus clock the information they sent user to VM or servers.Malwares or virus store the information such as registry, system log and security programs details.The attacker then used this information to their required goals [26].Break of isolation: VM work as single or group or monitor each other it may affect by the attacker.Remote management vulnerabilities: commercial hypervisors normally have the control of management consoles and administrators to manage VM Xen for new faculties they may be affect by the attacker with the help of structured query language (SQL) injection [27].Denial of service (DoS) vulnerabilities: in virtualization environment resource such as CPU, memory, networks are shared these resources are shared with user.It possible during executation it chance that DoS attack during the system when user request for resource then it shows that no resourced available [28].Revert to snapshots problem: snapshot is a mechanism is process in which a administrator make snapshot for machine in certain point and to revert to the some security and if need some information the snapshot used some time its disabled due to attacker and make issue for the system [29].Destruction: when the data is no more required then it needs destruction the question arises that the data destroy or not because the physical characteristic of storage medium the data may be restored [30].Archival: archival of data deals with the storage of data in cloud storage medium where that is store offline or online and can be access able within cloud or connected network.Some time data storage occurs where it may be offline or not connected with the network for some time or period of time then the data primary and security issue or threat will be there [31].Transfer: confidentiality and integrity of data are one of the main elements and both must apply any form of data transfer process.This process not applies between the enterprise or cloud storage but also apply between different storage [32].Storage: in cloud computing data storage divided into two main environment IaaS environment and SaaS environment and different storage setup are used.For data security, reliability, accuracy, backup, and data management system need more reliable system [33].

INTERNET-OF-THINGS SECURITY ISSUES
The domains of security attacks on different hybrid device are increasing day by day.The following Figure 4 show summaries of attackers.Now a day's IoT has the most adoption in term of new device connection through with the help of internet.Every day these smart devices become under target of attacker they try different method to get their required goals.As we know that different layer is there in IoT and attacker target these layer [34].

67
Physical attacker: in IoT physical attacker means all those attack which are tamper on hardware components and try miss use or de-packaging of chip, layout or damaged physical device.Or may miss user the physical components [36].Threats for application layer: the personalized services based on the needs of the users are included in the application layer; e.g. the interface that user can control devices in IoT.Threats in this layer mainly target these services as mentioned areas [37].Sniffer/Loggers are those programs or hacker code which user used or attacker can used to hack the system password.The attacker used this kind of code used for network traffic.The main goals of this sniffer is to steal file, like (FTP, E-mail file, email text and many otheri [38].Injection: when attacker tries to attack on application servers with help of some code that is know as injection.This kind of attack are simple and simple code are used they affect the data, loss data or corruption and lack of accountability [39].Social engineering this of attacks are performed with the help of social media like chat, email searching and may more.This kind of attacker can affect data and system like hardware and software [38].Distributed (DDoS) it work same as the denial of service attack but in this same more attacker attack the same target and multiple point and search for same goal [40].Sessions hijacking this kind of attack are performed in authentication session of management.They use personal identities or try to hacker the system by getting the person information.These kinds of attack are simple and common and attackers can try at any place and any time without problems [41].Threat of support layer: target of threats in support layer is mainly data storage technologies.These threats are discussed are as: tampering with data this kind of attack is performed by third party the change or temped data for their personal benefit or organization benefit.Data modification took place by any attacker group or their benefit that is known as tampering with data [42].DoS attack as pervious expiation this kind of attacker are also performed in this layer also.Unauthorized access different attacker are try to get data from IoT by try unauthorized access.Threats of perception layer: sensor and intelligence embedded technologies including RFID readers, sensors or GPS are under threat because of various security flaws.Main threats are discussed area as: spoofing this kind of attack are performed with the help of broadcast message and these message are sent to sensor network and it make surety like as it is actual message and the attacker get access the senor network and making vulnerable to the network [43].Radios jamming this kind of attack are performed with communication system like communication channel, communication method the attacker work as DoS attacker do and this kind of attract affect the communication channel [44].Device tamping in this kind of attack the user capture the sensor node or replace the node with other physical device and get total control on the sensor network.Path based DoS attack (PDoS) in this type of attack the overpower and path or communication channel.This type of attack are performed end to end communication [45].Centre node destroy in some situation the entire sensor network depends on one single node if the centre node destroy the full sensor network fall and the attacker try to damage the centre node and make the network fall [46].Eavesdropping some time the attacker try to sniffs the RFID tags and read the basic information and change password or confidential information and the attacker try to get important information [47].Threats of network layer: network layer which is known as the next-generation network are exposed to many kinds of threats.Related threats that come from this layer are listed are as: selective forwarding in this kind attack some node does not forward message and sent some selectivity drop the attracter hake them and they not reply as normal massage and these are called selective forwarding.There are different types of selective forwarding attackers and use DoS for forward message traffic system [48].Sybil attack it is clarified as malicious and taking multiple identities for attack one or more place at one or the attacker used multiple identities to the node or different nodes and reduce the device capacity or make fault tolerant scheme [49].Wormhole this form of attack make changes in data bit form and change the position of bit of data and it make low latency in the network or device.Man-in-middle attack these kinds of attacker make eavesdropping and the unauthorized parties check and control all the private message or communication.The unauthorized party can even fake the identity of the victim and communicate normally to gain more information [50].Hello-flood attack in this kind of attack the single malicious device sent single message and it replicate the message and make multiple messages in this form it attacks on traffic Physical attackers: these types of attacks tamper with the hardware components and are relatively harder to perform because it requires expensive material.Some examples are de-packaging of chip, layout reconstruction, micro-probing, and particle beam techniques [51].

IMPROVMENT IN SECURITY ISSUES FOR CC AND IOT
In this section we present those algorithm and technique for improvement of these section improve the cloud computing and IoT are mention.Table 4 present those algorithms which are used for different purpose in security section for improvment of these techniques improve different section of cloud computing and IoT.    5 and for security of these attacks different research improved different section taking different algorithm.Table 6 present cloud computing layer and their descriptions.Table 6 present the different cloud layer description and the standard rule safe and protect from different attackers.We improve different section using and improving these standard technique or algorithms.Table 7 present the different attacks which are performed on IoT devices for improvement in these IoT devices different research improving algorithm and framework of the devices.Cloud and internet-of-things secure integration along with security concerns (Arif Ullah) 69 tablets, smart phones, wearable devices, sensors and embedded computers, and the main issues is the security of these devices.This paper provided review of different security aspects of cloud computing and IoTs at different layers and section in the network.In this review paper we have discuss the security aspect of cloud and IoT as well as we make the problem formulation of security and future research direction.

Figure 1 .
Figure 1.Structure of cloud computing

Figure 3 .
Figure 3. Integration of cloud computing and IoT

Figure 4 .
Figure 4. Different attack on IoT devices[35] Cloud computing provide different type of network where they location different location and produce all information to the end user.The cloud computing provides different services to their clients called front end and the cloud itself refer as back end that provides such services to the clients.One of the main challenges related to cloud computing called data security of multiple clients.One of the critical challenges facing interacting with IoT devices is addressing billions of devices (things) around the world, including: computers, Int J Inf & Commun Technol ISSN: 2252-8776 

Table 2 .
Difference of two technologies

Table 5
present the different layer of CC and IoT.For protection of these different techniques are used.

Table 5 .
Layer attacks in CC & IoT

Table 5
present different layers in CC and IoT where different attacker attached using different technique which is mention in Table

Table 6 .
Cloud computing layer description

Table 7 .
Security issues in IoT