Abstract
With the convenience of Cloud computing (CC) comes changes and challenges to cybersecurity. Organisational networks have changed, and the traditional perimeter-style defence is ineffective in CC architecture. Tracking the location of data processes within CC poses challenges to organisations to preserve data privacy (Sun, IEEE Access 7:147420–147452, 2019). Zero trust (ZT) architecture offers a way to use familiar network, cyber, and software security tools in a purpose-fit way to protect data in the Cloud. Probability-based authentication (PBA) uses more identifiers about user entities such as device, location, and activity to help identify bad actors and restrict access (Wiefling S, Lo Iacono L, Dürmuth M, Is this really you? An empirical study on risk-based authentication applied in the wild. In: ICT systems security and privacy protection, Cham, pp 134–148, 2019). This chapter provides an overview of how to apply security and preserve data privacy in the Cloud.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
P.J. Sun, Privacy protection and data security in cloud computing: A survey, challenges, and solutions. IEEE Access 7, 147420–147452 (2019). https://doi.org/10.1109/ACCESS.2019.2946185
S. Wiefling, L. Lo Iacono, M. Dürmuth, in ICT Systems Security and Privacy Protection. Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild (Cham, 2019), Springer International Publishing, pp. 134–148. https://doi.org/10.1007/978-3-030-22312-0_10
E. Gilman, D. Barth, in Zero Trust Networks (O’Reilly, 2017). Available: https://learning.oreilly.com/library/view/zero-trust-networks/9781491962183/. Accessed 18 Dec 2021. [Online]
P. Suryateja, Threats and vulnerabilities of cloud computing: A review. Int. J. Comput. Sci. Eng. 6 (2018). https://doi.org/10.26438/ijcse/v6i3.298303
M. Sepczuk, Z. Kotulski, A new risk-based authentication management model oriented on user’s experience. Comput. Secur. 73, 17–33 (2018). https://doi.org/10.1016/j.cose.2017.10.002
S. Wiefling, M. Dürmuth, L.L. Iacono, What’s in score for website users: A data-driven long-term study on risk-based authentication characteristics. arXiv:2101.10681 [cs] 12675, 361–381 (2021). https://doi.org/10.1007/978-3-662-64331-0_19
C. Cunningham, D. Holmes, J. Pollard, in The Eight Business and Security Benefits of Zero Trust (2019), p. 18
M.A. Islam, H. Mahmud, S. Ren, X. Wang, in 2015 IEEE 21st International Symposium on High Performance Computer Architecture (HPCA). Paying to Save: Reducing Cost of Colocation Data Center Via Rewards (2015), pp. 235–245. https://doi.org/10.1109/HPCA.2015.7056036
H. Baron, S. Heide, S. Mahmud, J. Yeoh, in Cloud Security Complexity. Cloud Security Alliance (2019). Available: https://cloudsecurityalliance.org/artifacts/cloud-security-complexity/. Accessed 01 Dec 2021. [Online]
Amazon Web Services, Regions and Zones – Amazon Elastic Compute Cloud. Available: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html. Accessed 25 Nov 2021. [Online]
S. Yi, Z. Hao, Z. Qin, Q. Li, in 2015 Third IEEE Workshop on Hot Topics in Web Systems and Technologies. Fog Computing: Platform and Applications (2015), pp. 73–78. https://doi.org/10.1109/HotWeb.2015.22
L. Shooshtarian, D. Lan, A. Taherkordi, in Pervasive Systems, Algorithms and Networks. A Clustering-Based Approach to Efficient Resource Allocation in Fog Computing (Cham, 2019), Springer International Publishing, pp. 207–224. https://doi.org/10.1007/978-3-030-30143-9_17
Global Cyber Alliance, IoT Policy and Attack Report (2021). Available: https://www.globalcyberalliance.org/reports_publications/iot-policy-and-attack-report/. Accessed 19 Dec 2021. [Online]
R. Sobers, 98 Must-Know Data Breach Statistics for 2021 | Varonis (2020)
Australian Cyber Security Centre, ACSC Annual Cyber Threat Report 2020–21. Available: https://www.cyber.gov.au/acsc/view-all-content/reports-and-statistics/acsc-annual-cyber-threat-report-2020-21. Accessed 25 Nov 2021. [Online]
IBM Corporation, Cost of a Data Breach Report 2021 (2021). Available: https://www.ibm.com/au-en/security/data-breach. Accessed 16 Feb 2022. [Online]
P.A. Legg, in 2015 IEEE Symposium on Visualization for Cyber Security. Visualizing the Insider Threat: Challenges and Tools for Identifying Malicious User Activity (2015), pp. 1–7. https://doi.org/10.1109/VIZSEC.2015.7312772
P. Sun, Security and privacy protection in cloud computing: Discussions and challenges. J. Netw. Comput. Appl. 160, 102642 (2020). https://doi.org/10.1016/j.jnca.2020.102642
A. Aljumah, T.A. Ahanger, Cyber security threats, challenges and defence mechanisms in cloud computing. IET Commun. 14(7), 1185–1191 (2020). https://doi.org/10.1049/iet-com.2019.0040
A. Singh, K. Chatterjee, Cloud security issues and challenges: A survey. J. Netw. Comput. Appl. 79, 88–115 (2017). https://doi.org/10.1016/j.jnca.2016.11.027
I. Gul, M. Hussain, Distributed cloud intrusion detection model. Int. J. Adv. Sci. Technol. 34, 71–82 (2011)
A. Mantelero, The future of data protection: Gold standard vs. global standard. Comput. Law Secur. Rev. 40, 105500 (2021). https://doi.org/10.1016/j.clsr.2020.105500
C. Nast, in Wired UK. Why Amazon’s £636m GDPR Fine Really Matters. Available: https://www.wired.co.uk/article/amazon-gdpr-fine. Accessed 26 Nov 2021. [Online]
European Parliament, in Regulation (EU) 2016/679. Council of the European Union (2016). [Online]. Available: http://data.europa.eu/eli/reg/2016/679/oj
A. Bendovschi, Cyber-attacks – Trends, patterns and security countermeasures. Procedia Econ. Financ. 28, 24–31 (2015). https://doi.org/10.1016/S2212-5671(15)01077-1
A. Shalaginov, J.W. Johnsen, K. Franke, in 2017 IEEE International Conference on Big Data (Big Data). Cyber Crime Investigations in the Era of Big Data (2017), pp. 3672–3676. https://doi.org/10.1109/BigData.2017.8258362
D. Buil-Gil, F. Miró-Llinares, A. Moneva, S. Kemp, N. Díaz-Castaño, Cybercrime and shifts in opportunities during COVID-19: A preliminary analysis in the UK. Eur. Soc. 23(sup1), S47–S59 (2021). https://doi.org/10.1080/14616696.2020.1804973
S. Monteith, M. Bauer, M. Alda, J. Geddes, P.C. Whybrow, T. Glenn, Increasing cybercrime since the pandemic: Concerns for psychiatry. Curr. Psychiatry Rep. 23(4), 18 (2021). https://doi.org/10.1007/s11920-021-01228-w
S.G.A. van de Weijer, R. Leukfeldt, W. Bernasco, Determinants of reporting cybercrime: A comparison between identity theft, consumer fraud, and hacking. Eur. J. Criminol. 16(4), 486–508 (2019). https://doi.org/10.1177/1477370818773610
The White House, Executive Order 14028, Improving the Nation’s Cybersecurity (2021). https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/. Accessed 19 Dec 2021
The Australian Cyber Security Centre, Essential Eight Maturity Model | Cyber.gov.au (2021). Available: https://www.cyber.gov.au/acsc/view-all-content/publications/essential-eight-maturity-model. Accessed 29 Oct 2021. [Online]
BeyondCorp, Run Zero Trust Security Like Google. http://www.beyondcorp.com/. Accessed 15 Dec 2021
R. Ward, B. Beyer, BeyondCorp: A new approach to enterprise security. Google Res. 39(6), 6–11 (2014)
H. Okhravi, F.T. Sheldon, in Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research. Data Diodes in Support of Trustworthy Cyber Infrastructure (New York, 2010), pp. 1–4. https://doi.org/10.1145/1852666.1852692
B.-S. Jeon, J.-C. Na, in 2016 18th International Conference on Advanced Communication Technology (ICACT). A Study of Cyber Security Policy in Industrial Control System Using Data Diodes (2016), pp. 314–317. https://doi.org/10.1109/ICACT.2016.7423374
Y. Zhang, G. Zhang, Y. Liu, D. Hu, Research on services encapsulation and virtualization access model of machine for cloud manufacturing. J. Intell. Manuf. 28(5), 1109–1123 (2017). https://doi.org/10.1007/s10845-015-1064-2
Attorney-General’s Department, Policy 8: Sensitive and Classified Information. Australian Government 2021. Available: https://www.protectivesecurity.gov.au/system/files/2021-11/pspf-policy-8-sensitive-and-classified-information.pdf. Accessed 16 Feb 2022. [Online]
European Union Agency for Cybersecurity, Considerations on the Traffic Light Protocol. https://www.enisa.europa.eu/topics/csirts-in-europe/glossary/considerations-on-the-traffic-light-protocol. Accessed 15 Dec 2021
Cybersecurity & Infrastructure Security Agency, Traffic Light Protocol (TLP) Definitions and Usage. Available: https://www.cisa.gov/tlp. Accessed 15 Dec 2021. [Online]
S. Rao, D. Mahto, D. Yadav, D. Khan, The AES-256 cryptosystem resists quantum attacks. Int. J. Adv. Res. Comput. Sci. 8, 404–408 (2017)
Amazon Web Services, Protecting Data Using Client-Side Encryption (2022). Available: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingClientSideEncryption.html. Accessed 21 Dec 2021. [Online]
Google Cloud, Client-Side Encryption Keys. Available: https://cloud.google.com/storage/docs/encryption/client-side-keys. Accessed 21 Dec 2021. [Online]
Google Developers, I Want to Encrypt Data (2021). Available: https://developers.google.com/tink/encrypt-data. Accessed 21 Dec 2021. [Online]
P. Arpaia, F. Bonavolontà, A. Cioffi, in 2020 IEEE International Workshop on Metrology for Industry 4.0 IoT. Security Vulnerability in Internet of Things Sensor Networks Protected by Advanced Encryption Standard (2020), pp. 452–457. https://doi.org/10.1109/MetroInd4.0IoT48571.2020.9138236
M. Forhad, S. Riaz, M. Hossain, M. Das, An improvement of advanced encryption standard. 18, 159–166 (2018)
R. Saha, G. Geetha, G. Kumar, T. Kim, RK-AES: An improved version of AES using a new key generation process with random keys. Secur. Commun. Netw. 2018, e9802475 (2018). https://doi.org/10.1155/2018/9802475
I.A. Awan, M. Shiraz, M.U. Hashmi, Q. Shaheen, R. Akhtar, A. Ditta, Secure framework enhancing AES algorithm in cloud computing. Secur. Commun. Netw. 2020, e8863345 (2020). https://doi.org/10.1155/2020/8863345
Google Cloud, Encryption at Rest in Google Cloud (2020). Available: https://cloud.google.com/security/encryption/default-encryption. Accessed 14 Dec 2021. [Online]
A. Younis, K. Kifayat, M. Merabti, An access control model for cloud computing. J. Inf. Secur. Appl. 19(1), 45–60 (2014). https://doi.org/10.1016/j.jisa.2014.04.003
D.F. Ferraiolo, R. Sandhu, S. Gavrila, D.R. Kuhn, R. Chandramouli, Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001). https://doi.org/10.1145/501978.501980
V.C. Hu, D.R. Kuhn, D.F. Ferraiolo, J. Voas, Attribute-based access control. Computer 48(2), 85–88 (2015). https://doi.org/10.1109/MC.2015.33
R. Chandramouli, S.L. Garfinkel, J.S. Nightingale, S.W. Rose, Trustworthy Email (2016). Available: http://www.nist.gov/publications/trustworthy-email. Accessed 25 Nov 2021. [Online]
S.J. Nightingale, Email Authentication Mechanisms: DMARC, SPF and DKIM. National Institute of Standards and Technology, Gaithersburg, MD, NIST TN 1945 (2017). https://doi.org/10.6028/NIST.TN.1945
G. Kambourakis, G.D. Gil, I. Sanchez, What email servers can tell to Johnny: An empirical study of provider-to-provider email security. IEEE Access 8, 130066–130081 (2020). https://doi.org/10.1109/ACCESS.2020.3009122
S. Bax, T. McGill, V. Hobbs, Maladaptive behaviour in response to email phishing threats: The roles of rewards and response costs. Comput. Secur. 106, 102278 (2021). https://doi.org/10.1016/j.cose.2021.102278
Z. Durumeric et al., in Proceedings of the 2015 Internet Measurement Conference. Neither Snow nor Rain nor MITM…: An Empirical Analysis of Email Delivery Security (New York, 2015), pp. 27–39. https://doi.org/10.1145/2815675.2815695
I.D. Foster, J. Larson, M. Masich, A.C. Snoeren, S. Savage, K. Levchenko, in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. Security by Any Other Name: On the Effectiveness of Provider Based Email Security (New York, 2015), pp. 450–464. https://doi.org/10.1145/2810103.2813607
M. Haider, H. Mohammed, A survey of email service; attacks, security methods and protocols. Int. J. Comput. Appl. 162, 31–40 (2017). https://doi.org/10.5120/ijca2017913417
J. Chen, V. Paxson, J. Jiang, in Composition Kills: A Case Study of Email Sender Authentication, p. 18
M. Braverman-Blumenstyk, Learn how Microsoft strengthens IoT and OT security with Zero Trust. Microsoft Security Blog (2021). https://www.microsoft.com/security/blog/2021/11/08/learn-how-microsoft-strengthens-iot-and-ot-security-with-zero-trust/. Accessed 19 Dec 2021
Microsoft, Implementing a Zero Trust security model at Microsoft. Microsoft | Inside Track, 2022. https://www.microsoft.com/en-us/insidetrack/implementing-a-zero-trust-security-model-at-microsoft. Accessed 19 Dec 2021
S. Wachter, Normative challenges of identification in the Internet of Things: Privacy, profiling, discrimination, and the GDPR. Comput. Law Secur. Rev. 34(3), 436–449 (2018). https://doi.org/10.1016/j.clsr.2018.02.002
W. Wang, J. Han, M. Song, X. Wang, in 2011 6th International Conference on Pervasive Computing and Applications. The Design of a Trust and Role Based Access Control Model in Cloud Computing (2011), pp. 330–334. https://doi.org/10.1109/ICPCA.2011.6106526
A. Ometov, S. Bezzateev, N. Mäkitalo, S. Andreev, T. Mikkonen, Y. Koucheryavy, Multi-factor authentication: A survey. Cryptography. 2(1), Art. no. 1 (2018). https://doi.org/10.3390/cryptography2010001
R.A. Grimes, Hacking Multifactor Authentication (Wiley, Newark, 2020)
C. Jacomme, S. Kremer, An extensive formal analysis of multi-factor authentication protocols. ACM Trans. Privacy Secur. 24(2), 1–34 (2021). https://doi.org/10.1145/3440712
E. Grosse, M. Upadhyay, Authentication at scale. IEEE Secur. Privacy 11(1), 15–22 (2013). https://doi.org/10.1109/MSP.2012.162
M. Anathi, K. Vijayakumar, An intelligent approach for dynamic network traffic restriction using MAC address verification. Comput. Commun. 154, 559–564 (2020). https://doi.org/10.1016/j.comcom.2020.02.021
M.R. Shahid, G. Blanc, Z. Zhang, H. Debar, in 2018 IEEE International Conference on Big Data (Big Data). IoT Devices Recognition Through Network Traffic Analysis (2018), pp. 5187–5192. https://doi.org/10.1109/BigData.2018.8622243
M. Laštovička, P. Čeleda, in Security of Networks and Services in an All-Connected World. Situational Awareness: Detecting Critical Dependencies and Devices in a Network (Cham, 2017), pp. 173–178. https://doi.org/10.1007/978-3-319-60774-0_17
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Colomb, Y., White, P., Islam, R., Alsadoon, A. (2023). Applying Zero Trust Architecture and Probability-Based Authentication to Preserve Security and Privacy of Data in the Cloud. In: Daimi, K., Alsadoon, A., Peoples, C., El Madhoun, N. (eds) Emerging Trends in Cybersecurity Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-09640-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-031-09640-2_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-09639-6
Online ISBN: 978-3-031-09640-2
eBook Packages: Computer ScienceComputer Science (R0)