ABSTRACT
Cloud computing provides on demand computation and storage services delivered via applications, system software and hardware rendered as services. Due to its on demand nature, it has high variable workloads and requires real-time efficiency and availability. Most cloud computing systems use a centralised model to provision services, but reliance on a central entity to control scheduling decision and maintain all cloud hosts may constitute a computing bottleneck. A system failure will cause service outage, sometimes for a few hours as had happened before. In addition, the central entity needs to support heavy workloads in terms of service provisioning to all resource hosts. These issues can be addressed by distributing cloud resources using structured peer-to-peer (P2P) overlay networks as was recently proposed. However these proposals do not examine potential security issues of a P2P-based cloud, one of them being how peers verify the identities of one another over a decentralised setting. Therefore we propose an authentication framework for P2P cloud consisting of various approaches for authenticating entities and messages. The framework combines cryptographic primitives and security mechanisms proposed for existing structured P2P network.
- Amazon. Amazon EC2. http://aws.amazon.com/ec2/.Google Scholar
- M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H. Katz, A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia. A view of cloud computing. Commun. ACM, 53(4): 50--58, 2010. Google ScholarDigital Library
- A. M. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. C. Skalsky. Hypersentry: enabling stealthy in-context measurement of hypervisor integrity. In CCS '10, pages 38--49. ACM, 2010. Google ScholarDigital Library
- O. Babaoglu, M. Marzolla, and M. Tamburini. Design and implementation of a P2P Cloud system. In SAC '12, pages 412--417. ACM, 2012. Google ScholarDigital Library
- B. Balacheff, L. Chen, S. Pearson, D. Plaquin, and G. Proudler. Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall PTR, 2003.Google Scholar
- M. Castro, P. Druschel, A. Ganesh, A. Rowstron, and D. S. Wallach. Secure routing for structured peer-to-peer overlay networks. SIGOPS Oper. Syst. Rev., OSDI '02, 36(SI): 299--314, 2002. Google ScholarDigital Library
- Z. Chen, Y. Zhao, X. Miao, Y. Chen, and Q. Wang. Rapid Provisioning of Cloud Infrastructure Leveraging Peer-to-Peer Networks. In ICDCS Workshops '09, pages 324--329, 2009. Google ScholarDigital Library
- J. Crampton, H. W. Lim, K. G. Paterson, and G. Price. User-friendly and certificate-free grid security infrastructure. International Journal of Information Security, 10(3): 137--153, 2011. Google ScholarDigital Library
- A. Dent and C. Mitchell. User's Guide to Cryptography and Standards. Artech House, 2004. Google ScholarDigital Library
- T. Dierks and E. Rescorla. The TLS Protocol Version 1.1. RFC 4346, 2006.Google Scholar
- J. R. Douceur. The Sybil Attack. In IPTPS '01, pages 251--260, London, UK, 2002. Springer-Verlag. Google ScholarDigital Library
- Eucalyptus. Eucalyptus. http://www.eucalyptus.com/.Google Scholar
- Google. Google AppEngine. https://cloud.google.com/products/.Google Scholar
- K. Graffi, D. Stingl, C. Gross, H. Nguyen, A. Kovacevic, and R. Steinmetz. Towards a P2P Cloud: Reliable Resource Reservations in Unreliable P2P Systems. In ICPADS 2010, pages 27--34, 2010. Google ScholarDigital Library
- M. Gupta, P. Judge, and M. Ammar. A reputation system for peer-to-peer networks. In NOSSDAV '03, pages 144--152. ACM, 2003. Google ScholarDigital Library
- C.-J. Hsu, W.-C. Chung, K.-C. Lai, K.-C. Li, and Y.-C. Chung. A Novel Approach for Cooperative Overlay-Maintenance in Multi-overlay Environments. In CloudCom '10, pages 81--88, 2010. Google ScholarDigital Library
- Levine, B. Neil, C. Shields, and B. N. Margolin. A Survey of Solutions to the Sybil Attack. (2006-052), 10/2006 2006.Google Scholar
- Z. Li, X. Xu, L. Shi, J. Liu, and C. Liang. Authentication in Peer-to-Peer Network: Survey and Research Directions. In NSS '09, pages 115--122, 2009. Google ScholarDigital Library
- F. Liu, J. Tong, J. Mao, R. Bohn, J. Messina, L. Badger, and D. Leaf. Nist cloud computing reference architecture. NIST Special Publication 500-292, 2011. Google ScholarDigital Library
- E. K. Lua, J. Crowcroft, M. Pias, R. Sharma, and S. Lim. A survey and comparison of peer-to-peer overlay network schemes. Communications Surveys Tutorials, IEEE, 7(2): 72--93, quarter 2005. Google ScholarDigital Library
- P. Mell and T. Grance. The NIST definition of cloud computing. NIST Special Publication 800-145, 2011.Google ScholarDigital Library
- Microsoft. Microsoft Azure. http://www.windowsazure.com/en-us/.Google Scholar
- C. J. Mitchell, editor. Trusted Computing. IEE Press, 2005.Google Scholar
- C. Modi, D. R. Patel, B. Borisaniya, A. Patel, and M. Rajarajan. A novel framework for intrusion detection in cloud. In SIN '12, pages 67--74. ACM, 2012. Google ScholarDigital Library
- OpenNebula.org. OpenNebula. http://www.opennebula.org/.Google Scholar
- R. Ranjan and R. Buyya. Decentralized overlay for federation of enterprise clouds. Arxiv preprint arXiv:0811.2563, 2008.Google Scholar
- R. Ranjan, L. Zhao, X. Wu, A. Liu, A. Quiroz, and M. Parashar. Peer-to-Peer Cloud Provisioning: Service Discovery and Load-Balancing. In Cloud Computing, Computer Communications and Networks, pages 195--217. Springer London, 2010.Google Scholar
- S. Ratnasamy, P. Francis, M. Handley, R. Karp, and S. Shenker. A scalable content-addressable network. In SIGCOMM '01, pages 161--172. ACM, 2001. Google ScholarDigital Library
- A. Rowstron and P. Druschel. Pastry: Scalable, Distributed Object Location and Routing for Large-scale Peer-to-Peer Systems. In Proceedings of the IFIP/ACM International Conference on Distributed Systems Platforms, Middleware 2001, pages 329--350. Springer-Verlag London, 2001. Google ScholarDigital Library
- E. Sit and R. Morris. Security considerations for peer-to-peer distributed hash tables. In IPTPS'01, pages 261--269. Springer-Verlag, 2002. Google ScholarDigital Library
- I. Stoica, R. Morris, D. Karger, M. F. Kaashoek, and H. Balakrishnan. Chord: A scalable peer-to-peer lookup service for internet applications. In SIGCOMM '01, pages 149--160. ACM, 2001. Google ScholarDigital Library
- S. Subashini and V. Kavitha. A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1): 1--11, 2011. Google ScholarDigital Library
- L. Toka and P. Michiardi. Uncoordinated peer selection in p2p backup and storage applications. In IEEE INFOCOM Workshops 2009, pages 1--6. IEEE, 2009. Google ScholarDigital Library
- D. S. Wallach. A survey of peer-to-peer security issues. In ISSS'02, pages 42--57. Springer-Verlag, 2003. Google ScholarDigital Library
- Y. Wang and J. Vassileva. Trust and reputation model in peer-to-peer networks. In P2P 2003, pages 150--157, 2003. Google ScholarDigital Library
- T. Ylonen and C. Lonvick. RFC4252: The Secure Shell (SSH) Authentication Protocol.Google Scholar
- A. Yu, Y. Qin, and D. Wang. Obtaining the Integrity of Your Virtual Machine in the Cloud. In CloudCom '11, pages 213--222, 2011. Google ScholarDigital Library
Index Terms
An authentication framework for peer-to-peer cloud
Recommendations
Peer-to-peer service provisioning in cloud computing environments
This paper aims to advance the management and delivery of services in large, heterogeneous, uncertain, and evolving cloud computing environments. The goal is important because such systems are becoming increasingly popular, yet existing service ...
A framework for architecting peer-to-peer receiver-driven overlays
NOSSDAV '04: Proceedings of the 14th international workshop on Network and operating systems support for digital audio and videoThis paper presents a simple and scalable framework for architecting peer-to-peer overlays called Peer-to-peer Receiver-driven Overlay (or PRO). PRO is designed for non-interactive streaming applications and its primary design goal is to maximize ...
Comments