Remember Me
Or use your Academic/Social account:


Or use your Academic/Social account:


You have just completed your registration at OpenAire.

Before you can login to the site, you will need to activate your account. An e-mail will be sent to you with the proper instructions.


Please note that this site is currently undergoing Beta testing.
Any new content you create is not guaranteed to be present to the final version of the site upon release.

Thank you for your patience,
OpenAire Dev Team.

Close This Message


Verify Password:
Verify E-mail:
*All Fields Are Required.
Please Verify You Are Human:
fbtwitterlinkedinvimeoflicker grey 14rssslideshare1
Sajjad, Ali
Languages: English
Types: Doctoral thesis
Subjects: QA75
A lot of contemporary cloud computing platforms offer Infrastructure-as-a-Service provisioning model, which offers to deliver basic virtualized computing resources like storage, hardware, and networking as on-demand and dynamic services. However, a single cloud service provider does not have limitless resources to offer to its users, and increasingly users are demanding the features of extensibility and inter-operability with other cloud service providers. This has increased the complexity of the cloud ecosystem and resulted in the emergence of the concept of an Inter-Cloud environment where a cloud computing platform can use the infrastructure resources of other cloud computing platforms to offer a greater value and flexibility to its users. However, there are no common models or standards in existence that allows the users of the cloud service providers to provision even some basic services across multiple cloud service providers seamlessly, although admittedly it is not due to any inherent incompatibility or proprietary nature of the foundation technologies on which these cloud computing platforms are built. Therefore, there is a justified need of investigating models and frameworks which allow the users of the cloud computing technologies to benefit from the added values of the emerging Inter-Cloud environment. In this dissertation, we present a novel security model and protocols that aims to cover one of the most important gaps in a subsection of this field, that is, the problem domain of provisioning secure communication within the context of a multi-provider Inter-Cloud environment. Our model offers a secure communication framework that enables a user of multiple cloud service providers to provision a dynamic application-level secure virtual private network on top of the participating cloud service providers. We accomplish this by taking leverage of the scalability, robustness, and flexibility of peer-to-peer overlays and distributed hash tables, in addition to novel usage of applied cryptography techniques to design secure and efficient admission control and resource discovery protocols. The peer-to-peer approach helps us in eliminating the problems of manual configurations, key management, and peer churn that are encountered when\ud setting up the secure communication channels dynamically, whereas the secure admission control and secure resource discovery protocols plug the security gaps that are commonly found in the peer-to-peer overlays. In addition to the design and architecture of our research contributions, we also present the details of a prototype implementation containing all of the elements of our research, as well as showcase our experimental results detailing the performance, scalability, and overheads of our approach, that have been carried out on actual (as\ud opposed to simulated) multiple commercial and non-commercial cloud computing platforms. These results demonstrate that our architecture incurs minimal latency and throughput overheads for the Inter-Cloud VPN connections among the virtual machines of a service deployed on multiple cloud platforms, which are 5% and 10% respectively. Our results also show that our admission control scheme is approximately 82% more efficient and our secure resource discovery scheme is about 72% more efficient than a standard PKI-based (Public Key Infrastructure) scheme.
  • The results below are discovered through our pilot algorithms. Let us know how we are doing!

    • [2] Serge Abiteboul. Querying semi-structured data. Springer, 1997. 141
    • [3] William Adjie-Winoto, Elliot Schwartz, Hari Balakrishnan, and Jeremy Lilley. The design and implementation of an intentional naming system. In ACM SIGOPS Operating Systems Review, pages 186-201. ACM, 1999. 140
    • [4] Les Cottrell Ajay Tirumala and Tom Dunigan. Measuring end-to-end bandwidth with iperf using web100. In Web100, Proc. of Passive and Active Measurement Workshop, 2003. 93
    • [5] Amazon. AWS Elastic Beanstalk, 2015. URL http://aws.amazon.com/ elasticbeanstalk. 3
    • [6] Amazon. Virtual private cloud, 2015. URL http://aws.amazon.com/vpc. xv, 32, 42
    • [7] Amazon. Amazon Elastic Compute Cloud, 2015. URL http://aws.amazon. com/ec2. 3, 40
    • [8] Amazon. Amazon Simple Storage Service, 2015. URL http://aws. amazon.com/s3. 3
    • [10] Ross Anderson, Eli Biham, and Lars Knudsen. Serpent: A proposal for the advanced encryption standard. NIST AES Proposal, 174, 1998. 66
    • [11] Stephanos Androutsellis-Theotokis and Diomidis Spinellis. A survey of peer-to-peer content distribution technologies. ACM Computing Surveys (CSUR), 36(4):335-371, 2004. 140
    • [12] Michael Armbrust, Armando Fox, Rean Griffith, Anthony D. Joseph, Randy Katz, Andy Konwinski, Gunho Lee, David Patterson, Ariel Rabkin, Ion Stoica, and Matei Zaharia. A view of cloud computing. Commun. ACM, 53(4): 50-58, April 2010. ISSN 0001-0782. doi: 10.1145/1721654.1721672. URL http://doi.acm.org/10.1145/1721654.1721672. 5
    • [13] Django Armstrong, Karim Djemame, Srijith Krishnan Nair, Johan Tordsson, and Wolfgang Ziegler. Towards a contextualization solution for cloud platform services. In CloudCom, pages 328-331, 2011. xviii, 80, 119, 177
    • [14] Ken Arnold, Robert Scheifler, Jim Waldo, Bryan O'Sullivan, and Ann Wollrath. Jini Specification. Addison-Wesley Longman Publishing Co., Inc., 1999. 76, 140
    • [15] Randall Atkinson. Security architecture for the internet protocol. In RFC 1825, 1995. 57
    • [16] A Balasubramanian, A Hemanth Kumar, and R Prasanna Venkatesan. An optimized and secured vpn with web service. Networking and Communication Engineering, 6(2), 2014. 18
    • [17] Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. Xen and the art of virtualization. ACM SIGOPS Operating Systems Review, 37(5):164-177, 2003. 89, 129, 158
    • [18] William C Barker and Elaine B Barker. Recommendation for the triple data encryption algorithm (tdea) block cipher. In National Institute of Standards & Technology, 2012. 59
    • [19] Salman Baset and Henning Schulzrinne. An analysis of the skype peer-topeer internet telephony protocol. CoRR, 2004. 76
    • [20] Brian Beach. Virtual private cloud. In Pro Powershell for Amazon Web Services, pages 67-88. Springer, 2014. 18
    • [21] S.M. Bellovin and Michael Merritt. Encrypted key exchange: passwordbased protocols secure against dictionary attacks. In Research in Security and Privacy, 1992 IEEE Computer Society Symposium on, pages 72-84, May 1992. 120
    • [22] K. Berket, A. Essiari, and A. Muratas. Pki-based security for peer-to-peer information sharing. In Peer-to-Peer Computing, 2004. Proceedings. Pro-
    • [25] Alex Berson. Client-server architecture. McGraw-Hill, 1992. 21
    • [26] J Bethencourt, A Sahai, and B Waters. Advanced crypto software collection: The cpabe toolkit, 2015. URL http://acsc.cs.utexas.edu/cpabe/. 89, 158
    • [27] Luca Boccassi, Marwan M Fayed, and Mahesh K Marina. Binder: a system to aggregate multiple internet gateways in community networks. In Proceedings of the 2013 ACM MobiCom workshop on Lowest cost denominator networking for universal access, pages 3-8. ACM, 2013. 22
    • [28] Thomas Bocek. TomP2P: A P2P-based high performance key-value pair storage library, 2015. URL http://tomp2p.net/. 89, 129, 158
    • [29] Andre´ B. Bondi. Characteristics of scalability and their impact on performance. In Proceedings of the 2Nd International Workshop on Software and Performance, WOSP '00, pages 195-203, New York, NY, USA, 2000. ACM. ISBN 1-58113-195-X. doi: 10.1145/350391.350432. URL http://doi.acm.org/10.1145/350391.350432. 99
    • [30] Dan Boneh and Matthew K. Franklin. Identity-based encryption from the weil pairing. In CRYPTO, pages 213-229, 2001. 68
    • [31] Dan Boneh, Giovanni Di Crescenzo, Rafail Ostrovsky, and Giuseppe Persiano. Public key encryption with keyword search. In EUROCRYPT, pages 506-522, 2004. 68
    • [32] BritishTelecom. BT Compute Cloud, 2015. btcompute.bt.com. 89, 129, 158
    • [33] Paul Buchheit. GMail, 2004. URL http://mail.google.com. 2 [38] Daniele Catteddu. Cloud computing: Benefits, risks and recommendations for information security. In Carlos Serro, Vicente Aguilera Daz, and Fabio Cerullo, editors, Web Application Security, volume 72 of Communications in Computer and Information Science, pages 17-17. Springer Berlin Heidelberg, 2010. ISBN 978-3-642-16119-3. doi: 10.1007/978-3-642-16120-9 9. URL http://dx.doi.org/10.1007/978-3-642-16120-9_9. 5
    • [40] Shiping Chen, S. Nepal, and Ren Liu. Secure connectivity for intracloud and inter-cloud communication. In Parallel Processing Workshops (ICPPW), 2011 40th International Conference on, pages 154-159, Sept 2011. doi: 10.1109/ICPPW.2011.54. xv, 32, 38, 39, 40
    • [41] Yang-hua Chu, Aditya Ganjam, TS Eugene Ng, Sanjay G Rao, Kunwadee Sripanidkulchai, Jibin Zhan, and Hui Zhang. Early experience with an internet broadcast system based on overlay multicast. School of Computer Science, Carnegie Mellon University, 2003. 32
    • [42] Cisco. Understanding the ping and traceroute commands. In Cisco IOS Software Releases, Aug 2014. 91
    • [43] Kimberly Claffy, Greg Miller, and Kevin Thompson. The nature of the beast: Recent traffic measurements from an internet backbone. In Proceedings of INET, volume 98, pages 21-24, 1998. 93
    • [45] Clifford Cocks. An identity based encryption scheme based on quadratic residues. In IMA Int. Conf., pages 360-363, 2001. 68
    • [46] Bram Cohen. The BitTorrent protocol specification, 2001. URL http:// www.bittorrent.org/beps/bep_0003.html. 76
    • [47] CohesiveFT. VPN-Cubed, 2014. URL http://www.cohesiveft.com/ vpncubed. xv, 32, 44, 45
    • [48] Steven E Czerwinski, Ben Y Zhao, Todd D Hodes, Anthony D Joseph, and Randy H Katz. An architecture for a secure service discovery service. In Proceedings of the 5th annual ACM/IEEE international conference on Mobile computing and networking, pages 24-35. ACM, 1999. 159
    • [49] Amit Sahai Dan Boneh and Brent Waters. Functional encryption: a new vision for public-key cryptography. Commun. ACM, 55(11):56-64, 2012. 147
    • [50] Luca Deri and Richard Andrews. N2N: a layer two Peer-to-Peer VPN. In Resilient Networks and Services, Lecture Notes in Computer Science, pages 53-64. Springer Berlin Heidelberg, 2008. xiv, 27, 31, 32
    • [51] Brian Desmond, Joe Richards, Robbie Allen, and Alistair G Lowe-Norris. Active Directory: Designing, Deploying, and Running Active Directory. ” O'Reilly Media, Inc.”, 2008. 142
    • [52] W. Diffie and M. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, November 1976. 62, 66, 85
    • [53] Jeff Dike. User Mode Linux, volume 2. Prentice Hall Englewood Cliffs, 2006. 26
    • [62] Tse-Yun Feng. A survey of interconnection networks. Computer, 14(12): 12-27, Dec 1981. ISSN 0018-9162. doi: 10.1109/C-M.1981.220290. 35
    • [63] Niels Ferguson and Bruce Schneier. Practical cryptography, volume 141. Wiley New York, 2003. 66
    • [64] A. J Ferrer, F. Hernndez, J. Tordsson, E. Elmroth, C. Zsigri, R. Sirvent, J. Guitart, R. M Badia, K. Djemame, and W. Ziegler. OPTIMIS: a holistic approach to cloud service provisioning. In First International Conference on Utility and Cloud Computing, December 2010. 176
    • [65] Roy Fielding, Jim Gettys, Jeffrey Mogul, Henrik Frystyk, Larry Masinter, Paul Leach, and Tim Berners-Lee. Hypertext transfer protocol - http/1.1, June 1999. 90
    • [66] Flexiant. Flexiant, your cloud simplified, 2015. URL http://www.flexiant. com/. 3, 89, 129, 158
    • [67] Ian Foster, Carl Kesselman, and Steven Tuecke. The anatomy of the grid - enabling scalable virtual organizations. International Journal of Supercomputer Applications, 15:2001, 2001. 1
    • [77] R Haywood. Business to business (b2b). Key Concepts in Public Relations, page 35, 2009. 38
    • [78] Mark D. Hill. What is scalability? SIGARCH Comput. Archit. News, 18 (4):18-21, December 1990. ISSN 0163-5964. doi: 10.1145/121973.121975. URL http://doi.acm.org/10.1145/121973.121975. 99
    • [79] H. Hiroaki, Y. Kamizuru, A Honda, T. Hashimoto, K. Shimizu, and H. Yao. Dynamic ip-vpn architecture for cloud computing. In Information and Telecommunication Technologies (APSITT), 2010 8th Asia-Pacific Symposium on, pages 1-5, June 2010. xiv, 32, 34
    • [80] Susan Hohenberger and Brent Waters. Attribute-based encryption with fast decryption. In Public Key Cryptography, pages 162-179, 2014. 68, 147
    • [81] Ines Houidi, Wajdi Louati, and Djamal Zeghlache. A distributed virtual network mapping algorithm. In Communications, 2008. ICC'08. IEEE International Conference on, pages 5634-5640. IEEE, 2008. 21
    • [92] Xuxian Jiang and Dongyan Xu. VIOLIN: virtual internetworking on overlay INfrastructure. In In Proc. Of The 2nd Intl. Symposium On Parallel And Distributed Processing And Applications, 2003. xiv, 24, 27, 33
    • [93] Guojun Jin and B. Tierney. Netest: a tool to measure the maximum burst size, available bandwidth and achievable throughput. In Information Technology: Research and Education, 2003. Proceedings. ITRE2003. International Conference on, pages 578-582, Aug 2003. 94
    • [94] Pierre St Juste, Heungsik Eom, Benjamin Woodruff, Corey Baker, and Renato Figueiredo. Enabling decentralised microblogging through p2pvpns. International Journal of Security and Networks, 8(3):169-178, 2013. 27
    • [96] Brian W Kernighan, Dennis M Ritchie, and Per Ejeklint. The C programming language, volume 2. Prentice-Hall Englewood Cliffs, 1988. 158
    • [97] Matt Kimball. Network diagnostics. In BitWizard, Aug 2014. 91
    • [98] Neal Koblitz and Alfred Menezes. Pairing-based cryptography at high security levels. Springer, 2005. 149
    • [100] Maxim Krasnyansky. sourceforge.net. 22, 31
    • [107] LogMeIn. Hamachi - a zero-configuration virtual private network, 2015. URL https://secure.logmein.com/products/hamachi2. 27
    • [108] LogMeIn. Hamachi security, 2015. URL https://secure.logmein.com/ products/pro/security.aspx. 30
    • [109] Dong Lu, Yi Qiao, Peter Dinda, Fabian E Bustamante, et al. Characterizing and predicting tcp throughput on the wide area network. In 25th IEEE International Conference on Distributed Computing Systems, pages 414-424. IEEE, 2005. 95
    • [110] Eng Keong Lua, Jon Crowcroft, Marcelo Pias, Ravi Sharma, and Steven Lim. A survey and comparison of peer-to-peer overlay network schemes. IEEE Communications Surveys and Tutorials, 7:72-93, 2005. xv, 51
    • [111] Gordon Lyon. nmap: Network mapper. In Phrack Magazine, Aug 2014. 91
    • [112] Margaret Rouse. Ping of Death, August 2014. URL http:// searchsecurity.techtarget.com/definition/ping-of-death. 92
    • [113] Norman Maurer. Netty in Action. Manning Publications Co., 1st ed. edition, November 2014. 101
    • [114] Petar Maymounkov and David Mazie` res. Kademlia: A peer-to-peer information system based on the xor metric. In First International Workshop on Peer-to-Peer Systems. Springer-Verlag, 2002. 53, 55, 89, 129, 141, 158
    • [119] MicroSoft. Outlook.com, 2015. URL http://www.outlook.com. 2
    • [120] Ahmad Moradi, Andrea Lodi, and S Mehdi Hashemi. On the difficulty of virtual private network instances. Networks, 2014. 18 [125] Angela Orebaugh, Gilbert Ramirez, and Jay Beale. Wireshark & Ethereal network protocol analyzer toolkit. Syngress, 2006. 143
    • [136] salesforce. Salesforce, 2015. URL http://www.salesforce.com. 2
    • [164] David Isaac Wolinsky, Panoat Chuchaisri, Kyungyong Lee, and Renato Figueiredo. Experiences with self-organizing, decentralized grids using the grid appliance. Cluster computing, 16(2):265-283, 2013. 27
    • [165] D.I Wolinsky, Kyungyong Lee, P.O. Boykin, and R. Figueiredo. On the design of autonomic, decentralized vpns. In Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), 2010 6th International Conference on, pages 1-10, Oct 2010. 27
  • No related research data.
  • Discovered through pilot similarity algorithms. Send us your feedback.

Share - Bookmark

Download from

Cite this article