Shafiq Ul Rehman

A survey of mitigation techniques against Economic Denial of Sustainability (EDoS) attack on cloud computing architecture

Cloud computing is the next revolution in the Information and Communication Technology arena. It is a model in which computing is delivered as a commoditized service similar to electricity, water and telecommunication. Cloud computing provides software, platform, infrastructure and other hybrid models which are delivered as subscription-based services in which customers pay based on usage. Nevertheless, security is one of the main factors that inhibit the proliferation of cloud computing. Economic Denial of Sustainability (EDoS) is a new breed of security and economical threats to the cloud computing. Unlike the traditional Distributed Denial of Service (DDoS) which brings down a particular service by exhausting the resources of the server in traditional setup, EDoS takes advantage of the elasticity of the cloud service. This causes the resources to dynamically scale to meet the demand (as a result of EDoS attack) resulting in a hefty bill for the customer. In this survey, we review various EDoS mitigation techniques that have been introduced in recent years.

Rule-based mechanism to detect Denial of Service (DoS) attacks on Duplicate Address Detection process in IPv6 link local communication

Internet Protocol version 6 (IPv6) is currently being deployed progressively around the world and soon will become the de facto IP communication standard. Nevertheless, due to the nature of the protocol design of IPv6, it has brought about various security issues. One of the security issues relates to leveraging the vulnerability that exists in the way Duplicate Address Detection (DAD) process is carried out leading to Denial or Service (DoS) attacks. Such attacks can render the whole network non-functional. Several mechanisms have been introduced to detect this attack. Nevertheless, these mechanisms had some drawbacks. In this paper, we propose a new mechanism that uses rule-based approach that is able to address the shortcomings of existing mechanisms with improved accuracy and performance.

Improved Mechanism to Prevent Denial of Service Attack in IPv6 Duplicate Address Detection Process

From the days of ARPANET, with slightly over two hundred connected hosts involving five organizations to a massive global, always-on network connecting hosts in the billions, the Internet has become as important as the need for electricity and water. Internet Protocol version 4 (IPv4) could not sustain the growth of the Internet. In ensuring the growth is not stunted, a new protocol, i.e. Internet Protocol version 6 (IPv6) was introduced that resolves the addressing issue IPv4 had. In addition, IPv6 was also laden with new features and capabilities. One of them being address auto-configuration. This feature allows hosts to self-configure without the need for additional services. Nevertheless, the design of IPv6 has led to several security shortcomings. Duplicate Address Detection (DAD) process required for auto-configuration is prone to Denial of Service (DoS) attack in which hosts are unable to configure themselves to join the network. Various mechanisms, SeND, SSAS, and the most recent being Trust-ND, have been introduced to address this issue. Although these mechanisms were able to circumvent DoS attack on DAD process, they have introduced various side effects, i.e. complexities and degradation of performance. This paper reviews the shortcomings of these mechanism and proposes a new mechanism, Secure-DAD, that addresses them. The performance comparison between Trust-ND and Secure-ND also showed that Secure-DAD is more promising with improvement in terms of processing time reduction of 45.1% compared to Trust-ND while preventing DoS attack in IPv6 DAD process.

Internet of Things in Higher Education: A Study on Future Learning

In the coming years, technology will impact the learning experience in many ways. Internet of Things (IoT) continues to confirm its important position in the context of Information and Communication Technologies and the development of society. With the support of IoT, institutions can enhance learning outcomes by providing more affluent learning experiences, improved operational efficiency, and by gaining real-time, actionable insight into student performance. The purpose of this study is to find out the potential of IoT in higher education and how to maximize its benefits and reducing the risks involved with it. Further efforts are necessary for releasing the full potential of IoT systems and technologies. Therefore, this paper presents a study about the impact of IoT on higher education especially universities. IoT stands to change dramatically the way universities work, and enhance student learning in many disciplines and at any level. It has huge potential for universities or any other educational institutions; if well prepared to ensure widespread and successful implementation by leadership, staff, and students. IoT needs development where universities can lead. Academics, researchers, and students are in a unique place to lead the discovery and development of IoT systems, devices, applications, and services. Moreover, this paper provides an evidences about the future of IoT in the higher education during the next few years, which have offered by a number of research organizations and enterprises. On the other hand, IoT also brings tremendous challenges to higher education. Hence, this paper also presents the perspective on the challenges of IoT in higher education.

An overview of DDoS attacks based on DNS

Botnet-based Distributed Denial of Service (DDoS) attacks are considered as the main concerns and problems of todays Internet. The damage of these attacks are very serious since the number of computers involved in these attacks is huge and distributed worldwide. However, many protocols such as Domain Name System (DNS) have several security vulnerabilities nowadays that are utilized by botnet attackers. The amplification attacks are the most popular attacks in the Internet which require robust hardware and software for security assurance. In this paper, we provide an overview of botnet-based DDoS attacks that use DNS as a basic infrastructure to launch attacks. We aim to make a better understanding of the most noted attacks to extend the knowledge about DDoS attacks and to analyze the importance of DNS services.

Enhanced Mechanism to Detect and Mitigate Economic Denial of Sustainability (EDoS) Attack in Cloud Computing Environments

Cloud computing (CC) is the next revolution in the Information and Communication Technology arena. CC is often provided as a service comparable to utility services such as electricity, water, and telecommunications. Cloud service providers (CSP) offers tailored CC services which are delivered as subscription-based services, in which customers pay based on the usage. Many organizations and service providers have started shifting from traditional server-cluster infrastructure to cloud-based infrastructure. Nevertheless, security is one of the main factors that inhibit the proliferation of cloud computing. The threat of Distributed Denial of Service (DDoS) attack continues to wreak havoc in these cloud infrastructures. In addition to DDoS attacks, a new form of attack known as Economic Denial of Sustainability (EDoS) attack has emerged in recent years. DDoS attack in conventional computing setup usually disrupts the service, which affects the client reputation, and results in financial loss. In CC environment, service disruption is very rare due to the auto-scalability (Elasticity), capability, and availability of service level agreements (SLA). However, auto scalability utilize more computing resources in event of a DDoS attack, exceeding the economic bounds for service delivery, thereby triggering EDoS for the organization targeted. Although EDoS attacks are small at the moment, it is expected to grow in the near future in tandem with the growth in cloud usage. There are few EDoS detection and mitigation techniques available but they have weaknesses and are not efficient in mitigating EDoS. Hence, an enhanced EDoS mitigation mechanism (EDoS-EMM) has been proposed. The aim of this mechanism is to provide a real-time detection and effective mitigation of EDoS attack.

Denial of Service Attack in IPv6 Duplicate Address Detection Process

IPv6 was designed to replace the existing Internet Protocol, that is, IPv4. The main advantage of IPv6 over IPv4 is the vastness of address space. In addition, various improvements were brought to IPv6 to address the drawbacks in IPv4. Nevertheless, as with any new technology, IPv6 suffers from various security vulnerabilities. One of the vulnerabilities discovered allows Denial of Service Attack using the Duplicate Address Detection mechanism. In order to study and analyse this attack, an IPv6 security testbed was designed and implemented. This paper presents our experience with the deployment and operation of the testbed, and discussion on the outcome and data gathered from carrying out DoS attack in this testbed