Security Issues in Cloud Computing Solution of DDOS and Introducing Two-Tier CAPTCHA

Abstract

Cloud computing is simply a metaphor for the internet. User does not required knowledge, control, and ownership in the computer infrastructure. User simply access or rent the software and paying only for what they use. Advantage of cloud computing is huge like Broad network access, Cost effectiveness, Rapid elasticity, Measured services, On-Demand service, Resource pooling, Location independence, Reliability, Energy saving and so on. But its global phenomenon that everything in this world has advantage as well as disadvantage, cloud computing also suffering from some drawback like security & privacy, Internet Dependency, Availability, And Current Enterprise Applications Can't Be Migrated Easily. I conclude that security is biggest hurdle in wide acceptance of cloud computing. User of cloud services are in fear of data loss, security and availability issues. At virtual level DDOS (Distributed Denial of Service Attack) is biggest threat of availability in cloud computing. In Denial of service attack an attacker prevent legitimate users of service from using the desired resources by flood a network or by consuming bandwidth .So authentication is need to distinguish legitimated clients from malicious clients, which can be performed through strong cryptographic verification (for a private server) or graphical Turing tests (for a public server). Where the authentication is performed by Graphical Turing Tests, which is widely used to distinguish human users from robots through their reaction . On the other hand, CAPTCHA (Completely Automated Public Turing Tests to Tell Computers and Humans Apart) is used for Graphical Turing Test. There are many OCR or Non-OCR based CAPTCHA's are used widely but they are vulnerable to many attacks like Pixel-Count Attack, Recognition by using OCR, Dictionary Attack, and Vertical Segmentation. This paper introduces a new CAPTCHA method called Two-Tier CAPTCHA. In this method CLAD node need to generate two things, first a alphanumeric CAPTCHA code with image. Second Query related to that CAPTCHA code. E.g. enter only Digit's .We can increase the rate of its difficulty in order to improve its resistance against the attacks by adding more and more query and combination in database. The algorithm of this method makes it hard for bot programs which mean that it is more secure. This project has been implemented by ASP.NET and PHP Language.