432
INTELLIGENT CITIES
12.2.3 Defense-in-Depth
Defense-in-depth is a mechanism that should be used to provide a
high level of security to the IT infrastructure of an intelligent city. It
ensures that multiple levels or layers of security are present within an
IT infrastructure to ensure that even if security at one level is compro-
mised for some reason, security at other levels should be able to safe-
guard the underlying IT infrastructure. As multiple levels of security
are provided in this approach, it is also called a layered approach to
security implementation. It offers enhanced security to the IT infra-
structure by providing multiple layers of security and more time for
city officials to react to a security breach that has occurred in one layer
because the security measures in the other layers will be working to
protect it. A high-level architecture of the defense-in-depth approach
is given below:
1. Perimeter security
(physical security)
2. Remote access controls
(VPN, authentication, etc.)
3. Network security
4. Server security
5. Storage security
1
2
3
4
5
12.2.4 Trusted Computing Base
e trusted computing base (TCB) defines the boundary for the
critical information components that form part of the IT infrastruc-
ture of intelligent cities. Any security breaches that occur within
the TCB boundary will affect the entire IT infrastructure in an
adverse manner. is helps to establish a clear definition between
the critical and noncritical components of the IT infrastructure of
the city. For example, if we take an example of a PC or tablet, the
433
SECURITY MANAGEMENT OF INTELLIGENT CITIES
operating system (OS) and configuration files will be a part of the
TCB, as any security breaches to the OS will corrupt the entire PC.
It is very important for TCB to be defined for the IT infrastructure
of an intelligent city. It helps to provide multiple additional levels
of security for the components that fall under the TCB of the IT
infrastructure.
12.2.5 Encryption
Encryption is the process of converting data into a format that can-
not be interpreted easily and directly by unauthorized users. It is very
important to ensure that data stored in the IT infrastructure of the
intelligent city and the data that are transmitted via the networks are
in encrypted form. is is very helpful to prevent unauthorized decep-
tion of data by third-party agents. e process of converting the data
back to their original form is called decryption. Several encryption
software are available in the market.
Pretty Good Privacy (PGP) is a strong data encryption and decryp-
tion program that is widely used by the federal government for pro-
tecting all types of government data such as email, files, and entire
disk partitions of computers.
Apart from the security requirements mentioned earlier, an addi-
tional security requirement of the IT infrastructure of an intelligent
city is resilience. Resilience is the capability of an IT infrastructure
to return to its original state after it is disturbed by some internal or
external factors.
e majority of the intelligent city applications will be built and
deployed on cloud platforms. Hence all security concerns of cloud
platforms will pose security threats for intelligent cities as well. In
the next section, we examine some of the security concerns of cloud
platforms.
12.3 Security Concerns of Cloud Platforms
Cloud security architecture has three different layers: software appli-
cations, platform, and infrastructure layers. Each layer has its own
set of security concerns. We discuss some of them in the context of
434
INTELLIGENT CITIES
intelligent cities that would rely mainly on the public cloud for its IT
requirements.
One of the main concerns related to the cloud is multitenancy.
Multitenancy refers to the fact that the cloud infrastructure, because
of the underlying virtualization platform, provides features to serve
multiple independent clients (tenants) using the same set of resources.
is consequently increases the risks to data confidentiality and integ-
rity. ese risks are especially severe in the public cloud environment
because in the public cloud services can be used by competing clients
as compared to private clouds; in addition, the number of cloud users
is much higher in public clouds.
Some of the ways to overcome the concerns due to multitenancy are
• Virtual machine segmentation
• Database segmentation
• Virtual machine introspection
12.3.1 Virtual Machine Segmentation
Virtualization forms the basis of most of Infrastructure as a Service
(IaaS) offerings. ere are many types of virtualization softwares
available in the market. ese softwares provide the capability to con-
vert a physical machine into multiple virtual machines (VMs). ese
VMs are provided to customers as part of IaaS; they run on virtual
platforms and serve as databases, Web servers, and file servers. e
main component of a virtualization platform is a hypervisor that acts
as an OS for the VMs and provisions all the resources required for the
operation of VMs. e major security concern in a virtualized infra-
structure arises from the fact that VMs owned by multiple customers
reside on the same physical machine. is aspect places the VMs in
a privileged position with respect to one another and can introduce
several types of security risks such as unauthorized connection, moni-
toring, and malware induction. To prevent such security threats, it is
very important to ensure that VMs that contain confidential customer
data are segmented and isolated from one another, a process called
VM segmentation.
435
SECURITY MANAGEMENT OF INTELLIGENT CITIES
12.3.2 Database Segmentation
In IaaS, infrastructure resources are offered as a service. In SaaS,
apart from software applications, a database is also offered as a ser-
vice. is will introduce a scenario in which multiple customers will
store their data in the same database as multiple rows that are dif-
ferentiated based on assigned customer IDs. In some situations such
as application code errors or access control list errors, there is much
risk to customer data. For controlling access to database data, quite
a few tools and technologies are available. To prevent the occurrence
of such situations, many tools are available in the market. ese tools
work on the basis of a system for authentication and authorization
that ensure that only some rows are modifiable based on certain pre-
defined security policies that ensure that access to data is warranted.
Another technique that could be used to reduce security threats in
this situation is the encryption of data stored in the database. is
ensures that even if the security of the data is compromised, it would
be difficult to decrypt it.
12.3.3 VM Introspection
Another important technique that could be used to eliminate the risks
of multitenancy is VM introspection. VM introspection is a service
that is provided by the hypervisor. It examines the internal state of
each VM that runs on top of the hypervisor. Many tools are available
in the market that leverage the benefits of this service to provide VM
segmentation and isolation. VM introspection provides the following
details of each VM.
• Applications and services that are present
• Configuration details
With the help of these details of VMs, it is possible to create and
implement custom security policies on each VM. An example of such
a policy could be to ensure that no other VM should join a specific
VM group until it has some matching OS configuration parameters.
is ensures that in a multitenant environment, VMs remain seg-
mented and isolated.
436
INTELLIGENT CITIES
12.3.4 Distributed Denial of Service
In a cloud system, if a host of messages attack all nodes of the cloud
system and overutilize the server resources, making the resources
unavailable for actual requirements, it is called a distributed denial
of service (DDoS) attack. ere are two primary versions of DDoS
attacks that can occur: simple and complex. Examples of simple
DDoS attack tools are X-Dos (XML-based denial of service) as well
as H-Dos (HTTP-based denial of service). Example of complex
DDoS attack tools are Agobot, Mstream, and Trinoo. H-DoS are
used by attackers who are interested in using less complex Web-based
tools for attack. One additional advantage of these simple tools is the
ease of implementation of attacks. DX-DoS occurs when XML-based
messages are sent to a Web server in such a way that they will use up
all the server’s resources. Coercive parsing attack is an X-Dos attack
in which Web content is parsed using Simple Object Access Protocol
(SOAP) to transform it into an application. A series of open tags are
used by a coercive parsing attack to exhaust the central processing
unit (CPU) resources on the Web server. In case of an H-DoS attack,
a series of about 1000 plus threads are started to create HTTP simul-
taneous random requests to exhaust all the resources. Several tools
are available in the market to detect and eliminate DDoS attacks.
Cloud service providers can use these tools at their discretion. One
such example is discussed in the following paragraph.
12.3.4.1 Real-Life Example of DDoS Attack Bloomberg News reported
that hackers used AWS’s EC2 cloud computing unit to launch an
attack against Sony’s PlayStation Network and Qriocity entertain-
ment networks. e attack reportedly compromised the personal
accounts of more than 100 million Sony customers.
12.3.4.2 Imperva SecureSphere Web Application Firewall to Prevent DDoS
Attacks e Imperva SecureSphere Web Application Firewall is a
security appliance that is capable of preventing DDoS attacks in a
cloud infrastructure. In addition to DDoS, this software also has the
capability to prevent several types of Web attacks such as Structured
Query Language (SQL) injection.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.