Secure Networking for Virtual Machines in the Cloud

Cloud computing improves utilization and flexibility of allocating computing resources while reducing the infrastructural costs. However, cloud technology is still proprietary in many cases and is tainted by security issues rooted in the multi-tenant environment of the cloud. For instance, the virtual machines of two competing companies could be served by the same underlying host machine in an Infrastructure as a Service (IaaS) type of cloud and this represents a security threat to be addressed. As a solution to this multi-tenancy problem, the Host Identity Protocol (HIP) offers a standardized way to authenticate and protect data flows between tenants belonging to the same security domain. In this paper, we have experimented with HIP in order to address the multi-tenant challenges for public and hybrid IaaS clouds. In our design, developers and administrators can access cloud services directly over HIP, whereas consumers access the cloud without HIP using a reverse HTTP proxy. The proxy also acts as a load balancer for a distributed test service deployed both in an EC2 public cloud and a private cloud. The performance of the system offers efficiency comparable to SSL and essentially utilizes the same cryptographic algorithms with similar processing costs. Consequently, this implies that the proposed scheme is a viable alternative to mitigate some of the privacy issues related to multi-tenancy within a single data center and to secure communications between two clouds in the case of a hybrid cloud.