The authentication gives the user access to VMs within the cloud [37]. All the physical hosts share multiple virtual machines, and these machines monitor by virtual machine monitors (VMM). OpenNebula perform overall management of a cloud system; it helps the network investigator to analyse forensically captured data of vulnerabilities, risk, cyber-threats, and malicious attacks on cloud network environment for further investigations.
Figure 2.2 OpenNebula: a community-based cloud management system that manages resources of the cloud physical host, VMs, VMM, control access, and authentication between cloud users.
2.3.2 NetworkMiner Analysis Tool
NetworkMiner analysis is an open-source network forensics analysis tool that aims to collect malicious attacks or threats over the cloud; these things help in the forensics investigation. In the implementation phase, cloud user direct data collection and separation or filtration layer, where it can start/ stop/reset cloud VMs that running as a forensics service.
The collaboration of the layers performs both the tasks, for example, VMM and network forensics task. NetworkMiner received collected data from OpenNebula and then run accumulator and analysis forensics process-layer as a cloud-based service for aggregate as well as analyze provided captured data. The documentation layer performs visualization of the analysis output. Our modified has additional forensics components (shown in Figure 2.3) that ensure safe machine communication and also help for further investigation.
Figure 2.3 NetworkMiner analysis tool cloud-based forensics services.
The actual cloud environment provided by OpenNebula and Network Miner is as under:
The first is to start data collection, trigger to start the forensics process on the cloud network;
Next is stop data collection, trigger to stop the network forensics process;
Virtual machine identity (VM-ID) used by OpenNebula for setting the action parameter of an individual virtual machine;
OpenNebula translating VM-ID into MAC network address;
Filtering the MAC address;
Help to capture the PCAP file (Package capture file) used for tackle network traffic;
An additional component of network forensics Network Miner analysis tool manages the entire VMs analysis (VMM); the main task is to collect, separate, accumulate, and analyze data for proper communication;
The control manager triggers the overall system action.
In the next section, we calculate the performance matrix of OpenNebula and NetworkMiner, and also compare both the accuracy and efficiency of the tools to the other well-known network forensics tools.
2.3.3 Performance Matrix Evaluation & Result Discussion
Performance evaluation of the proposed architecture is to verify our network forensics cloud-based system performs well enough as compared to the previously published model. The setup of measuring the performance impact on the running VMM manages all VMs in the cloud environment with network forensics. The process consumes computational and power resources to evaluate the model performance, communicate resources that would capture, aggregate and analyse, and transfer network traffic.
In the experiment, the proposed model architecture intended to quantify the performance matrix by comparing both the scenarios: (i) without network forensics and (ii) with network forensics (shown in Figure 2.4).
The performance measurement was done by setting the tune of the host system, as well as mention the crucial software specification of the hosts, described below:
System Software: Linux Ubuntu 18.04;
Application Software: OpenNebula and NetworkMiner;
System Specification: x64 2.4GHz Octa-Core 7th Generation CPU with 32GB RAM connected via highly powerful ether-net connectivity up to Gigabit.
Evaluate almost 8 VMs parallel with network forensics on a single virtual machine monitor, VMs hosts a web-based service interface that runs tasks as a computationally intensive. This web-based service interface calculates both the great common divers, for example, with or without network forensics, output results show in Figure 2.4. Iteratively calculate the request of cloud users to call a function over several times. Moreover, users’ web services and NetworkMiner analysis run a separate interface.
Figure 2.4 Measurement of the performance of network forensics while running cloud infrastructure systems.
Call Function: More than 2,800 times with minimum 20 concurrent requests;
The time it takes to calculate the call function of cloud users is less than 2 minutes;
The average performance of VMs is almost 89%;
Average performance reduction between 3% to 18%.
Recently, cloud service provides offered Forensics-as-a-Service. Similar to the other cloud services, FaaS is a business service model for digital investigators. One is the addition of cloud resources for the analysis of forensics data by cloud users, and the second is the most prominent aspect that, not account for VMM plus network forensics cloud-based system. Estimate the sets of forensics transferred data to the accumulator that aggregate and then the analyzation process-layer.
In the next section, we have taken a real-world scenario of cloud security impact on M2M communication and how we can utilize the cloud application in the fourth industrial revolution.
2.4 Cloud Security Impact on M2M Communication
For an authorized and secure communication channel an autonomous system is required [38], many parts of a system where a machine can communicate with others, such as (i) daemon to backend, (ii) service to service, (iii) IoT tools, and (iv) CLI (client to internet service). Establishing an authorized trust system between client [39], means authorization process attempts to build trust in the cloud environment by authorizing a client. In this case, a cloud client can simply utilize cloud applications, services, and securely processes cloud infrastructure. There is no need to typically authenticate like username/password, two-way authentication, social login, and others. However, provide protected, and secure machines communication, cloud client grant credentials, this credential has two pieces of information, one is the client ID, and the second is secret. This piece of information