Blockchain based Internet of Things (Debashis De, Siddhartha Bhattacharyya etc.)

148

M. Bakro et al.

customer conﬁdentiality as a result of not completely deleting their data when they

request the cancellation of a particular service, and the deletion of part of the data by

the service provider may mistakenly be another violation in the integrity of the data,

and here the user will not be able to discover this fact, and this is what prompted us

in our research to use blockchain technology. Since access to services runs through

browsers [22], all web-based attacks must be known as weaknesses in SaaS, Cloud

Security Alliance [25] has announced the release of a document describing the reality

of mobile computing and the most important challenges in this area, also it must be

taken with what the Open Web Application Security Project (OWASP) has identi-

ﬁed around the top ten security threats to web applications, such as SQL injection

attacks which is able to change user databases, malware attacks, metadata spooﬁng

attacks that is capable of changing what WSDL ﬁles contain and cause to unen-

crypted communication between web services, warp attack while translating SOAP

messages in TLS layer (transport layer service), XML signature attack that holds the

network protocols (so the XML must be encoded in the main browser side), and other

types of attacks through which the hacker interrupts activation the performance of

the usual cloud servers [28] and affects in data integrity. The denial-of-service attack

in the cloud system is the most important reason for the lack of service or data so

that a large number of random requests are sent to dump the service, and here the

role of CSP lies with providing more services.

2.6.2

Platform-as-a-Service (PaaS) Security Issues

This layer publishes the applications developed by the customer without any need

to purchase software and maintenance costs [27], also here we need a network and a

secure browser. The security in PaaS applications consists of two parts: the security

of the PaaS layer itself and the security of the client applications in this platform

PaaS [9], which requires the CSP to provide the basic system software package in

order to ensure that applications operate safely, and since PaaS provides components

of web in addition to the traditional programming languages, so it suffers from the

same problems that the web suffers like data and network security, and we must take

precautions when dealing with third-party services (the third party), and as a result of

the rapid growth of the cloud, developers must constantly update their applications

in PaaS with consideration Development Life Cycle (SDLC) and the related security

aspects, in addition to that, developers should have knowledge about the legal aspects

of data storage sites so that they do not expose themselves to security holes, PaaS

suffers from the problem of multiple tenants, ﬁnally and even in the event that the

developers were able to control over the security of their applications, they cannot

provide any guarantees that the basic infrastructure they use is safe, and this is the

responsibility of the provider.