Privacy and Security of Cloud Computing: A Comprehensive Review of Techniques and Challenges

  • Authors

    • Marwan Adnan Darwish
    • Eiad Yafi
    • Abdullah H. Almasri
    • Megat F Zuhairi
    2018-11-26
    https://doi.org/10.14419/ijet.v7i4.29.26263
  • Cloud computing, Privacy, security, identity cloud management, cryptography, steganography
  • Cloud computing usage is rapidly increasing in a various range of services and it is seen on trend to revolutionize the way the IT companies doing businesses. The recent advances in mobile, social media companies and online businesses have given rise to success and propagation for the environment of the cloud. However, When uploading the users' data from the local device to the nature of the cloud that considered as a third party , major challenges cloud-computing model jeopardizes privacy and security issues and threats on data security and reliability. These threats constitute data breaches, loss of control, unauthorized uses at the different layers of the cloud models and these issues hinder the adoption of cloud and slow down acceptance in many sectors in IT. In this review, we present and summarize major articles in cloud computing and its multiple layers with a focus on security and privacy challenges (such as integrity, confidentiality and data privacy). We also intend to review the latest approaches regarding identity management inside the cloud, cryptography and steganography techniques that have been used inside the cloud platforms.

     

  • References

    1. [1] Modi, Chirag,Patel ,Dhiren, Borisaniya, Bhavesh ,Pat Avi , Rajarajan, Muttukrishnan,2013 A survey on security issues and solutions at different layers of Cloud computing..J.Supercomput.63(2),5612.

      [2] Armbrust , Micheal, et al. Above the Clouds: A Berekely View of Cloud. Technical Report No. UCB/EECS-2009-28, Berkeley: Electrical Engineering and Computer Sciences, 2009.

      [3] Mell, P. & Grance, T (2009). The NIST Definition of Cloud Computing.

      [4] Subashini,Subashini,Kavitha,Veeraruna,2011.A survey on security issues in service delivery models of cloud computing.J.Netw.Comput.Appl.34(1),111.

      [5] Syrine Sahmim , Hamza Gharsellaouib.2017 France Privacy and Security in Internet-based Computing: Cloud Computing, Internet of Things, Cloud of Things: a review

      [6] IDC, Spending on it Infrastructure for Cloud Environments in 2016 will be Strong Despite First Quarter Slowdown, 2016.

      [7] Nesrine Kaaniche , Maryline Laurent], 2017 Data security and privacy preservation in cloud storage environments based on cryptographic mechanisms

      [8] A.N. Toosi , R.N. Calheiros ,R. Buyya, Interconnected Cloud Computing Environ- ments: Challenges, Taxonomy, and Survey, 47, ACM, New York, NY, USA, 2014 .

      [9] G. Aceto , A. Botta , W. De Donato , A. Pescapè, Survey cloud monitoring: a sur vey, Comput . Net w. 57 (9) (2013) 2093–2115 .

      [10] Z. Xiao, Y. Xiao, Security and Privacy in Cloud Computing, 2012, pp. 1–17.

      [11] A. Haeberlen , A Case for the Accountable Cloud, 44, ACM, New York, NY, USA, 2010 .

      [12] Cloud Security Alliance, Top Threats to Cloud Computing V1.0, 2010.

      [13] Jansen WA,“ Cloud Hooks: Security and Privacy Issues in Cloud Computing, Proceedings of the 44th Hawaii International Conference on System Sciences, Koloa, Kauai, HI. IEEE Computer Society, Washington, DC, USA, 2011, pp 1–10.

      [14] Cloud Security Alliance, 2010. Online: http://www.cert.uy/wps/wcm/connect/975494804fdf89eaabbdab1805790cc9/Cloud_Computing_Vulnerability_Incidents.pdf/?MOD=AJPERES.

      [15] Syed Asad Hussain , Mehwish Fatima , Atif Saeed ,Imran Raza ,Raja Khurram Shahzad,11 May 2015, Multilevel classification of security concerns in cloud computing

      [16] L. Ponemon, Ponemon ,2014 , SSH security Vulnerability Report Retrieved ,website : http :// www.venafi.com/collateral/wp/ponemon-2014-ssh-security-vulnerability-report 2014.

      [17] J. Wei, X. Zhang, G. Ammons, V. Bala, P. Ning, 2009,Managing security of virtual machine images in a cloud environment, in:ACM Cloud Computing Security Workshop (CCSW?09), ACM,

      [18] T. Ristenpart, E. Tromer, H. Shacham, S. Savage, Get off of my cloud: exploring information leakage in third-party compute clouds, in: ACM Conference on Computer and Communications Security, ACM, 2009.

      [19] P. Arora, R.C. Wadhawan, E.S.P. Ahuja, Cloud computing security issues in infrastructure as a service, Int. J. Adv. Res. Comput. Sci. Softw. Eng. 2 (1) (2012) 1–7.

      [20] David Sánchez , Montserrat Batet(2017), Privacy-preserving data outsourcing in the cloud via semantic data splitting

      [21] Cloud Security Alliance, Cloud usage: risks and opportunities report, in, September 2014.

      [22] European Network and Information Security Agency, Cloud computing. Benefits, risks and recommendations for information security. Revision B, in: L. Dupré, T. Haeberlen (Eds.), December 2012.

      [23] http://money.cnn.com/2011/06/22/technology/dropbox _ passwords/ .

      [24] http://www.bbc.com/news/technology-29237469 .

      [25] E. Ramirez, J. Brill, M.K. Ohlhausen, J.D. Wright, T. McSweeny, Data Brokers, 2014: A call for transparency and accountability, in, federal trade commission, May

      [26] IBM Corporation, The essential CIO, 2011. From www.ibm.com/businesscenter/cpe/download0/218842/2011mmciostudy.pdf .

      [27] Symantec,2015,InternetSecurityThreatReport.URL〈http://www.symantec.com/security_response/publications/threatreport.jsp〉, April.

      [28] Riquet,D.,Grimaud,G.,Hauspie,M.,2012.Large-scale coordinated attacks: Impact on the cloud security,2012, Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS),pp.558–563.

      [29] InfoSecurity,2009.GoogleCloudPlatformUsedforBotnetControl.URL〈http://www.infosecuritymagazine.com/news/google-cloud-platform-used-forbotnetcontrol/〉.

      [30] Wu,H.,Ding,Y.,Winer,C.,Yao,L.,2010.Network security for virtual machine in cloud computing In:20105th International Conference on Computer Sciences and Convergence Information Technology (ICCIT),pp.18–21.

      [31] Tandon,S.,SB,S.,Agrawal,V.,2014.Cache-based side channel attack on AES in cloud computing environment .Int.J.Eng.Res.Technol.3(10),1080–1084

      [32] Stefanov,E.,Shi,E.,2013.Oblivistore:high performance oblivious cloud storage In:2013IEEE Symposium on Security and Privacy (SP) ,pp.253267.

      [33] Li,M.,Yu,S.,Ren,K.,Lou,W.,Hou,Y.,2013.Toward privacy assured and searchable cloud data storage services.IEEENetw.27(4),5662.

      [34] Jung,T.,Li,X.Y.,Wan,Z.,Wan,M.,2013.Privacy preserving cloud data access with multi-authorities. In:2013Proceedings IEEE INFO COM,pp.2625–2633.

      [35] Minhaj AhmadKhan ,2016,Review A survey of security issues for cloud computing ,Pakistan

      [36] Ryan K L , Stephen G Lee, V Rajan, 2013 . Cloud Computing Vulnerability Incidents : A Statistical Overview.

      [37] Owens, D ,2010. Securing elasticity in the cloud Queue8(5)10:1010:16.Paxson,V. , 1999.Bro: a system for detecting network intruders in real time Comput.Netw.31(2324),2435–2463.

      [38] Mazurczyk , W, Szczypiorski ,K. , 2011.Is cloud computing steganography proof: In:2011Third International Conference on Multimedia Information Networking and Security(MINES), pp.441–442.

      [39] Zhang,Y.,Juels,A.,Reiter,M.K.,Ristenpart,T.,2014. Cross-tenant side-channel attacks in PaaS clouds .In: Proceedings of the 2014 ACM SIG SAC Conference on Computer-and-Communications-Security,CCS'14.ACM,NewYork,NY,USA,pp.9901003

      [40] Gruschka , N , Iacono , L.,2009.Vulnerable cloud : soap message security validation revisited . In : IEEE International Conference on Web Services ,2009 . ICWS2009 , pp. 625–631.

      [41] Mansooreh, Moghadam, Sterkel, Wendy, 2012. Cloud Computing vs Traditional Internet Setting: Which One is More Secure.

      [42] Chen, Deyan, Zhao, Hong,2012. Data security and privacy protection n issues in cloud computing . In : Proceedings of 2012 International Conference on Computer Science and Electronics Engineering (ICCSEE) .I EEE,Vol.1,pp.647–651.

      [43] Gupta, Sanchika, Kumar, Padam, 2013. Taxonomy of cloud security. Int. J. Comput. Sci. Eng. Appl. 3 (5).

      [44] Muhammad Baqer Mollaha,, Md. Abul Kalam Azada, Athanasios Vasilakosb(2017)Security and privacy challenges in mobile cloud computing: Survey and way Ahead,

      [45] D. Sommer , M. Casassa Mont , S. Pearson , PRIME Architecture V3, Tech. Rep. D14.2.d, PRIME, 2008 .

      [46] Prime, Privacy and identity management for Europe, 2016, Retrieved: June, 2016 URL https://www.prime-project.eu/ .

      [47] S. Górniak , J. Elliott , M. Ford , D. Birch , Managing multiple electronic identities, Technical Report, ENISA - European Network and Information Security Agency, 2011 .

      [48] PrimeLife, Privacy and identity management for europe life, 2016, Retrieved: June, 2016 URL http://primelife.ercim.eu/ .

      [49] ABC4Trust, Abc4trust, 2016, Retrieved: May, 2016 URL https://abc4trust.eu/ .

      [50] Jorge Werner , CarlaMerkle Westphall, Carlos Becker Westphall [5 September 2016] Florianópolis, SC, Cloud identity management: A survey on privacy strategies ,

      [51] GÉANT, Géant project, 2016, Retrieved: May, 2016 URL http://www.geant.org/ .

      [52] PRISMACLOUD, Prismacloud project - privacy and security maintaining services in the cloud, 2016, Retrieved: August, 2016 URL http://www.prismacloud. eu/ .

      [53] CREDENTIAL, Credential project - secure cloud identity wallet, 2016, Retrieved: August, 2016 URL http://www.credential.eu/ .

      [54] Secure Computation over Cloud using Fully

      [55] Homomorphic Encryption , G. K. Patra, Nilotpal Chakraborty, Anusha Bilakanti, Anjana.N.B,(2016)

      [56] https://benlog.com/2011/12/

      [57] Intel article, Blue Skies Ahead, Raj Samani, Chief Information Officer, EMEA Europe, Intel Security.[ April 13, 2016] https://newsroom.intel.com/news-releases/news-release-new-report-reveals-critical-need-for-improved-trust-to-advance-cloud-adoption/

      [58] Rohit Bhadauria, Sugata Sanyal, “ Survey on Security Issues in Cloud Computing and Associated Mitigation Techniquesâ€.2012

      [59] Mather T, Kumaraswamy S, Latif S (2009) Cloud Security and Privacy.Sebastopol, CA: O'Reilly Media, Inc.

      [60] Vinay Kumar Pant, Mr. Anshuman Saurabh, "Cloud Security Issues, Challenges And Their Optimal Solutions" International Journal of Engineering Research & Management Technology, ISSN: 2348-4039, Volume 2, Issue-3, May- 2015.

      [61] G. Dr. Mohammad V. Malakooti and Nilofar Mansourzadeh, "A Two Level-Security Model for Cloud Computing based on the Biometric Features and Multi-Level Encryption", The Proceedings of the International Conference on Digital Information Processing, Data Mining, and Wireless Communications, Dubai, UAE, 2015.

      [62] M.Marwaha, R.Bedi, "Applying Encryption Algorithm for Data Security and Privacy in Cloud Computing", IJCSI International Journal of Computer Science Issues, Vol. 10, Issue I, No I, P. 367-370, January2013.

      [63] Amit Asthana, Jyoti Prakash, Vinay kumar pant,2015, Three Step Data Security Model for Cloud Computing based on RSA and Steganography Techniques,

      [64] Randeep Kaur ,Supriya Kinger ,2014, Analysis of security algorithms in cloud computingâ€, International journal of invocation in engineering and management(IJAIEM).

      [65] Suhad Shakir Jaber, Hilal Adnan Fadhil, Zahereel I. Abdul khalib,Rasim Azeez Kadhim,†Cloud Computing Data Security : AES Encryption Algorithm and PRT-PVD Steganography techniqueâ€, Australian Journal of Basic and Applied Sciencesvol.9,2015.

      [66] Beckham, The top five security risks of cloud computing, A vailable on internet : http : // blogs .cisco .com/smallbusiness/the-top-5-securityrisks-of-cloud-computing, 2011.

      [67] Sichao Wang, 2015. Are enterprises really ready to move into the cloud? FromCSA,

      [68] Gibbs. Steve, 2013,Cloud computing, International journal of innovative research in engineering and science, vol.1, issue 1, pp.10-17.

      [69] T. Elahi, S. Pearson, 2007,Privacy assurance: Bridging the gap between preference and practice, trust, privacy and security in digital business, Springer Berlin, Heidelberg, vol. 4657, pp. 65-74.

      [70] Eswaran S., Abburu S. , 2012, Identifying data integrity in the cloudstorage, International journal of computer science issues (IJCSI), vol.9(2), pp.403-408.

      [71] Tsai W. T., Zhong P., Multi-tenancy and Sub-tenancy architecture in software-as-a-service (SaaS), In service oriented system engineering(SOSE), 8th International symposium on IEEE, pp.128-139, 2014.

      [72] Kuyoro S.O., Ibikunle F. , Awodele O, Cloud computing security issues and challenges, International Journal of Computer Networks, vol. 3, issue 5,pp.11-14, 2011.

      [73] Marston, Sean, et al. "Cloud computing—The business perspective." Decision Support Systems 2011.

      [74] Vinay S, Arjun U, 2016, A Short Review on Data Security and Privacy Issues in Cloud Computing,

      [75] D. Chen and H. Zhao, 2012, “Data Security and Privacy Protection Issues in Cloud Computing,†2012 Int. Conf. Comput. Sci. Electron. Eng., no.973, pp. 647–651.

      [76] Bharati Mishra, Debsish Jena, 2016 ,Securing Files in the Cloud, IEEE International Conference on Cloud Computing in Emerging Markets

      [77] Rajat soni, Smrutee ambalkar, Dr.Pratosh bansal. 2016,security and privacy in cloud computing

      [78] A Privacy Manager for Cloud Computing

      [79] Siani Pearson, Yun Shen and Miranda Mowbray(2013)

      [80] David Tancock ,Siani Pearson ,Andrew Charles worth , A Privacy Impact Assessment Tool For Cloud Computing.

      [81] Siani Pearson, George Yee. Book- Privacy and Security for Cloud Computing- Hewlett Packard’s Privacy Advisor.

      [82] Serap Åžahin , 2010,On Current Trends in Security and Privacy of Cloud Computing .

      [83] M. S, E. Daniel, and N. Vasanthi, 2013, “Survey on Various Data Integrity Attacks in Cloud Environment and the Solutions,†pp. 1076–1081.

      [84] Yahya Kord Tamandani, Qahtan Makki Shallal, Mohammad Ubaidullah Bokhari ,security and privacy issues on cloud computing , (2016 IEEE)

      [85] Marwa E. Saleh, Abdelmgeid A. Aly, Fatma A. Omara ,2016,†Data Security using Cryptography and Steganography techniques â€, International Journal of Advanced Computer Science and Applications .

      [86] Alok Ranjan, Mansi Bhonsle, 2016,†Advanced System to Protect and Shared Cloud Storage Data using Multilayer Steganography and Cryptographyâ€, International Journal of Engineering Research.

      [87] Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas,Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg,2017, Meltdown.

      [88] Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg,Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom, 2017, Spectre Attacks: Exploiting Speculative Execution.

  • Downloads

  • How to Cite

    Adnan Darwish, M., Yafi, E., H. Almasri, A., & F Zuhairi, M. (2018). Privacy and Security of Cloud Computing: A Comprehensive Review of Techniques and Challenges. International Journal of Engineering & Technology, 7(4.29), 240-247. https://doi.org/10.14419/ijet.v7i4.29.26263