Data security and privacy preservation in cloud storage environments based on cryptographic mechanisms (2022)

Table of Contents
Article preview Computer Communications Abstract Introduction Section snippets Cloud basics Security and privacy vulnerabilities, threats and requirements in cloud data storage Methodology Data confidentiality preserving Remote data integrity checking Privacy preservation Discussion about existing research cloud storage system implementations Conclusions References (198) Procedia Comput. Sci. Comput. Netw. J. Netw. Comput. Appl. J. Netw. Comput. Appl. Futur. Gener. Comput. Syst. J. Netw. Comput. Appl. Inf. Sci. The NIST Definition of Cloud Computing Nsa surveillance: First prism, now muscled out of cloud Dark reading Nsa spying poisons the cloud market: survey Storage Bits Security issues in cloud environments: a survey Int. J. Inf. Secur. An analysis of security issues for cloud computing J. Internet Serv. Appl. A review on the state-of-the-art privacy-preserving approaches in the e-health clouds IEEE Journal of Biomedical and Health Informatics Virtualization: Issues, security threats, and solutions ACM Computing Surveys (CSUR) Characterizing hypervisor vulnerabilities in cloud computing servers Proceedings of the 2013 International Workshop on Security in Cloud Computing, Cloud Computing ’13 A survey of security and privacy challenges in cloud computing: solutions and future directions J. Comput. Sci. Eng. A survey on secure cloud: security and privacy in cloud computing Am. J. Syst. Softw. From Security to Assurance in the Cloud: A Survey Interconnected Cloud Computing Environments: Challenges, Taxonomy, and Survey Dependable storage in the Intercloud Technical Report An overview of the commercial cloud monitoring tools: research dimensions, design issues, and state-of-the-art Computing Observing the clouds: a survey and taxonomy of cloud monitoring J. Cloud Comput. A framework for security transparency in cloud computing Future Internet Proposal for a regulation of the european parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data General Data Protection Regulation, January 2016 Google Docs: A Review Introducing the Windows Azure Platform Amazon Elastic Compute Cloud (Amazon EC2) Ensuring security and privacy preservation for cloud data services ACM Comput. Surv. Cryptographic cloud storage Proceedings of the 14th International Conference on Financial Cryptograpy and Data Security, FC’10 Controlling data in the cloud: outsourcing computation without outsourcing control Proceedings of the 2009 ACM workshop on Cloud computing security Cloud Data Storage Security Based on Cryptographic Mechanisms, Ph.D. thesis Selective and private access to outsourced data centers Handbook on Data Centers Cryptography for Security and Privacy in Cloud Computing A survey of public auditing for shared data storage with user revocation in cloud computing IJ Netw. Secur. A survey of public auditing for secure data storage in cloud computing. IJ Netw. Secur. Collaborative outsourced data integrity checking in multi-cloud environment Proceedings of International Conference on Wireless Algorithms, Systems, and Applications A Case for the Accountable Cloud A report to Congress in Accordance with [section] 326(b) of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT ACT) [electronic resource] / submitted by the Department of the Treasury Proposal for a regulation of the european parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data General Data Protection Regulation, January 2016 Only 1 in 100 cloud providers meet proposed EU data protection requirements, Skyhigh Universal Declaration of Human Rights Cited by (112) Patent data access control and protection using blockchain technology Fifth Generation Mobile Communication Technology Network Attack Defense Based on Software Defined network Technology in Power Internet of Things A Comparative Analysis on Blockchain versus Centralized Authentication Architectures for IoT-Enabled Smart Devices in Smart Cities: A Comprehensive Review, Recent Advances, and Future Research Directions An enhanced bacterial foraging optimization algorithm for secure data storage and privacy-preserving in cloud Recommended articles (6) FAQs Videos
ScienceDirect

Corporate sign inSign in / register

ViewPDF

  • Access throughyour institution

Article preview

  • Abstract
  • Introduction
  • Section snippets
  • References (198)
  • Cited by (112)
  • Recommended articles (6)

Computer Communications

Volume 111,

1 October 2017

, Pages 120-141

Author links open overlay panelNesrineKaanicheabMarylineLaurentab

Abstract

Recent technological advances have sparked the popularity and success of cloud. This new paradigm is gaining an expanding interest, since it provides cost efficient architectures that support the transmission, storage, and intensive computing of data. However, these promising storage services bring many challenging design issues, considerably due to both loss of data control and abstract nature of clouds. The objective of this survey is to provide a consistent view about both data security concerns and privacy issues that are faced by clients in cloud storage environments. This survey brings a critical comparative analysis of cryptographic defense mechanisms, and beyond this, it explores research directions and technology trends to address the protection of outsourced data in cloud infrastructures.

(Video) Data security in cloud computing using AES under HEROKU cloud- IEEE PROJECTS 2018

Introduction

Nowadays, technological advances relieve an explosive growth of digital contents. The U.S. International Data Corporation (IDC) proclaims that the digital universe will grow 40% a year during the next decade, unleashing a new wave of opportunities for businesses and people around the world [1]. This proliferation of digital universe continues to rise the demand for new storage and network utilities, along with an increasing need for more cost-effective usage of storage capacities and network bandwidth for data transfer. As such, the use of remote storage systems is gaining an expanding interest, namely the Cloud storage based services, since they provide profitable architectures. These architectures support the transmission, storage, and intensive computation of outsourced data in a pay per use business model. According to IDC, the total spending for the deployment of cloud environments will increase by 15.5% to reach $37.5 billion in 2016 [2]. This widespread interest in cloud storage services mainly emanates from business organizations and government agencies seeking for more resilient and cost-effective systems. That is, the benefits of cloud adoption are very tangible in a new era of responsiveness, effectiveness and efficiency in Information Technology service delivery. Hence, there is no longer need to spend large amounts of capital on buying expensive application software or sophisticated hardware that they might never need again. These economical benefits present the main essential motivations for cloud adoption as they help enterprises reducing the Capital Expenditure (CapEx), reserved to buy fixed assets and the Operational Expenditure (OpEx) which is a perpetual cost needed to run a system, business, or a product.

Beyond the outsourcing cloud storage advantage where end users pay only for the consumed resources, cloud providers can agree on offering their customers a shared pool of configurable resources, which may be either computing resources or storage capacities [3]. As such, resources and costs can be mutualized among cloud providers thus leading for cloud providers to a significant reduction in exploitation costs, and for users to higher scalability and flexibility when accessing a service. As a direct positive effect of cloud networking, users can access the afforded services regardless of their location or the computing device they use. However, cloud storage benefits are spoiled by significant and persistent concerns which can badly inhibit adoption of this new IT procurement model. These concerns come primarily from the fundamental virtualization concept where data and services are distributed over a set of networked resources that are managed and controlled by a Cloud Service Provider (CSP). This virtualization concept introduces real damageable vulnerabilities including the confidentiality loss of outsourced data (e.g. for the sake of a spyer), the data integrity loss (e.g. for disrupting a company’s business), and the data privacy loss (e.g. for massive personal data selling and analysis). From the perspective of enterprises and citizen, these data security and privacy concerns are quite legitimate, given the latest mediatized revelations. Remember November 2013, when the Washington Post states that the U.S. National Security Agency (NSA) was capturing far more indiscriminate data, than even the PRISM revelations suggest. Recall that PRISM is a tool used by NSA to collect users’ private data from Internet services. This massive data collection was operated by intercepting private connections between Google and Yahoo data centers around the world – and decrypting the traffic that should be protected in transit1 [4]. A direct consequence of that exposure was a survey [5] from PriceWaterhouseCoopers (PwC) of December 2013 revealing that 54% of German companies were finding the cloud risky after learning of NSA spying. This trend has been emphasized in October 2015 by the European Court of Justice which declared as invalid the Safe Harbor Agreement signed in 2000 between the E.U. and the U.S. for transatlantic transfer of Europeans’ personal information.

As far as we know, most of the survey papers are general works discussing security issues and challenges of cloud computing environments [6], [7], [8], [9], [10] or emphasizing the security and privacy concerns against untrusted cloud service providers [11], [12]. Other surveys are focusing on the virtualization security problems [13], [14] or cloud storage security concerns [15], and others are giving a detailed analysis to provide a comprehensive overview of security challenges, possible solutions and open issues in cloud environments [16], [17], [18], [19], [20].

The very first objective of our survey is to give a critical comparative analysis of cryptographic defense mechanisms for cloud environments. Originality of the survey is multifold. First, it is method-based, meaning that a set of methods are highlighted for each security and privacy concern. Second, it discusses the cryptographic mechanisms underlying each of the presented methods. Third, it adopts the point of view of the clients, meaning that cloud servers are handled similarly to distributed black boxes, in which data processing remains untrustworthy and unknown. Fourth, it illustrates usages of cryptographic mechanisms through industrial or research implementations. Fifth, a step-by-step analysis is provided and helps to deeply understand the origin and objective of a protective mechanism. Sixth, the defense mechanisms are presented according to whether they support data confidentiality or remote data integrity checking, however the discussions are extended to their ability to support privacy.

Furthermore, the present survey brings several attractive advantages. First, it leads a cloud client to understand the security management challenges and opportunities in cloud environments and to explore cloud storage vulnerabilities, threats and risks. Second, it helps a security designer to specify, validate and implement adaptive security policies in virtual environments and to develop business continuity and disaster recovery plans for cloud. Finally, this survey conveys to the reader the ability to conduct security investigation missions to analyze attacks against cloud capacities.

The remainder of this work is organized as follows.

Section 2 introduces an overview on cloud basic characteristics, infrastructures and deployment models. Based on the terminology from the U.S. National Institute for Standards and Technology (NIST), five major characteristics specifying a cloud environment are identified and discussed, such as shared resources, on-demand self-services and elasticity.

Section 3 gives a detailed analysis of the security and privacy challenges. A first step analysis is directly derived from the characteristics of cloud storage architectures and leads to identification of threats and needs. A second step analysis focuses on cloud vulnerabilities with a discussion taking into consideration the richness of cloud architectures, the need for a scalable deployment, the range of users’ needs and the strictness of the regulation. For some of the identified security threats, there is a need for detailing regulation issues. For instance, one should have in mind that data, while being outsourced, might be transmitted through different cloud architectures, so they might fall under different regulatory compliance restrictions, which can give rise to Service Level Agreement (SLA) or privacy violations.

Section 4 introduces our methodology to classify and compare cryptographic defense approaches. Section 4 starts introducing use cases and threat models. Then an overview is given in a synthetic table and comparison criteria are detailed to help understanding description of approaches according to their targeted objective.

Furthermore, research directions and technology trends are discussed to mitigate several security issues in the cloud, in Sections 5 and 6. That is, we mainly focus on public key algorithms and several cryptographic primitives and we discuss the potential use of certain techniques in cloud environments. Various cryptographic methods are covered to improve security and privacy in clouds. Among them, the defense mechanisms are presented with respect to data confidentiality enhancing (Section 5), remote data integrity checking (Section 6) and privacy preservation (Section 7), as these three concerns are reported as the biggest hurdles against the adoption of cloud storage. In addition, we present the most suitable use cases for each solution, while considering different threat models.

Finally, Section 8 discusses several recent research cloud storage implementations addressing security and/or privacy and Section 9 gives some conclusions.

Section snippets

Cloud basics

Cloud presents highly scalable and distributed resources provided on demand as an external service via the Internet on a pay per use basis. The U.S. National Institute of Standards and Technology (NIST) [3] provides a formal definition of the cloud computing as follows:

“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly

Security and privacy vulnerabilities, threats and requirements in cloud data storage

The next three step analysis enables to extract security and privacy vulnerabilities, threats and requirements, as incurred by the clients, whatever the technology in use at the servers’. The first analysis is based on general cloud features, and the third one gives details of the threats as experienced by the clients.

Methodology

This section brings all complementary elements to mind for understanding the methodology that serves for establishing the critical comparative analysis among cryptographic defense mechanisms. After presenting the use cases and model threats, the paper explains the comparison criteria and gives through the synthetic Table 1 an overview of existing cryptographic defense mechanisms.

Data confidentiality preserving

Several security solutions have been recently presented in order to provide data confidentiality in cloud storage environments. The data confidentiality requirement is studied with respect to two main threat: (i) data exposure and (ii) unauthorized access.

Encryption is a basic mechanism to ensure data secrecy. While classical encryption mechanisms at the client side are convenient to meet some requirements such as, data secrecy protection against curious providers or data deduplication, they

Remote data integrity checking

In this section, we present cryptographic mechanisms for remotely checking data integrity in cloud storage environments.

Privacy preservation

The anytime/anywhere access convenience and the sharp increase of data storage in the cloud, including critical data, make malicious attacks more than ever attractive to adversaries. The implementation of security services is a necessary piece of the privacy preservation solution, but is not sufficient, as interactions between the cloud clients and the cloud provider can reveal a lot more than the transmitted contents. The implementation of security services is a necessary piece of the privacy

Discussion about existing research cloud storage system implementations

This section presents research implementations recently come out to secure cloud storage environments, and Table 5 gives an overview of supported requirements of interest with some descriptive details. For our comparison, we identify the following properties supported by the existing research architectures which are presented in Table 5. By confidentiality, we mean confidentiality of outsourced data on cloud servers. By integrity, we mean cryptographic mechanisms adopted by cloud providers to

Conclusions

The growing need for secure cloud storage services and the attractive properties of this business model lead us to investigate the cloud data outsourcing security and privacy challenges. The attractiveness of cloud services emanates from the pay per use model enabling companies and organizations to handle extra traffic and data processing without investing in extra equipments and personal recruitments. However, this is shadowed by the loss of data control and the multi-tenancy feature, that can

References (198)

  • S.M. Souza et al.Client-side encryption for privacy-sensitive applications on the cloud

    Procedia Comput. Sci.

    (2016)

  • G. Aceto et al.Survey cloud monitoring: a survey

    Comput. Netw.

    (2013)

  • A. Singh et al.Cloud security issues and challenges: a survey

    J. Netw. Comput. Appl.

    (2017)

  • S. Subashini et al.A survey on security issues in service delivery models of cloud computing

    J. Netw. Comput. Appl.

    (2011)

  • D. Zissis et al.Addressing cloud computing security issues

    Futur. Gener. Comput. Syst.

    (2012)

  • C. Modi et al.Review: a survey of intrusion detection techniques in cloud

    J. Netw. Comput. Appl.

    (2013)

  • M. Ali et al.Security in cloud computing: opportunities and challenges

    (Video) Improving privacy preserving and security for decentralized key policy attributed basaed encryption

    Inf. Sci.

    (2015)

  • IDC, The Digital Universe of Opportunities: Rich Data and the Increasing Value of the Internet of Things,...
  • IDC, Spending on it Infrastructure for Cloud Environments in 2016 will be Strong Despite First Quarter Slowdown,...
  • M. Peter et al.

    The NIST Definition of Cloud Computing

    (2009)

  • E. Yoran

    Nsa surveillance: First prism, now muscled out of cloud

    Dark reading

    (2013)

  • R. Harris

    Nsa spying poisons the cloud market: survey

    Storage Bits

    (2013)

  • D.A. Fernandes et al.

    Security issues in cloud environments: a survey

    Int. J. Inf. Secur.

    (2014)

  • K. Hashizume et al.

    An analysis of security issues for cloud computing

    J. Internet Serv. Appl.

    (2013)

  • A. Abbas et al.

    A review on the state-of-the-art privacy-preserving approaches in the e-health clouds

    IEEE Journal of Biomedical and Health Informatics

    (2014)

  • M. Pearce et al.

    Virtualization: Issues, security threats, and solutions

    ACM Computing Surveys (CSUR)

    (2013)

  • D. Perez-Botero et al.

    Characterizing hypervisor vulnerabilities in cloud computing servers

    Proceedings of the 2013 International Workshop on Security in Cloud Computing, Cloud Computing ’13

    (2013)

  • E. Aguiar, Y. Zhang, M. Blanton, An Overview of Issues and Recent Developments in Cloud Computing and Storage Security,...
  • Z. Xiao, Y. Xiao, Security and Privacy in Cloud Computing, 2012, pp....
  • LiuY. et al.

    A survey of security and privacy challenges in cloud computing: solutions and future directions

    J. Comput. Sci. Eng.

    (2015)

  • S.N. Kumar et al.

    A survey on secure cloud: security and privacy in cloud computing

    Am. J. Syst. Softw.

    (2016)

  • C.A. Ardagna et al.

    From Security to Assurance in the Cloud: A Survey

    (2015)

  • A.N. Toosi et al.

    Interconnected Cloud Computing Environments: Challenges, Taxonomy, and Survey

    (2014)

  • C. Cachin et al.

    Dependable storage in the Intercloud

    Technical Report

    (2010)

  • K. Alhamazani et al.

    An overview of the commercial cloud monitoring tools: research dimensions, design issues, and state-of-the-art

    Computing

    (2015)

  • J.S. Ward et al.

    Observing the clouds: a survey and taxonomy of cloud monitoring

    J. Cloud Comput.

    (2014)

  • U.M. Ismail et al.

    A framework for security transparency in cloud computing

    Future Internet

    (2016)

  • C. Europe

    Proposal for a regulation of the european parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data

    General Data Protection Regulation, January 2016

    (2016)

  • R. Attebury et al.

    Google Docs: A Review

    (2008)

  • Dropbox,...
  • D. Chappell

    Introducing the Windows Azure Platform

    (2010)

  • A. Inc

    Amazon Elastic Compute Cloud (Amazon EC2)

    (2008)

  • Amazon, Amazon Simple Storage Service (Amazon s3), 2011,...
  • J. Tang et al.

    Ensuring security and privacy preservation for cloud data services

    ACM Comput. Surv.

    (2016)

  • Linkedin, Beyond lighztning: A Survey on Security Challenges in Cloud Computing,...
  • S. Kamara et al.

    Cryptographic cloud storage

    Proceedings of the 14th International Conference on Financial Cryptograpy and Data Security, FC’10

    (2010)

  • R. Chow et al.

    Controlling data in the cloud: outsourcing computation without outsourcing control

    Proceedings of the 2009 ACM workshop on Cloud computing security

    (2009)

  • N. Kaaniche

    Cloud Data Storage Security Based on Cryptographic Mechanisms, Ph.D. thesis

    (2014)

  • S.D.C. Di Vimercati et al.

    Selective and private access to outsourced data centers

    Handbook on Data Centers

    (2015)

  • S. Rass et al.

    Cryptography for Security and Privacy in Cloud Computing

    (2013)

  • C.-W. Liu et al.

    A survey of public auditing for shared data storage with user revocation in cloud computing

    IJ Netw. Secur.

    (2016)

    (Video) AWS re:Inforce 2022 - Cryptography from the Future: Research & Innovation to Protect Data (SEC204-L)

  • W.-F. Hsien et al.

    A survey of public auditing for secure data storage in cloud computing.

    IJ Netw. Secur.

    (2016)

  • J. Mao et al.

    Collaborative outsourced data integrity checking in multi-cloud environment

    Proceedings of International Conference on Wireless Algorithms, Systems, and Applications

    (2016)

  • A. Haeberlen

    A Case for the Accountable Cloud

    (2010)

  • United States.

    A report to Congress in Accordance with [section] 326(b) of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT ACT) [electronic resource] / submitted by the Department of the Treasury

    (2002)

  • C. Europe

    Proposal for a regulation of the european parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data

    General Data Protection Regulation, January 2016

    (2016)

  • C. Coles

    Only 1 in 100 cloud providers meet proposed EU data protection requirements, Skyhigh

    (2014)

  • T.U. Nations

    Universal Declaration of Human Rights

    (1948)

  • E. Council, Protocol to the convention for the protection of human rights and fundamental freedoms (european convention...
  • D. McEwen, H. Dumpel, Hipaa–the Health Insurance Portability and Accountability Act, 2011, pp....
  • Cited by (112)

    • BDNA-A DNA inspired symmetric key cryptographic technique to secure cloud computing

      2022, Journal of King Saud University - Computer and Information Sciences

      Cloud computing facilitates the storage and management of huge volumes of data. It offers flexibility for retrieving the data anytime and anywhere. In recent years, storing data onto the cloud achieved fame among corporations as well as private users. Although, the cloud is drawing a lot of attention still there are data security, privacy, reliability and interoperability concerns that need to be taken care. To deal with these issues, cloud data encryption comes to the rescue. Encrypting the data before uploading it onto the cloud prevents unauthorized users from accessing the data. A lot of encryption algorithms have been developed to secure data stored on the cloud. In this paper, a novel cryptographic technique has been presented that uses client-side data encryption for encrypting the data before uploading it onto the cloud. It is a multifold symmetric-key cryptography technique which is based upon DNA cryptography. Besides presenting the detailed design of our approach, we have compared it with the existing symmetric-key algorithms (DNA, AES, DES and Blowfish). The experimental results illustrate that our proposed algorithm outperforms these traditional algorithms in terms of ciphertext size, encryption time and throughput. Hence, the newly proposed technique is more efficient and offers better performance.

    • Blockchain-based decentralized architecture for cloud storage system

      2021, Journal of Information Security and Applications

      Cloud storage system provides on-demand and pay-per-use storage model with low computing cost. However, this storage system suffers from various security risks. Blockchain technology is an advanced technique that stores data in a distributed manner, and the data, once stored, cannot be altered. Therefore, we propose a blockchain-based decentralized architecture for the cloud storage system. The proposed architecture includes access control and integrity checking mechanism to provide a more secure environment. Moreover, it provides four primary services to ensure security features in a cloud storage system: (i) A registration process is designed to register data owners and users using a key generation technique to provide an authentication feature; (ii) The data owners save the user data Meta details in the blockchain structure and set access rules to maintain the authorization feature; (iii) The cloud storage system stores the original data and uses the optimization algorithm to reduce the transaction processing time; (iv) Data owners maintain the data integrity using the Merkle root concept. The experimental results, analysis, and performance evaluation show that our proposed architecture provides a feasible and reliable cloud environment.

    View all citing articles on Scopus

    Recommended articles (6)

    • Research article

      Itinerary planning for mobile sinks in network-coding-based wireless sensor networks

      Computer Communications, Volume 111, 2017, pp. 1-13

      (Video) AWS re:Invent 2021 - Locks without keys: AWS and confidentiality

      Itinerary plan determines the order of locations that controllable-mobile sink(s) has to sojourn at them, where is a challenging issue especially for the resource constrained Wireless Sensor Networks (WSNs). Despite of approved advantages for collecting sensed information by the mobile sink(s), itinerary planning may effect on other techniques, hence, it should be designed with considering impressible techniques such as network coding. This paper proposes an optimal itinerary plan for mobile sinks in the network-coding-based WSNs. Although this optimization can not be solved in polynomial time, but the mathematical formulation can help us estimate the problem characteristic and figure out the firmness of it. This optimization leads to less energy consumption and increases the lifetime of network-coding-based WSNs. Since, there exist restricted processing resources in WSNs, the optimal solving of this problem is impractical in large-scale WSNs and so, a genetic algorithm is proposed. Results illustrate that proposed genetic algorithm converges to the optimal solution with an appropriate accuracy in less execution time. Moreover, the simulation results demonstrate that proposed approaches have significantly lower energy consumption and consequently more lifetime in comparison with conventional ones where are not considered network coding.

    • Research article

      AngelCast: Cloud-based peer-assisted live streaming using optimized multi-tree construction

      Computer Communications, Volume 111, 2017, pp. 14-28

      Increasingly, commercial content providers (CPs) offer streaming solutions using peer-to-peer (P2P) architectures, which promises significant scalability by leveraging clients’ upstream capacity. A major limitation of P2P live streaming is that playout rates are constrained by clients’ upstream capacities – typically much lower than downstream capacities – which limit the quality of the delivered stream. To leverage P2P architectures without sacrificing quality, CPs must commit additional resources to complement clients’ resources. In this work, we propose a cloud-based service AngelCast that enables CPs to complement P2P streaming. By subscribing to AngelCast, a CP is able to deploy extra resources (angel), on-demand from the cloud, to maintain a desirable stream quality. Angels do not download the whole stream, nor are they in possession of it. Rather, angels only relay the minimal fraction of the stream necessary to achieve the desired quality. We provide a lower bound on the minimum angel capacity needed to maintain a desired client bit-rate, and develop a fluid model construction to achieve it. Realizing the limitations of the fluid model construction, we design a practical multi-tree construction that captures the spirit of the optimal construction, and avoids its limitations. We present a prototype implementation of AngelCast, along with experimental results confirming the feasibility of our service.

    • Research article

      Secure cloud storage based on cryptographic techniques

      The Journal of China Universities of Posts and Telecommunications, Volume 19, Supplement 2, 2012, pp. 182-189

      Cloud computing is the delivery of computing and storage capacity as a service to users. Cloud storage, as a subservice of infrastructure as a service (IaaS) in cloud computing, is a model of networked online storage where data is stored in virtualized pools of storage. As fast development and application of cloud computing and cloud storage, users concern more and more about security and privacy issues involved in these techniques. From industrial and academic viewpoints currently, cryptography is considered as a key technology to solve security and privacy problems. In this paper, we mainly give a review on research results of secure cloud storage in which cryptographic techniques have been used to their designs. We start form reviewing the definition of cloud storage, and subsequently review the existing secure cloud storage based on cryptographic techniques. Moreover, we analyze and indicate what type of cryptographic techniques is mainly adopted in existing cloud storages and what role the cryptographic techniques play. Through this work, we can better catch what the relationship between secure cloud storage and cryptographic techniques, and how about the application mechanism of cryptographic techniques in cloud storage. We hope this review can give some help for future research, and more secure cloud storages by using cryptographic techniques can be proposed in the future.

    • Research article

      Privacy-preserving data outsourcing in the cloud via semantic data splitting

      Computer Communications, Volume 110, 2017, pp. 187-201

      Even though cloud computing provides many intrinsic benefits (e.g., cost savings, availability, scalability, etc.), privacy concerns related to the lack of control over the storage and management of the outsourced (confidential) data still prevent many customers from migrating to the cloud. In this respect, several privacy-protection mechanisms based on a prior encryption of the data to be outsourced have been proposed. Data encryption offers robust security, but at the cost of hampering the efficiency of the service and limiting the functionalities that can be applied over the (encrypted) data stored on cloud premises. Because both efficiency and functionality are crucial advantages of cloud computing, especially in SaaS, in this paper we aim at retaining them by proposing a privacy-protection mechanism that relies on splitting (clear) data, and on the distributed storage offered by the increasingly popular notion of multi-clouds. Specifically, we propose a semantically-grounded data splitting mechanism that is able to automatically detect pieces of data that may cause privacy risks and split them on local premises, so that each chunk does not incur in those risks; then, chunks of clear data are independently stored into the separate locations of a multi-cloud, so that external entities (cloud service providers and attackers) cannot have access to the whole confidential data. Because partial data are stored in clear on cloud premises, outsourced functionalities are seamlessly and efficiently supported by just broadcasting queries to the different cloud locations. To enforce a robust privacy notion, our proposal relies on a privacy model that offers a priori privacy guarantees; to ensure its feasibility, we have designed heuristic algorithms that minimize the number of cloud storage locations we need; to show its potential and generality, we have applied it to the least structured and most challenging data type: plain textual documents.

    • Research article

      Cloud storage reliability for Big Data applications: A state of the art survey

      Journal of Network and Computer Applications, Volume 97, 2017, pp. 35-47

      Cloud storage systems are now mature enough to handle a massive volume of heterogeneous and rapidly changing data, which is known as Big Data. However, failures are inevitable in cloud storage systems as they are composed of large scale hardware components. Improving fault tolerance in cloud storage systems for Big Data applications is a significant challenge. Replication and Erasure coding are the most important data reliability techniques employed in cloud storage systems. Both techniques have their own trade-off in various parameters such as durability, availability, storage overhead, network bandwidth and traffic, energy consumption and recovery performance. This survey explores the challenges involved in employing both techniques in cloud storage systems for Big Data applications with respect to the aforementioned parameters. In this paper, we also introduce a conceptual hybrid technique to further improve reliability, latency, bandwidth usage, and storage efficiency of Big Data applications on cloud computing.

    • Research article

      Secure and efficient privacy-preserving public auditing scheme for cloud storage

      Computers & Electrical Engineering, Volume 40, Issue 5, 2014, pp. 1703-1713

      Cloud computing poses many challenges on integrity and privacy of users’ data though it brings an easy, cost-effective and reliable way of data management. Hence, secure and efficient methods are needed to ensure integrity and privacy of data stored at the cloud. Wang et al. proposed a privacy-preserving public auditing protocol in 2010 but it is seriously insecure. Their scheme is vulnerable to attacks from malicious cloud server and outside attackers regarding to storage correctness. So they proposed a scheme in 2011 with an improved security guarantee but it is not efficient. Thus, in this paper, we proposed a scheme which is secure and with better efficiency. It is a public auditing scheme with third party auditor (TPA), who performs data auditing on behalf of user(s). With detail security analysis, our scheme is proved secure in the random oracle model and our performance analysis shows the scheme is efficient.

    View full text

    © 2017 Elsevier B.V. All rights reserved.

    FAQs

    What is privacy preservation in cloud computing? ›

    Privacy preserving in cloud environments includes two aspects: data processing security and data storage security. Data processing security covers the issues of how to protect user privacy at runtime in a virtualized cloud platform.

    How does cryptography in the cloud work? ›

    Cryptography in cloud computing is the encryption of data stored in a cloud service. Encryption is the process of altering data to look like something else until an authorized user logs in and views the “plaintext” (that is, true) version of the data.

    How encryption is used in the cloud for protection? ›

    Cloud encryption is defined as the process of encoding and transforming data before transferring it to the cloud. This process converts plaintext data into ciphertext using mathematical algorithms and makes the data unreadable, thus protecting it from unauthorized and potentially malicious users.

    Should you encrypt data before transferring it to the cloud or encrypt it after it is stored in the cloud? ›

    Whenever possible, sensitive data that is to be uploaded to the cloud should be encrypted on-premises, prior to upload. This ensures that data will be secure in the cloud even if your account or the cloud storage provider is compromised.

    When a cryptographic system is used to protect? ›

    what cryptographic system is used to protect the data confidentiality, what actually takes place? Unauthorized users are prevented from viewing or accessing the resource. Unauthorized users are prevented from viewing or accessing the resource. Confidentiality is the protection if disclosure to unauthorized users.

    What is cryptography with example? ›

    Today, cryptography is used to protect digital data. It is a division of computer science that focuses on transforming data into formats that cannot be recognized by unauthorized users. An example of basic cryptography is a encrypted message in which letters are replaced with other characters.

    What is the purpose of cryptography? ›

    Cryptography provides for secure communication in the presence of malicious third-parties—known as adversaries. Encryption uses an algorithm and a key to transform an input (i.e., plaintext) into an encrypted output (i.e., ciphertext).

    Why is cloud cryptography important? ›

    Cryptography is one of the most important elements of cloud computing, it is defined as the process where the data stored in the cloud service is encrypted. Cloud encryption keeps data safe and secure.

    What are the three basic methods for secure connection in cloud? ›

    HTTPS (normally HTTP – the main Internet protocol which is encrypted using SSL/TLS) POPS (normally POP3 –the main protocol for receiving email, and encrypted using SSL/TLS) SMPTPS (normally SMTP – the main protocol for sending email, and encrypted using SSL/TLS)

    Which encryption is best suited for data security in cloud computing? ›

    Secure Sockets Layer (SSL) certificates provide data encryption using specific algorithms. These certificates ensure the security of data transmission from malicious activities and third-party software.

    Do I need encryption for cloud storage? ›

    Cloud Storage always encrypts your data on the server side, before it is written to disk, at no additional charge. Besides this standard, Google-managed behavior, there are additional ways to encrypt your data when using Cloud Storage.

    What are the different methods used for data encryption on a cloud? ›

    Most internet security (IS) professionals break down encryption into three distinct methods: symmetric, asymmetric, and hashing.

    How safe is data stored in the cloud? ›

    Data in the cloud can be combined, analyzed, and shared, making the data more useful. Data is much less likely to be lost. Your photos, for example, won't be gone if you drop your phone in the ocean. Cloud-based data are generally more secure than data stored on a home computer connected to the Internet.

    What is the impact of cryptography? ›

    Confidentiality − Encryption technique can guard the information and communication from unauthorized revelation and access of information. Authentication − The cryptographic techniques such as MAC and digital signatures can protect information against spoofing and forgeries.

    What are the types of cryptography? ›

    Cryptography can be broken down into three different types: Secret Key Cryptography. Public Key Cryptography. Hash Functions.

    What is cryptography why it is important in day to day life? ›

    Cryptography is used to secure all transmitted information in our IoT-connected world, to authenticate people and devices, and devices to other devices. If all of the cryptographic engines/functions stopped working for a day, modern life as we know it would stop.

    How can you use cryptography to secure your private data? ›

    Step 1: Encrypt the original message using symmetric key cryptography. Step 2: Encrypt the key used in step one using the receiver's public key i.e. using asymmetric key cryptography. Step 3: Send both the encrypted message and encrypted symmetric key to the receiver.

    What are the two main types of cryptography? ›

    In general there are three types Of cryptography:
    • Symmetric Key Cryptography: It is an encryption system where the sender and receiver of message use a single common key to encrypt and decrypt messages. ...
    • Hash Functions: There is no usage of any key in this algorithm. ...
    • Asymmetric Key Cryptography:
    10 May 2022

    When should I implement a cryptographic process to protect data? ›

    Cryptographic techniques are used to ensure secrecy and integrity of data in the presence of an adversary. Based on the security needs and the threats involved, various cryptographic methods such as symmetric key cryptography or public key cryptography can be used during transportation and storage of the data.

    What are the 4 principles of cryptography? ›

    Data Confidentiality, Data Integrity, Authentication and Non-repudiation are core principles of modern-day cryptography.

    What are the key principles of security in cryptography? ›

    In cryptography, attacks are of two types such as Passive attacks and Active attacks.
    ...
    The Principles of Security can be classified as follows:
    • Confidentiality: ...
    • Authentication: ...
    • Integrity: ...
    • Non-Repudiation: ...
    • Access control: ...
    • Availability:
    5 Jun 2022

    Which cryptography is used for confidentiality? ›

    Symmetric key cryptography is suited for encrypting and decrypting messages, thus providing privacy and confidentiality. The sender can generate a key for each data session to encrypt the message and the receiver can decrypt the message but needs to have the same key for the same session.

    What is cloud security services? ›

    Cloud security, also known as cloud computing security, is a collection of security measures designed to protect cloud-based infrastructure, applications, and data. These measures ensure user and device authentication, data and resource access control, and data privacy protection.

    What is encryption technique? ›

    Encryption is the method by which information is converted into secret code that hides the information's true meaning. The science of encrypting and decrypting information is called cryptography. In computing, unencrypted data is also known as plaintext, and encrypted data is called ciphertext.

    What special type of encryption mechanism does Oracle support? ›

    TDE transparently encrypts data at rest in Oracle Databases. It stops unauthorized attempts from the operating system to access database data stored in files, without impacting how applications access the data using SQL. TDE can encrypt entire application tablespaces or specific sensitive columns.

    How can we improve cloud security? ›

    10 Best Practices to Improve Cloud Security
    1. Identity and Access Management (IAM) Discipline.
    2. Cloud Infrastructure Configuration Standards.
    3. Continuous Cloud Security Posture Management.
    4. Pervasive Visibility and Monitoring.
    5. Secure the Workloads.
    6. Application, PaaS and API Security.
    7. Data Awareness and Protection.

    Which aspect is the most important for cloud security? ›

    Perhaps the most important aspect of your cloud security strategy is how you respond to security incidents. Run incident response simulations and use tools with automation to increase your speed for detection, investigation, and recovery.

    Which of the following uses encryption and authentication to securely transfer information over the Internet? ›

    TLS uses both symmetric encryption and public key encryption for securely sending private data, and adds additional security features, such as authentication and message tampering detection.

    Which encryption method is most widely used and why? ›

    Today, AES is the most widely used encryption algorithm — it's used in many applications, including:
    • Wireless security,
    • Processor security and file encryption,
    • SSL/TLS protocol (website security),
    • Wi-Fi security,
    • Mobile app encryption,
    • Most VPNs (virtual private network), etc.
    22 May 2020

    Which of the following encryption techniques can be used to enable encryption and enhance? ›

    Which encryption techniques can be used to enable encryption and enhance the security of the Wi-Fi network? Explanation: Forms authentication is a security tool that authenticates users against Reporting Services using a database table containing usernames and passwords.

    Which encryption method is more suitable for quickly encrypting large amounts of data? ›

    Due to the better performance and faster speed of symmetric encryption (compared to asymmetric), symmetric cryptography is typically used for bulk encryption / encrypting large amounts of data, e.g. for database encryption.

    Which encryption algorithm is used with default encryption in cloud storage? ›

    We use the AES algorithm to encrypt data at rest. All data at the storage level is encrypted by DEKs, which use AES-256 by default, with the exception of a small number of Persistent Disks that were created before 2015 that use AES-128.

    What are the benefits in using password and encryption? ›

    Benefits of Using Encryption Technology for Data Security
    • Encryption is Cheap to Implement. ...
    • Encryption Can Save You from Regulatory Fines. ...
    • Encryption Can Help to Protect Remote Workers. ...
    • Encryption Increases the Integrity of Our Data. ...
    • Encryption Can Increase Consumer Trust.
    28 Sept 2022

    How many types of encryption are there? ›

    There are two types of encryption in widespread use today: symmetric and asymmetric encryption. The name derives from whether or not the same key is used for encryption and decryption.

    What are the 3 main types of cryptography algorithms? ›

    There are three general classes of NIST-approved cryptographic algorithms, which are defined by the number or types of cryptographic keys that are used with each.
    • Hash functions.
    • Symmetric-key algorithms.
    • Asymmetric-key algorithms.
    • Hash Functions.
    • Symmetric-Key Algorithms for Encryption and Decryption.
    29 Oct 2019

    In which of the following cryptographic methods is the order of the units in the data rearranged to form the ciphertext? ›

    In cryptography, a substitution cipher is a method of encrypting in which units of plaintext are replaced with the ciphertext, in a defined manner, with the help of a key; the "units" may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth.

    How does cloud cryptography work? ›

    Cloud cryptography uses encryption techniques to protect data utilized or stored there. It enables users to securely access shared cloud services, as all data hosted by cloud providers is encrypted. Cloud cryptography safeguards sensitive data without slowing down information sharing.

    How can you protect data that is stored in the cloud? ›

    Data Encryption
    1. Encryption at rest protects stored cloud data that is not currently in use (AES 256-bit encryption is the most popular option).
    2. Encryption in transit protects data while files move between two cloud or network points (TLS/SSL 128-bit encryption is the most common choice).
    16 Dec 2021

    Which is most secure cloud storage? ›

    The following are the list of most secure cloud storage of 2021:
    • IDrive.
    • pCloud.
    • Sync.com.
    • Microsoft OneDrive.
    • Google Drive.
    • Egnyte Connect.
    • MEGA.
    • Tresorit.
    3 Mar 2021

    What are the benefits of cloud storage? ›

    Advantages of Cloud Services
    • Backup Your Data to the Cloud. ...
    • No More External Hard Drives. ...
    • Remotely Update and Sync Your Files. ...
    • Share Files Easily. ...
    • Remote Work Made Easy. ...
    • Keep Your Files Encrypted. ...
    • Storage for a Lifetime.
    31 May 2022

    Who is responsible for protecting privacy in cloud computing? ›

    Cloud service providers and cloud customers both have a responsibility to protect data. It's also important to note that the execution of individual security management tasks can be outsourced, but accountability cannot.

    Do you think privacy is a major concern in cloud computing explain? ›

    Security is still critical challenge in the cloud computing paradigm. These challenges include user's secret data loss, data leakage and disclosing of the personal data privacy. Considering the security and privacy within the cloud there are various threats to the user's sensitive data on cloud storage.

    Can cloud computing affect privacy? ›

    Data loss or data theft is one of the major security challenges that the cloud providers face. If a cloud vendor has reported data loss or data theft of critical or sensitive material data in the past, more than sixty percent of the users would decline to use the cloud services provided by the vendor.

    What is data integrity in cloud computing? ›

    Data integrity in the cloud system means preserving information integrity. The data should not be lost or modified by unauthorized users. Data integrity is the basis to provide cloud computing service such as SaaS, PaaS, and IaaS.

    Which respect is the most important for cloud security? ›

    The security responsibilities that are always the customer's include managing users and their access privileges (identity and access management), the safeguarding of cloud accounts from unauthorized access, the encryption and protection of cloud-based data assets, and managing its security posture (compliance).

    Which of the following are technical security risks which Organisations should be aware of about cloud based environments? ›

    Main Cloud Security Issues and Threats in 2021
    • Misconfiguration. Misconfigurations of cloud security settings are a leading cause of cloud data breaches. ...
    • Unauthorized Access. ...
    • Insecure Interfaces/APIs. ...
    • Hijacking of Accounts. ...
    • Lack of Visibility. ...
    • External Sharing of Data. ...
    • Malicious Insiders. ...
    • Cyberattacks.

    Who is responsible for data security? ›

    A company's CISO is the leader and face of data security in an organization. The person in this role is responsible for creating the policies and strategies to secure data from threats and vulnerabilities, as well as devising the response plan if the worst happens.

    How do you ensure data security in cloud computing? ›

    Tips To Ensure Data Security in Cloud Computing
    1. Use Encryption. Encryption is a way to translate your business data into a secret code. ...
    2. Ask Employees To Use Reliable Passwords. ...
    3. Understand How Cloud Service Storage Works. ...
    4. Use Anti-Virus Software. ...
    5. Use Local Back-Up.

    What are the cloud security challenges? ›

    The Biggest Cloud Security Challenges in 2021
    • Data Breaches. There is no concern more palpable than a data breach. ...
    • Compliance With Regulatory Mandates. ...
    • Lack of IT Expertise. ...
    • Cloud Migration Issues. ...
    • Unsecured APIs. ...
    • Insider Threats. ...
    • Open Source.

    Why privacy is important in cloud? ›

    The personal information helps in uniquely identifying or locate a particular individual. This information can also be used with other resources to identify an individual. If the data on the cloud has unauthorized access or it inappropriately collected store or shared then it might lose the trust of the customer.

    Why data security is important in cloud computing? ›

    You need a secure way to immediately access your data. Cloud security ensures your data and applications are readily available to authorized users. You'll always have a reliable method to access your cloud applications and information, helping you quickly take action on any potential security issues.

    Which of the following are best practices for cloud security that all organizations should implement? ›

    Best Practices for Cloud Security
    • Picking the right cloud service provider. ...
    • Understanding the shared responsibility model. ...
    • Implementing identity and access management. ...
    • Encrypting data. ...
    • Protecting user endpoints. ...
    • Upskilling all employees. ...
    • Maintaining logs and monitoring.
    18 Mar 2022

    How do you maintain integrity of data collection? ›

    8 Ways to Ensure Data Integrity
    1. Perform Risk-Based Validation.
    2. Select Appropriate System and Service Providers.
    3. Audit your Audit Trails.
    4. Change Control.
    5. Qualify IT & Validate Systems.
    6. Plan for Business Continuity.
    7. Be Accurate.
    8. Archive Regularly.

    What is the current state of data security in cloud? ›

    70% of organizations hosting data or workloads in the public cloud experienced a security incident in the last year with multi-cloud organizations reporting up to twice as many incidents' vs single platform adopters.

    What are different components of data security in cloud? ›

    Authentication and identity, access control, encryption, secure deletion, integrity checking, and data masking are all data protection methods that have applicability in cloud computing.

    Videos

    1. Differential Privacy based Preserving Data on Cloud Environment
    (IJERT)
    2. Privacy Preserving Cloud Storage: A Rollback Protection Service for Untrusted Environments
    (BSC CNS)
    3. Confidential Computing
    (Microsoft Research)
    4. Security and Privacy Challenges on the Cloud: Deepa Kuppuswamy
    (Zoho)
    5. Secure and sustainable load balancing of edge data centers in fog computing - IEEE PROJECTS 2018
    (MICANS INFOTECH)
    6. Confidential Computing: Protecting Data at Every Point | Intel Technology
    (Intel Technology)

    Top Articles

    You might also like

    Latest Posts

    Article information

    Author: Barbera Armstrong

    Last Updated: 11/24/2022

    Views: 6077

    Rating: 4.9 / 5 (59 voted)

    Reviews: 90% of readers found this page helpful

    Author information

    Name: Barbera Armstrong

    Birthday: 1992-09-12

    Address: Suite 993 99852 Daugherty Causeway, Ritchiehaven, VT 49630

    Phone: +5026838435397

    Job: National Engineer

    Hobby: Listening to music, Board games, Photography, Ice skating, LARPing, Kite flying, Rugby

    Introduction: My name is Barbera Armstrong, I am a lovely, delightful, cooperative, funny, enchanting, vivacious, tender person who loves writing and wants to share my knowledge and understanding with you.