cloud security Recently Published Documents
Total documents.
- Latest Documents
- Most Cited Documents
- Contributed Authors
- Related Sources
- Related Keywords
A Review on AWS - Cloud Computing Technology
Abstract: Cloud computing is something simple we can define as maintaining data centers and data servers and also u can access technology services by computing power, storage, and database using cloud computing technology AWS(Amazon Web Services). It is an emerged model which is already popular among almost all enterprises. It provides us the concept of ondemand services where we are using and scaling cloud resources on demand and as per demand respectively. AWS Cloud computing is a cost-effective model. The major concern in this model is Security and Storage in the cloud. This is one of the major reasons many enterprises of choosing AWS cloud computing. This paper provides a review of security research in the field of cloud security and storage services of the AWS cloud platform. After security and storage, we have presented the working of AWS (Amazon Web Service) cloud computing. AWS is the most trusted provider of cloud computing which not only provides excellent cloud security but also provides excellent cloud storage services. The main aim of this paper is to make cloud computing storage and security a core operation and not an add-on operation. As per the increase in the Service provider and related companies, this AWS Cloud Platform plays a vital role in service industries by giving its best web services, so, therefore, choosing the cloud service providers wisely is the basic need of the industry. Therefore we are going to see how AWS fulfills all these specific needs. Keywords: Trusted Computing, AWS, Information-Centric Security, Cloud Storage, S3, EC2, Cloud Computing
Deep Learning Approaches to Cloud Security
Genetic algorithm-based pseudo random number generation for cloud security, cloud security service for identifying unauthorized user behaviour, qos based cloud security evaluation using neuro fuzzy model, azure cloud security for absolute beginners, mitigating theft-of-service attack - ensuring cloud security on virtual machines, cloud computing security requirements: a review.
Abstract Cloud computing is a new technology that is undergoing tremendous development today. People who use it are not able to separate the reasonable from the unreasonable arguments that come with the security requirements in the cloud. The claim that cloud computing is hereditarily insecure is as absurd as the claim that cloud computing does not create new security problems. Cloud computing is a way to dynamically increase resources without the need for in-depth knowledge of a brand new infrastructure, without training new workers or designing new software solutions. The article aims to analyse the different cloud security issues and models of cloud architectures. Some of the main problems with security in virtualization, concerns about storing data in the cloud and the assessment of risk tolerance in cloud computing are presented. Legal and regulatory issues for the protection of personal data are addressed.
The Vulnerabilities of Cloud Computing : A Review
A Cloud is a type of analogous and scattered system consisting of a collection of inter-connected and virtualized computers that are dynamically provisioned and presented as one or more unified computing resources “ . cloud computing is the dynamic provisioning of IT capabilities (hardware, software, or services) from third parties over a network. However this technology is still in its initial stages of development, as it suffers from threats and vulnerabilities that prevent the users from trusting it. Various malicious activities from illegal users have threatened this technology such as data misuse, inflexible access control and limited monitoring. The occurrence of these threats may result into damaging or illegal access of critical and confidential data of users. This article is in order to describe the impact of those vulnerabilities and threats to create awareness among organisations and users so that they can Adopt this technology with trust And form a trusted provider Who has trusted security policies. Here we have defined cloud-specific vulnerabilities, cloud feature vulnerabilities and propose a reference vulnerabilities architecture of cloud computing and threats related cloud computing. Cloud security and privacy plays an important role to avoid cloud threats .Cloud Privacy Concerns the expression of or devotion to various legal and non- legal norms regarding the right to private life. Cloud Security Concerns the confidentiality, ease of use and reliability of data or information. As the development of cloud computing, issue of security has become a top priority. In this article we are going to discuss about the Characteristics of vulnerabilities , cloud vulnerabilities and cloud threats , Also how we can overcome or avoid them and keep our data safe.
Security and Privacy in Cloud Computing: Technical Review
Advances in the usage of information and communication technologies (ICT) has given rise to the popularity and success of cloud computing. Cloud computing offers advantages and opportunities for business users to migrate and leverage the scalability of the pay-as-you-go price model. However, outsourcing information and business applications to the cloud or a third party raises security and privacy concerns, which have become critical in adopting cloud implementation and services. Researchers and affected organisations have proposed different security approaches in the literature to tackle the present security flaws. The literature also provides an extensive review of security and privacy issues in cloud computing. Unfortunately, the works provided in the literature lack the flexibility in mitigating multiple threats without conflicting with cloud security objectives. The literature has further focused on only highlighting security and privacy issues without providing adequate technical approaches to mitigate such security and privacy threats. Conversely, studies that offer technical solutions to security threats have failed to explain how such security threats exist. This paper aims to introduce security and privacy issues that demand an adaptive solution approach without conflicting with existing or future cloud security. This paper reviews different works in the literature, taking into account its adaptiveness in mitigating against future reoccurring threats and showing how cloud security conflicts have invalidated their proposed models. The article further presents the security threats surrounding cloud computing from a user perspective using the STRIDE approach. Additionally, it provides an analysis of different inefficient solutions in the literature and offers recommendations in terms of implementing a secure, adaptive cloud environment.
Export Citation Format
Share document.
Advances, Systems and Applications
- Open access
- Published: 15 February 2024
Investigation on storage level data integrity strategies in cloud computing: classification, security obstructions, challenges and vulnerability
- Paromita Goswami 1 , 2 ,
- Neetu Faujdar 2 ,
- Somen Debnath 3 ,
- Ajoy Kumar Khan 1 &
- Ghanshyam Singh 4
Journal of Cloud Computing volume 13 , Article number: 45 ( 2024 ) Cite this article
1600 Accesses
1 Citations
Metrics details
Cloud computing provides outsourcing of computing services at a lower cost, making it a popular choice for many businesses. In recent years, cloud data storage has gained significant success, thanks to its advantages in maintenance, performance, support, cost, and reliability compared to traditional storage methods. However, despite the benefits of disaster recovery, scalability, and resource backup, some organizations still prefer traditional data storage over cloud storage due to concerns about data correctness and security. Data integrity is a critical issue in cloud computing, as data owners need to rely on third-party cloud storage providers to handle their data. To address this, researchers have been developing new algorithms for data integrity strategies in cloud storage to enhance security and ensure the accuracy of outsourced data. This article aims to highlight the security issues and possible attacks on cloud storage, as well as discussing the phases, characteristics, and classification of data integrity strategies. A comparative analysis of these strategies in the context of cloud storage is also presented. Furthermore, the overhead parameters of auditing system models in cloud computing are examined, considering the desired design goals. By understanding and addressing these factors, organizations can make informed decisions about their cloud storage solutions, taking into account both security and performance considerations.
Introduction
Cloud computing’s appeal lies in its dynamic and flexible Service Level Agreement (SLA) based negotiable services, allowing users to access virtually limitless computing resources [ 1 ]. According to the National Institute of Standards and Technology (NIST), cloud computing offers a swiftly provisioned pay-per-use model, enabling on-demand, accessible, and configurable network access to shared pool resources, requiring minimal interactions from service providers and reduced management efforts [ 2 ]. Cloud computing models include private, public, hybrid, and community clouds, with services categorized into Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). IaaS providers like Google Compute Engine, Windows Azure Virtual Machines, and Amazon Elastic Cloud Compute offer network resources and computing storage, enhancing performance and reducing maintenance costs to meet specific customer demands [ 3 , 4 ]. This evolution in cloud computing has transformed various sectors. Businesses and healthcare organizations benefit from services like cost reduction through resource outsourcing [ 3 , 4 ], performance monitoring [ 5 , 6 ], resource management [ 7 ], and computing prediction [ 8 ]. Additionally, cloud computing facilitates tasks such as resource allocation [ 9 ], workload distribution [ 10 , 11 , 12 ], capacity planning [ 13 ], and job-based resource distribution [ 14 , 15 ]. This transformative impact underscores the significance of cloud computing in modern digital landscapes, empowering organizations with unprecedented efficiency and scalability in resource utilization [ 3 , 4 , 5 , 6 , 7 , 8 , 9 , 10 , 11 , 12 , 13 , 14 , 15 ].
Despite the availability of various data services, data owners are apprehensive about entrusting their valuable data to cloud service providers (CSPs) for third-party cloud storage due to concerns about the integrity of the CSPs [ 13 , 16 , 17 ], and the shared nature of cloud storage environments. Cloud computing primarily encompasses data storage and computation, with Infrastructure as a Service (IaaS) closely linked to cloud storage. When accessing IaaS, cloud users often lack visibility into the precise location of their outsourced data within the cloud storage and the machines responsible for processing tasks. Consequently, data privacy within cloud storage is a significant security challenge, exacerbated by the presence of malicious users, resulting in data integrity and confidentiality issues. This poses a critical security challenge for cloud storage, and trust in remote cloud data storage is crucial for the success of cloud computing. Data integrity, encompassing completeness, correctness, and consistency, is vital in the context of Database Management Systems (DBMS) and the ACID (Atomicity, Consistency, Isolation, Durability) properties of transactions. The issue arises when CSPs cannot securely guarantee clients the accuracy and completeness of data in response to their queries [ 18 ].
Researchers are actively advancing the field of data integrity in cloud computing by refining data integrity verification techniques and bolstering data privacy-preserving methods. These verification techniques primarily encompass Proof of Work (PoW), Proof of Data Possession (PDP), and Proof of Retrievability (PoR). Notably, the introduction of Message Authentication Code (MAC) using a unique random key within the data integrity framework marked a deterministic approach to data integrity verification, mitigating the inefficiencies associated with remote data integrity schemes that employed RSA-based encryption. This approach addressed issues related to significant computation time and long hash value transfer times for large files [ 19 ]. To enhance the security of data integrity schemes, Provable Data Possession (PDP) concepts were introduced to establish the legitimacy of data possession by a cloud server. Various subsequent research efforts have continually refined these algorithms, introducing innovations like the Transparent PDP scheme [ 20 ], DHT-PDP [ 21 ], Certificateless PDP Protocol for Multiple Copies [ 22 , 23 , 24 ], and Dynamic Multiple-Replica PDP [ 25 ]. Concurrently, the Proof of Retrievability (PoR) concept was introduced in 2007 to address error localization and data recovery issues [ 26 ]. Additionally, Proof of Original Ownership (PoW) emerged in 2011 through the Merkle hash tree protocol to prevent malicious adversaries, leading to a plethora of subsequent research endeavors with diverse improved algorithms aimed at the same goals [ 27 , 28 , 29 ].
Fully homomorphic encryption (FHE) was proposed to maintain the privacy preservation of outsourced data and in that case, original data were converted into ciphertext through an encryption technique that supports multiplication and additional operation over the ciphertext [ 30 ]. Meanwhile, drawbacks in [ 22 ] such as practically infeasible due to complex operations, were then solved by [ 31 ] Somewhat Homomorphic Encryption (SHE) scheme. Many more research works have been established in these few years such as biometrics face recognition approach [ 32 ], privacy-preserving auditing scheme for Cloud Storage using HLA [ 33 ], An Etiquette Approach for Preserving Data [ 34 ], etc.
Recently, Google cloud has introduced Zebra technologies based on a security command center (SCC) and security operation center (SOC) to point out some harmful threats such as crypto mining activity, data exfiltration, potential malware infections, brute force SSH attacks, etc. to maintain data integrity of business organization’s information [ 35 ].
In recent years, numerous cloud data integrity schemes have emerged, along with several survey papers, albeit with limited parameters to comprehensively address specific aspects of data integrity. Some of these surveys include data auditing from single copies to multiple replicas [ 36 ], Proof of Retrievability [ 37 ], various data integrity techniques and verification types for cloud storage, and different data integrity protocols [ 38 ]. However, these surveys often fall short in providing a comprehensive understanding of data integrity strategies and their classification. A concise taxonomy of data integrity schemes was presented in a survey paper [ 39 ], which discussed a comparative analysis of existing data integrity schemes, their evolution from 2007 to 2015, and covered fewer physical storage issues, fewer security challenges, and design considerations. This survey paper aims to address this gap by offering an in-depth discussion on the security challenges within physical cloud storage, potential threats, attacks, and their mitigations. It will also categorize data integrity schemes, outline their phases and characteristics, provide a comparative analysis, and project future trends. This comprehensive approach underscores the significance of data integrity schemes in securing cloud storage.
Although there are several articles arise on similar issues, our research work differs from all mentioned research works in the following ways: Unlike [ 36 , 37 , 39 ], our research work focused on different types of storage-based attacks and also comprised up-to-date methods to resist storage-based attacks which always violate data integrity schemes on physical cloud storage. Like [ 37 ], it includes storage-based security issues, threats, and it’s existing mitigation solutions. Unlike [ 36 , 37 , 39 ] our research work focused on the different types of proposals of data integrity verification which is broadly classified into file-level verification, entire blocks verification, metadata verification, and randomly block-level verification.
Unlike [ 37 ], our survey work is not constricted to only proof of retrievability (POR). It covers all verification types like the power of ownership (PoW), proof of retrievability (POR), and provable data possession (PDP). It also includes different types of auditing verifications techniques to elaborate job roles on the TPA’s side and DO’s side. It also includes a discussion of the benefit of public auditing to reduce the overhead of computational and communication overhead of DO. Unlike [ 36 , 37 , 38 , 40 , 41 , 42 , 43 ], our survey work reviews a wide range of quality features of data integrity schemes that have individually prime importance in cloud storage security. Unlike [ 36 , 37 , 41 ], we focused on different types of security challenges according to existing symptoms, effects, and probable solutions of data integrity schemes. Like [ 42 , 43 , 44 ], we include a discussion about malicious insider attacks, forgery attacks, and dishonest TPA and CSP. Unlike [ 41 , 43 , 44 ], in comparative analysis, we introduce here different performance analysis parameters of existing works based on the work’s motivations and limitations in addition to a discussion of public and private data auditing criteria. Like [ 32 ], we include all existing data integration methods briefly in the Comparative analysis of data integrity strategies section.
Research gap
According to the above discussion, this research focuses on the following points to summarize the research gaps:
In contrast to [ 36 , 37 , 39 ], our research included current strategies to fend against storage-based attacks, which consistently compromise data integrity techniques on physical cloud storage.
Our research, in contrast to [ 36 , 37 , 39 ], concentrated on the various approaches to data integrity verification, which is categorised into four categories: file-level verification, full block verification, metadata verification, and randomized block-level verification.
Our survey study is not limited to proof of retrievability (POR), in contrast to [ 37 ]. It includes all forms of verification, including proven data possession (PDP), proof of retrievability (POR), and power of ownership (PoW). Different Key Management Techniques used in cloud storage to improve security at cloud storage were also added here .
In contrast to [ 36 , 37 , 38 , 40 , 41 , 42 , 43 ], our survey work examines a variety of data integrity scheme quality features, each of which is crucial to the security of cloud storage.
In contrast to [ 36 , 37 , 41 ], we concentrated on various security issues based on the impacts, symptoms, and likely fixes of data integrity techniques.
In contrast to [ 41 , 43 , 44 ], we present here various performance analysis parameters of previous efforts based on the goals and constraints of the work together with a discussion of auditing criteria for both public and private data.
Contribution
On the basis of our knowledge, this is the first attempt to overlook all the related issues of cloud data storage with possible directions under a single article. The Key contributions of this research paper are summarized below:
Identification of possible attacks on storage level services which may arise on physical cloud storage mitigating explored solutions
Summarizing of possible characteristics of data integrity strategies to examine data integrity auditing soundness, phases, classification, etc. to understand and analyse security loopholes
Literature review on comparative analysis based on all characteristics, motivation, limitation, accuracy, method, and probable attacks
Discussion on design goal issues along with security level issues on data integrity strategy to analyse dynamic performance efficiency, different key management techniques to achieve security features, to analyse server attacks, etc.
Identification of security issues in data integrity strategy and its mitigation solution
Discussion about the future direction of new data integrity schemes of cloud computing.
This review article is described in 8 sections. Issues of physical cloud storage section, discusses issues of physical cloud storage, and attacks in storage level service. Key management techniques with regards to storage level in cloud section describes some existing key management techniques to enhance security of cloud storage. Potential attacks in storage level service section describes possible potential attacks in cloud storage. Phases of data integrity technique section phases of the data integrity scheme and summarizes all possible characteristics of the data integrity strategy. Classification of data integrity strategy section describes a classification of data integrity strategy. Characteristics of data integrity technique section describes characteristics of data integrity technique. Challenges of data integrity technique in cloud environment section describes Challenges of data integrity technique in cloud Environment. Desire design challenges of data integrity strategy section describes Desire design challenges of data integrity strategy. Comparative analysis of data integrity strategies section represents a comparative analysis of existing research works of data integrity strategy. At the end,design goal issues and future trends of cloud storage based on existing integrity schemes using a timeline infographic from 2016 to 2022 in Future trends in data integrity approaches section.
Issues of physical cloud storage
Generally, the physical cloud storage in terms of IaaS services gives cloud users the opportunity of using computing resources at a minimum cost without taking any responsibility for infrastructure maintenance. But in the actual scenario, CSP and other authorized users have no trusted actors in cloud computing. Hence, cloud storage is an attack-prone area due to the malicious intentions of CSP and insider-outsider attackers. We have listed here cloud storage issues along with possible attacks. Table 1 shows below all possible mitigating solutions.
In capability of CSP: Managing big cloud storage may create a data loss problem for CSP due to lack of insufficient computational capacity, sometimes cannot meet user’s requirement, missing a user-friendly data serialization standard with easily readable and editable syntax, due to changes of a life cycle in a cloud environment [ 66 ].
Loses control of cloud data over a distributed cloud environment may give vulnerable chances to unauthorized users to manipulate valuable data of valid one [ 67 ].
Lack of Scalability of physical cloud storage: Scalability means all hardware resources are merged to provide more resources to the distributed cloud system. It might be beneficial for illegitimate access and modify cloud storage and physical data centers [ 68 ].
Unfair resource allocation strategy: Generally, monitoring data is stored in a shared pool in a public cloud environment which might not be preferable to cloud users who are not interested to leave any footprint on their work distribution/data transmission by a public cloud-hosted software component which will be the reason for a future mediocre of original data fetching [ 69 ].
Lack of performance monitoring of cloud storage: Generally, monitoring data is stored in a shared pool in a public cloud which might not be preferable to cloud users who are not interested to leave any footprint on their work distribution/data transmission by a public cloud-hosted software component [ 70 ].
Data threat: Cloud users store sensitive data in cloud environments about their personal information or business information. Due to the lack of data threat prevention techniques of cloud service providers, data may be lost or damaged [ 64 , 71 ].
Malicious cloud storage provider: Lack of transparency and access control policies are basic parameters of a cloud service provider being a malicious storage provider. Due to the missing of these two parameters, it’s quite easy to disclose confidential data of cloud users towards others for business profit [ 72 ].
Data Pooling: Resource pooling is an important aspect of cloud computing. Due to this aspect, data recovery policies and data confidentiality schemes are broken [ 73 ].
Data lock-in: Every cloud storage provider does not have a standard format to store data. Therefore, cloud users face a binding problem to switch data from one provider to another due to dynamic changes in resource requirements [ 39 ].
Security against internal and external malicious attack: Data might be lost or data can be modified by insider or outsider attacks [ 49 , 74 , 75 , 76 ].
Key management techniques with regards to storage level in cloud
In order to prevent data leakage and increase the difficulty of attack, this paper presents a method combining data distribution and data encryption to improve data storage security. We have listed here some key techniques used in cloud storage to enhance security and transparency between cloud storage, cloud users.
Hierarchical Key Technique: Some research articles [ 77 ] provide secret sharing and key hierarchy derivation technique in combination with user password to enhance key security, protecting the key and preventing the attacker from using the key to recover the data.
Private Key Update Technique:This identity-based encryption technique [ 78 ] helps to update the private keys of the non-revoked group users instead of the authenticators of the revoked user when the authenticators are not updated, and it does away with the complex certificate administration found in standard PKI systems.
Key Separation Technique: This cryptographic method aids in maintaining the privacy of shared sensitive data while offering consumers effective and efficient storage services [ 79 ].
Attribute-based Encryption Key Technique: Instead of disclosing decryption keys, this method achieves the conventional notion of semantic security for data secrecy, whereas existing methods only do so by establishing a lesser security notion [ 80 , 81 ]. It is used to share data with users in a confidential manner.
Multiple Key Technique:This k-NN query-based method improves security by assisting the Data owner(DO) and each query user in maintaining separate keys and not sharing them [ 82 ]. In the meantime, the DO uses his own key to encrypt and decrypt data that has been outsourced.
Potential attacks in storage level service
Storage level service in cloud computing offers services of resource computation, virtual network, shared storage over the internet in lease. It provides more flexible and scalable benefits than on-premise physical hardware. Due to these two aspects of the cloud, storage-level services can be the victim of malicious attacks attempting to steal computing resources for the publication of original data or data exfiltration in data braces. If attackers can successfully enter into the infrastructure services of an organization, they can then grip those parts to obtain access to other important parts of the enterprise architecture causing security issues of data integrity. We have listed here possible attacks on storage-level services.
DoS/DDoS: Ultimate purpose of this attack is to do unavailable original services towards users and overload the system by flooding spam results in a single cloud server. Due to the high workload, the performance of cloud servers slumps, and users lose the accessibility to their cloud services.
Phishing: Attackers steal important information in the form of a user’s credentials like name, password, etc. after redirecting the user to a fraud webpage as an original page.
Brute Force attack/ Online dictionary attack: It’s one type of cryptographic hack. Using an exhaustive key search engine, malicious attackers can violate the privacy policy of the data integrity scheme in cloud storage.
MITC: Man in the cloud attack helps attackers to gain the capability to execute any code on a victim machine through installing their synchronization token on a victim’s machine instead of the original synchronization token of a victim machine and using this token, attackers get control over target machine while target machine synchronizes this token to the attacker’s machine.
Port scanning: Attackers perform port scanning methods to identify open ports or exposed server locations, analyze the security level of storage and break into the target system.
Identity theft: Using password recovery method, attackers can get account information of legitimate users which causes loss of credential information of the user’s account.
Risk spoofing: Resource workload balancing is a good managerial part of cloud storage but due to this aspect of cloud computing, attackers can steal credential data of cloud users, able to spread malware code in host machines and create internal security issues.
Data loss/leakage: During data transmission time by external adversaries, incapability of cloud service providers, by unauthorized users of the same cloud environment, by internal malicious attackers, data can be lost or manipulated.
Shared technology issue: Compromising hypervisors, cloud service providers can run concurrently multiple OS as guests on a host computer. For the feebleness of hypervisor, attackers create vulnerabilities like data loss, insider malicious attacks, outsider attacks, loss of control on machines, and service disruption by taking control over all virtual machines.
Phases of data integrity technique
Data integrity always keeps the promise of data consistency and accuracy of data at cloud storage. Its probabilistic nature and resistance capability of storing data from unauthorized access help cloud users to gain trust for outsourcing their data to remote clouds. It consists of mainly three actors in this scheme: Data owner (DO), Cloud Storage/Service Provider (CSP), and Third-Party Auditor(optional) [ 39 ] as depicted in Fig. 1 . The data owner produces data before uploading it to any local cloud storage to acquire financial profit. CSP is a third-party organization offering Infrastructure as a service (IaaS) to cloud users. TPA exempts the burden of management of data of DO by checking the correctness and intactness of outsourced data. TPA also reduces communication overhead costs and the computational cost of the data owner [ 83 , 84 ]. Sometimes, DO ownself takes responsibility for data integrity verification without TPA interference. There are three phases in data integrity strategy described below in Table 2 :
Data processing phase: In data processing phase, data files are processed in many way like file is divided into blocks [ 60 ], applying encryption technique on blocks [ 90 ], generation of message digest [ 87 ], applying random masking number generation [ 88 ], key generation and applying signature on encrypted block [ 93 ] etc. and finally encrypted data or obfuscated data is outsourced to cloud storage.
Acknowledgement Phase: This phase is totally optional but valuable because sometimes there may arise a situation where CSP might conceal the message of data loss or discard data accidentally to maintain their image [ 88 ]. But most of the research works skip this step to minimize computational overhead costs during acknowledgment verification time.
Integrity verification phase: In this phase, DO/ TPA sends a challenge message to CSP and subsequently, CSP sends a response message as metadata or proof of information to TPA/DO for data integrity verification. The audit result is sent to DO if verification is done by TPA.
Entire Cycle of Data Integrity Technique
Classification of data integrity strategy
Classification of data integrity depends on a variety of conceptual parameters and sub-parameters. Table 3 shows all parameters, and sub-parameters with references to give a clear idea about data integrity strategy. The deployment setup of data integrity strategy is dependent on the environment of the proposed system. Clients can store their data in public cloud set up [ 98 ], multi-cloud setup [ 99 , 100 ] or hybrid cloud set up [ 101 ]. If data are placed in a public cloud setup, clients lose access control visibility on data due to the outsider data management policy of CSP. As a result, data integrity problems arise because both CSP and public cloud storage are not honest in practical scenarios. Multi-cloud means more than one cloud service, more than one vendor in the same heterogeneous cloud architecture. A hybrid cloud is also a combination of private and public clouds. Hence, in the shared storage structure of multi and hybrid cloud environments, security issues of data integrity is a genuine concern. The guarantee of data integrity scheme can be proposed in two types: deterministic and probabilistic approaches. The performance of probabilistic verification is better than deterministic verification because of its higher accuracy in error correction of blocks without accessing the whole file and low computational overhead [ 102 ]. But, the deterministic approach gives adequate accuracy of data integrity whereas the probabilistic approach gives less than data integrity accuracy of deterministic approach [ 39 ].
Type of proposal
File level verification: This is a deterministic verification approach. Here, data integrity verification is generally done by either TPA or the client. The client submitted an encoded file to the storage server and for data integrity verification a verifier verified the encoded file through the challenge key and secret key which is chosen by the client [ 103 ].
Block Level Verification : This type of verification is a deterministic verification approach. Firstly, a file is divided into blocks, encrypted, generated message digest, and sent encrypted blocks to CSP. Later, CSP sends a response message to TPA for verification and TPA verifies all blocks by comparing the newly generated message digest with the old message digest generated by the client [ 87 ].
Randomly block level verification: This is a probabilistic verification approach. In this verification, a file is divided into blocks, next generate anyone signatures or combination of any two signatures of hash [ 86 ], BLS [ 88 ], HLA [ 124 ], random masking [ 88 ], or ZSS [ 97 ] for all blocks and submits both of them to cloud storage. Later, TPA generates a challenge message for randomly selected blocks which will be verified for data integration checking and sent to CSP. Next, CSP sends a proof message to TPA for verification. The proof message is verified by TPA for randomly selected blocks by generating new signatures and comparing old and new signatures of particular blocks [ 61 , 86 ].
Metadata verification: In this deterministic approach, firstly cloud users generate a secret key, and using this secret key, cloud users prepare metadata of the entire file through HMAC-MD5 authentication. Later, the encrypted file is sent to CSP, and metadata is sent to TPA. Later this metadata is used for integrity verification via TPA [ 85 ].
Category of data
Static data: In static nature, no need to modify data that are stored in cloud storage. In [ 105 ], a basic RDPC scheme is proposed for the verification of static data integrity. In remote cloud data storage, all static files are of state-of-the-art nature which gets the main attention but in practical scenarios, TPA gets permission to possess the original data file creates security problems. In [ 106 ], the RSASS scheme is introduced for static data verification by applying a secure hash signature (SHA1) on file blocks.
Dynamic Data: Data owners don’t have any restriction policy for applying updation, insertion and deletion operations on outsourced data for unlimited time which is currently stored in remote cloud storage. In [ 111 ], a PDP scheme is introduced by assuming a ranked skipping list to hold up completely dynamic operation on data to overcome the problem of limited no. of insertion and query operation on data which is described in [ 118 ]. In [ 117 ], dynamic data graph is used to restrict conflict of the dynamic nature of big-sized graph data application.
Verification type
Proof of ownership verification: The proof of ownership (PoW) scheme is introduced in the data integrity scheme to prove the actual data ownership of original data owner to server and to restrict unauthorized access to outsourced data of data owner from valid malicious users in the same cloud environment. PoW scheme is enclosed with data duplication scheme to reduce security issues about an illegal endeavor of a malicious user to access unauthorized data [ 27 ]. Three types of PoW scheme is defined: s-POW, s-Pow1, s-Pow2 in [ 29 ] which have satisfactory computation and I/O efficiency at user side but I/O burden on the remote cloud are significantly increased and this problem was overcome in [ 28 ] through establishing a balance between server and user side efficiency.
Provable of data possession: Provable of data possession (PDP) scheme promises statically the exactness of data integrity verification of cloud data without downloading on untrusted cloud servers and restricts data leakage attacks at cloud storage. In [ 104 ], research work described aspects of the PDP technique from a variety of system design perspectives like computation efficiency, robust verification, lightweight and constant communication cost, etc. in related work. In [ 112 ], certificateless PDP is proposed for public cloud storage to address key escrow problems and key management of general public key cryptography and solve the security problems(verifiers were able to extract original data of users during integrity verification time) of [ 113 , 120 ].
Proof of retrievability verification: Proof of retrievability(PoR) ensures data intactness in remote cloud storage. Both PoR and PDP perform similar functions with the difference that PoR scheme has the ability to recover faulty outsourced data whereas PDP only supports data integrity and availability of data to clients [ 108 ]. In [ 109 ], IPOR scheme is introduced which ensures 100% retrieval probability of corrupted blocks of original data file. DIPOR scheme also supports data retrieval technique of partial health records along with data update operation [ 115 ].
Auditing verification: Verification of cloud data which is outsourced by the data owner is known as the audit verification process. Data integrity scheme supports two types of verification: Private auditing verification(verification is done between CSP and data owner i.e. cloud user) and Public auditing verification (cloud user hiers a TPA to reduce computational and communication overhead at ownside and verification is done between CSP and TPA) [ 122 ]. Privacy-preserving public auditing [ 83 , 122 ], certificateless public auditing [ 125 ],optimized public auditing scheme [ 123 ] ,bitcoin-based public auditing [ 88 ], S-audit public auditing scheme [ 108 ], shared data auditing [ 83 ], Dynamic data public auditing [ 126 ] Non-privacy preserving public auditing scheme [ 127 ], digital signature(BLS, hash table, RSA etc. ) based public auditing scheme [ 88 , 119 , 128 ] etc. are some types of public auditing schemes. A private auditing scheme was first proposed by [ 110 ] called SW method and further reviewed by some research works[[ 87 , 116 ].
Characteristics of data integrity technique
In this review article, focuses on several quality features of data integrity, which have individually prime importance in cloud storage security. These are:
Public Auditability: The auditability scheme examines the accuracy of stored outsourced data from data owner at cloud storage by TPA according to the request of data owners [ 94 , 95 ].
Audit correctness: The proof message of CSP can pass the validation test of TPA only if CSP and TPA are being honest and CSP, data owner properly follow the pre-defined process of data storing [ 89 , 78 ].
Auditing soundness: The one and only way to pass TPA’s verification test is that CSP has to store the data owner’s entire outsourced data at cloud storage [ 90 ].
Error localization at block level: It helps to find out error blocks of a file in cloud storage during verification time [ 89 ].
Data Correctness: It helps to rectify error data block with available replica block’s information in cloud storage [ 89 ].
Stateless Auditor: During verification, a stateless auditor is not necessary to maintain, store or update previous results of verification for future usages [ 88 , 95 ].
Storage Correctness: CSP prepares a report which shows that all data is entirely stored in cloud storage even if the data are partially tempered or lost. Therefore, the system needs to guarantee data owners that their outsourced data are the same as what was previously stored [ 129 ].
Robustness: In probabilistic data integrity strategy, errors in smaller size data should be identified and rectified [ 39 ].
Unforgeability: Authenticated users can only generate a valid signature/metadata on shared data [ 129 ].
Data Dynamic support: It allows data owners to insert, edit and delete data in the cloud storage by maintaining the constant level of integrity verification support like previous [ 89 ].
Dependability: Data should be available during managing all the file blocks time [ 89 ].
Replica Audibility: It helps to examine the replicas of the data file stored in the cloud storage by TPA on demand with data owners [ 89 ].
Light Weight: It means that due to the occurrence of a large number of blocks and the presence of multiple users in the system, signature process time should be short to reduce the computational overhead of clients[ 88 , 97 ].
Auditing Correctness: It ensures that the response message from the CSP side can pass only the verification trial of TPA when CSP properly stores outsourced data perfectly into cloud storage [ 97 ].
Privacy Protection: During verification, the auditing scheme should not expose a user’s identity information in front of an adversary [ 90 , 97 ].
Efficient User Revocation: The repeal users are not able to upload any data to cloud storage and can not be authorized users any more [ 78 ].
Batch Auditing: In the public auditing scheme, batch auditing method is proposed for doing multiple auditing tasks from different cloud users which TPA can instantly perform [ 95 ].
Data Confidentiality: TPA can not acquire actual data during data integrity verification time [ 90 ].
Boundless Verification: Data owners never give TPA any obligate condition about a fixed no. of verification interaction of data integrity [ 88 ].
Efficiency: The size of test metadata and the test time on multi-owner’s outsourced data in cloud computing are both individualistic with the number of data owners [ 95 ].
Private Key Correctness: Private key can pass verification test of cloud user only if the Private key Generator (PKG) sends a right private key to the cloud user [ 90 ].
Blockless Verification: TPA no need to download entire blocks from cloud storage for verification [ 95 ].
Challenges of data integrity technique in cloud environment
Security challenges of data integrity technique in cloud computing always come with some fundamental questions:
how outsourced data will be safe in a remote server and how data will be protected from any loss, damage, or alteration in cloud storage?
how security will assure cloud data if a malicious user is present inside the cloud?
On which location of shared storage, outsourced data will be stored?
Will legitimate access to the cloud data be by an authorized user only with complete audit verification availability?
All the above questions are associated with the term privacy preservation of data integrity scheme and that’s why data integrity in cloud computing is a rapidly growing challenge still now. Refer Table 4 , for existing solutions to security challenges and corresponding solutions of data integrity techniques.
Risk to integrity of data : This security is divided into three parts:
during globally acquiring time, cloud services are hampered by many malicious attacks if integrity of database, network etc. are properly maintained.
Data availability and integrity problems occur if unauthorized changes happened with data by CSP.
Segregation problem of data among cloud users in cloud storage is another problem of data integrity. Therefore, SLA-based patch management policy, standard validation technique against unauthorized use and adequate security parameters need to be included in data integrity technique [ 131 ].
Dishonest TPA : A dishonest TPA has two prime intentions:
TPA can spoil the image of CSP by generating wrong integrity verification messages.
TPA can exploit confidential information with the help of malicious attackers through repeated verification interaction messages with cloud storage.
Hence, an audit message verification method must be included in a data integrity verification scheme to continuously analyze the intentional behavior of TPA
Dishonest CSP : An adversary CSP has three motives: i) CSP tries to retrieve either the original content of the entire data file or all block information of the data file and this leakage data information are used by CSP for business profit. ii) CSP can modify the actual content of a file and use it for personal reasons. But in both cases, the data owner can not detect the actual culprit. iii) CSP always tries to maintain its business reputation even if outsourced data of owner are partially tempered or lost Particularly, for that reason, an acknowledged verification method, an error data detection method and an error data recovery method should be included in data integrity scheme to maintain intactness of data and confidentiality of data [ 89 , 132 ].
Forgery Attack at Cloud Storage : Outsider attacker may forge a proof message which is generated by CSP for the blocks indicated by challenge message to respond TPA. Malicious auditors may forge an audit-proof that passes the data integrity verification [ 88 , 90 ].
Data modification by an insider malicious user into cloud storage : An insider malicious user can subvert or modify a data block at his/her will and can fool the auditor and data owner to trust that the data blocks are well maintained at the cloud storage even if that malicious user alters the interaction messages in the network channel. Hence data confidentiality scheme or obfuscation data technique should be included in data integrity technique [ 92 ].
Desire design challenges of data integrity strategy
Below are the main design issues for data integrity schemes:
Communication overhead : It means total outsourcing data, which is transferred from client to storage server, transfer of challenge message to CSP, transfer of the proof message to TPA, transfer of audit message to client all are communication overhead. Table 5 ,compares the communication overhead incurred during public auditing by DO, LCSP, and RTPA. Since DO always sends either their original file, an encrypted file, or an encrypted file with a signature to a cloud server, most articles here consider communication overhead for creating challenge messages and challenge-response messages, which is not included in DO’s communication overhead.
Computational overhead : Data preprocessing, signature generation and audit message verification from data owner side or trusted agent side, challenge message generation, data integrity verification and audit message generation from the TPA side, prof message generation from CSP side all are computational overhead. In [ 97 ], the computational overhead of client, CSP and TPA are less than [ 124 ] because ZSS signature requires less overhead of power exponential and hash calculation than BLS signature. Table 6 compares the computational overhead incurred during public auditing by DO, LCSP, and RTPA. Here, Pair denotes bilinear pairing operatons, Hash denotes hash function, Mul denotes multiplication operation, ADD denotes addition operation, Exp denotes exponential operation,Inv denotes inverser operation,Encrypt denotes encryption operation, decrypt denotes decryption operation,and Sub denotes subtraction operation etc.
Storage overhead : Entire file or block files, metadata, signature, and replica blocks are required to be stored at cloud storage and at client side depending on the policy of system models. Cloud user storage overhead should be little during auditing verification to save extra storage overhead [ 36 ].
Cost overhead : It denotes the summarized cost of communication overhead, computational overhead, and storage overhead.
Data Dynamic Analysis : Stored data in cloud storage is not always static. Sometimes, alternation of data, deletion of data or addition of new data with old one are basic functions that come into the practical picture due to the dynamic demanding nature of clients. Therefore, data integrity verification should be done after all dynamic operations on stored data. In [ 93 ], the insertion, deletion and updation time of increasing data blocks are less than [ 123 ] due to less depth of the authenticated structure of the dynamic data integrity auditing scheme.
Comparative analysis of data integrity strategies
integrity checking scheme
This section presents a comparative study and comparison of data integrity strategies. Table 7 shows a comparative analysis of the data integrity strategy of cloud storage for expected design methods with limitations. Zang et al. [ 88 ] introduced a random masking technique in public audibility scheme during the computation of proof information generation time. Due to the linear relationship between the data block and proof information, malicious adversaries are capable of inert the effectiveness of the SWP scheme. In the SWP scheme, CSP generates proof information and sends it to TPA for verification. There may be an uncertain situation arise when CSP is intruded on by an external and malicious adversary that can alter every data block’s information. To hoax TPA and pass the verification test, a malicious adversary can eavesdrop challenge message and break off the proof message. Therefore, in the SWP scheme, we assume that TPA is the trustworthy element. But practically, it is not possible. To defend against external malicious adversaries without a protective channel, the author proposed here a nonlinear disturbance code as a random masking technique to alter the linear relationship into a nonlinear relationship between data blocks and proof messages. The author applied a BLS hash signature on each block to help the verifier for random block verification. These public audibility verification techniques assure boundless, effective, stateless auditor and soundness criteria with two limitations are that due to the missing data storing acknowledge verification, the reputation of the Cloud services may be destroyed and this scheme is applicable for only static data.
M Thangavel et al. [ 89 ] proposed a novel auditing framework, which protects cloud storage from malicious attacks. This technique is based on a ternary and replica-based ternary hash tree which ensures dynamically block updating, data correctness with error localization operation, data insertion, and data deletion operations. W. Shen et al. [ 90 ] introduced identity-based data auditing scheme to hide sensitive information at the block level for securing cloud storage during data sharing time. Using this scheme, sanitizer sanitizes data blocks containing sensitive information. Chameleon hash and an unforgeable chameleon hash signature do not provide blockless auditing and require high computational overhead. Hence, this PKG-based signature method assures blockless verification and reduces computational overhead. These public audibility verification techniques assure auditing soundness, private key correctness, and sensitive information hiding one limitation is that due to missing audit messages, TPA can deceive users about data verification. S.Mohanty et al. [ 85 ] introduce a confidentiality-preserving auditing scheme by which cloud users can easily verify the risk of the used service from the audit report which is maintained by TPA. This scheme has two benefits. First, it helps to check the integrity of cloud users’ data. Second, it verifies the TPA’s authentication and repudiation. In this scheme, the author proposed a system model which supports the basic criteria of cloud security auditing, confidentiality, and availability. HMAC-MD5 technique is used on metadata to maintain data privacy on the TPA side. Chen et al. [ 61 ] proposed MAC oriented data integrity technique based on the metadata verification method which reinforces auditing correctness. These technique helps to protect stored data in cloud storage from MitM and replay attacks. But this scheme needs to improve because, after some repeated pass of challenge-proof messages, CSP will have the ability to get actual block elements of the user’s confidential data.
S. Hiremath et al. [ 87 ] established a public blockless data integrity scheme that secures fixed time to check data of variable size files. For data encryption, the author uses the AES algorithm and SHA-2 algorithm for the data auditing scheme. The author uses the concept of random masking and Homomorphic Linear Authenticator (HLA) techniques to ensure stored data confidentiality during auditing time. But this scheme is only applicable for static data stored in cloud storage. Hence, it needs to expand for dynamic data operations. T. Subha. et al. [ 86 ] introduced the idea of public auditability to check the correctness of stored data in cloud storage and assume that TPA is a trusty entity. Data privacy mechanisms like Knox and Oruta have been proposed here to grow the security level at cloud storage and resist active adversary attacks. The author uses the Merkle hash tree to encrypt data block elements. B.Shao et al. [ 93 ] established a hierarchical Multiple Branches Tree(HMBT) which secures users’ data auditing correctness, fulfills the crypto criteria of data privacy, and gives protection against forgery and replay attacks. The scheme is used a special hash function to give BLS signature on block elements and helps in public auditing.DCDV is a concept based on a hierarchical time tree and Merkle hash tree. Simultaneous execution of access control and data auditing mechanism rarely happens in attribute-based cryptography. Hence, Dual Control and Data Variable(DCDV) data integrity scheme is proposed in [ 132 ]. This scheme ensures the solution of the private data leakage problem by the user’s secret key and assures the correctness of the auditing scheme. A PDP technique is proposed for data integrity verification scheme that supports dynamic data update operations, reduces communication overhead for fine-grained dynamic update of Bigdata increases the protection level of stored data at cloud storage, and resists collusion resistance attacks and batch auditing [ 114 ]. Another novel public auditing scheme based on an identity-based cryptographical idea ensures low computational overhead from revocated users during the possession of all file blocks. It fulfills the crypto criteria of soundness, correctness, security, and efficiency of revoke users [ 78 ].
Some research works introduced BLS cryptographical signature which has the shortest length among all available signatures [ 88 ]. This signature is based on a special hash function that is probabilistic, not deterministic. Also, it has more overhead of power exponential and hash calculation. To overcome signature efficiency and computational overhead, a new signature ZSS is proposed [ 97 ]. This integrity scheme supports crypto criteria like privacy protection, public auditing correctness, and resisting message and forgery. An attribute-based data auditing scheme is proposed in [ 137 ] which proved data correctness and soundness based on discrete logarithm and Diffie-Hellman key exchange algorithm. This scheme maintains the privacy of confidential data of cloud users and resists collusion in blocks during auditing verification time. attacks. ID-based remote data auditing scheme(ID-PUIC) is introduced here which secures efficiency, security, and flexibility with the help of the Diffie-Hellman problem [ 98 ]. It also supports ID-based proxy data upload operation when users are restricted to access public cloud servers. It shows a lower computation cost of server and TPA than [ 107 ]. Both researches works [ 105 , 126 ] have worked on public checking of data intactness of outsourced data and reducing communication and computational cost of the verifier. These also support dynamic data auditing, blockless verification, and privacy preservation.
Future trends in data integrity approaches
As further research work, we are discussing here the future direction of the data integrity scheme to enlarge the scope of cloud data security for research process continuity. New emerging trends in data integrity schemes are listed below.In [ 39 ], authors have already discussed and shown evolutionary trends of data integrity schemes through a timeline representation from 2007 to 2015 which presented possible scopes of data integrity strategy. Hence, we show a visual representation of all probable trends of the integrity scheme from 2016 to 2022 in the timeline infographic template, Fig. 2 .
Blockchain data-based integrity : Blockchain technology is decentralized, peer-peer technology. It supports scalable and distributed environments in which all the data are treated as transparent blocks that contain cryptographic hash information of the previous block, and timestamps to resist any alteration of a single data block without modifying all the subsequent linked blocks. This feature of this technology improves the performance of cloud storage and maintains the trust of data owners by increasing data privacy through the Merkle tree concept. In [ 138 ], a distributed virtual agent model is proposed through mobile agent technology to maintain the reliability of cloud data and to ensure trust verification of cloud data via multi-tenant. In [ 139 ], a blockchain-based generic framework is proposed to increase the security of the provenance data in cloud storage which is important for accessing log information of cloud data securely. In [ 140 , 141 , 142 ], all research works have the same intention of using blockchain technology to enhance data privacy and maintain data integrity in cloud storage.In Table 8 , this article show use Blockchain technology to overcome some issues of cloud storage.
Data integrity in fog computing : Generally, privacy protection schemes are able to resist completely insider attacks in cloud storage. In [ 147 ], a fog computing-based TLS framework is proposed to maintain the privacy of data in Fog servers. The extension part of cloud computing is fog computing which was firstly introduced in 2011 [ 148 ]. The three advantages of fog computing are towering real-time, low latency, and broader range geographical distribution which is embedded with cloud computing to ensure the privacy of data in fog servers which is a powerful supplement to maintain data privacy preservation in cloud storage.
Distributed Machine Learning Oriented Data Integrity : In artificial intelligence, maintaining the integrity of training data in the distributed machine learning environment is a rapidly growing challenge due to network forge attacks. In [ 136 ], distributed machine learning-oriented data integrity verification scheme (DML-DIV) is introduced to assure training data intactness and to secure training data model. PDP sampling auditing algorithm is adopted here to resist tampering attacks and forge attacks. Discrete logarithm problem (DLP) is introduced in the DML-DIV scheme to ensure privacy preservation of training data during TPA’s challenge verification time. To reduce key escrow problem and certificate cost, identity-based cryptography and key generation technology is proposed here.
Data Integrity in Edge Computing : Edge computing is an extensional part of distributed computing. Cache data integrity is a new concept in edge computing developed based on cloud computing which serves optimized data retrieval latency on edge servers and gives centralized problems of cloud storage server.Edge data integrity(EDI) concept is first proposed to effectively handle auditing of vendor apps’ cache data on edge servers which is a challenging issue in dynamic, distributed, and volatile edge environments described In [ 149 ]. Research work proposed here EDI-V model using variable Merkle hash tree (VMHT) structure to maintain cache data auditing on a large scale server through generating integrity of replica data of it. In [ 150 ], the EDI-S model is introduced to verify the integrity of edge data and to localize the corrupted data on edge servers by generating digital signatures of each edge’s replica.
Timeline Infographic of Data Integrity
With the continuously enlarging popularity of attractive and optimized cost-based cloud services, it is inconvenient to make sure data owners the intactness of outsourced data in cloud storage environments has become a disaster security challenge. We have tried to highlight several issues and the corresponding solution approaches for cloud data integrity which will provide a visualization as well as clear directions to researchers. The current state of the art in this mentioned research field will provide extra milestones in several areas like cloud-based sensitive health care, secured financial service, managing social media flat-forms, etc. In this paper, we have discussed phases of data integrity, characteristics of data integrity scheme, classification of data integrity strategy based on the type of proposal, nature of data and type of verification schemes, and desired design challenges of data integrity strategy based on performance overhead. We have also identified issues in physical cloud storage and attacks on storage-level services along with mitigating solutions. Lastly, we have established here a timeline infographic visual representation of a variety of data integrity schemes and future aspects of data integrity strategy to explore all the security directions of cloud storage.
Availability of data and materials
Not applicable.
Buyya R, Broberg J, Goscinski AM (2010) Cloud computing: Principles and paradigms, vol 87. Wiley
Mell P, Grance T, et al (2011) The nist definition of cloud computing
Wu C, Buyya R, Ramamohanarao K (2019) Cloud pricing models: Taxonomy, survey, and interdisciplinary challenges. ACM Comput Surv (CSUR) 52(6):1–36
Article CAS Google Scholar
Dimitri N (2020) Pricing cloud iaas computing services. J Cloud Comput 9(1):1–11
Article MathSciNet Google Scholar
Roy SS, Garai C, Dasgupta R (2015) Performance analysis of parallel cbar in mapreduce environment. In: 2015 International Conference on Computing, Communication and Security (ICCCS). IEEE, pp 1–7
Singhal S, Sharma A (2020) Load balancing algorithm in cloud computing using mutation based pso algorithm. In: Advances in Computing and Data Sciences: 4th International Conference. Springer, pp 224–233
Luong NC, Wang P, Niyato D, Wen Y, Han Z (2017) Resource management in cloud networking using economic analysis and pricing models: A survey. IEEE Commun Surv Tutorials 19(2):954–1001
Article Google Scholar
Goswami P, Roy SS, Dasgupta R (2017) Design of an architectural framework for providing quality cloud services. In: International Conference on Grid, Cloud, & Cluster Computing. pp 17–23
Anuradha V, Sumathi D (2014) A survey on resource allocation strategies in cloud computing. In: International Conference on Information Communication and Embedded Systems (ICICES2014). IEEE, pp 1–7
Magalhaes D, Calheiros RN, Buyya R, Gomes DG (2015) Workload modeling for resource usage analysis and simulation in cloud computing. Comput Electr Eng 47:69–81
Singhal S, Sharma A (2021) Mutative aco based load balancing in cloud computing. Eng Lett 29(4)
Chandramohan D, Vengattaraman T, Dhavachelvan P, Baskaran R, Venkatachalapathy V (2014) Fewss-framework to evaluate the service suitability and privacy in a distributed web service environment. Int J Model Simul Sci Comput 5(01):1350016
Klosterboer L (2011) ITIL capacity management. Pearson Education
Majumdar A, Roy SS, Dasgupta R (2017) Job migration policy in a structured cloud framework. In: 2017 International Conference on Computational Science and Computational Intelligence (CSCI). IEEE, pp 1529–1534
Singhal S, Sharma A (2021) A job scheduling algorithm based on rock hyrax optimization in cloud computing, vol 103. Springer, pp 2115–2142
Dong Y, Sun L, Liu D, Feng M, Miao T (2018) A survey on data integrity checking in cloud. In: 2018 1st International Cognitive Cities Conference (IC3). IEEE, pp 109–113
Bian G, Fu Y, Shao B, Zhang F (2022) Data integrity audit based on data blinding for cloud and fog environment. IEEE Access 10:39743–39751. https://doi.org/10.1109/ACCESS.2022.3166536
Iqbal A, Saham H (2014) Data integrity issues in cloud servers. Int J Comput Sci Issues (IJCSI) 11(3):118
Google Scholar
Caronni G, Waldvogel M (2003) Establishing trust in distributed storage providers. In: Proceedings Third International Conference on Peer-to-Peer Computing (P2P2003). IEEE, pp 128–133
Ogiso S, Mohri M, Shiraishi Y (2020) Transparent provable data possession scheme for cloud storage. In: 2020 International Symposium on Networks, Computers and Communications (ISNCC). IEEE, pp 1–5
Masood R, Pandey N, Rana Q (2020) Dht-pdp: A distributed hash table based provable data possession mechanism in cloud storage. In: 2020 8th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO). IEEE, pp 275–279
Bian G, Chang J (2020) Certificateless provable data possession protocol for the multiple copies and clouds case. IEEE Access 8:102958–102970
Zhang X, Wang X, Gu D, Xue J, Tang W (2022) Conditional anonymous certificateless public auditing scheme supporting data dynamics for cloud storage systems. IEEE Trans Netw Serv Manag 19(4):5333–5347. https://doi.org/10.1109/TNSM.2022.3189650
Li J, Yan H, Zhang Y (2021) Certificateless public integrity checking of group shared data on cloud storage. IEEE Trans Serv Comput 14(1):71–81. https://doi.org/10.1109/TSC.2018.2789893
Yuan Y, Zhang J, Xu W (2020) Dynamic multiple-replica provable data possession in cloud storage system. IEEE Access 8:120778–120784
Juels A, Kaliski Jr BS (2007) Pors: Proofs of retrievability for large files. In: Proceedings of the 14th ACM conference on Computer and communications security. ACM, pp 584–597
González-Manzano L, Orfila A (2015) An efficient confidentiality-preserving proof of ownership for deduplication. J Netw Comput Appl 50:49–59
Yu CM, Chen CY, Chao HC (2015) Proof of ownership in deduplicated cloud storage with mobile device efficiency. IEEE Netw 29(2):51–55
Di Pietro R, Sorniotti A (2012) Boosting efficiency and security in proof of ownership for deduplication. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security. ACM, pp 81–82
Gentry C (2009) Fully homomorphic encryption using ideal lattices. In: Proceedings of the forty-first annual ACM symposium on Theory of computing. ACM, pp 169–178
Enoch SY, Hong JB, Kim DS (2018) Time independent security analysis for dynamic networks using graphical security models. In: 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). IEEE, pp 588–595
Kumar S, Singh SK, Singh AK, Tiwari S, Singh RS (2018) Privacy preserving security using biometrics in cloud computing. Multimed Tools Appl 77(9):11017–11039
Sirohi P, Agarwal A (2015) Cloud computing data storage security framework relating to data integrity, privacy and trust. In: 2015 1st international conference on next generation computing technologies (NGCT). IEEE, pp 115–118
Prasad D, Singh BR, Akuthota M, Sangeetha M (2014) An etiquette approach for public audit and preserve data at cloud. Int J Comput Trends Technol (IJCTT) 16
Skibitzki B (2021) How zebra technologies manages security & risk using security command center. https://cloud.google.com/blog/products/identity-security/how-zebra-technologies
Li A, Chen Y, Yan Z, Zhou X, Shimizu S (2020) A survey on integrity auditing for data storage in the cloud: from single copy to multiple replicas. IEEE Trans Big Data 8(5):1428–1442.
Tan CB, Hijazi MHA, Lim Y, Gani A (2018) A survey on proof of retrievability for cloud data integrity and availability: Cloud storage state-of-the-art, issues, solutions and future trends. J Netw Comput Appl 110:75–86
Pujar SR, Chaudhari SS, Aparna R (2020) Survey on data integrity and verification for cloud storage. In: 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT). IEEE, pp 1–7
Zafar F, Khan A, Malik SUR, Ahmed M, Anjum A, Khan MI, Javed N, Alam M, Jamil F (2017) A survey of cloud computing data integrity schemes: Design challenges, taxonomy and future trends. Comput Secur 65:29–49
Debnath S, Bhuyan B (2019) Large universe attribute based encryption enabled secured data access control for cloud storage with computation outsourcing. Multiagent Grid Syst 15(2):99–119
Hsien WF, Yang CC, Hwang MS (2016) A survey of public auditing for secure data storage in cloud computing. Int J Netw Secur 18(1):133–142
Zhou L, Fu A, Yu S, Su M, Kuang B (2018) Data integrity verification of the outsourced big data in the cloud environment: A survey. J Netw Comput Appl 122:1–15
Article ADS Google Scholar
Liu CW, Hsien WF, Yang CC, Hwang MS (2016) A survey of public auditing for shared data storage with user revocation in cloud computing. Int J Netw Secur 18(4):650–666
Garg N, Bawa S (2016) Comparative analysis of cloud data integrity auditing protocols. J Netw Comput Appl 66:17–32
Sutradhar MR, Sultana N, Dey H, Arif H (2018) A new version of kerberos authentication protocol using ecc and threshold cryptography for cloud security. In: 2018 Joint 7th International Conference on Informatics, Electronics & Vision (ICIEV) and 2018 2nd International Conference on Imaging, Vision & Pattern Recognition (icIVPR). IEEE, pp 239–244
Patel SC, Singh RS, Jaiswal S (2015) Secure and privacy enhanced authentication framework for cloud computing. In: 2015 2nd International Conference on Electronics and Communication Systems (ICECS). IEEE, pp 1631–1634
Hong H, Sun Z, Xia Y (2017) Achieving secure and fine-grained data authentication in cloud computing using attribute based proxy signature. In: 2017 4th International Conference on Information Science and Control Engineering (ICISCE). IEEE, pp 130–134
Wang W, Ren L, Chen L, Ding Y (2019) Intrusion detection and security calculation in industrial cloud storage based on an improved dynamic immune algorithm. Inf Sci 501:543–557
Yan Q, Yu FR, Gong Q, Li J (2015) Software-defined networking (sdn) and distributed denial of service (ddos) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Commun Surv Tutor 18(1):602–622
Dong S, Abbas K, Jain R (2019) A survey on distributed denial of service (ddos) attacks in sdn and cloud computing environments. IEEE Access 7:80813–80828
Thirumallai C, Mekala MS, Perumal V, Rizwan P, Gandomi AH (2020) Machine learning inspired phishing detection (pd) for efficient classification and secure storage distribution (ssd) for cloud-iot application. In: 2020 IEEE Symposium Series on Computational Intelligence (SSCI). IEEE, pp 202–210
Mary BF, Amalarethinam DG (2017) Data security enhancement in public cloud storage using data obfuscation and steganography. In: 2017 World Congress on Computing and Communication Technologies (WCCCT). IEEE, pp 181–184
Nakouri I, Hamdi M, Kim TH (2017) A new biometric-based security framework for cloud storage. In: 2017 13th International Wireless Communications and Mobile Computing Conference (IWCMC). IEEE, pp 390–395
Meddeb-Makhlouf A, Zarai F, et al (2018) Distributed firewall and controller for mobile cloud computing. In: 2018 IEEE/ACS 15th International Conference on Computer Systems and Applications (AICCSA). IEEE/ACS, pp 1–9
Fu Y, Au MH, Du R, Hu H, Li D (2020) Cloud password shield: A secure cloud-based firewall against ddos on authentication servers. In: 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS). IEEE, pp 1209–1210
Zeidler C, Asghar MR (2018) Authstore: Password-based authentication and encrypted data storage in untrusted environments. In: 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). IEEE, pp 996–1001
Erdem E, Sandıkkaya MT (2018) Otpaas-one time password as a service. IEEE Trans Inf Forensic Secur 14(3):743–756
Chandramohan D, Vengattaraman T, Rajaguru D, Baskaran R, Dhavachelvan P (2013) Emppc-an evolutionary model based privacy preserving technique for cloud digital data storage. In: 2013 3rd IEEE International Advance Computing Conference (IACC). IEEE, pp 89–95
Bakas A, Dang HV, Michalas A, Zalitko A (2020) The cloud we share: Access control on symmetrically encrypted data in untrusted clouds. IEEE Access 8:210462–210477
Rukavitsyn AN, Borisenko KA, Holod II, Shorov AV (2017) The method of ensuring confidentiality and integrity data in cloud computing. In: 2017 XX IEEE International Conference on Soft Computing and Measurements (SCM). IEEE, pp 272–274
Chen Y, Li L, Chen Z (2017) An approach to verifying data integrity for cloud storage. In: 2017 13th International Conference on Computational Intelligence and Security (CIS). IEEE, pp 582–585
Alneyadi S, Sithirasenan E, Muthukkumarasamy V () A survey on data leakage prevention systems. J Netw Comput Appl 62:137–152
Baloch FS, Muhammad TA, Waqas L, Mehmet B, Muhammad AN, Gönül Cömertpay, Nergiz Çoban et al (2023) "Recent advancements in the breeding of sorghum crop: current status and future strategies for marker-assisted breeding." Frontiers in Genetics 14:1150616.
Rakotondravony N, Taubmann B, Mandarawi W, Weishäupl E, Xu P, Kolosnjaji B, Protsenko M, De Meer H, Reiser HP (2017) Classifying malware attacks in iaas cloud environments. J Cloud Comput 6(1):1–12
Perez-Botero D, Szefer J, Lee RB (2013) Characterizing hypervisor vulnerabilities in cloud computing servers. In: Proceedings of the 2013 international workshop on Security in cloud computing. ACM, pp 3–10
Tunc C, Hariri S, Merzouki M, Mahmoudi C, De Vaulx FJ, Chbili J, Bohn R, Battou A (2017) Cloud security automation framework. In: 2017 IEEE 2nd International Workshops on Foundations and Applications of Self Systems. IEEE, pp 307–312
Maithili K, Vinothkumar V, Latha P (2018) Analyzing the security mechanisms to prevent unauthorized access in cloud and network security. J Comput Theor Nanosci 15(6–7):2059–2063
Somasundaram TS, Prabha V, Arumugam M (2012) Scalability issues in cloud computing. In: 2012 Fourth International Conference on Advanced Computing (ICoAC). IEEE, pp 1–5
Yousafzai A, Gani A, Noor RM, Sookhak M, Talebian H, Shiraz M, Khan MK (2017) Cloud resource allocation schemes: review, taxonomy, and opportunities. Knowl Inf Syst 50(2):347–381
Natu M, Ghosh RK, Shyamsundar RK, Ranjan R (2016) Holistic performance monitoring of hybrid clouds: Complexities and future directions. IEEE Cloud Comput 3(1):72–81
Mahajan A, Sharma S (2015) The malicious insiders threat in the cloud. Int J Eng Res Gen Sci 3(2):245–256
Liao X, Alrwais S, Yuan K, Xing L, Wang X, Hao S, Beyah R (2018) Cloud repository as a malicious service: challenge, identification and implication. Cybersecurity 1(1):1–18
Singh A, Chatterjee K (2017) Cloud security issues and challenges: A survey. J Netw Comput Appl 79:88–115
Daniel E, Durga S, Seetha S (2019) Panoramic view of cloud storage security attacks: an insight and security approaches. In: 2019 3rd International Conference on Computing Methodologies and Communication (ICCMC). IEEE, pp 1029–1034
Devi BK, Subbulakshmi T (2017) Ddos attack detection and mitigation techniques in cloud computing environment. In: 2017 International Conference on Intelligent Sustainable Systems (ICISS). IEEE, pp 512–517
Yusop ZM, Abawajy J (2014) Analysis of insiders attack mitigation strategies. Procedia-Soc Behav Sci 129:581–591
Song H, Li J, Li H (2021) A cloud secure storage mechanism based on data dispersion and encryption. IEEE Access 9:63745–63751. https://doi.org/10.1109/ACCESS.2021.3075340
Zhang Y, Yu J, Hao R, Wang C, Ren K (2020) Enabling efficient user revocation in identity-based cloud storage auditing for shared big data. IEEE Trans Dependable Secure Comput 17(3):608–619. https://doi.org/10.1109/TDSC.2018.2829880
Zuo C, Shao J, Liu JK, Wei G, Ling Y (2018) Fine-grained two-factor protection mechanism for data sharing in cloud storage. IEEE Trans Inf Forensic Secur 13(1):186–196. https://doi.org/10.1109/TIFS.2017.2746000
Cui H, Deng RH, Li Y, Wu G (2019) Attribute-based storage supporting secure deduplication of encrypted data in cloud. IEEE Trans Big Data 5(3):330–342. https://doi.org/10.1109/TBDATA.2017.2656120
Sun S, Ma H, Song Z, Zhang R (2022) Webcloud: Web-based cloud storage for secure data sharing across platforms. IEEE Trans Dependable Secure Comput 19(3):1871–1884. https://doi.org/10.1109/TDSC.2020.3040784
Cheng K, Wang L, Shen Y, Wang H, Wang Y, Jiang X, Zhong H (2021) Secure kk-nn query on encrypted cloud data with multiple keys. IEEE Trans Big Data 7(4):689–702. https://doi.org/10.1109/TBDATA.2017.2707552
Wang B, Li B, Li H (2014) Oruta: Privacy-preserving public auditing for shared data in the cloud. IEEE Trans Cloud Comput 2(1):43–56
Indhumathil T, Aarthy N, Devi VD, Samyuktha V (2017) Third-party auditing for cloud service providers in multicloud environment. In: 2017 Third International Conference on Science Technology Engineering & Management (ICONSTEM). IEEE, pp 347–352
Mohanty S, Pattnaik PK, Kumar R (2018) Confidentiality preserving auditing for cloud computing environment. In: 2018 International Conference on Research in Intelligent and Computing in Engineering (RICE). IEEE, pp 1–4
Subha T, Jayashri S (2017) Efficient privacy preserving integrity checking model for cloud data storage security. In: 2016 Eighth International Conference on Advanced Computing (ICoAC). IEEE, pp 55–60
Hiremath S, Kunte S (2017) A novel data auditing approach to achieve data privacy and data integrity in cloud computing. In: 2017 International Conference on Electrical, Electronics, Communication, Computer, and Optimization Techniques (ICEECCOT). IEEE, pp 306–310
Zhang Y, Xu C, Li H, Liang X (2016) Cryptographic public verification of data integrity for cloud storage systems. IEEE Cloud Comput 3(5):44–52
Thangavel M, Varalakshmi P (2019) Enabling ternary hash tree based integrity verification for secure cloud data storage. IEEE Trans Knowl Data Eng 32(12):2351–2362
Shen W, Qin J, Yu J, Hao R, Hu J (2018) Enabling identity-based integrity auditing and data sharing with sensitive information hiding for secure cloud storage. IEEE Trans Inf Forensic Secur 14(2):331–346
Singh P, Saroj SK (2020) A secure data dynamics and public auditing scheme for cloud storage. In: 2020 6th International Conference on Advanced Computing and Communication Systems (ICACCS). IEEE, pp 695–700
Ni J, Yu Y, Mu Y, Xia Q (2013) On the security of an efficient dynamic auditing protocol in cloud storage. IEEE Trans Parallel Distrib Syst 25(10):2760–2761
Shao B, Bian G, Wang Y, Su S, Guo C (2018) Dynamic data integrity auditing method supporting privacy protection in vehicular cloud environment. IEEE Access 6:43785–43797
Shen J, Liu D, He D, Huang X, Xiang Y (2017) Algebraic signatures-based data integrity auditing for efficient data dynamics in cloud computing. IEEE Trans Sustain Comput 5(2):161–173
Wang B, Li H, Liu X, Li F, Li X (2014) Efficient public verification on the integrity of multi-owner data in the cloud. J Commun Netw 16(6):592–599
Yu Y, Li Y, Yang B, Susilo W, Yang G, Bai J (2017) Attribute-based cloud data integrity auditing for secure outsourced storage. IEEE Trans Emerg Top Comput 8(2):377–390
Zhu H, Yuan Y, Chen Y, Zha Y, Xi W, Jia B, Xin Y (2019) A secure and efficient data integrity verification scheme for cloud-iot based on short signature. IEEE Access 7:90036–90044
Wang H, He D, Tang S (2016) Identity-based proxy-oriented data uploading and remote data integrity checking in public cloud. IEEE Trans Inf Forensic Secur 11(6):1165–1176
Thakur AS, Gupta P (2014) Framework to improve data integrity in multi cloud environment
Zhang C, Xu Y, Hu Y, Wu J, Ren J, Zhang Y (2021) A blockchain-based multi-cloud storage data auditing scheme to locate faults. IEEE Trans Cloud Comput 10(4):2252–2263.
Subha T, Jayashri S (2014) Data integrity verification in hybrid cloud using ttpa. In: Networks and communications (NetCom2013). Springer, pp 149–159
Mao J, Zhang Y, Li P, Li T, Wu Q, Liu J (2017) A position-aware merkle tree for dynamic cloud data integrity verification. Soft Comput 21(8):2151–2164
Han S, Liu S, Chen K, Gu D (2014) Proofs of retrievability based on mrd codes. In: International Conference on Information Security Practice and Experience. Springer, pp 330–345
Kaaniche N, El Moustaine E, Laurent M (2014) A novel zero-knowledge scheme for proof of data possession in cloud storage applications. In: 2014 14th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing. IEEE, pp 522–531
Khedr WI, Khater HM, Mohamed ER (2019) Cryptographic accumulator-based scheme for critical data integrity verification in cloud storage. IEEE Access 7:65635–65651
Khatri TS, Jethava G (2013) Improving dynamic data integrity verification in cloud computing. In: 2013 Fourth International Conference on Computing, Communications and Networking Technologies (ICCCNT). IEEE, pp 1–6
Wang H (2012) Proxy provable data possession in public clouds. IEEE Trans Serv Comput 6(4):551–559
Apolinário F, Pardal M, Correia M (2018) S-audit: Efficient data integrity verification for cloud storage. In: 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing and Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). IEEE, pp 465–474
Li Y, Fu A, Yu Y, Zhang G (2017) Ipor: An efficient ida-based proof of retrievability scheme for cloud storage systems. In: 2017 IEEE International Conference on Communications (ICC). IEEE, pp 1–6
Shacham H, Waters B (2008) Compact proofs of retrievability. In: International conference on the theory and application of cryptology and information security. Springer, pp 90–107
Erway CC, Küpçü A, Papamanthou C, Tamassia R (2015) Dynamic provable data possession. ACM Trans Inf Syst Secur (TISSEC) 17(4):1–29
He D, Kumar N, Wang H, Wang L, Choo KKR (2017) Privacy-preserving certificateless provable data possession scheme for big data storage on cloud. Appl Math Comput 314:31–43
MathSciNet Google Scholar
Wang B, Li B, Li H, Li F (2013) Certificateless public auditing for data integrity in the cloud. In: 2013 IEEE conference on communications and network security (CNS). IEEE, pp 136–144
Liu C, Chen J, Yang LT, Zhang X, Yang C, Ranjan R, Kotagiri R (2013) Authorized public auditing of dynamic big data storage on cloud with efficient verifiable fine-grained updates. IEEE Trans Parallel Distrib Syst 25(9):2234–2244
Fu A, Li Y, Yu S, Yu Y, Zhang G (2018) Dipor: An ida-based dynamic proof of retrievability scheme for cloud storage systems. J Netw Comput Appl 104:97–106
Xu J, Chang EC (2012) Towards efficient proofs of retrievability. In: Proceedings of the 7th ACM symposium on information, computer and communications security. pp 79–80
Lu Y, Hu F (2019) Secure dynamic big graph data: Scalable, low-cost remote data integrity checking. IEEE Access 7:12888–12900
Ateniese G, Di Pietro R, Mancini LV, Tsudik G (2008) Scalable and efficient provable data possession. In: Proceedings of the 4th international conference on Security and privacy in communication netowrks. ACM, pp 1–10
Tian H, Chen Y, Chang CC, Jiang H, Huang Y, Chen Y, Liu J (2015) Dynamic-hash-table based public auditing for secure cloud storage. IEEE Trans Serv Comput 10(5):701–714
He D, Zeadally S, Wu L (2015) Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Syst J 12(1):64–73
Yoosuf MS, Anitha R (2022). LDuAP: lightweight dual auditing protocol to verify data integrity in cloud storage servers. J Ambient Intell Humanized Comput 13(8):3787–3805.
Tian H, Nan F, Chang CC, Huang Y, Lu J, Du Y (2019) Privacy-preserving public auditing for secure data storage in fog-to-cloud computing. J Netw Comput Appl 127:59–69
Singh AP, Pasupuleti SK (2016) Optimized public auditing and data dynamics for data storage security in cloud computing. Procedia Comput Sci 93:751–759
Wang C, Chow SS, Wang Q, Ren K, Lou W (2011) Privacy-preserving public auditing for secure cloud storage. IEEE Trans Comput 62(2):362–375
Zhang Y, Xu C, Lin X, Shen XS (2019) Blockchain-based public integrity verification for cloud storage against procrastinating auditors. IEEE Trans Cloud Comput 9(3):923–937.
Shen J, Shen J, Chen X, Huang X, Susilo W (2017) An efficient public auditing protocol with novel dynamic structure for cloud data. IEEE Trans Inf Forensic Secur 12(10):2402–2415
Oualha N, Leneutre J, Roudier Y (2012) Verifying remote data integrity in peer-to-peer data storage: A comprehensive survey of protocols. Peer-to-Peer Netw Appl 5(3):231–243
Xu Z, Wu L, Khan MK, Choo KKR, He D (2017) A secure and efficient public auditing scheme using rsa algorithm for cloud storage. J Supercomput 73(12):5285–5309
Sookhak M, Gani A, Talebian H, Akhunzada A, Khan SU, Buyya R, Zomaya AY (2015) Remote data auditing in cloud computing environments: a survey, taxonomy, and open issues. ACM Comput Surv (CSUR) 47(4):1–34
Mohammed A, Vasumathi D (2019) Locality parameters for privacy preserving protocol and detection of malicious third-party auditors in cloud computing. In: International Conference on Intelligent Computing and Communication. Springer, pp 67–76
Carroll M, Van Der Merwe A, Kotze P (2011) Secure cloud computing: Benefits, risks and controls. In: 2011 Information Security for South Africa. IEEE, pp 1–9
Zhang Q, Wang S, Zhang D, Wang J, Zhang Y (2019) Time and attribute based dual access control and data integrity verifiable scheme in cloud computing applications. IEEE Access 7:137594–137607
Li Y, Yu Y, Yang B, Min G, Wu H (2018) Privacy preserving cloud data auditing with efficient key update. Futur Gener Comput Syst 78:789–798
Shen W, Qin J, Yu J, Hao R, Hu J, Ma J (2021) Data integrity auditing without private key storage for secure cloud storage. IEEE Trans Cloud Comput 9(4):1408–1421. https://doi.org/10.1109/TCC.2019.2921553
Garg N, Bawa S, Kumar N (2020) An efficient data integrity auditing protocol for cloud computing. Futur Gener Comput Syst 109:306–316
Zhao XP, Jiang R (2020) Distributed machine learning oriented data integrity verification scheme in cloud computing environment. IEEE Access 8:26372–26384. https://doi.org/10.1109/ACCESS.2020.2971519
Yu Y, Au MH, Ateniese G, Huang X, Susilo W, Dai Y, Min G (2016) Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage. IEEE Trans Inf Forensic Secur 12(4):767–778
Wei P, Wang D, Zhao Y, Tyagi SKS, Kumar N (2020) Blockchain data-based cloud data integrity protection mechanism. Futur Gener Comput Syst 102:902–911
Sifah EB, Xia Q, Agyekum KOBO, Xia H, Smahi A, Gao J (2021) A blockchain approach to ensuring provenance to outsourced cloud data in a sharing ecosystem. IEEE Syst J 16(1):1673–1684.
Huang P, Fan K, Yang H, Zhang K, Li H, Yang Y (2020) A collaborative auditing blockchain for trustworthy data integrity in cloud storage system. IEEE Access 8:94780–94794
Pise R, Patil S (2021) Enhancing security of data in cloud storage using decentralized blockchain. In: 2021 Third International Conference on Intelligent Communication Technologies and Virtual Mobile Networks (ICICV). IEEE, pp 161–167
Sharma P, Jindal R, Borah MD (2019) Blockchain-based integrity protection system for cloud storage. In: 2019 4th Technology Innovation Management and Engineering Science International Conference (TIMES-iCON). IEEE, pp 1–5
Miao Y, Huang Q, Xiao M, Li H (2020) Decentralized and privacy-preserving public auditing for cloud storage based on blockchain. IEEE Access 8:139813–139826. https://doi.org/10.1109/ACCESS.2020.3013153
Cui H, Wan Z, Wei X, Nepal S, Yi X (2020) Pay as you decrypt: Decryption outsourcing for functional encryption using blockchain. IEEE Trans Inf Forensic Secur 15:3227–3238. https://doi.org/10.1109/TIFS.2020.2973864
Duan H, Du Y, Zheng L, Wang C, Au MH, Wang Q (2023) Towards practical auditing of dynamic data in decentralized storage. IEEE Trans Dependable Secure Comput 20(1):708–723. https://doi.org/10.1109/TDSC.2022.3142611
Sasikumar A, Ravi L, Kotecha K, Abraham A, Devarajan M, Vairavasundaram S (2023) A secure big data storage framework based on blockchain consensus mechanism with flexible finality. IEEE Access 11:56712–56725. https://doi.org/10.1109/ACCESS.2023.3282322
Wang T, Zhou J, Chen X, Wang G, Liu A, Liu Y (2018) A three-layer privacy preserving cloud storage scheme based on computational intelligence in fog computing. IEEE Trans Emerg Top Comput Intell 2(1):3–12
Bonomi F, Milito R, Zhu J, Addepalli S (2012) Fog computing and its role in the internet of things. In: Proceedings of the first edition of the MCC workshop on Mobile cloud computing. pp 13–16
Li B, He Q, Chen F, Jin H, Xiang Y, Yang Y (2020) Auditing cache data integrity in the edge computing environment. IEEE Trans Parallel Distrib Syst 32(5):1210–1223.
Li B, He Q, Chen F, Jin H, Xiang Y, Yang Y (2021) Inspecting edge data integrity with aggregated signature in distributed edge computing environment. IEEE Trans Cloud Comput 10(4):2691–2703.
Download references
Acknowledgements
Author information, authors and affiliations.
Department of Computer Engineering, Mizoram University, Aizawl, MZ, 796004, India
Paromita Goswami & Ajoy Kumar Khan
Department of Computer Engineering and Application, GLA University, Mathura, UP, 281406, India
Paromita Goswami & Neetu Faujdar
Department of Computer science and Enginering, Tripura University, Agartala, Tripura, 796022, India
Somen Debnath
Centre for Smart Information and Communication Systems Department of Electrical and Electronic Engineering Science, University of Johannesburg, Auckland Park Campus, PO Box. 524, Johannesburg, 2006, South Africa
Ghanshyam Singh
You can also search for this author in PubMed Google Scholar
Contributions
Paromita Goswami, Neetu Faujdar and Somen Debnath invented the proposed methodology and wrote the main manuscript text, Ajay Kumar Khan prepared tables and Ghyanshyam Singh prepared figures, Ghyanshyam Singh and Ajay Kumar Singh is also written literature and all authrs reviewed the whole manuscript.
Corresponding author
Correspondence to Neetu Faujdar .
Ethics declarations
Ethics approval and consent to participate, consent for publication, competing interests.
The authors declare no competing interests.
Additional information
Publisher's note.
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ .
Reprints and permissions
About this article
Cite this article.
Goswami, P., Faujdar, N., Debnath, S. et al. Investigation on storage level data integrity strategies in cloud computing: classification, security obstructions, challenges and vulnerability. J Cloud Comp 13 , 45 (2024). https://doi.org/10.1186/s13677-024-00605-z
Download citation
Received : 06 May 2023
Accepted : 30 January 2024
Published : 15 February 2024
DOI : https://doi.org/10.1186/s13677-024-00605-z
Share this article
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative
- Cloud computing
- Data integrity
- Security attacks
- Cloud storage
- Data auditing
- Security challenges
An official website of the United States government
The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
- Publications
- Account settings
Preview improvements coming to the PMC website in October 2024. Learn More or Try it out now .
- Advanced Search
- Journal List
- Comput Intell Neurosci
- v.2022; 2022
This article has been retracted.
The rise of cloud computing: data protection, privacy, and open research challenges—a systematic literature review (slr), junaid hassan.
1 Department of Computer Science, National University of Computer and Emerging Sciences, Islamabad, Chiniot-Faisalabad Campus, Chiniot 35400, Pakistan
Danish Shehzad
2 Department of Computer Science, Superior University, Lahore 54000, Pakistan
Usman Habib
3 Faculty of Computer Sciences and Engineering, GIK Institute of Engineering Sciences and Technology, Topi, Swabi 23640, Khyber Pakhtunkhwa, Pakistan
Muhammad Umar Aftab
Muhammad ahmad, ramil kuleev.
4 Institute of Software Development and Engineering, Innopolis University, Innopolis 420500, Russia
Manuel Mazzara
Associated data.
The data used to support the findings of this study are provided in this article.
Cloud computing is a long-standing dream of computing as a utility, where users can store their data remotely in the cloud to enjoy on-demand services and high-quality applications from a shared pool of configurable computing resources. Thus, the privacy and security of data are of utmost importance to all of its users regardless of the nature of the data being stored. In cloud computing environments, it is especially critical because data is stored in various locations, even around the world, and users do not have any physical access to their sensitive data. Therefore, we need certain data protection techniques to protect the sensitive data that is outsourced over the cloud. In this paper, we conduct a systematic literature review (SLR) to illustrate all the data protection techniques that protect sensitive data outsourced over cloud storage. Therefore, the main objective of this research is to synthesize, classify, and identify important studies in the field of study. Accordingly, an evidence-based approach is used in this study. Preliminary results are based on answers to four research questions. Out of 493 research articles, 52 studies were selected. 52 papers use different data protection techniques, which can be divided into two main categories, namely noncryptographic techniques and cryptographic techniques. Noncryptographic techniques consist of data splitting, data anonymization, and steganographic techniques, whereas cryptographic techniques consist of encryption, searchable encryption, homomorphic encryption, and signcryption. In this work, we compare all of these techniques in terms of data protection accuracy, overhead, and operations on masked data. Finally, we discuss the future research challenges facing the implementation of these techniques.
1. Introduction
Recent advances have given rise to the popularity and success of cloud computing. It is a new computing and business model that provides on-demand storage and computing resources. The main objective of cloud computing is to gain financial benefits as cloud computing offers an effective way to reduce operational and capital costs. Cloud storage is a basic service of cloud computing architecture that allows users to store and share data over the internet. Some of the advantages of cloud storage are offsite backup, efficient and secure file access, unlimited data storage space, and low cost of use. Generally, cloud storage is divided into five categories: (1) private cloud storage, (2) personal cloud storage, (3) public cloud storage, (4) community cloud storage, and (5) hybrid cloud storage.
However, when we outsource data and business applications to a third party, security and privacy issues become a major concern [ 1 ]. Before outsourcing private data to the cloud, there is a need to protect private data by applying different data protection techniques, which we will discuss later in this SLR. After outsourcing the private data to the cloud, sometimes the user wants to perform certain operations on their data, such as secure search. Therefore, while performing such operations on private data, the data needs to be protected from intruders so that intruders cannot hack or steal their sensitive information.
Cloud computing has many advantages because of many other technical resources. For example, it has made it possible to store large amounts of data, perform computation on data, and many other various services. In addition, the cloud computing platform reduces the cost of services and also solves the problem of limited resources by sharing important resources among different users. Performance and resource reliability requires that the platform should be able to tackle the security threats [ 2 ]. In recent years, cloud computing has become one of the most important topics in security research. These pieces of research include software security, network security, and data storage security.
The National Institute of Standards and Technology (NIST) defines cloud computing as [ 3 ] “a model for easy access, ubiquitous, resource integration, and on-demand access that can be easily delivered through various types of service providers. The Pay as You Go (PAYG) mechanism is followed by cloud computing, in which users pay only for the services they use. The PAYG model gives users the ability to develop platforms, storage, and customize the software according to the needs of the end-user or client. These advantages are the reason that the research community has put so much effort into this modern concept [ 4 ].
Security is gained by achieving confidentiality, integrity, and data availability. Cloud users want assurance that their data must be saved while using cloud services. There are various types of attacks that launch on a user's private data, such as intrusion attacks, hacking, stealing the user's private data, and denial of service attacks. 57% of companies report security breaches using cloud services [ 5 ]. Data privacy is more important than data security because cloud service providers (CSPs) have full access to all cloud user's data and can monitor their activities, because of which the cloud user privacy is compromised. For example, a user is a diabetic, and the CSP is analyzing their activities, such as what he is searching for more and what kind of medicine he is using the most. Because of this access, CSP can get all the sensitive information about an individual user and can also share this information with a medicine company or an insurance company [ 6 ]. Another problem is that the user cannot fully trust CSP. Because of this reason, there are many legal issues. Users cannot store their sensitive data on unreliable cloud services because of this mistrust. As a result, many users cannot use cloud services to store their personal or sensitive data in the cloud. There are two ways to solve this problem. One is that the user installs a proxy on his side, and this proxy takes the user's data, encrypts and saves their data using some data protection techniques, and then sends it to the untrusted CSP [ 7 ].
The recent Google privacy policy is that any user can use any Google service free of cost; however, Google monitors their activity by monitoring their data to improve their services [ 8 ]. In this paper, we compare different types of data protection techniques that provide privacy and security over the data stored on the cloud. Many papers discuss outsourcing data storage on the cloud [ 9 , 10 ], however, we also discuss how we can secure the outsourced data on the cloud. Most of the paper describes the data security on the cloud vs the external intruder attacks [ 11 , 12 ]. This paper not only discusses the security attacks from outside intruders and securing mechanisms but also inner attacks from the CSP itself. Many surveys cover data privacy by applying cryptographic techniques [ 13 , 14 ]. These cryptographic techniques are very powerful for the protection of data and also provide a very significant result. However, there is a problem as these cryptographic techniques require key management, and some of the cloud functionalities are not working on these cryptographic techniques. In this paper, we also discuss some steganographic techniques. To the best of our knowledge, no study discusses all the conventional and nonconventional security techniques. Therefore, all the data protection techniques need to be combined in one paper.
The rest of this paper is organized as follows: Section 3 of the paper describes the research methodology that consists of inclusion, exclusion criteria, quality assessment criteria, study selection process, research questions, and data extraction process. Also, we discuss assumptions and requirements for data protection in the cloud. Section 4 presents all the cryptographic and also noncryptographic techniques that are used for data protection over the cloud. Also, we discuss the demographic characteristics of the relevant studies by considering the following four aspects: (i) publication trend, (ii) publication venues (proceeding and journals), (iii) number of citations, and (iv) author information. Section 4 also compares all these data protection techniques. Lastly, in Section 5 , we discuss results and present conclusion and future work.
2. Related Work
The first access control mechanism and data integrity in the provable data possession (PDP) model is proposed in the paper [ 15 ], and it provides two mobile applications based on the RSA algorithm. Like the PDP, the author in the paper [ 16 ] proposed a proof of retrievability (PoR) scheme that is used to ensure the integrity of remote data. PoR scheme efficiency is improved using a shorter authentication tag that is integrated with the PoR system [ 17 ]. A more flexible PDP scheme is proposed by the author of the paper [ 18 ] that uses symmetric key encryption techniques to support dynamic operations. A PDP protocol with some flexible functionality is developed, in which, we can add some blocks at run time [ 19 ]. A new PDP system with a different data structure is introduced, and it improves flexibility performance [ 20 ]. Similarly, another PDP model with a different data structure is designed to handle its data functionality [ 21 ]. To improve the accuracy of the data, the author of the paper [ 22 ] designed a multireplicas data verification scheme that fully supports dynamic data updates.
A unique data integration protocol [ 23 ] for multicloud servers is developed. The author of the paper [ 24 ] also considers the complex area where multiple copies are stored in multiple CSPs and builds a solid system to ensure the integrity of all copies at once. A proxy PDP scheme [ 25 ] is proposed, which supports the delegation of data checking that uses concessions to verify auditor consent. In addition, the restrictions of the verifier are removed that strengthened the scheme, and it proposes a separate PDP certification system [ 26 ]. To maintain the security of information, a concept for information security is proposed and a PDP protocol for public research is developed [ 27 ]. To resolve the certification management issue, the PDP system with data protection is introduced [ 28 ].
Identity-based cryptography is developed, in which a user's unique identity is used as input to generate a secret key [ 29 ]. Another PDP protocol is recommended to ensure confidentiality [ 30 ]. The author of the paper [ 31 ] proposed a scheme, in which tags are generated through the ring signature technique for group-based data sharing that supports public auditing and maintains user privacy. A new PDP system is introduced for data sharing over the cloud while maintaining user privacy [ 32 ]. Additionally, it supports the dynamic group system and allows users to exit or join the group at any time. Another PDP system [ 33 ] that is based on broadcast encryption and supports dynamic groups [ 34 ] is introduced. The issue of user revocation has been raised [ 35 ], and to address this issue, a PDP scheme has been proposed, which removes the user from the CSP using the proxy signature method. A PDP-based group data protocol was developed to track user privacy and identity [ 36 ]. A PDP system [ 37 ] is proposed for data sharing between multiple senders. The author of the paper [ 38 ] provides SEPDP systems while maintaining data protection. However, the author of the paper [ 39 ] proved that the scheme proposed in [ 38 ] is vulnerable to malicious counterfeiting by the CSP. A collision-resistant user revocable public auditing (CRUPA) system [ 40 ] is introduced for managing the data that is shared in groups. Another scheme [ 41 ] is introduced as a way to ensure the integrity of mobile data terminals in cloud computing.
To address the PKI issue, identity-based encryption [ 42 ] is designed to enhance the PDP protocol and maintain user privacy in a dynamic community. Before sharing user-sensitive data with third parties or researchers, data owners ensure that the privacy of user-sensitive data is protected. We can do this using data anonymization techniques [ 43 ]. In recent years, the research community has focused on the PPDP search area and developed several approaches for tabular data and SN [ 44 – 49 ]. There are two popular settings in PPDP: one is interactive, and the other is noninteractive [ 50 ]. The K-anonymity model [ 51 ] and its effects are most commonly used in the noninteractive setting of PPDP [ 52 – 56 ]. Differential privacy (DP) [ 57 ] and an interactive configuration of PPDP make extensive use of DP-based methods [ 58 – 60 ]. Meanwhile, several studies for a noninteractive setting reported a PD-dependent approach [ 61 ]. Researchers have expanded the concepts used to anonymize tabular data to protect the privacy of SN users [ 62 – 64 ].
Most images on the internet are in a compressed form. Hence, various studies design some techniques for AMBTC-compressed images. Data concealment has become an active research area. We can hide the data by adding confidential information to the cover image, and as a result, we get the stego image. There are two types of data hiding schemes: one is irreversible [ 65 – 68 ], and the other is a reversible data hiding scheme [ 69 – 71 ]. A cipher text designated for data collection can be re-encrypted as designated for another by a semitrusted proxy without decryption [ 72 ]. The first concrete construction of collusion-resistant unidirectional identity-based proxy re-encryption scheme, for both selective and adaptive identity, is proposed in the paper [ 73 ]. One of the data hiding schemes is the histogram shifting scheme [ 74 – 76 ], and it is the most widely used. A histogram-shifting data hiding scheme [ 77 ] that detects pixel histograms in the cover image is introduced. When big and diverse data are distributed everywhere, we cannot control the vicious attacks. Therefore, we need a cryptosystem to protect our data [ 78 – 80 ].
Some identity-based signature (IBS) schemes [ 81 – 84 ] are introduced that are based on bilinear pairing. However, the authentication schemes based on bilinear pairing over elliptic curve are more efficient and safer than traditional public key infrastructure [ 85 , 86 ]. The paper [ 87 ] proposed a preserving proxy re-encryption scheme for public cloud access control. A differential attack is performed on one-to-many order preserving encryption OPE by exploiting the differences of the ordered ciphertexts in [ 88 ]. Another scheme is proposed, which consists of a cancelable biometric template protection scheme that is based on the format-preserving encryption and Bloom filters [ 89 ]. Some of the researchers also use the concept of paring free identity-based signature schemes [ 90 – 93 ]. A lightweight proxy re-encryption scheme with certificate-based and incremental cryptography for fog-enabled e-healthcare is proposed in [ 94 ].
3. Research Methodology
The objective of this SLR is to evaluate, investigate, and identify the existing research in the context of data storage security in cloud computing to find and evaluate all the existing techniques. SLR is a fair and unbiased way of evaluating all the existing techniques. This way provides a complete and evidence-based search related to a specific topic. At this time, there is no SLR conducted on data storage security techniques that explains all the cryptographic and noncryptographic techniques. Hence, this SLR fulfills the gap by conducting itself. This SLR aims to provide a systematic method using the guidelines of an SLR provided by Kitchenham [ 95 ]. Furthermore, to increase the intensity of our evidence, we follow another study that is provided by [ 96 ]. Our SLR consists of three phases, namely planning, conducting, and reporting. By following these three phases, we conduct our SLR, as shown in Figure 1 .
Review procedure.
3.1. Research Questions
The primary research question of this systematic literature review is “What types of data protection techniques have been proposed in cloud computing?” This primary research question is further divided into four RQs. All these four questions are enlisted below.
- RQ1: what types of data protection techniques have been proposed in cloud computing?
- RQ2: what are the demographic characteristics of the relevant studies?
- RQ3: which data protection technique provides more data protection among all the techniques?
- RQ4: what are the primary findings, research challenges, and directions for future research in the field of data privacy in cloud computing?
3.2. Electronic Databases
Six electronic databases were selected to collect primary search articles. All these six electronic databases are well-reputed in the domain of cloud computing. Most of the relevant articles are taken from two electronic databases, namely IEEE and Elsevier. All the electronic databases that we use in this research process are given in Table 1 .
Databases sources.
3.3. Research Terms
First of all, the title base search is done on the different electronic databases, which are given in Table 1 . After that, most related studies/articles are taken. Search is done using the string (p1 OR p2. . . . . .OR pn.) AND (t1 OR t2. . . . . . OR tn.). This string/query is constructed using a population, intervention, control, and outcomes (PICO) structure that consists of population, intervention, and outcome. Database search queries are given in Table 2 .
- Population : “cloud computing”
- Intervention : “data security,” “data privacy,” “data integrity”
- Using the PICO structure, we construct a general query for the electronic database. Generic: ((“Document Title”: cloud∗) AND (“Document Title”: data AND (privacy OR protect∗ OR secure∗ OR integrity∗))).
Databases search query.
3.4. Procedure of Study Selection
The procedure of study selection is described in Figure 2 . This procedure has three phases: the first one is exclusion based on the title, in which articles are excluded based on the title, and the relevant titles are included. The second is exclusion based on the abstract in which articles are excluded. By reading the abstract of the articles, the most relevant abstract is included, and the last one is exclusion based on a full text that also includes quality assessment criteria.
Study selection procedure.
3.5. Eligibility Control
In this phase, all the selected papers are fully readied, and relevant papers are selected to process our SLR further. Table 3 shows the final selected papers from each database based on inclusion and exclusion criteria. The related papers are selected based on inclusion and exclusion criteria, which are given in Table 4 .
Results from electronic databases.
Inclusion and exclusion criteria.
3.6. Inclusion and Exclusion Criteria
We can use the inclusion and exclusion criteria to define eligibility for basic study selection. We apply the inclusion and exclusion criteria to those studies that are selected after reading the abstract of the papers. The criteria for inclusion and exclusion are set out in Table 4. Table 4 outlines some of the conditions that we have applied to the articles. After applying the inclusion and exclusion criteria, we get relevant articles, which we finally added to our SLR. The search period is from 2010 to 2021, and most of the papers included in our SLR are from 2015 to onward.
We apply inclusion and exclusion criteria in the third phase of the study selection process, and we get 139 results. After that, we also apply quality criteria, and finally, we get 52 articles, which are included in this SLR. Most of the articles are taken from Elsevier and IEEE electronic databases. IEEE is the largest Venus for data storage security in cloud computing. The ratio of the selected articles from different electronic databases is shown in Figure 3 .
Percentage of selected studies.
3.7. Quality Assessment Criteria
Quality checking/assessment is done in the 3 rd phase of the study selection process. A scale of 0-1 is used for the quality assessment (QA) of the articles.
Poor-quality articles get 0 points on the scale, and good-quality articles get 1 point on the scale. The articles with 1 point on the scale are included in this SLR. Hence, by applying the quality checking/assessment criteria on all the articles, we finally get 52 articles. All the selected papers have validity and novelty for different data protection techniques, and also, we find the relevance of the articles in the quality assessment criteria, which ensures that all the articles are related to the SLR (data storage protection and privacy in cloud computing). The quality checking (QC) criteria are given in Table 5 .
Quality checking criteria.
3.8. Taxonomy of the Data Protection Techniques
In this section, all the data protection techniques are depicted in Figure 4 . All the data protection techniques are arranged and classified in their related categories. The purpose of the taxonomy is to give a presentational view of all the data protection techniques. The data protection techniques are mainly divided into two categories, namely (1) noncryptographic techniques and (2) cryptographic techniques.
Taxonomy of the data protection techniques.
4. Results and Discussions
Data protection on the cloud is done by developing a third-party proxy that is trusted by the user. The trusted proxy is not a physical entity. It is a logical entity that can be developed on the user end (like on the user's personal computer) or at that location on which the user can trust. Mostly, all the local proxies are used as an additional service or as an additional module (like browser plugins). To fulfill the objective of data protection by proxies, some requirements are needed to fulfill necessarily. The requirements are given below:
- User privilege. There are several objectives of user privilege or user empowerment, however, the main objective is to increase the trust of the users in data protection proxies used by the cloud.
- Transparency. Another important objective is that when users outsource their sensitive data to trusted proxies, their data should remain the same and should not be altered.
- Cloud computing provides large computing power and cost saving resources. However, one concern is that if we increase data security, computation overhead should not increase. We want to minimize the computation overhead over the proxies.
- Cloud functionalities preservation. Cloud functionalities preservation is the most important objective. The users encrypt their sensitive data on their personal computers by applying different encryption techniques to increase the protection of their data, however, by applying these different encryption techniques, they are not able to avail some of the cloud functionalities because of compatibility issues [ 97 ]. Hence, it is the main issue.
Figure 5 provides a data workflow for protecting sensitive data on the cloud using a local proxy. There are different types of the assumption that are made for data protection, and some of them are discussed below.
- Curious CSPs, the most commonly used model in cloud computing, is given in the literature [ 98 ]. The cloud service provider honestly fulfills the responsibilities, i.e., they do not interfere in the user activities, and they only follow the stander protocols. The CSP is honest, however, sometimes, it is curious to analyze the users' queries and analyze their sensitive data, which is not good because it is against the protocol. Also, by this, the privacy of the user is compromised. Hence, we can avoid these things by applying some data protection techniques on the user end to protect the users' sensitive data from the CSPs.
- In some cases, CSPs may collaborate with data protection proxies that are present on the users' sides to increase the level of trust between the users and CSPs because better trust can motivate more users to move to the cloud. This collaboration can be done if CSPs provide some services to the users with a stable interface for storing, searching, and computing their data.
- A multicloud approach to cloud computing infrastructure has also been proposed to improve their performance. In this regard, multiple cloud computing services are provided in the same heterogeneous architecture [ 19 ]. A multicloud gives the user multiple different places to store their data at their desired location. There are several benefits to use a multicloud, e.g., it reduces reliance on a single CSP, which increases flexibility.
Data workflow on cloud using local proxy.
4.1. RQ1: What Type of Data Protection Techniques has Been Proposed in Cloud Computing?
In this session, we will discuss all the techniques for data storage security over the cloud. All these techniques are divided into two main categories, namely (i) cryptographic techniques and (ii) noncryptographic techniques. The local proxy uses different techniques to protect data that are stored on the cloud. Because of this reason, we cannot gain all the advantages of cloud services. Therefore, we analyze and compare all these techniques based on different criteria. These different criteria are as follows: (i) the data accuracy of all the techniques, (ii) the data protection level of all the techniques, (iii) all the functionalities these schemes allow on masked and unmasked data, and (iv) the overhead to encrypt and decrypt data over the cloud.
4.1.1. Noncryptographic Techniques
There are some noncryptographic techniques, and we discuss them in this paper as follows:
(1) Data Anonymization . Data anonymization is a data privacy technique used to protect a user's personal information. This technique hides the person's personal information by hiding the person's identifier or attributes that could reveal a person's identity. Data anonymization can be done by applying various mechanisms, for example, by removing or hiding identifiers or attributes. It can also be done by encrypting the user's personal information. The main purpose of performing data anonymization is that we can hide the identity of the person in any way. Data anonymity can be defined as the user's personal data being altered in such a way that we cannot directly or indirectly identify that person, and the CSP cannot retrieve any person's personal information. Data anonymization techniques have been developed in the field of statistical control disclosure. These techniques are most often used when we want to outsource sensitive data for testing purposes. Data anonymization is graphically represented in Figure 6 .
Data anonymization flow diagram.
Data anonymization techniques are most often used when we want to outsource sensitive data for testing purposes. For example, if some doctors want to diagnose certain diseases, some details of these diseases are required for this purpose. This information is obtained from the patients that suffer from these diseases, but it is illegal to share or disclose anyone's personal information. However, for this purpose, we use data anonymization technique to hide or conceal the person's personal information before outsourcing the data. In some cases, however, the CSP wants to analyze the user's masked data. In the data anonymization technique, attributes are the most important part. Attributes can include name, age, gender, address, salary, etc. Table 6 shows the identifiers classification.
Identifiers classification.
Data anonymization can be performed horizontally or vertically on this table and also on the record or group of records. The attributes are further classified into the following categories.
- Sensitive Attributes: sensitive attributes possess sensitive information of the person, such as salary, disease information, phone number, etc. These attributes are strongly protected by applying some protection techniques.
- Nonsensitive Attributes: these types of attributes do not belong to any type of category. Hence, they do not disclose the identity of a person.
- Identifiers: identifier belongs to the identity of a person, such as Id card, name, social security number, etc. Because of the presence of these identifiers, the relationship between different attributes can be detected. Hence, these identifiers must be replaced or anonymized.
- Quasi-Identifiers: quasi-identifiers are the group of identifiers that are available publicly, such as zip-code, designation, gender, etc. Separately, these identifiers cannot reveal the personal identity, however, by combining them, they may reveal the identity of the person. Hence, we want to separate these quasi-identifiers to avoid the discloser.
There are two main categories of data masking: (1) perturbative masking and (2) nonperturbative masking.
- (1) Perturbative Masking
- In perturbation, masking data is altered or masked with dummy datasets. Original data is replaced with dummy data, however, this data looks like the original data with some noise addition. The statistical properties of the original data are present in the masked data, however, nonperturbative masking does not contain the statistical properties of original data, because in perturbation masking, data is altered or masked with physically same but dummy data.
- Data swapping
- In data swapping, the data is randomly changed with the same but dummy data between different records [ 99 ]. However, if the numerical values are present in the dataset, then in certain limits, the values can be changed. Otherwise, the meaning of the data is changed. The masked data cannot look like the original data. For those attributes that can be ranked, the attribute is replaced with the nearby ranked attributes, and a very large difference between ranks is not suitable [ 100 ]. In data swapping, higher-level attributes are swapped [ 101 ] and individual values are not changed.
- Noise Addition
- In this mechanism, some noise is added to the original dataset to alter the original data. Noise is only added to the data that is continuous and divided into categories [ 102 ]. The noise is added into all the attributes that are present in the original dataset, such as sensitive attributes and also quasi-attributes.
- Microaggregation
- In this technique, all the relevant data is stored into different groups, and these different groups release average values from each record [ 103 ]. If a large number of similar records is present in different groups, then more data utility is done. We can cluster the data in many ways, e.g., in categorical versions [ 104 ]. Microaggregation is done on a quasi-attribute to protect these attributes from reidentification, and the quasi-attributes protect all the other attributes from reidentification. We can also minimize reidentification by data clustering [ 105 ].
- Pseudonymization
- In this method, the original data is replaced with artificial datasets [ 106 ]. In this technique, each attribute present in the original data is a pseudonym, and by doing this, data is less identifiable.
- (2) Nonperturbative Masking
- Nonperturbative masking does not change or alter the original data, however, it changes the statistical properties of the original data. Mask data is created by the reduction of the original data or suppressions of the original data [ 107 ].
- Bucketization
- In this method, original data is stored in different buckets, and these buckets are protected through encryption [ 108 ]. We can protect the sensitive attributes through bucketization.
- Data slicing is a method in which a larger group of data is divided into smaller slices or segments [ 109 ]. Hence, we can slice the data, and in this way, the sensitive attribute and the quasi-attributes are divided into different slices. By identifying the individual slice, the identity of the person cannot be disclosed.
- Sampling is a technique in which the population and sample concept is present. The entire data is called population, and the masked data is called a sample. In this technique, we make different samples of the original data. A smaller data sample provides more protection [ 110 ].
- Generalization
- It is a technique in which some additional attributes are added to the record. If the number of quasi-attributes is less rare, then some dummy attributes are added into the record, which look like the quasi-attributes. Hence, by doing this, reidentification becomes more difficult [ 111 ]. By applying generalization on data, we can protect the identity of a person because it hides the relationship between the quasi-attributes.
The summary of data anonymization techniques is given in Table 7 .
The summary of data anonymization techniques.
(2) Data Splitting . Data splitting is a technique in which sensitive data is divided into different fragments [ 112 ] to protect it from unauthorized access. In this technique, we first split the data into different fragments, then these fragments are randomly stored on different clouds. Even if the intruder gains access to a single fragment in any way, still the intruder will not be able to identify the person. For example, if an intruder gets a fragment from the cloud that contains the salary information of an organization, it is useless until he knows which salary belongs to which person. Hence, data splitting is a very useful technique for protecting data stored on the cloud.
Local proxies outsource data to the cloud without splitting the data, and they can also split the data first and then outsource to the same cloud using different accounts in the same CSP. It can also store data on different cloud platforms that run through different CSPs but provide some of the same services. Data is split before storing in different locations because even if some part or piece of data is known to an intruder, they will not be able to identify anyone.
Firstly, the local proxy retrieves sensitive data from the user and then calculates the risk factor for disclosure. In this method, the user can define the privacy level, and this privacy level provides information about all the sensitive attributes that can reveal someone's identity. These sensitive attributes are called quasi-attributes or quasi-identifiers. Next, the local proxy decides the number of pieces into which the sensitive data will be split and the number of locations that will be needed to store those pieces. Therefore, no one can reveal a person's identity, and all this information about the data splitting mechanism is stored at the local proxy. However, the system must be able to function properly and respond to the queries on time. After that, the local proxy stores these different data fragments in different cloud databases, and now, they are free from disclosure. The data-splitting mechanism supports almost all the functions of the cloud. Hence, we can use almost all the services provided by CSP using the data-splitting mechanism for storing data in the cloud.
When the users want to retrieve the original data, they process a query on a local proxy. The query is processed, and the data storage locations are retrieved from the local database. After that, the query is replicated as many times as the data is split into fragments, and these queries are forwarded to the relevant CSPs. As a result, each CSP provides a set of results that represent a partial view of the complete result. Finally, the proxy collects partial results according to the criteria used to split the data and provides the complete result to the user. Mostly, all these fragments are stored on different cloud databases in their original structure. Therefore, computation on these fragments can be performed easily. However, there is a problem if we want to perform computation separately on the individual fragment. Then, there is no algorithm that exists for this computation. Therefore, some algorithms are required to perform these types of computation as this computation requires communication between different CSPs. The redundancy of proxy metadata and backup policies must be essential to ensure the robustness of the mechanism. The data-splitting is graphically represented in Figure 7 .
Data-splitting flow diagram.
The summary of the data-splitting is given in Table 8 . Different data-splitting techniques are used for the protection of data stored on the cloud. Some of these are given below.
- Byte level splitting
- In this type, all the sensitive data is converted into bytes [ 113 ]. Then, these bytes are randomly shuffled with each other. After that, all the bytes are recombined. Fixed length fragments are made, and then, these fragments are stored on a different cloud.
- Privacy level splitting
- In this mechanism, the user chose the privacy level of each file [ 114 ] that is to be stored on a cloud database. Hence, a privacy level is attached with the file that is to be stored on the cloud. Using this privacy level, the user can decide that the higher privacy level files should be stored on the trusted cloud.
- Byte level splitting with replication
- Byte-level data splitting is combined with data replication to improve both performance and security. The author of the paper [ 115 ] proposed an algorithm to store the data fragments on different clouds, so that they are at a certain distance and by doing this; we can avoid confabulation attacks where the intruder can aggregate the split fragments.
- Byte level splitting with encryption
- Firstly, byte-level data splitting [ 116 , 117 ] is proposed. In this scheme, every fragment of data is encrypted to enhance the security of sensitive data. In this mechanism, the data is split into bytes, and these bytes are randomly shuffled and finally recombined. This type of data splitting is suitable for binary or multimedia files that are not processed through the cloud.
- Another problem is the length of a fragment in which we can say that the data cannot be reidentified or the identity of a person cannot be revealed. If the length is too short, then the probability of disclosure increases, and if the length is too long, then it is difficult to handle these fragments. Hence, it should have a certain length so that we can also protect the identity of a person.
- There is another type of data splitting in which we split data into attributes. The attribute level splitting is performed in two ways: one is horizontal splitting and the second is vertical splitting. These types of splitting are mostly done on structural databases, and they provide strong privacy.
- Vertical splitting
- In vertical data splitting [ 118 , 119 ], we divide quasi-identifiers or quasi-attributes in such a way that all the risky attributes are divided into different fragments to secure the reidentification. Some of the sensitive fragments required encryption on it. Hence, we can encrypt these fragments by applying some encryption algorithms or by applying some other privacy methods to increase the security level.
The summary of the data-splitting techniques.
A solution for sensitive data splitting without performing encryption on fragments is proposed [ 120 ]. This mechanism is suitable for data on which we want to perform some computation, because on encrypted data, we cannot perform computation directly. Another technique has been proposed [ 121 ], which demonstrates the redaction and sanitization of a document that identifies all sensitive attributes and protects the data in most documents.
The schemes that use vertical splitting to protect data are faster than other splitting techniques because data fragments consist of a single attribute or multiple attributes. It does not involve data masking or encryption. Hence, the computation is easy. There is another type of encryption in which we do not encrypt and decrypt every time to perform computation. It is called homomorphic encryption. In this case, all data modification is done on encrypted data, and actual data is not changed, however, the final result is preserved [ 122 ].
(3) Steganography . Steganography is the practice of concealing a message within another message or a physical object. In computing contexts, video, audio, image, message, or computer file is concealed within another image, message, or file. The steganography flow diagram is depicted in Figure 8 . There are two main types of steganography, namely (1) linguistic steganography and (2) technical steganography. These techniques are given as follows:
- (1) Linguistic Steganography
- It uses images and symbols alone to cover the data. There are two types of Semagrams [ 123 ]. The first is a visual Semagram. In this type, we can visualize the massage. The second type is a text Semagram. In this type, we change the font, color, or symbols of the text message.
- In this case, we hide the real message from the intruder by installing the original massage in an authorized carrier [ 124 ]. Open code technique is further divided into two types: one is jargon code, and the second is covered ciphers.
- (2) Technical Steganography
- Text steganography
- In this type, we change some textual characteristics of text, such as the font, color, or symbols of the text message [ 127 ]. Three coding techniques are used to change these textual features, which are as follows: (1) line-shift coding, (2) word-shift coding, and (3) feature coding.
- Image steganography
- It is the most popular type of steganography. Image steganography refers to the process of hiding sensitive data inside an image file [ 128 ]. The transformed image is expected to look very similar to the original image because the visible features of the stego image remain the same. The image steganography is divided into three parts, namely (1) least significant bits coding, (2) masking and filtering, and (3) transformations.
- Audio steganography
- Audio steganography is a technique that is used to transmit secret data by modifying a digitalized audio signal in an imperceptible manner [ 129 ]. Following types of audio steganography are given: (1) least significant bits coding, (2) phase coding, (3) spread spectrum, and (4) echo hiding.
- Video steganography
- In video steganography, both image and audio steganography are used [ 130 ]. A video consists of many frames. Hence, video steganography hides a large amount of data in carrier images. In this type of steganography, we select the specific frame in which we want to hide the sensitive data.
- (ii) Methods
- Frequency Domain
- A frequency-domain steganography technique is used for hiding a large amount of data with no loss of secret message, good invisibility, and high security [ 131 ]. In the frequency domain, we change the magnitude of all of the DCT coefficients of the cover image. There are two types of frequency domain: (1) discrete cosine transformation and (2) discrete wavelet transformation.
- Spatial Domain
- The spatial domain is based on the physical location of pixels in an image [ 132 ]. A spatial domain technique gives the idea of pixel regulation, which minimizes the progressions of a stego image created from the spread image. Some methods of the spatial domain are given as follows: (1) least significant bit, (2) pixel value differencing, (3) pixel indicator, (4) gray level modification, and (5) quantized indexed modulation.
Steganography flow diagram.
The summary of the steganographic techniques is given in Table 9 .
The summary of the steganographic techniques.
4.1.2. Cryptographic Techniques
Cryptography is the most important and most widely used technique for security purposes. In cryptography, the plain text is converted into ciphertext using a key and some encryption algorithms. Cryptographic techniques are the most secure techniques among all the other security techniques. Hence, these cryptography techniques are widely used in data storage security over the cloud. The present day's cryptography techniques are more realistic. We can achieve different objectives by applying these cryptographic techniques, for example, data confidentiality and data integrity. Because of an increase in the number of data breaches in the last few years, some cloud service provider companies are shifting toward cryptographic techniques to achieve more security. The most commonly used cryptographic technique is AES [ 133 ]. Key management is an important issue in cryptographic techniques because if the key is hacked by an intruder, then all the data will be hacked or stolen by this intruder. Hence, key protection or key management is a very important issue. Therefore, it is mostly the responsibility of CSP to manage the key and also provide the protection of key. Cryptographic techniques also protect the user from an untrusted CSP because sometimes the CSP outsources sensitive data without taking the permission of users, and it is an illegal activity. Hence, to avoid these things and protect our sensitive data from untrusted CSPs, we use cryptographic techniques, and it is the best option for users. However, there are some difficulties the user has to face while using cryptographic techniques, i.e., if a user wants to update a small amount of data, the user needs to decrypt the data and then perform this minor update. Hence, this work is very costly. Over time, implementing cryptographic techniques gives us a higher level of security, however, we compromise on performance or speed. It all depends on the user, the standard, the performance, or the high level of security the user wants to achieve. In this paper, we are focusing on the four main functionalities that are required or needed on cloud computing when using cryptographic techniques. Figure 9 shows the flow diagram of encryption.
Encryption flow diagram.
Some of the main functionalities of cryptographic functions are given below.
- Search on encrypted data
- If a user wants to retrieve their data stored in a cloud database, they generate a query and run the query on a local proxy server and search for the data they want. Searching for encrypted data is a very important part of cryptography because every user who stores their sensitive data in a cloud database wants to retrieve it, and it is done by searching their sensitive data through queries. Therefore, the procedure of retrieving their data is very difficult.
- Storage control
- Sometimes the user wants to store data in a desired location or trusted database. Hence, the user must have full control over the storage of data.
- Access control
- It is a very important control and is referred to as data access restriction. Sometimes, the user does not want to share a private file publicly. Hence, access control is an important functionality.
- Computation on data
- Data computation is the main functionality of cloud computing. Sometimes, the user wants to perform some computation on data that are stored on a cloud database. For example, if a user wants to perform computation on encrypted data that is stored on cloud databases, then there are two ways. One is that the user, firstly, decrypts the entire data, performs computation on the data, and finally, the user encrypts the entire data and stores on the cloud database. This process is very expensive in terms of computation.
Some of the cryptographic techniques are as follows:
(1) Homomorphic Encryption . Homomorphic encryption is a form of encryption that permits users to perform computations on encrypted data without decrypting it. These resulting computations are left in an encrypted form, which, when decrypted, result in an identical output to that produced had the operations been performed on the unencrypted data. There are some types of homomorphic encryption that are described below.
- Partial Homomorphic Encryption
- In partial homomorphic encryption, only one arithmetic function addition or multiplication is performed at one time. If the resultant ciphertext is the addition of the plain text, then it is called an additive homomorphic scheme, and if the resultant ciphertext is the multiplication of the plaintext, then it is called the multiplicative homomorphic scheme. Two multiplicative homomorphic schemes are given as in [ 134 , 135 ]. There is one additive homomorphic scheme that is called Paillier [ 136 ].
- Somewhat Homomorphic Encryption
- This technique allows the user to perform the multiplication and subtraction mathematical operations. However, this scheme allows a limited number of arithmetic operations, because if it allows a large number of arithmetic operations, then it produces noise. This noise changes the structure of the original data. Hence, limited numerical math operations are allowed. There is a somewhat homomorphic encryption scheme that is presented by the authors of the papers [ 137 , 138 ]. In this scheme, the time of encryption and decryption is increased when multiplication operations are increased. To avoid this increase in time, we allow only a limited number of mathematical operations.
- Fully Homomorphic Encryption
- This technique allows a large number of arithmetic operations, namely multiplication and subtraction. Multiplication and addition in this technique are performed in the form of XOR and AND gates [ 139 ]. Completely homomorphic encryption techniques require a higher computation time to encrypt and decrypt data. Therefore, this technique is not applicable in real-life applications for implementation. This technique uses a bootstrapping algorithm when a large number of multiplication operations is performed on data and also for the decryption of the data it is used. Homomorphic encryption, on the other hand, represents the trade-off between operations and speed performance. Only a limited number of arithmetic operations are allowed if someone wants low computation, and a large number of arithmetic operations are allowed if someone wants high security. It depends on the needs of the user.
(2) Searchable Encryption . A searchable encryption technique is proposed by the author of the paper [ 140 ]. In this technique, before storing data on a cloud database, encryption is performed, and after that, it is stored on the cloud. The advantage of this technique is that when we search for some data over the cloud database, this technique provides a secure search over the cloud database.
- Searchable Asymmetric Encryption
- Over the past two decades, we have focused on searchable encryption. Much of the work is related to the multiwriter and single-reader cases. Searchable encryption is also called public keyword search encryption along with keyword search (PEKS) [ 141 ].
- Searchable Symmetric Encryption
- Symmetric-key algorithms use the same key for massage encryption and ciphertext decryption. The keys can be the same, or there can be a simple transformation to go between the two keys. Verifiable searchable symmetric encryption, as a key cloud security technique, allows users to retrieve encrypted data from the cloud with keywords and verify the accuracy of the returned results. Another scheme is proposed for keyword search over dynamic encrypted cloud data with a symmetric-key-based verification scheme [ 142 ].
(3) Encryption . In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decipher a ciphertext back to plaintext and access the original information.
- Symmetric Key Encryption
- Only one key is used in symmetric encryption to encrypt and decrypt the message. Two parties that communicate through symmetric encryption should exchange the key so that it can be used in the decryption process. This method of encryption differs from asymmetric encryption, where a pair of keys is used to encrypt and decrypt messages. A secure transmission method of network communication data based on symmetric key encryption algorithm is proposed in [ 143 ].
- Public Key Encryption
- The public-key encryption scheme is proposed by the author of the paper [ 144 ]. In this scheme, a public key pair is created by the receiver. This public key pair consists of two keys. One is called a public key, which is known publicly to everyone, and the second is the private key, which is kept a secret. Hence, in this scheme, the sender performs encryption on the data using the public key of the receiver and then sends this encrypted data to the receiver. After receiving this encrypted data, the receiver can decrypt this data using the private key. Hence, in this way, we can perform secure communication between two parties.
- Identity-Based Encryption
- Identity-based encryption is proposed by the author of the paper [ 145 ]. In this technique, a set of users is registered on the database and a unique identity is assigned to all the registered users by an admin that controls this scheme. The identity of the users can be represented by their name or their e-mail address. Just like in a public-key encryption, there is a public key pair that consists of one public key, which is the identity of the user, and one private key, which is a secret key. Just like in public-key encryption, the receiver cannot generate their public key in identity-based encryption. The identity cannot be generated by the user. There is a central authority that generates and manage the user's identity. The identity-based encryption is improved by the author [ 146 ]. The main advantage of identity-based encryption is that anyone can generate the public key of a given identity with the help of the central main authority.
- Attribute-Based Encryption
- The authors of the papers [ 147 , 148 ] propose a technique called attribute-based encryption. Similar to identity-based encryption, attribute-based encryption also depends on the central main authority. The central main authority generates the private key and distributes it to all the registered users. It can be encrypting the messages, however, if it does not have this designation, then it cannot be generating the messages. Attribute-based encryption is used when the number of registered users is very large. Then, the attribute-based encryption is useful. The attribute-based encryption consists of two schemes, which are key policy and ciphertext policy.
- Functional Encryption
- A functional encryption technique [ 149 , 150 ] consists of identity-based encryption, attribute-based encryption, and public-key encryption. All the functionalities of these three techniques combinedly make function encryption. In this technique, all the private keys are generated by the central main authority, which is associated with a specific function. Functional encryption is a very powerful encryption technique that holds all the functionalities of three encryption techniques. A functional encryption technique is used in many applications.
(4) Signcryption . Cryptography is publicly open-source, and it functions simultaneously as a digital signature and cipher. Cryptography and digital signatures are two basic encryption tools that can ensure confidentiality, integrity, and immutability. In [ 151 ], a new scheme called signature, encryption and encryption is proposed, based on effectively verifiable credentials. The system not only performs encryption and encryption but also provides an encryption or signature form only when needed [ 152 ]. The paper proposes lightweight certificate-based encryption using a proxy cipher scheme (CSS) for smart devices connected to an IoT network to reduce computing and communications costs. To ensure the security and efficiency of the proposed CBSS project, we used a cipher system encoded with 80 bit subparameters. Reference [ 153 ] proposes an input control scheme for the IoT environment using a cryptographic scheme corresponding to the efficiency and robustness of the UK security system. The proposed scheme shows that besides security services, such as protection against attacks, confidentiality, integrity, nonblocking, nondisclosure, and confidentiality, accounting and communication costs are low compared to the current scheme. Document [ 154 ] gives the informal and formal security proof of the proposed scheme. Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is used for formal security analysis, which confirms that the proposed CB-PS scheme can potentially be implemented for resource-constrained low-computing electronic devices in E-prescription systems. The proposed scheme [ 155 ] introduced a new concept that does not require a reliable channel. The main production center sends a part of the private key to the public consumers. The summary of the cryptographic schemes is given in Table 10 .
The summary of the cryptographic techniques.
All data storage protection on cloud computing is discussed in session 3. There are a lot of data protection techniques, however, all these techniques are only divided into three main categories, namely (i) data splitting, (ii) data anonymization, and (iii) cryptography. From different points views, we discuss all these techniques, e.g., overhead on the local proxy, computation cost, search on encrypted data, data accuracy all these techniques retained, and data protection level all these techniques have, and all the masked data techniques have the functionalities. These are some different views, and by considering them, we can analyze all the data protection techniques. Cryptography provides high-level security but limited cloud functionalities and a high cost of performing computation on cloud data. Data splitting provide low computation cost but a low level of security. Data anonymization is of two types: one is perturbative masking, and the second is nonperturbative masking. Hence, in perturbative masking, data is altered with dummy data. Hence, security is high, however, we cannot perform some functionalities.
4.2. RQ2: What are the Demographic Characteristics of the Relevant Studies?
We answer this question by considering the four following aspects: (i) publication trend, (ii) publication venues (proceeding and journals), (iii) number of citations, and (iv) author information.
4.2.1. Publication Trend
From 2010 to 2021, we found 52 papers that were of top ranked journals and conferences. From 2010 to 2017, there is linear work in cloud computing, however, after 2017, a lot of work is done in cloud computing data security. From 2018 to 2021, 37 papers are published. After 2018, the trend about data security in cloud computing increased very vastly. Most of the work is done in 2021. High-ranked studies are published in 2021. Figure 10 shows all trends of all the publications from 2010. Most of the articles are published in journals venue, and the highest number of papers have been published in IEEE Access journal. 6 papers were published in this journal.
Number of publications per year.
4.2.2. Publication Venues
There are different types of publication venues, and some of them are book articles, conference proceedings, journals, workshop proceedings, and symposium proceedings. Hence, in our SLR, the number of publications in a different venue is given in Figure 11 . We have a total of 52 papers after applying the inclusion and exclusion criteria in Section 2 .
Publication venues.
Out of 52 papers, 0 papers are published in book chapters. 1 paper is published in workshop proceedings. 0 papers are published in symposium proceedings. 43 papers are published in journals. 8 papers are published in conference proceedings. There are some most active journals in cloud data security, which are enlisted in Table 11 .
Top 5 most active journals.
The most active journal is the IEEE Access. In this journal, 6 papers are published. Journal of Cryptology is the second most active journal in the field of data storage, security, and privacy in cloud computing. In this journal, 3 papers are published. In the third journal, i.e., in the Journal of Information Fusion, 3 papers are published. The fourth journal is the Information Science. In this journal, 2 papers are published. The fifth journal is IEEE Transactions on Knowledge and Data Engineering, and in this journal, 2 papers are published. Most active conferences are given in Table 12 .
Top 5 most active conferences.
4.2.3. Number of Citations
The number of citations of a paper also tells the quality of the paper. The more the number of citations, the higher the quality, and the fewer the number of citations of the paper, the lower the paper quality. Table 13 shows the most influential authors, and Figure 12 shows the number of citations of all the papers that we have used in this SLR. Few papers have citations of more than 100. Hence, it shows that papers have a very high quality, and hence, the citation of those papers is very high. These papers are [ 105 , 118 , 124 , 139 ].
Number of citations of the papers.
Top 10 most influential authors in data protection in cloud computing.
4.2.4. Author Information
Some authors are most active in their publication. To identify these authors, we enlist the names of the top 10 authors that are more active in the field of data protection and privacy in cloud computing. Hence, we enlist the names of the top 10 authors and also their numbers of publications in Table 13 .
4.3. RQ3: Which Data Protection Technique Provides More Data Protection among all the Techniques?
We answer this question by considering the following four aspects: (i) publication trend, (ii) publication venues (proceeding and journals), (iii) number of citations, and (iv) author information.
4.3.1. Comparison of Data Protection Techniques
In this section, we compare all the data protection techniques that are discussed in this SLR, and finally, we review which technique is better and provides more protection among all these data protection techniques. We compare these techniques based on different functionalities, which are given as (i) local proxy overhead, (ii) data accuracy retain, (iii) level of data protection, (iv) transparency, and (v) operation supported, and finally, we discuss RQ2. Table 14 depicts a comparison of all the data protection techniques and provides a brief comparison of all the data protection techniques discussed in this SLR. Now, we discuss all these five functionalities one by one in more detail.
- The overhead on the local proxy for encryption is very high because the data is encrypted. If the user wants to update the data, firstly, the user decrypts the data and then updates the data. After that, the user encrypts the data again. Hence, this operation requires a lot of time, and all this work is performed by the local proxy. It is the reason the overhead on the local proxy for encryption is very high for encryption.
- Data Splitting
- The overhead on a local proxy for data splitting is very low. The local proxy overhead remains constant while splitting data into fragments.
- Anonymization
- The overhead on a local proxy for anonymization is average because most of the anonymization methods require quasilinear computation in the number of records to generate the anonymized data set. Whenever the anonymized data is generated and stored in the cloud database, then there is no overhead on the local proxy.
- Homomorphic Encryption
- The overhead on local proxies for homomorphic encryption is very high because homomorphic encryption involves a large number of mathematical operations. Therefore, there is a lot of overhead on local proxies for homomorphic encryption.
- Steganography
- The overhead on the local proxy for steganography is not too much as the data is concealed inside the cover for secure communication. However, based on the complexity of the operation in the transformed domain technique, the local proxy overhead is more than the spatial domain technique.
- Signcryption
- The overhead on the local proxy for signcryption is high compared to the simple encryption because in signcryption, hashing and encryption are performed in a single logical step. Because of an extra operation in signcryption, the overhead on the local proxy is higher than the simple encryption.
- The data accuracy level for encryption is very high because data is encrypted by applying some algorithms. The sensitive data is encrypted by the sender, and this data is decrypted by the receiver using a key. This data cannot be read by anyone who does not have the secret key. Therefore, data accuracy is very high for encryption.
- The data accuracy level for data splitting is average because data-splitting data is present in the form of fragments. Therefore, CSP can easily access the fragments of data. Both encryption and data splitting are irreversible methods. Hence, we can retrieve the original data easily.
- The data accuracy level for data anonymization is very low because anonymization is not irreversible. In anonymization, data is replaced with dummy data, and it cannot be retrieved back. Therefore, anonymization has a very low level of data accuracy.
- The data accuracy level for homomorphic encryption is very high because data is encrypted by applying some algorithms.
- The data accuracy level for steganography is very low as compared to the other cryptographic techniques because data is embedded inside the cover of another medium. Any change in the cover during transmission results in the change of the concealed data. Therefore, it is hard to ensure a high accuracy level in steganography. The stego image contains the secrete data that is transmitted over the communication channel. Data concealed by the sender is extracted from the cover by the receiver. Therefore, the concealment of data results in accurate data transmission.
- The data accuracy level for signcryption is also very high, because in signcryption, confidentiality and authentication are achieved. Therefore, we can also verify the identity of the sender.
- The level of data protection is very high for encryption techniques, because in encryption, data is changed into ciphertext, which cannot be understood. Therefore, we can say that the identification of data is impossible without decryption using a secret key because encryption is a one-way function that is easy to execute in one direction, however, it is impossible to execute in the opposite direction.
- The level of data protection for data splitting is less high as compared to cryptographic techniques because data is split into different fragments, and these fragments contain original forms of data. Hence, if an intruder hacks or steal these fragments, then the untired data can be easily read. Hence, the data protection level is not high as compared to encrypted methods.
- The level of data protection for data anonymization is less high as compared to cryptographic techniques, because in anonymization techniques, quasi-identifiers are protected if the quasi-identifiers are not protected strongly. Then, there is a change in the reidentification of person-sensitive data.
- The level of data protection is very high for homomorphic encryption techniques because encryption data is changed into ciphertext, which cannot be understood.
- The data protection level for steganography is medium because data is embedded inside the cover of another medium. The stego image contains the secrete data that is transmitted over the communication channel. Data concealed by the sender is extracted from the cover by the receiver. Therefore, the concealment of data results in secure data transmission.
- The data protection level for signcryption is also very high, because in signcryption, both confidentiality and authentication are achieved. Therefore, we can also verify the identity of the sender.
- There is no transparency for the encrypted data, because in encryption, there is a need for key management. Hence, the local proxy needs to keep the records of all the keys and manage all these keys. Therefore, there is no transparency for the encrypted data.
- There is no transparency for the data-splitting mechanism, because in the data-splitting mechanism, data is split into different fragments, and the local proxy stores these fragments in different locations. Hence, there is a need to keep the record of the location of all the fragments that are stored on different locations.
- Anonymization is fully transparent, because in anonymization, there is no need to keep the record of data storage by the local proxy. In anonymization, data is statistically similar to the original data. Hence, CSP also performs computation and some analysis on the anonymized data.
- There is no transparency for the homomorphically encrypted data, because in encryption, there is a need for key management. Hence, the local proxy needs to keep the records of all the keys.
- In steganography, as compared to other data protection techniques, the main aim is to transmit data without letting the attacker know about the data transmission as it is concealed inside the cover of another medium. The data transmission in steganography is fully transparent. No key management is required, and there is no need to keep track of data storage.
- There is no transparency for the signcrypted data, because in signcryption, there is a need for key management. Hence, the local proxy needs to keep the records of all the keys and also manage all these keys.
- Only the data storage operation is supported on the encrypted data, because if the user wants to update some encrypted data that are stored on a cloud database, firstly, the user needs to decrypt this data, and then the user performs an update on this data. We cannot perform any modification operation on encrypted data.
- All the operations cloud be performed on data splitting, because in data splitting, the data is present in their original structure. Hence, we can perform data storage, search, data update, and also data computation.
- In anonymization, there are two types of data anonymization: one is data masking, and the second is data nonmasking. If data is nonmasked, then we can perform data storage and search on this data. Otherwise, we can only perform data storage.
- Only the data storage operation is supported on the encrypted data, because if the user wants to update some encrypted data that are stored on the cloud database, firstly, the user needs to decrypt this data, and then the user performs some updates on this data.
- A stego image only supports data storage operations because if the user wants to update the data hidden in a stego image, the user, firstly, retrieves that data from the stego image, and the user can perform any modification on this data.
- Only the data storage operation is supported on the signcrypted data, because if the user wants to update signcrypted data that are stored on the cloud database, firstly, the user needs to unsign this data, and then the user can perform any update on this data.
Comparison of data protection techniques.
5. Conclusion and Future Work
5.1. rq4: what are the primary findings, research challenges, and direction for future work in the field of data privacy in cloud computing, 5.1.1. conclusion and research challenges.
In this SLR, we have presented all the data privacy techniques related to data storage on cloud computing systematically, and we also present a comparison among all the protection techniques concerning the five finalities, which are the (i) local proxy overhead, (ii) data accuracy retains, (iii) level of data protection, (iv) transparency, and (v) operation supported. There are some research gaps we found in all these techniques of data splitting, anonymization, steganography, encryption, homomorphic encryption, and signcryption.
- There is a very strong need to develop some ad hoc protocols for the communication of data splitting fragments that are stored on different CSPs, and also, there is a strong need to develop some protocol for the communication between different CSPs. Noncryptographic techniques are faster on different CSPs but do not provide enough security. Hence, we can improve security by developing some methods for data-splitting techniques.
- Anonymity techniques work very effectively on a small amount of data but not for big data. Hence, there is a search gap in which we can develop some anonymity techniques to achieve more efficient performance. Therefore, some anonymous schemes need to be developed, which provide stronger protection to the quasi-identifier. Current anonymity techniques are very immature.
- One of the limitations of steganography is that one can only use it to defend against a third party who does not know steganography. If the third party knows steganography, it can extract the data in the same way that the recipient extracts it. Therefore, we always use encryption with steganography. Therefore, there is a need to develop such steganography techniques that can protect sensitive data from third parties.
- There is a need to develop some cryptographic techniques that can take less time than the existing cryptographic techniques to perform search and computation operation on encrypted data. Cryptographic techniques provide high security but low computational utility. Therefore, it is a search gap to develop some techniques that provide both high security with more efficiency.
- The complexity of homomorphic encryption and decryption is far greater than that of normal encryption and decryption, and it is not applicable to many applications, such as healthcare and time-sensitive applications. Therefore, there is an urgent need to develop such homomorphic encryption schemes that have low complexity and computation cost.
- Signcryption is used to verify and authenticate users. We can obtain confidentiality and authentication using signcryption, however, the main limitation of signcryption is that the calculation costs of the encryption algorithm used in signcryption are very high. Therefore, there is a need to develop such signcryption schemes that use such encryption algorithms, which have low computation cost.
Acknowledgments
This research was financially supported by The Analytical Center for the Government of the Russian Federation (Agreement nos. 70-2021- 00143 dd. 01.11.2021, IGK 000000D730321P5Q0002).
Data Availability
Conflicts of interest.
The authors declare that there are no conflicts of interest regarding the publication of this paper.
Cloud data security for distributed embedded systems using machine learning and cryptography
- Original Research
- Published: 07 May 2024
Cite this article
- Sadaf Bashir 1 ,
- Zahrah Ayub 1 &
- M. Tariq Banday ORCID: orcid.org/0000-0001-8504-5061 1
23 Accesses
Explore all metrics
In the growing demand for distributed embedded systems that efficiently execute complex processes and high-end applications, safeguarding sensitive data is imperative. The landscape of security threats, cyber-attacks, and associated challenges has reached unprecedented sophistication and magnitude. Whether you are an individual, an organization, or a company invested in distributed embedded systems, your paramount concern revolves around protecting invaluable data. In this digital age, data security is genuinely where the wealth resides. This paper introduces a novel framework for securing the sensitive data of distributed embedded systems. The framework comprises five stages, each contributing to an efficient and robust data security approach. Additionally, this work proposes developing an efficient Multiple Attack Detection model using a supervised machine-learning system. The targeted cyber-attacks include phishing, malware, Distributed Denial-of-Service (DDoS), and DNS over HTTPS attacks. Each targeted cyber-attack is trained on eight supervised machine learning classifiers. The classifier exhibiting the best overall performance in evaluation metrics (accuracy, recall, precision, and F1-score) is integrated into the proposed Multiple Attack Detection model. Furthermore, this paper explores deploying a machine learning-based Multiple Attack Detection model to a cloud environment using Streamlit Cloud.
This is a preview of subscription content, log in via an institution to check access.
Access this article
Price includes VAT (Russian Federation)
Instant access to the full article PDF.
Rent this article via DeepDyve
Institutional subscriptions
Similar content being viewed by others
Malicious attack detection approach in cloud computing using machine learning techniques
Detection of DDoS Attacks in Cloud Systems Using Different Classifiers of Machine Learning
Intrusion Detection Using Transfer Learning in Machine Learning Classifiers Between Non-cloud and Cloud Datasets
Research data policy and data availability.
The data supporting this study's findings are available from the corresponding author upon reasonable request.
Yen T-Y, Wolf W (1995) Communication synthesis for distributed embedded systems. In: Proc. IEEE Int. Conf. Comput. Aided Des., pp 288–294
Sentilles W, Vulgarakis A, Bureš T, Carlson J, Crnković I (2008) A component model for control-intensive distributed embedded systems. In: Int. Symp. Component-Based Softw. Eng., pp 310–317
Ghugar U, Pradhan J, Bhoi SK, Sahoo RR, Panda SK (2018) PL-IDS: physical layer trust based intrusion detection system for wireless sensor networks. Int J Inf Technol 10(4):489–494. https://doi.org/10.1007/S41870-018-0147-7/METRICS
Article Google Scholar
Kamaldeep, Malik M, Dutta M (2023) Feature engineering and machine learning framework for DDoS attack detection in the standardized internet of things. IEEE Internet Things J 10(10):8658–8669
Beigh BM (2015) Framework for choosing best intrusion detection system. BVICA M’s Int J Inf Technol 7(1):821–827
Google Scholar
Streamlit. https://streamlit.io/cloud . Accessed 17 Feb 2024
Fairosebanu AA, Jebaseeli ACN (2023) Data security in cloud environment using cryptographic mechanism. Bull Electr Eng Inform 12(1):462–471
Jabbar AA, Bhaya WS (2023) Security of private cloud using machine learning and cryptography. Bull Electr Eng Inform 12(1):561–569
Gajra N, Khan SS, Rane P (2014) Private cloud security: secured user authentication by using enhanced hybrid algorithm. In: 2014 International Conference on Advances in Communication and Computing Technologies (ICACACT 2014), pp 1–6
Anwer M, Khan SM, Farooq MU, Waseemullah W (2021) Attack detection in IoT using machine learning. Eng Technol Appl Sci Res 11(3):7273–7278
Saghezchi FB, Mantas G, Violas MA, Manuel de Oliveira Duarte A, Rodriguez J (2022) Machine learning for DDoS attack detection in industry 4.0 CPPSs. Electronics 11(4):602
Banadaki YM, Robert S (2020) Detecting malicious dns over https traffic in domain name system using machine learning classifiers. J Comput Sci Appl 8(2):46–55
Yeboah-Ofori A (2020) Classification of malware attacks using machine learning in decision tree. Int J Secur 11(2):10–25
Nishitha U, Kandimalla R, Vardhan RM, Kumaran U (2023) Phishing detection using machine learning techniques. In: 2023 3rd Asian Conference on Innovation in Technology (ASIANCON), pp 1–6
Zebin T, Rezvy S, Luo Y (2022) An explainable AI-based intrusion detection system for DNS over HTTPS (DoH) attacks. IEEE Trans Inform Forensics Secur 17:2339–2349
Zhou X, Tang X (2011) Research and implementation of RSA algorithm for encryption and decryption. In: Proceedings of 2011 6th international forum on strategic technology, pp 1118–1121
Gebrye H, Wang Y, Li F (2023) Traffic data extraction and labeling for machine learning based attack detection in IoT networks. Int J Mach Learn Cybern 14(7):2317–2332
Elijah AV, Abdullah A, JhanJhi NZ, Supramaniam M, Abdullateef B (2019) Ensemble and deep-learning methods for two-class and multi-attack anomaly intrusion detection: an empirical study. Int J Adv Comput Sci Appl. https://doi.org/10.14569/IJACSA.2019.0100969
Pei J, Chen Y, Ji W (2019) A DDoS attack detection method based on machine learning. J Phys Conf Ser 1237:032040
Prathap A, Mounika L, Reethika M, Navya N, Sahithi RS (2023) Phishing website detection using machine learning models. Mach Learn 52(4):1140-1145
Kishore N, Sharma S (2016) Secured data migration from enterprise to cloud storage-analytical survey. BVICA M’s Int J Inf Technol 8(1):965
Anjana, Singh A (2019) Security concerns and countermeasures in cloud computing: a qualitative analysis. Int J Inf Technol 11(4):683–690. https://doi.org/10.1007/s41870-018-0108-1
Tan CL. Phishing dataset for machine learning: feature evaluation. Mendeley Data. https://www.kaggle.com/datasets/shashwatwork/phishing-dataset-for-machine-learning . Accessed 17 Feb 2024
Mukherjee A. Automated-malware-analysis. GitHub. https://github.com/Anustup900/Automated-Malware-Analysis/blob/master/dataset_malwares.csv . Accessed 17 Feb 2024
Kumbam YR. APA-DDoS dataset. Kaggle. https://www.kaggle.com/datasets/yashwanthkumbam/apaddos-dataset . Accessed 17 Feb 2024
Shatoori M, Reza M, Davidson L, Kaur G, Lashkari AH (2020) Detection of doh tunnels using time-series classification of encrypted traffic. In: 2020 IEEE international conference on dependable, autonomic and secure computing, pp 63–70
Yavuz FY, Ünal D, Gül E (2018) Deep learning for detection of routing attacks in the internet of things. Int J Comput Intell Syst 12(1):39–58
Fowdur TP, Baulum BN, Beeharry Y (2020) Performance analysis of network traffic capture tools and machine learning algorithms for the classification of applications, states and anomalies. Int J Inf Technol 12:805–824
Singh P (2021) Deploy machine learning models to production. Springer, Cham
Book Google Scholar
Download references
Department of Science and Technology, Government of India, supported the research work through its FIST Program. Grant Number: SR/FST/ET-1/2019/445(C).
Author information
Authors and affiliations.
Department of Electronics and Instrumentation Technology, University of Kashmir, Srinagar, India
Sadaf Bashir, Zahrah Ayub & M. Tariq Banday
You can also search for this author in PubMed Google Scholar
Contributions
All authors contributed to reviewing the literature, devising research hypotheses, conducting experiments, and writing and revising the manuscript.
Corresponding author
Correspondence to M. Tariq Banday .
Ethics declarations
Conflict of interest.
The Authors declare that they do not have any conflict of interest.
Human and animal rights
This article contains no studies with human participants or animals performed by authors.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
Reprints and permissions
About this article
Bashir, S., Ayub, Z. & Banday, M.T. Cloud data security for distributed embedded systems using machine learning and cryptography. Int. j. inf. tecnol. (2024). https://doi.org/10.1007/s41870-024-01892-0
Download citation
Received : 16 January 2024
Accepted : 18 April 2024
Published : 07 May 2024
DOI : https://doi.org/10.1007/s41870-024-01892-0
Share this article
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative
- Distributed embedded systems
- Cloud storage
- Hybrid encryption- decryption
- Machine learning
- Cyber-attacks
- Cloud deployment
- Find a journal
- Publish with us
- Track your research
RESEARCH PAPER: Infoblox SOC Insights – Enabling Higher Levels of Security Through DNS
Security professionals face growing complexities created by multi-cloud and hybrid OT and IT infrastructure deployments. A highly disaggregated architectural approach leveraging cloud scale has proven advantages in accelerating digital transformation through gains in operational agility and flexibility. However, it also introduces many challenges – the most glaring one being a dramatically expanded threat surface that must be defended. The heterogeneous nature of cloud networking architectures also contributes to poor observability among clouds. Consequently, enterprises must embrace new security operational models that can provide higher levels of visibility to keep pace with an ever-increasing threat landscape perpetuated by bad actors that hope to leverage AI to their advantage.
You can download the paper by clicking on the logo below:
Table of Contents
- Executive Summary
- SOC Challenges
- Why Infoblox
- Call to Action
Will Townsend
Will Townsend manages the networking and security practices for Moor Insights & Strategy focused on carrier infrastructure providers, carrier services, enterprise networking and security. He brings over 30 years of technology industry experience in a variety of product, marketing, channel, business development and sales roles to his advisory position.
- Will Townsend https://moorinsightsstrategy.com/author/will-townsend/ NTT Research Brings Innovation To Networking And Security
- Will Townsend https://moorinsightsstrategy.com/author/will-townsend/ John Deere Accelerates Manufacturing Innovation With Private 5G
- Will Townsend https://moorinsightsstrategy.com/author/will-townsend/ Three Big Telecom Takeaways From Mobile World Congress Barcelona 2024
- Will Townsend https://moorinsightsstrategy.com/author/will-townsend/ Is 2024 The Year Of Low Earth Orbit Satellite Services?
Patrick Moorhead
Patrick founded the firm based on his real-world world technology experiences with the understanding of what he wasn’t getting from analysts and consultants. Ten years later, Patrick is ranked #1 among technology industry analysts in terms of “power” (ARInsights ) in “press citations” ( Apollo Research ). Moorhead is a contributor at Forbes and frequently appears on CNBC. He is a broad-based analyst covering a wide variety of topics including the cloud, enterprise SaaS, collaboration, client computing, and semiconductors. He has 30 years of experience including 15 years of executive experience at high tech companies (NCR, AT&T, Compaq, now HP, and AMD) leading strategy, product management, product marketing, and corporate marketing, including three industry board appointments.
- Patrick Moorhead https://moorinsightsstrategy.com/author/phfmphfmgmail-com/ Moor Insights & Strategy Weekly Update Ending May 10, 2024
- Patrick Moorhead https://moorinsightsstrategy.com/author/phfmphfmgmail-com/ NTT Research Brings Innovation To Networking And Security
- Patrick Moorhead https://moorinsightsstrategy.com/author/phfmphfmgmail-com/ Moor Insights & Strategy Weekly Update Ending May 3, 2024
- Patrick Moorhead https://moorinsightsstrategy.com/author/phfmphfmgmail-com/ Microsoft’s AI PCs Focus On Business-First Applications With Copilot
Recent Posts
RESEARCH PAPER: Fastly: Delivering Exceptional Digital Experiences Through Edge Cloud Infrastructure
RESEARCH PAPER: Untether AI – Where Performance Intersects With Efficiency
RESEARCH PAPER: AMD Pensando – Silicon that Supercharges the Modern Datacenter
RESEARCH PAPER: AI PC: What You Need To Know About The Future of Computing and AI
RESEARCH PAPER: Private Cellular Networks: Unlocking Value in Warehousing and Logistics
RESEARCH PAPER: Fortinet: Optimizing Business Outcomes Through Network & Security Convergence
Become an mi&s insider.
Stay up to date with tech insights and research from leading industry experts.
We work with leaders in every category
#1 ARInsights Ranking
Important Links
Privacy Policy
Terms of Use
Cookie Settings
Disclosures
Sustainability
Join the Conversation on Social
© 2024 Moor Insights & Strategy. All Rights Reserved.
An Overview of Data Storage in Cloud Computing
Ieee account.
- Change Username/Password
- Update Address
Purchase Details
- Payment Options
- Order History
- View Purchased Documents
Profile Information
- Communications Preferences
- Profession and Education
- Technical Interests
- US & Canada: +1 800 678 4333
- Worldwide: +1 732 981 0060
- Contact & Support
- About IEEE Xplore
- Accessibility
- Terms of Use
- Nondiscrimination Policy
- Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
Channel Brief: ManageEngine, FireMon Help With Asset Management and More
TOKYO, JAPAN – MAY 20: Barista Takaya Hashimoto prepares a cafe latte at a local specialty coffee shop on May 20, 2016 in Tokyo, Japan. With the rise of specialty coffee shops opening all over the world in recent years, Tokyo’s coffee culture catches on to offer quality coffee to like minded people across all walks of life. (Photo by Christopher Jue/Getty Images)
It's the economy, stupid! (If you don't get that reference, here's a refresher .) As organizations wrestle with doing more with less and reining in their cloud spending, ManageEngine released launched its SaaS Manager Plus to help address redundant SaaS spending and resource underutilization, the company said. FireMon also launched version 5.0 of its asset management solution, but their tool is targeted for network security and endpoint management.
In other news, Backblaze has joined the Internet2 community to help research and educational organizations share data more quickly, HPE has released a new version of HPE GreenLake for Block Storage that the company said will make it a leader in hybrid cloud AI-based storage.
Finally, we're keeping an eye on Switzerland-based SoftwareOne's solid Q1 performance . Hope you have a great Thursday!
Are you an MSP that partners with public cloud service providers? It's time for you to step up and get recognized. ChannelE2E opened its annual Top 250 Public Cloud MSPs survey. This is the survey that we use to create our annual Top 250 Public Cloud MSPs ranked list. Here's the link to participate . And don't forget to submit your idea for a session at the upcoming MSSP Alert Live event! MSSP Alert Live is the premiere cybersecurity event for MSPs and MSSPs. ( You can submit your proposal here .) We’re looking for speakers like you who want to share insights and experience and wisdom with peers.
Please check out our industry Mergers and Acquisitions list , updated daily, with an archive that goes all the way back to 2020. Check out the whole thing here . Scroll down for a quick view of upcoming in-person channel and MSP events at the bottom of this post (while we spiff up our industry calendar behind the scenes. It will return!)
And please send your news tips, information, and industry chatter to senior managing editor [email protected] .
Today’s Tech, Channel and MSP News
1. ManageEngine's SaaS Manager Plus: At its annual user conference this week, ManageEngine , the IT division of Zoho Corp, launched its SaaS Manager Plus to help address redundant spending and resource underutilization, the company said. SaaS management is becoming critical for organizations who want to increase data security, reduce attack surfaces, and minimize security vulnerabilities attacker might exploit. SaaS Manager Plus offers a unified platform for SaaS management, allowing for better control of SaaS-based ecosystems. Usage insights and renewal date reminders help avoid unnecessary expenses.
2. FireMon Releases Asset Manager 5.0: Network security policy management (NSPM) company FireMon this week released FireMon Asset Manager 5.0 . The company said in a statement that FireMon Asset Manager 5.0 enhances situational awareness by finding every L2 and L3 device across the network, including on-premises and cloud environments. With an accurate inventory of all networks, connections, routes, and devices and automatic profiling that identifies devices, including endpoints, routers, switches, and OT/IoT, Asset Manager 5.0 can help make sure all assets are accounted for and protected, the company said. The update includes comprehensive real-time cyber situational awareness, improved manageability, and extended integration with key platforms such as Axonius, VMWare’s Carbon Black Cloud, and Cisco’s Meraki.
3. Backblaze Internet2 Partnership: Cloud storage and solutions company Backblaze has joined Internet2 , a non-profit advanced technology community that delivers tailored solutions and a high-speed national network dedicated to research and education, according to a statement from the company. Internet2 enables research and educational institutions to move large quantities of data quickly. Its members include 330 U.S. colleges and universities, as well as regional research and education networks, nonprofit and government organizations, and industry members that support the community’s education, research, and service missions. This new collaboration will connect the Backblaze Storage Cloud to Internet2's network as part of the Internet2 Peer Exchange (I2PX) program. In addition, Backblaze will participate in the Internet2 Cloud Scorecard initiative to offer research and educational institutions information about Backblaze’s security, compliance, and technology specifications aligned with community standards.
4. Fourth Release of HPE GreenLake Block Storage: HPE released a new version of HPE GreenLake for Block Storage that CRN said aims to establish HPE as a leader in hybrid cloud AI-based storage, according to Sanjay Jagad, HPE VP of product management cloud data infrastructure. The fourth release of GreenLake for Block Storage is built on HPE's Alletra MP storage line, and is what Jagad called "the industry’s first disaggregated, scale-out block storage offered as software-defined storage with AWS support." The new offerings include HPE GreenLake Block Storage For AWS, which allows HPE partners to “seamlessly manage” block storage across on-premises GreenLake and AWS public cloud environments, HPE said. The HPE GreenLake for Block Storage also now supports NVMe capacity scaling to 5.6 petabytes, up from 2.8 petabytes.
5. SoftwareOne Worldwide Performance Growth: Swiss cloud software solutions provider SoftwareOne has reported a 3.1% year-over-year increase in Q1 2024 revenues (7.4% constant currency), according to CRN , reaching 246.9m Swiss francs (CHF) or £216 million. Its total revenues were split between earnings from its software and cloud marketplace and software and cloud services, with the former coming in flat, staying at CHF 125.6m in Q1. Software and cloud services grew 6.6% to CHF 121.3m. Cloud services and software sourcing and portfolio management (previously known as IT asset management, or ITAM) were the primary drivers of that growth. When looking at regions, EMEA drove the highest growth, while southern Europe, Benelux and CEE also were strong, particularly within services. A number of large client wins in North America fueled the largest Q1 spike of 19.9% to bring in CHF 39.1 million, the company said.
MSSP Alert Live Call for Papers and Top 250 Public Cloud MSPs
MSSP Alert Live CFP: Are you a thought leader in managed services or managed security services, or do you have a unique approach to an important topic that could help other MSPs or MSSPs? We’re looking for speakers like you to be part of our MSSP Alert Live program for 2024. MSSP Alert Live , the premiere cybersecurity event for MSPs and MSSPs, has opened its call for papers. ( You can submit yours here .) We’re looking for speakers like you who want to share insights and experience and wisdom with peers.
Time for Cloud MSPs to get recognized : Are you an MSP that works with public cloud providers? It’s time to get recognized for your work. ChannelE2E opened its annual survey for the Top 250 Public Cloud MSPs . If your MSP practice includes working with a public cloud provider, this survey is for you. Participation is free. The survey closes in June. Submit your MSP today here for recognition! Our list will be released this summer.
In-Person MSP and Channel Partner Events
- MSP GeekCon - May 19-21, Rosen Plaza, Orlando, Florida
- Dell Technologies World - May 20 -May 23, The Venetian, Las Vegas
- IT Nation Secure , (hosted by ConnectWise) June 3-5, 2024, Gaylord Palms Resort & Convention Center, Orlando, Florida
- Pax8 Beyond , June 9-11, 2024, Gaylord Rockies Convention Center, Denver, Colorado
- FLOW Automation Conference (hosted by Rewst) – June 17- June 19, The Renaissance Tampa International Plaza Hotel, Tampa, Florida
- CompTIA ChannelCon , July 30 - August 1, 2024, Atlanta, Georgia, Hyatt Regency Atlanta
Channel Brief: VMware Hypervisor Updates, HPE’s AI Partner Push, More
Sharon Florentine May 15, 2024
Todays' channel news update also includes 1Password, the US Senate and AI, and more.
Channel Brief: NTT DATA Results, NetApp Storage and Cribl Integrations
Sharon Florentine May 14, 2024
NTT DATA shows strong results, VC firm Accel raises $650 million and NetApp releases new storage tech.
Channel Brief: Security Update, Microsoft, Amazon Choose France and More
Sharon Florentine May 13, 2024
Building an AI security practice, Big Tech chooses France, Nerdio's Vladirmirskiy nominated for Entrepreneur of the Year and more.
IMAGES
VIDEO
COMMENTS
7.1. Challenges. Via analysis and contrast, we observe that cloud computing security protection work has achieved satisfactory research results. However, many problems remain, which prompt the consideration of a variety of security factors and continuous improvements in defense technology and security strategies. 1.
Cloud computing has become a widely exploited research area in academia and industry. Cloud computing benefits both cloud services providers (CSPs) and consumers. The security challenges associated with cloud computing have been widely studied in the literature. This systematic literature review (SLR) is aimed to review the existing research studies on cloud computing security, threats, and ...
Although there are some studies on data security and privacy protection, there is still a lack of systematic surveys on the subject in cloud storage system. In this paper, we make a comprehensive review of the literatures on data security and privacy issues, data encryption technology, and applicable countermeasures in cloud storage system.
The data security schematic diagram based on the cloud storage is shown in Figure 1 and 2. The key technology of data security in cloud storage is a broad concept, which contains many aspects, so it is necessary to explain the main content of this paper. Study of data security in cloud storage has a lot of research work, cloud storage in access ...
In this paper, we will review different security techniques and challenges for data storage security and privacy protection in the cloud computing environment. As Figure 1 shows, this paper presents a comparative research analysis of the existing research work regarding the techniques used in the cloud computing through data security aspects ...
associated with cloud computing have been widely studied in the literature. This systematic literature. review (SLR) is aimed to re view the existing research studies on cloud computing security ...
2.2 Existing review papers on security challenges in cloud computing. ... 3.3.2 CIA tired in data security. The main challenges of cloud storage can be categorized into three aspects, namely confidentiality, integrity, and availability (CIA). ... this research attempted to show various security challenges, vulnerabilities, attacks, and threats ...
Cloud multi-factor authentication is a critical security measure that helps strengthen cloud security from unauthorized access and data breaches. Multi-factor authentication verifies that authentic cloud users are only authorized to access cloud apps, data, services, and resources, making it more secure for enterprises and less inconvenient for users. The number of authentication factors ...
Abstract — This paper discusses the security of data in cloud. computing. It is a study of data in the cloud and aspects related. to it concerning security. The paper w ill go in to details of ...
The purpose of this paper is to highlight the current state of cloud, fog, and edge security research by providing a secondary review of the key security concerns associated with these environments using a systematic review protocol guided by PRISMA and grounded theory . With the increasing number of research papers on these topics, the ...
Cloud storage security is a paramount concern in today's digital landscape, as organizations increasingly rely on cloud services to store and manage their data. This research paper examines the threats, solutions, and future directions of cloud storage security, providing insights into the challenges faced by ...
The content of information is expanding very colossal, due to the advancement of web innovation. To deal with huge information, the capacity limit of the client's terminal has to be extended, with the assistance of the cloud stage (platform). Stringent security measures needed for storing information in the cloud platform. To address the above issue, a Blockchain for cloud storage and security ...
cloud models. Index Terms —Cloud Computing, Security. 1 INTRODUCTION. Cloud computing is a model for fast, on demand network. access to a shared networ k. Configurable computing resource. pool ...
Barriers to Cloud Computing deployment can be observed in the work of Jangjou M et al., 2022 where there is a strong focus on the Cybersecurity risks when adopting Cloud Computing technology in both client and server-side layers of Cloud architecture. 26 These risks include Providing vulnerable APIs to Cloud users, lack of awareness of the ...
This paper provides a review of security research in the field of cloud security and storage services of the AWS cloud platform. After security and storage, we have presented the working of AWS (Amazon Web Service) cloud computing. AWS is the most trusted provider of cloud computing which not only provides excellent cloud security but also ...
The incessant spurt of research activities to augment capabilities of resource-constrained mobile devices by leveraging heterogeneous cloud resources has created a new research impetus called mobile cloud computing. However, this rapid relocation to the cloud has fueled security and privacy concerns as users' data leave owner's protection sphere and enter the cloud. Significant efforts ...
access and storage of data. Several issues are there related to cloud security as: vendor lock-in, multi-tenancy, loss of control, service disruption, data loss etc. are some of the research problems in cloud computing [2]. In this paper we analyze the security issues related to cloud computing model.
Cloud computing provides outsourcing of computing services at a lower cost, making it a popular choice for many businesses. In recent years, cloud data storage has gained significant success, thanks to its advantages in maintenance, performance, support, cost, and reliability compared to traditional storage methods. However, despite the benefits of disaster recovery, scalability, and resource ...
Like the other basic variables of cloud storage (e.g., reliability quality, performance, security, and protection), availability also directly impacts the data in cloud storage for e-Healthcare systems. In this paper, we systematically review cloud storage mechanisms concerning the healthcare environment.
The purpose of this paper is to achieve data security of cloud storage and to formulate corresponding cloud storage security policy. Those were combined with the results of existing academic research by analyzing the security risks of user data in cloud storage and approach a subject of the relevant security technology, which based on the ...
Public auditing enables auditors to remotely verify data integrity for the outsourced data, which is an essential security issue and a promising solution for reliable cloud storage. However, in cloud storage systems, most existing public auditing schemes adopt a static auditing policy in the blockchain network, so that they are not able to ...
These pieces of research include software security, network security, and data storage security. The National Institute of Standards and Technology (NIST) defines cloud computing as [ 3 ] "a model for easy access, ubiquitous, resource integration, and on-demand access that can be easily delivered through various types of service providers.
chain transaction fees. The various applications of blockchain technology for cloud storage and their properties are. summarized in Tables 1and 2. Removal of duplicate data on the cloud, storage ...
In the growing demand for distributed embedded systems that efficiently execute complex processes and high-end applications, safeguarding sensitive data is imperative. The landscape of security threats, cyber-attacks, and associated challenges has reached unprecedented sophistication and magnitude. Whether you are an individual, an organization, or a company invested in distributed embedded ...
Security professionals face growing complexities created by multi-cloud and hybrid OT and IT infrastructure deployments. A highly disaggregated architectural approach leveraging cloud scale has proven advantages in accelerating digital transformation through gains in operational agility and flexibility.
Storage on the Cloud makes use of the internet, virtualization, encryption and others technologies to ensure security of data. This paper presents the state of the art from some literature available on Cloud storage. The study was executed by means of review of literature available on Cloud storage.
As organizations wrestle with doing more with less and reining in their cloud spending, ManageEngine released launched its SaaS Manager Plus to help address redundant SaaS spending and resource underutilization, the company said. FireMon also launched version 5.0 of its asset management solution, but their tool is targeted for network security ...
Consequently, this paper aims to offer a comprehensive insight into the threat posed by ransomware and discuss recent detection methodologies. A successful ransomware attack carries direct ...
Abstract. This paper addresses the needs in the field of smart home security, based on STM32 microcontroller for smart home security design. Firstly, the background and research significance of ...