Abstract
The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abadi M, Boneh D, Mironov I, Raghunathan A, Segev G (2013) Message-locked encryption for lock-dependent messages. Advances in cryptology CRYPTO 2013, vol 8042., Lecture Notes in Computer Science, Springer, Berlin Heidelberg, pp 374–391
Abo-alian A, Badr N, Tolba M (2015) Auditing-as-a-service for cloud storage. In: Intelligent systems’2014 Advances in intelligent systems and computing, vol. 322, pp. 559–568. Springer International Publishing
Aceto G, Botta A, De Donato W, Pescapè A (2013) Survey cloud monitoring: a survey. Comput Netw 57(9):2093–2115
Adamov A, Erguvan M (2009) The truth about cloud computing as new paradigm in it. In: Application of information and communication technologies, 2009. AICT 2009. International Conference on IEEE, pp. 1–3
Adrian D, Bhargavan K, Durumeric Z, Gaudry P, Green M, Halderman JA, Heninger N, Springall D, Thomé E, Valenta L, VanderSloot B, Wustrow E, Zanella-Béguelin S, Zimmermann P (2015) Imperfect forward secrecy: how Diffie-Hellman fails in practice. In: Proceedings of the 22Nd ACM SIGSAC conference on computer and communications security, CCS ’15, ACM, pp. 5–17
AlBelooshi B, Salah K, Martin T, Damiani E (2015) Securing cryptographic keys in the IaaS cloud model. In: 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC), pp 397–401
AlFardan NJ, Bernstein DJ, Paterson KG, Poettering B, Schuldt JCN (2013) On the security of RC4 in TLS. In: Proceedings of the 22Nd USENIX Conference on Security, SEC’13, USENIX Association, pp. 305–320
AlZain M, Soh B, Pardede E (2011) MCDB: Using sulti-clouds to ensure security in cloud computing. In: Dependable, autonomic and secure computing (DASC), 2011 IEEE Ninth International Conference on, pp 784–791
Albeshri A, Boyd C, Nieto JG (2014) Enhanced GeoProof: improved geographic assurance for data in the cloud. Int J Inf Secur 13(2):191–198
Alderman J, Crampton J, Martin KM (2015) Cryptographic tools for cloud environments. In: Guide to security assurance for cloud computing, pp 15–30. Springer International Publishing
Antunes N, Vieira M (2011) Enhancing penetration testing with attack signatures and interface monitoring for the detection of injection vulnerabilities in web services. Services computing (SCC), 2011 IEEE International Conference on pp 104–111
Ardagna CA, Asal R, Damiani E, Vu QH (2015) From security to assurance in the cloud: a survey. ACM Comput Surveys 48:2:1–2:50
Asghar MR, Russello G, Crispo B, Ion M (2013) Supporting complex queries and access policies for multi-user encrypted databases. In: Proceedings of the 2013 ACM Workshop on Cloud Computing Security Workshop, CCSW ’13, ACM, pp. 77–88
Aspnes J, Feigenbaum J, Yampolskiy A, Zhong S (2007) Towards a theory of data entanglement. Theor Comput Sci 389(1):26–43
Ateniese G, Dagdelen z, Damgard I, Venturi D (2012) Entangled cloud storage. IACR Cryptology ePrint Archive. http://eprint.iacr.org/2012/511
Ateniese G, Kamara S, Katz J (2009) Proofs of storage from homomorphic identification protocols. Advances in cryptology ASIACRYPT 2009, vol 5912., Lecture notes in Computer Science, Springer, Berlin Heidelberg, pp 319–333
Aviram N, Schinzel S, Somorovsky J, Heninger N, Dankel M, Steube J, Valenta L, Adrian D, Halderman JA, Dukhovni V, Käsper E, Cohney S, Engels S, Paar C, Shavitt Y (2016) DROWN: breaking TLS with SSLv2. In: Proc. 25th USENIX Security Symposium
Barker E, Branstad D, Chokhani S, Smid M (2009) NIST-Cryptographic key management workshop summary. http://csrc.nist.gov/groups/ST/key_mgmt/. Accessed on May 2016
aw Ideler H (2012) Cryptography as a service in a cloud computing environment. Master’s thesis, Endhoven University of Technology, the Netherlands
Bauer E, Adams R (2012) Reliability and availability of cloud computing, 1st edn. Wiley-IEEE Press
Belk M, Coles M, Goldschmidt C, Howard M, Randolph K, Saario M, Sondhi R, Tarandach I, Vaha-Sipila A, Yonchev Y. SAFECode whitepaper: fundamental practices for secure software development 2nd Edition. In: ISSE 2014 Securing Electronic Business Processes: highlights of the information security solutions Europe 2014 Conference, pp 1–32 Springer Fachmedien Wiesbaden (2014)
Bellare M, Keelveedhi S (2015) Interactive message-locked encryption and secure deduplication, chap. Public-Key Cryptography – PKC 2015: 18th IACR International Conference on Practice and Theory in Public-Key Cryptography, Gaithersburg, MD, USA, March 30 – April 1, 2015, Proceedings, pp 516–538. Springer Berlin Heidelberg, Berlin, Heidelberg (2015)
Bellare M, Keelveedhi S, Ristenpart T (2013) DupLESS: server-aided encryption for deduplicated storage. In: Proceedings of the 22Nd USENIX Conference on Security, SEC’13, USENIX Association , pp 179–194
Bellare M, Keelveedhi S, Ristenpart T (2013) Message-locked encryption and secure deduplication. Advances in cryptology EUROCRYPT 2013, vol 7881., Lecture notes in Computer Science, Springer, Berlin, Heidelberg, pp 296–312
Ben-Sasson E, Chiesa A, Genkin D, Tromer E, Virza M (2013) Snarks for c: verifying program executions succinctly and in zero knowledge. Advances in cryptology - CRYPTO 2013: 33rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 18–22, 2013, Proceedings, Part II, Springer, Berlin, Heidelberg, pp 90–108
Bernhard D, Fuchsbauer G, Ghadafi E, Smart NP, Warinschi B (2013) Anonymous attestation with user-controlled linkability. Int J Inf Security 12(3):219–249
Bessani A, Correia M, Quaresma B, André F, Sousa P (2011) DepSky: dependable and secure storage in a cloud-of-clouds. Proceedings of the Sixth Conference on Computer Systems., EuroSys ’11ACM, New York, NY, USA, pp 31–46
Bethencourt J, Song D, Waters B (2009) New techniques for private stream searching. ACM Trans Inf Syst Secur (TISSEC) 12(3):16:1–16:32
Beurdouche B, Bhargavan K, Delignat-Lavaud A, Fournet C, Kohlweiss M, Pironti A, Strub PY, Zinzindohoue JK (2015) A messy state of the union: taming the composite state machines of TLS. In: 2015 IEEE Symposium on Security and Privacy, pp 535–552
Bleikertz S, Bugiel S, Ideler H, Nürnberger S, Sadeghi AR (2013) Client-controlled cryptography-as-a-service in the cloud, chap. Applied cryptography and network security: 11th International Conference, ACNS 2013, Banff, AB, Canada, June 25–28, 2013. Proceedings, pp. 19–36. Springer, Berlin, Heidelberg, Berlin, Heidelberg
Blome A, Ochoa M, Li K, Peroli M, Dashti MT (2013) VERA: a flexible model-based vulnerability testing tool. In: 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation, pp 471–478
Bogetoft P, Christensen DL, Damgård I, Geisler M, Jakobsen T, Krøigaard M, Nielsen JD, Nielsen JB, Nielsen K, Pagter J, Schwartzbach M, Toft T (2009) Secure multiparty computation goes live. Financial cryptography and data security: 13th International Conference., FC 2009Springer, Berlin Heidelberg, Berlin, Heidelberg, pp 325–343
Boneh D, Gentry C, Gorbunov S, Halevi S, Nikolaenko V, Segev G, Vaikuntanathan V, Vinayagamurthy D (2014) Fully key-homomorphic encryption, arithmetic circuit ABE and compact garbled circuits. In: Advances in cryptology – EUROCRYPT 2014: 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp 533–556. Springer, Berlin, Heidelberg
Boneh D, Gentry C, Halevi S, Wang F, Wu DJ (2013) Private database queries using somewhat homomorphic encryption. In: Proceedings of the 11th International Conference on Applied Cryptography and Network Security, ACNS’13, pp 102–118
Brakerski Z, Gentry C, Vaikuntanathan V (2014) (Leveled) fully homomorphic encryption without bootstrapping. ACM Trans Comput Theory 6:13:1–13:36
Brakerski Z (2012) Fully homomorphic encryption without modulus switching from classical GapSVP. In: Advances in cryptology – CRYPTO 2012: 32nd Annual Cryptology Conference, pp 868–886. Springer, Berlin, Heidelberg
Brickell E, Camenisch J, Chen L (2004) Direct anonymous attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS ’04, ACM, pp 132–145
Brodkin J (2008) Seven cloud-computing security risks. www.infoworld.com/d/security-central/gartner-seven-cloud-computing-security-risks-853
CSA: Top Ten Big Data Security and Privacy Challenges (2012). https://downloads.cloudsecurityalliance.org/initiatives/bdwg/Big_Data_Top_Ten_v1.pdf
CSA: Cloud Security Alliance (2013) The Notorious Nine: cloud computing top threats in 2013. http://www.cloudsecurityalliance.org/topthreats
Cachin C, Haralambiev K, Hsiao HC, Sorniotti A (2013) Policy-based secure deletion. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS ’13, ACM , pp 259–270
Camenisch J, Lehmann A, Neven G (2015) Optimal distributed password verification. In: Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, CCS ’15, ACM, pp 182–194
Canard S, Pointcheval D, Sanders O (2014) Efficient delegation of zero-knowledge proofs of knowledge in a pairing-friendly setting. Public-Key Cryptography PKC 2014, vol 8383., Lecture notes in Computer Science, Springer, Berlin Heidelberg, pp 167–184
Canetti R, Paneth O, Papadopoulos D, Triandopoulos N (2014) Verifiable set operations over outsourced databases. Public-Key Cryptography - PKC 2014: 17th International Conference on Practice and Theory in Public-Key Cryptography, Buenos Aires, Argentina, March 26–28, 2014, Proceedings Springer, Berlin Heidelberg, pp 113–130
Cash D, Jarecki S, Jutla C, Krawczyk H, Roşu MC, Steiner M (2013) Highly-scalable searchable symmetric encryption with support for Boolean queries. In: Advances in cryptology – CRYPTO 2013: 33rd Annual Cryptology Conference, pp 353–373. Springer Berlin Heidelberg
Chadwick D, Siu K, Lee C, Fouillat Y, Germonville D (2014) Adding federated identity management to openStack. J Grid Comput 12(1):3–27
Chow R, Golle P, Jakobsson M, Shi E, Staddon J, Masuoka R, Molina J (2009) Controlling data in the cloud: outsourcing computation without outsourcing control. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW ’09, ACM, pp 85–90
Chow SSM, He YJ, Hui LCK, Yiu SM (2012) SPICE: simple privacy-preserving identity-management for cloud environment. In: Proceedings of the 10th International Conference on Applied Cryptography and Network Security, ACNS’12, pp 526–543. Springer-Verlag
Cloud Standards Customer Council-Security for Cloud Computing Ten Steps to Ensure Success (2015). http://www.cloud-council.org/deliverables/CSCC-Security-for-Cloud-Computing-10-Steps-to-Ensure-Success.pdf
Cloud Security Alliance-Security Guidance for Critical Areas of Focus in Cloud Computing (v3.0) (2011). https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf
Cloud Security Alliance-SecaaS Implementation Guidance, Category 8: Encryption (2012). https://cloudsecurityalliance.org/download/secaas-category-8-encryption-implementation-guidance/. Accessed on May 2016
Cloud Standards Customer Council-Security for Cloud Computing 10 Steps to Ensure Success (2012). http://www.cloud-council.org/Security_for_Cloud_Computing-Final_080912.pdf. Accessed on April 2015
Cloud Security Alliance-Cloud Vulnerabilities Working Group-Cloud Computing Vulnerability Incidents: a statistical overview (2013). https://cloudsecurityalliance.org/download/cloud-computing-vulnerability-incidents-a-statistical-overview/
ComputerWeekly.com: Microsoft Azure had more downtime in 2014 than main cloud rivals (2015). http://www.computerweekly.com/news/2240238379/Microsoft-Azure-had-more-downtime-than-main-cloud-rivals
Coron JS, Lepoint T, Tibouchi M (2014) Scale-invariant fully homomorphic encryption over the integers. Public-Key Cryptography PKC 2014, vol 8383., Lecture notes in Computer ScienceSpringer, Berlin Heidelberg, pp 311–328
Costello C, Fournet C, Howell J, Kohlweiss M, Kreuter B, Naehrig M, Parno B, Zahur S (2015) Geppetto: versatile verifiable computation. In: 2015 IEEE Symposium on Security and Privacy, pp 253–270
Crane S, Homescu A, Brunthaler S, Larsen P, Franz M (2015) Thwarting Cache side-channel attacks through dynamic software diversity. In: 22nd Annual Network and Distributed System Security Symposium, NDSS 2015, California, USA. The Internet Society. http://www.internetsociety.org/doc/thwarting-cache-side-channel-attacks-through-dynamic-software-diversity
Curtmola R, Garay J, Kamara S, Ostrovsky R (2006) Searchable symmetric encryption: improved definitions and efficient constructions. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS ’06, ACM, pp 79–88
DRAFT NIST Special Publication 800-125-A-Security Recommendations for Hypervisor Deployment (2014). http://csrc.nist.gov/publications/drafts/800-125a/sp800-125a_draft.pdf. Accessed on May 2016
Damgård I, Jakobsen TP, Nielsen JB, Pagter JI (2013) Secure key management in the cloud. Cryptography and coding: 14th IMA International Conference, IMACC 2013, Oxford, UK, December 17–19, 2013., ProceedingsSpringer, Berlin Heidelberg, pp 270–289
Demmler D, Schneider T, Zohner M (2015) ABY—a framework for efficient mixed-protocol secure two-party computation. In: Network and Distributed System Security Symposium (NDSS’15)
Devadas S, van Dijk M, Fletcher CW, Ren L, Shi E, Wichs D (2016) Onion ORAM: a constant bandwidth blowup oblivious RAM. Theory of cryptography: 13th International Conference., TCC 2016-A, Tel Aviv, Israel, January 10–13, 2016, Proceedings, Part II, Springer, Berlin Heidelberg, pp 145–174
De Ruiter J, Poll E (2015) Protocol state fuzzing of TLS implementations. In: Proceedings of the 24th USENIX Conference on Security Symposium, SEC’15, pp 193–206. USENIX Association . http://dl.acm.org/citation.cfm?id=2831143.2831156
Dikaiakos M, Katsaros D, Mehra P, Pallis G, Vakali A (2009) Cloud computing: distributed internet computing for it and scientific research. Internet Comput IEEE 13(5):10–13
Dodis Y, Vadhan S, Wichs D (2009) Proofs of Retrievability via Hardness Amplification. Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography., TCC ’09Springer-Verlag, Berlin, Heidelberg, pp 109–127
Doroodchi M, Iranmehr A, Pouriyeh SA (2009) An investigation on integrating XML-based security into web services. In: GCC Conference Exhibition, 2009 5th IEEE, pp 1–5
Dttling N, Kraschewski D, Mller-Quade J (2011) Unconditional and composable security using a single stateful Tamper-Proof hardware Token. Theory of Cryptography, vol 6597., Lecture Notes in Computer ScienceSpringer, Berlin Heidelberg, pp 164–181
Dwork C (2008) Differential privacy: a survey of results. Theory and applications of models of computation, vol 4978., Lecture Notes in Computer ScienceSpringer, Berlin Heidelberg, pp 1–19
ENISA: Algorithms, key size and parameters report (2014). https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-size-and-parameters-report-2014
ENISA: Study on cryptographic protocols (2014). https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/study-on-cryptographic-protocols
Ellison L (2012) What the hell is cloud computing. http://www.youtube.com/watch?v=0FacYAI6DY0
Eskandari M, de Oliveira AS, Crispo B (2014) VLOC: an approach to verify the physical location of a virtual machine in cloud. In: IEEE 6th International Conference on Cloud Computing Technology and Science, CloudCom 2014, Singapore, pp 86–94
European Strategy- A Europe 2020 Initiative-Cloud Service Level Agreement Standardisation Guidelines (2014). https://ec.europa.eu/digital-agenda/en/news/cloud-service-level-agreement-standardisation-guidelines
European Cloud Partnership-Establishing a Trusted Cloud Europe: A policy vision document by the Steering Board of the European Cloud Partnership (2014). http://ec.europa.eu/digital-agenda/en/news/trusted-cloud-europe
Falkenberg A, Mainka C, Somorovsky J, Schwenk J (2013) A new approach towards DoS penetration testing on web services. In: IEEE 20th International Conference on Web Services (ICWS), pp 491–498
Fardan NJA, Paterson KG (2013) Lucky Thirteen: breaking the TLS and DTLS record protocols. In: Security and Privacy (SP), 2013 IEEE Symposium on, pp 526–540
Fernandes DA, Soares LF, Gomes JAV, Freire MM, Inácio PR (2014) Security issues in cloud environments: a survey. Int J Inf Secur 13(2):113–170
Fett D, Küsters R, Schmitz G (2015) SPRESSO: a secure, privacy-respecting single sign-on system for the Web. In: Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, CCS ’15, ACM, pp 1358–1369
Fiore D, Gennaro R, Pastro V (2014) Efficiently verifiable computation on encrypted data. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS ’14, ACM , pp 844–855
Fort M, Freiling F, Penso L, Benenson Z, Kesdogan D (2006) TrustedPals: secure multi-party computation implemented with smart cards. Computer Security-ESORICS 2006:34–48
Frederiksen T, Jakobsen T, Nielsen J, Nordholt P, Orlandi C (2013) MiniLEGO: efficient secure two-party computation from general assumptions. Advances in cryptology EUROCRYPT 2013, vol 7881., Lecture Notes in Computer ScienceSpringer, Berlin Heidelberg, pp 537–556
Frederiksen TK, Nielsen JB (2013) Fast and maliciously secure two-party computation using the GPU. Applied Cryptography and Network Security: 11th International Conference., ACNS 2013Springer, Berlin Heidelberg, Berlin, Heidelberg, pp 339–356
Fujinoki H (2015) Designs, analyses, and optimizations for attribute-shuffling Obfuscation to protect information from malicious cloud administrators. Secur Commun Netw 8(17):3045–3066
Gentry C (2009) A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University, Stanford, CA, USA
Gentry C, Halevi S (2011) Implementing fentrys fully-homomorphic encryption scheme. Advances in cryptology EUROCRYPT 2011, vol 6632., Lecture Notes in Computer ScienceSpringer, Berlin Heidelberg, pp 129–148
Goldreich O, Ostrovsky R (1996) Software protection and simulation on oblivious RAMs. J ACM 43(3):431–473
Grobauer B, Walloschek T, Stocker E (2011) Understanding cloud computing vulnerabilities. Secur Priv IEEE 9(2):50–57
Gruschka N, Iacono LL (2009) Vulnerable cloud: SOAP message security validation revisited. In: IEEE International Conference on Web Services, ICWS ’09, pp 625–631
Guellier A (2014) Can homomorphic cryptography ensure privacy?. https://hal.inria.fr/hal-01052509v1/document
Guidance for Identity & Access Management V2.1 (2010). https://cloudsecurityalliance.org/guidance/csaguide-dom12-v2.10.pdf. Accessed on May 2016
Hadavi MA, Jalili R, Damiani E, Cimato S (2015) Security and searchability in secret sharing-based data outsourcing. Springer, Berlin, pp 513–529
Halevi S, Shoup V (2015) Bootstrapping for HElib. IACR Cryptology ePrint Archive. https://eprint.iacr.org/2014/873
Halevi S, Shoup V (2015) Bootstrapping for helib. Advances in cryptology - EUROCRYPT 2015: 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques., Sofia, Bulgaria, April 26–30, 2015, Proceedings, Part ISpringer, Berlin Heidelberg, pp 641–670
Han F, Qin J, Hu J (2016) Secure searches in the cloud: a survey. ElSevier-Future Generation Computer Systems. http://www.sciencedirect.com/science/article/pii/S0167739X16000091
Hao F, Clarke D, Zorzo A (2015) Deleting secret data with public verifiability. IEEE Trans Depend Secur Comput 99:1. doi:10.1109/TDSC.2015.2423684
Harsh P, Dudouet F, Cascella RG, Jgou Y, Morin C (2012) Using open standards for interoperability—issues, solutions, and challenges facing cloud computing. CoRR abs/1207.5949. https://hal.inria.fr/hal-00720636/file/Contrail-VEP-Interoperability.pdf
Hashizume K, Rosado D, Fernndez-Medina E, Fernandez E (2013) An analysis of security issues for cloud computing. J Internet Serv Appl 4(1):5
Hendre A, Joshi KP (2015) A semantic approach to cloud security and compliance. In: 2015 IEEE 8th International Conference on Cloud Computing, pp 1081–1084
Herranz J, Ruiz A, Sáez G (2014) New results and applications for multi-secret sharing schemes. Design Codes Cryptogr 73(3):841–864
Hohenberger S, Waters B (2014) Online/offline attribute-based encryption. In: Public-Key Cryptography – PKC 2014: 17th International Conference on Practice and Theory in Public-Key Cryptography, pp. 293–310. Springer Berlin Heidelberg, Berlin, Heidelberg. doi: 10.1007/978-3-642-54631-0_17. 10.1007/978-3-642-54631-0_17
Huang Y, Evans D, Katz J, Malka L (2011) Faster secure two-party computation using garbled circuits. In: Proceedings of the 20th USENIX Conference on Security, SEC’11, pp 35–35
Huang Y, Evans D, Katz J, Malka L (2011) Faster secure two-party computation using garbled circuits. In: USENIX Security Symposium
Hwang YH, Kim S, Seo JW (2015) Fast order-preserving encryption from uniform distribution sampling. In: Proceedings of the 2015 ACM Workshop on Cloud Computing Security Workshop, CCSW ’15, ACM , pp 41–52
Jensen M, Schwenk J, Gruschka N, Iacono L (2009) On technical security issues in cloud computing. In: Cloud Computing, 2009. CLOUD’09. IEEE International Conference on IEEE, pp 109–116
Jiang S, Smith S, Minami K (2001) Securing web servers against attack. In: Computer Security Applications Conference, 2001. ACSAC 2001. Proceedings 17th Annual IEEE, pp 265–276
Juels A, Kaliski B Jr (2007) PORs: Proofs of Retrievability for Large Files. In: Proceedings of the 14th ACM conference on Computer and communications security ACM, pp 584–597
Kaaniche N (2014) Cloud data storage security based on cryptographic mechanisms. Theses, Institut National des Télécommunications. https://tel.archives-ouvertes.fr/tel-01146029
Kamara S, Lauter K ((2010)) Cryptographic cloud storage, chap. Financial Cryptography and Data Security: FC 2010 Workshops, RLCPS, WECSR, and WLC 2010, Tenerife, Canary Islands, Spain, January 25-28, 2010, Revised Selected Papers, pp 136–149. Springer Berlin Heidelberg, Berlin, Heidelberg
Kamara S, Papamanthou C, Roeder T (2012) Dynamic searchable symmetric encryption. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS ’12 ACM, pp 965–976
Kandukuri B, Paturi V, Rakshit A (2009) Cloud security issues. In: IEEE International Conference on Services Computing, SCC’09 IEEE, pp 517–520
Kerschbaum F (2015)Frequency-hiding order-preserving encryption. In: Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, CCS ’15 ACM, pp 656–667
Kerschbaum F, Schroepfer A (2014) Optimal average-complexity ideal-security order-preserving encryption. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS ’14, ACM, pp 275–286
Kiraz MS (2008) Secure and fair two-party computation. Ph.D. thesis, Technische Universiteit Eindhoven, Eindhoven, the Netherlands
Kiraz MS, İsa Sertkaya, Uzunkol O (2015) An efficient ID-based message recoverable privacy-preserving auditing scheme. In: Privacy, Security and Trust (PST), 2015 13th Annual Conference on IEEE, pp 117–124
Kiraz MS, Uzunkol O (2015) Efficient and verifiable algorithms for secure outsourcing of cryptographic computations. In: Int J Inf Secur, pp 1–19
Klemperer PF(2015) Efficient hypervisor based malware detection. Theses, Carnegie Mellon University . http://repository.cmu.edu/dissertations/466/
Kosba AE, Papadopoulos D, Papamanthou C, Sayed MF, Shi E, Triandopoulos N (2014) TRUESET: Faster Verifiable Set Computations. In: 23rd USENIX Security Symposium (USENIX Security 14), pp. 765–780. USENIX Associatio. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/kosba
Kreuter B, Shelat A, Shen CH (2012) Billion-gate secure computation with malicious adversaries. In: Proceedings of the 21st USENIX Conference on Security Symposium, Security’12, pp. 14–14. USENIX Association
Kupser D, Mainka C, Schwenk J, Somorovsky J (2015) How to break XML encryption—automatically. In: 9th USENIX Workshop on Offensive Technologies (WOOT 15). USENIX Association, Washington, D.C. https://www.usenix.org/conference/woot15/workshop-program/presentation/kupser
Leandro MA, Nascimento TJ, dos Santos DR, Westphall CM, Westphall CB (2012) Multi-tenancy authorization system with federated identity for cloud-based environments using Shibboleth. Proceedings of the Eleventh International Conference on Networks pp 88–93
Lei S, Zishan D, Jindi G (2010) Research on key management infrastructure in cloud computing environment. In: 2010 Ninth International Conference on Grid and Cloud Computing, pp 404–407
Li J, Chen X, Li M, Li J, Lee P, Lou W (2014) Secure deduplication with efficient and reliable convergent key management. Parallel Distrib Syst IEEE Trans 25(6):1615–1625
Li J, Squicciarini A, Lin D, Liang S, Jia C (2015) Secloc: securing location-sensitive storage in the cloud. In: Proceedings of the 20th ACM Symposium on Access Control Models and Technologies, SACMAT ’15, ACM, pp 51–61
Liu Q, Wang G, Wu J (2014) Time-based proxy re-encryption scheme for secure data sharing in a cloud environment. Inf Sci 258:355–370
Liu C, Harris A, Maas M, Hicks M, Tiwari M, Shi E (2015) GhostRider: a hardware–software system for memory trace oblivious computation, ACM, pp 87–101
Liu J, Asokan N, Pinkas B (2015) Secure deduplication of encrypted data without additional independent servers. In: Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, CCS ’15, pp 874–885. ACM
Liu Q, Tan C, Wu J, Wang G (2012) Cooperative private searching in clouds. J Parallel Distrib Comput
López-Alt A, Tromer E, Vaikuntanathan V (2012) On-the-fly Multiparty Computation on the Cloud via Multikey Fully Homomorphic Encryption. In: Proceedings of the Forty-fourth Annual ACM Symposium on Theory of Computing, STOC ’12, pp. 1219–1234. ACM
Maas M, Love E, Stefanov E, Tiwari M, Shi E, Asanovic K, Kubiatowicz J, Song D (2013) PHANTOM: Practical Oblivious Computation in a Secure Processor. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS ’13, pp 311–324. ACM
Mainka C, Somorovsky J, Schwenk J (2012) Penetration testing tool for web services security. In: 2012 IEEE Eighth World Congress on Services, pp 163–170
Malkhi D, Nisan N, Pinkas B, Sella Y (2004) Fairplay—a secure two-party computation system. In: USENIX Security Symposium, pp 287–302
Mansfield-Devine S (2012) Interview: Byod and the enterprise network. Comput Fraud Secur 2012(4):14–17
Masood R, Shibli MA, Ghazi Y, Kanwal A, Ali A (2015) Cloud authorization: exploring techniques and approach towards effective access control framework. Front Comput Sci 9(2):297–321
Masood A, Java J (2015) Static analysis for web service security - Tools Amp; Techniques for a Secure Development Life Cycle. In: Technologies for Homeland Security (HST), 2015 IEEE International Symposium on, pp 1–6
Mavroforakis C, Chenette N, O’Neill A, Kollios G, Canetti R (2015) Modular order-preserving encryption, revisited. In: Proceedings of the 2015 ACM SIGMOD International Conference on Management of Data, SIGMOD ’15,ACM, pp 763–777
Mell P, Grance T (2011) The NIST definition of cloud computing. NIST Special Publication 800-145
Mironov I, Stephens-Davidowitz N (2015) Cryptographic reverse firewalls. In: Advances in cryptology - EUROCRYPT 2015: 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 657–686. Springer Berlin Heidelberg
Modi C, Patel D, Borisaniya B, Patel H, Patel A, Rajarajan M (2013) Review: a survey of intrusion detection techniques in cloud. J Netw Comput Appl 36(1):42–57
NIST Big Data Public Working Group-Security and Privacy Requirements (2014). http://jtc1bigdatasg.nist.gov/_workshop2/10_NBD_SnP.pdf
Nanavati M, Colp P, Aiello B, Warfield A (2014) Cloud security: a gathering storm. Commun ACM 57(5):70–79
Nepal S, Pathan M (2014) Security privacy and trust in cloud systems. Springer Publishing Company, Incorporated
Noman A, Adams C (2012) Providing a data location assurance service for cloud storage environments. J Mob Multimed 8(4):265–286
OASIS: Service Provisioning Markup Language (SPML) Version 1.0, OASIS (2003). https://www.oasis-open.org/committees/download.php/4137/os-pstc-spml-core-1.0.pdf
OASIS: eXtensible Access Control Markup Language (XACML), OASIS (2005). http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
OASIS: WS-Security Profile of the OASIS Security Assertion Markup Language (SAML), OASIS (2012). https://www.oasis-open.org/standards
Opara-Martins J, Sahandi R, Tian F 2015) Implications of integration and interoperability for enterprise cloud-based applications. In: 6th International Conference on Cloud Computing. Springer-Verlag in the Lecture Notes of ICST (LNICST).urlhttp://eprints.bournemouth.ac.uk/22895/
Oriyano SP (2016) CEH v9: Certified Ethical Hacker Version 9 Study Guide-3rd Edition. http://www.amazon.com/CEH-v9-Certified-Ethical-Version/dp/1119252245
Parno B, Howell J, Gentry C, Raykova M (2013) Pinocchio: nearly practical verifiable computation. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP ’13, pp. 238–252. IEEE Computer Society
Parno B, Raykova M, Vaikuntanathan V (2012) How to delegate and verify in public: verifiable computation from attribute-based encryption. Theory of Cryptography, vol 7194., Lecture Notes in Computer ScienceSpringer, Berlin Heidelberg, pp 422–439
Petukhov A, Kozlov D (2008) Detecting security vulnerabilities in web applications using dynamic analysis with penetration testing. https://www.owasp.org/images/3/3e/OWASP-AppSecEU08-Petukhov.pdf
Pinkas B, Schneider T, Smart NP, Williams SC (2009) Secure two-party computation is practical. Advances in cryptology - ASIACRYPT 2009: 15th International Conference on the Theory and Application of Cryptology and Information Security., JapanSpringer, Berlin Heidelberg, Berlin, Heidelberg, pp 250–267
Popa RA, Redfield CMS, Zeldovich N, Balakrishnan H (2012) CryptDB: processing queries on an encrypted database. Commun ACM 55(9):103–111
Popovic K, Hocenski Z (2010) Cloud computing security issues and challenges. In: MIPRO, 2010 Proceedings of the 33rd International Convention, IEEE, pp 344–349
Prabadevi B, Jeyanthi N (2014) Distributed denial of service attacks and its effects on cloud environment—a survey. In: Networks, Computers and Communications, The 2014 International Symposium on, pp 1–5
Proudler G, Chen L, Dalton C (2014) Direct anonymous attestation (DAA) in more depth. In: Trusted Computing Platforms, pp. 339–352. Springer International Publishing
Rabotka V, Mannan M (2016) An evaluation of recent secure deduplication proposals. J InfSecur Appl 27–28, 3 – 18. Special Issues on Security and Privacy in Cloud Computing
Rane A, Lin C, Tiwari M (2015) Raccoon: closing digital side-channels through obfuscated execution. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 431–446. USENIX Association
Rastogi A, Hammer MA, Hicks M (2014) Wysteria: a programming language for generic, mixed-mode multi-party computations. In: Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP ’14, pp. 655–670. IEEE Computer Society
Reardon J, Basin D, Capkun S (2014) On secure data deletion. IEEE Secur Priv 12(3):37–44
Ren K, Wang C, Wang Q (2012) Security challenges for the public cloud. Internet Comput IEEE 16(1):69–73
Ren L, Fletcher C, Kwon A, Stefanov E, Shi E, van Dijk M, Devadas S (2015) Constants count: practical improvements to oblivious RAM. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 415–430. USENIX Association, Washington, DC
Ristenpart T, Tromer E, Shacham H, Savage S (2009) Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. Proceedings of the 16th ACM Conference on Computer and Communications Security., CCS ’09ACM, New York, NY, USA, pp 199–212
Rohloff K, Cousins DB (2014) A scalable implementation of somewhat homomorphic encryption built on NTRU. In: WAHC’14 - 2nd Workshop on Applied Homomorphic Cryptography and Encrypted Computing
Roy A, Sarkar S, Goel G (2015) Secure the cloud: from the perspective of a service-oriented organization. ACM Comput Surv 47(3):41:1–41:30
Russell A, Tang Q, Yung M, Zhou HS (2015) Cliptography: clipping the power of kleptographic attacks. IACR Cryptology ePrint Archive. http://eprint.iacr.org/2015/695
Sadeghi AR, Schneider T, Winandy M (2010) Token-Based Cloud Computing. Trust and Trustworthy Computing, pp 417–429. Springer Berlin, Heidelberg
Salesforce: Single Sign-On Implementation Guide (2016). http://resources.docs.salesforce.com/200/20/en-us/sfdc/pdf/salesforce_single_sign_on.pdf . Accessed on May 2016
Samarati P, di Vimercati SDC (2010) Data protection in outsourcing scenarios: issues and directions. Proceedings of the 5th ACM Symposium on Information., Computer and Communications Security, ASIACCS ’10ACM, New York, NY, USA, pp 1–14
Schneier B (2009) Homomorphic encryption breakthrough . http://www.schneier.com/blog/archives/2009/07/homomorphic_enc.html
Shacham H, Waters B (2013) Compact proofs of retrievability. J Cryptol 26(3):442–483
Shankarwar M, Pawar A (2015) Security and privacy in cloud computing: a survey. In: Proceedings of the 3rd International Conference on Frontiers of Intelligent Computing: Theory and Applications (FICTA) 2014, Advances in Intelligent Systems and Computing, vol. 328, pp 1–11. Springer International Publishing
Shibboleth: The Shibboleth Consortium (2003). http://shibboleth.net
Smart N, Vercauteren F (2014) Fully homomorphic SIMD operations. Designs Codes Cryptogr 71(1):57–81
Smart N, Vercauteren F (2010) Fully homomorphic encryption with relatively small key and ciphertext sizes. Public Key Cryptography PKC 2010, vol 6056., Lecture Notes in Computer ScienceSpringer, Berlin Heidelberg, pp 420–443
Somorovsky J, Mayer A, Schwenk J, Kampmann M, Jensen M (2012) On breaking SAML: be whoever you want to be. In: Presented as part of the 21st USENIX Security Symposium (USENIX Security 12), pp. 397–412. USENIX. https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/somorovsky
Somorovsky J, Schwenk J (2012) Technical analysis of countermeasures against attack on XML encryption – or – Just Another Motivation for Authenticated Encryption. In: 2012 IEEE Eighth World Congress on Services, pp 171–178
Sood SK (2012) A combined approach to ensure data security in cloud computing. J Netw Comput Appl 35(6):1831–1838
Sookhak M, Talebian H, Ahmed E, Gani A, Khan MK (2014) A review on remote data auditing in single cloud server: taxonomy and open issues. J Netw Comput Appl 43:121–141
Standard O (2015) Key management interoperability protocol specification version 1.2 . http://docs.oasis-open.org/kmip/spec/v1.2/os/kmip-spec-v1.2-os.pdf
Stanek J, Sorniotti A, Androulaki E, Kencl L (2014) A secure data deduplication scheme for cloud storage. Financial Cryptography and Data Security, vol 8437., Lecture Notes in Computer ScienceSpringer, Berlin Heidelberg, pp 99–118
Subashini S, Kavitha V (2011) Review: a survey on security issues in service delivery models of cloud computing. J Netw Comput Appl 34(1):1–11
Takabi H, Joshi J, Ahn GJ (2010) Security and privacy challenges in cloud computing environments. Secur Priva IEEE 8(6):24–31
Tep KS, Martini B, Hunt R, Choo KKR (2015) A taxonomy of cloud attack consequences and mitigation strategies: The Role of Access Control and Privileged Access Management. In: Trustcom/BigDataSE/ISPA, 2015 IEEE, vol. 1, pp 1073–1080
Timm C, Perez R (2010) Seven deadliest social network attacks. Syngressg, Boston
Trusted Computing Group-Cloud Computing and Security A Natural Match (2010). http://www.trustedcomputinggroup.org/. Accessed on Apr 2015
Varia M, Yakoubov S, Yang Y (2015) Hetest: a homomorphic encryption testing framework. Financial Cryptography and Data Security: FC 2015 International Workshops., BITCOIN, WAHC, and Wearable, San Juan, Puerto Rico, January 30, 2015, Revised Selected PapersSpringer, Berlin Heidelberg, pp 213–230
van Liesdonk P, Sedghi S, Doumen J, Hartel P, Jonker W (2010) Computationally efficient searchable symmetric encryption. pp 87–100. Springer Berlin Heidelberg, Berlin, Heidelberg
Vossaert J, Lapon J, De Decker B, Naessens V (2014) Trusted computing to increase security and privacy in eID authentication. ICT Systems Security and Privacy Protection, vol 428., IFIP Advances in Information and Communication TechnologySpringer, Berlin Heidelberg, pp 485–492
Wang Ll, Chen Kf, Mao Xp, Wang Yt (2014) Efficient and provably-secure certificateless proxy re-encryption scheme for secure cloud data sharing. J Shanghai Jiaotong Univ (Sci) 19(4):398–405
Wang Z, Huang D, Zhu Y, Li B, Chung CJ (2015) Efficient attribute-based comparable data access control. IEEE Trans Comput 64(12):3430–3443
Wang J, Kissel ZA (2015) Introduction to network security: theory and practice, 2nd edn. Wiley, Boston
Wang C, Wang Q, Ren K, Lou W (2009) Ensuring data storage security in cloud computing. In: Quality of Service, 2009. IWQoS. 17th International Workshop on, pp 1–9
Wang F, Wang K, Li B (2015)LWE-Based FHE with Better Parameters. In: Advances in Information and Computer Security, Lecture Notes in Computer Science, vol. 9241, pp. 175–192. Springer International Publishing
Wang Y, Wong D, Wu Q, Chow S, Qin B, Liu J (2014) Practical distributed signatures in the standard model. In: Topics in Cryptology CT-RSA 2014, Lecture Notes in Computer Science, vol. 8366, pp. 307–326. Springer International Publishing
Watson GJ, Safavi-Naini R, Alimomeni M, Locasto ME, Narayan S (2012) LoSt: location based storage. Proceedings of the 2012 ACM Workshop on Cloud Computing Security Workshop., CCSW ’12ACM, New York, NY, USA, pp 59–70
Wei L, Zhu H, Cao Z, Dong X, Jia W, Chen Y, Vasilakos AV (2014) Security and privacy for storage and computation in cloud computing. Inf Sci 258:371–386
Worku SG, Xu C, Zhao J, He X (2014) Secure and efficient privacy-preserving public auditing scheme for cloud storage. Comput Electr Eng 40(5):1703–1713
Xiang T, Li X, Chen F, Guo S, Yang Y (2016) Processing Sscure, verifiable and efficient SQL over outsourced database. Inf Sci 348, 163–178. http://www.sciencedirect.com/science/article/pii/S002002551630072X
Xiong J, Liu X, Yao Z, Ma J, Li Q, Geng K, Chen P (2014) A secure data self-destructing scheme in cloud computing. Cloud Comput IEEE Trans 2(4):448–458
Xiong J, Liu X, Yao Z, Ma J, Li Q, Geng K, Chen PS (2014) A secure data self-destructing scheme in cloud computing. IEEE Trans Cloud Comput 2(4):448–458
Xu C, Zhang Y, Yu Y, Zhang X, Wen J (2014) An efficient provable secure public auditing scheme for cloud storage. KSII Trans Internet Inf Syst 8(11):4226–4241
Xu G, Chen C, Wang H, Zang Z, Pang M, Jiang P (2011) Two-Level Verification of Data Integrity for Data Storage in Cloud Computing. Advanced Research on Electronic Commerce, vol 143., Web Application, and Communication, Communications in Computer and Information ScienceSpringer, Berlin Heidelberg, pp 439–445
Yakoubov S, Gadepally V, Schear N, Shen E, Yerukhimovich A (2014) A survey of cryptographic approaches to securing big-data analytics in the cloud. In: High Performance Extreme Computing Conference (HPEC), 2014 IEEE, pp 1–6
Yang C, Lai J (2013) Protecting data privacy and security for cloud computing based on secret sharing. In: International Symposium on Biometrics and Security Technologies, ISBAST 2013, 2-5 July, 2013, Chengdu, Sichuan, China, pp 259–266
Yang J, Chen Z (2010) Cloud computing research and security issues. In: Computational Intelligence and Software Engineering (CiSE), 2010 International Conference on, pp 1–3
Yang K, Jia X (2014) ABAC: Attribute-based access control. In: Security for Cloud Storage Systems, pp. 39–58. Springer New York
Yao A (1986) How to generate and exchange secrets. In: Foundations of Computer Science, 1986., 27th Annual Symposium on IEEE, pp 162–167
Yi X, Paulet R, Bertino E (2014) Homomorphic encryption and applications. Springer International Publishing, SpringerBriefs in Computer Science
Young A, Yung M (2004) Malicious cryptography: exposing cryptovirology, Wiley
Zhang Y, Juels A, Reiter MK, Ristenpart T (2012) Cross-VM side channels and their use to extract private keys. Proceedings of the 2012 ACM Conference on Computer and Communications Security., CCS ’12ACM, New York, NY, USA, pp 305–316
Zhang Y, Katz J, Papamanthou C (2015) IntegriDB: Verifiable SQL for Outsourced Databases. In: Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, CCS ’15, ACM, pp 1480–1491
Zhao F, Li C, Liu CF (2014) A cloud computing security solution based on fully homomorphic encryption. In: Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp 485–488
Zheng Y, Yuan X, Wang X, Jiang J, Wang C, Gui X (2015) Enabling encrypted cloud media center with secure deduplication. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIA CCS ’15, pp. 63–72. ACM
Zhou M, Zhang R, Xie W, Qian W, Zhou A (2010) Security and privacy in cloud computing: a survey. In: Semantics Knowledge and Grid (SKG), 2010 Sixth International Conference on, pp 105–112
Zhou Y, Evans D (2014) SSOScan: Automated testing of web applications for single sign-on vulnerabilities. In: 23rd USENIX Security Symposium (USENIX Security 14), pp. 495–510. USENIX Association. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/zhou
Acknowledgments
This research is supported by a grant from Ministry of Development of Turkey provided to the Cloud Computing and Big Data Research Lab Project. The author would like to thank Thomas-Brochmann Pedersen, Markku-Juhani Saarinen, İsa Sertkaya, Osmanbey Uzunkol, Devrim Ünal, and anonymous reviewers for their time, insightful comments, and support.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kiraz, M.S. A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing. J Ambient Intell Human Comput 7, 731–760 (2016). https://doi.org/10.1007/s12652-016-0385-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-016-0385-0