Security Issues in Cloud Computing - A Review

Int. J. Advanced Networking and Applications
Volume: 6 Issue: 2 Pages: 2240-2243 (2014) ISSN : 0975-0290
2240
Security Issues in Cloud Computing - A Review
Irfan Hussain
Department of Information Technology, University of Gujrat, Pakistan
Email: im_qamar@yahoo.com
Imran Ashraf
Lecturer, Department of CS & IT, University of Gujrat, Pakistan
Email: ashrafimran@live.com
----------------------------------------------------------------------ABSTRACT-----------------------------------------------------------
Cloud Computing is the most emerging trend in Information Technology now days. It is attracting the
organizations due to its advantages of scalability, throughput, easy and cheap access and on demand up and down
grading of SaaS, PaaS and IaaS. Besides all the salient features of cloud environment, there are the big challenges
of privacy and security. In this paper, a review of different security issues like trust, confidentiality, authenticity,
encryption, key management and resource sharing are presented along with the efforts made on how to overcome
these issues.
Keywords - Cloud Computing, Security Issues, trust, confidentiality, authenticity, encryption
-------------------------------------------------------------------------------------------------------------------------------------------------
Date of Submission : July 27, 2014 Date of Acceptance : August 22, 2014
-------------------------------------------------------------------------------------------------------------------------------------------------
1. INTRODUCTION
With the advancement in technology, the IT
infrastructure has changed completely. In the past, an
organization had to deploy expensive infrastructure to
perform their routine tasks and store the operational data
of the organization. Normally data was stored in
Relational Databases on one or more servers located inside
the organization and the clients needed to request data
from these server machines. This was quite costly as the
organization needed to hire personnel for deploying,
managing and maintaining the infrastructure.
In the last decades, concept of Clusters [1] and Grid
Computing [2] opened new ways for information
architecture and storage. It became possible to store data
on clusters or in the form of grids that were loosely
coupled, heterogeneous and geographically dispersed [3].
The concept of Cloud Computing [4] is relatively a new
concept originating its basis from Clusters [2] and Grid
Computing [3]. It uses the same idea of broad network
access and resource pooling but it is different from the
cluster and grids as it can provide on-demand self-
services [5] to its users.
No doubt, Cloud Computing has provided many exciting
services and features like flexibility, reliability, unlimited
storage, portability and the quick processing power but
cloud security is still a big issue [6]. Security issues
including lack of trust, the risk of malicious insiders, and
the failing of cloud services have been discussed in [7].
This paper reviews different security threats to Cloud
Computing like trust, privacy, confidentiality,
Authenticity, encryption and also discusses the presented
solutions to overcome these issues. Each of the security
threat will be discussed separately in different sections
along with the viable solution in given domain.
This paper is composed into 4 sections. Section 1
introduces cloud computing, its features and dilemmas.
Section 2 is about background work in cloud computing.
Section 3 discussed in detail the problems and proposed
solutions to tackle these problems. Section 4 is the
discussion of these issues and their solutions. In the end
conclusion and future work is given.
2. BACKGROUND WORK
Being the most trending technology of the age, the
research is being done widely on Cloud Computing and
especially on cloud security. In December 2008, Cloud
Security Alliance (CSA) [8] was formed with the aim to
provide assured security within cloud computing
environment. CSA launched “Security Guidance for
Critical Areas of Focus in Cloud Computing” [9] as their
initial product to help users get better insight about clouds
and the security parameters. The Cloud Computing
Interoperability Group and the Multi-Agency Cloud
Computing Forum have made lot of efforts to deliver
efficient and effective controls to provide information
security in Cloud environment [31].
For now, many efforts have been made to find main
security issues in cloud. It is described that privacy and
the trust are the major security issues faced by the cloud
computing [10]. Security and privacy challenges to cloud
computing are discussed in details in [11]. Where [12] also
addresses the security issue. It is claimed that cloud
systems can’t prosper without resolving security and
privacy issues [13]. A cloud computing framework and
information asset classification model were proposed to
help cloud users choosing different delivery services and
models [31].
3. SECURITY ISSUES AND SOLUTIONS
This section discusses the problems related to cloud
computing and their proposed solutions.

2241
3.1 TRUST
Trust between customer and service providers is the main
issue faced by cloud computing now days. Customer is
never sure whether the Service is trustworthy or not, and
whether his data is secure from the intruders or not. The
customer and Service provider are bound by Service Level
Agreement (SLA) document. This is a type of an
agreement between the customer and the service provider;
it contains the duties of service provider and his future
plans [7]. But unfortunately there are no standards for
SLA.
Many efforts have been made till now to resolve the issues
of trust and privacy to resolve the security issues in cloud.
A trust model is presented in [10] to enhance the security
and interoperability of cloud computing environment.
Husky Healthcare Social Cloud [14] presents a trust rating
mechanism to secure the cloud environment in
collaboration with social media. SLA Framework [15] is
used in [16] to propose a trust management model for
security in cloud environment.
3.2 CONFIDENTIALITY
Confidentiality means to prevent the disclosure of private
and important information. Since all the information is
stored on geographically dispersed locations,
confidentiality becomes a big issue. Many methods are
used to preserve confidentiality from which, encryption is
the widely used method. But it is relatively an expensive
method.
To preserve privacy, a secure cloud storage service [17] is
designed that is built upon the public cloud structure and
by using cryptographic techniques, privacy is achieved. A
new approach proposed by [18] uses hierarchy of P2P
reputation system to preserve privacy. It gains it with
virtualized defense. [19] Describes that the attribute-based
cryptography can be used to preserve privacy and maintain
security in a cloud based EHR system and patients can
share data in a flexible, scalable and dynamic manner.
3.3 AUTHENTICITY
Integrity is also a main issue faced by cloud computing. It
refers to the improper modification of information. As the
data resides in different places in a cloud so the access
control mechanism should be very secure and each user
must be verified as an authentic user.
Authentication problem can be solved by using the digital
signatures but even after having access to digital
signatures a user can’t get access and verify the subsets of
data.
An access control scheme presented by [20] is a
decentralized and robust access control mechanism where
the cloud user identity is verified by the cloud without
knowing the user's identity before storing information.
Information can be decrypted by only the authentic users.
Replay attacks are also prevented in this scheme. Another
scheme [21] new setting is presented where the users are
independent from the service providers and they don’t
need to register with them. Data owner provides the user
the credential information. The username and password
pair generates the identity information for each user that is
provided to the service provider by the data owner. This
scheme proves to be very scalable.
3.4 ENCRYPTION
Encryption is the most widely used data securing method
in cloud computing. It has many drawbacks. It needs high
computational power. The encrypted data need to be
decrypted every time when a query is run so it reduces the
overall database performance. Many methods are
presented to ensure better encryption in terms of better
security or the operations.
A method proposed by [22] suggests that by using several
cryptographic methods instead of only one can increase
the overall throughput. Data is encrypted using these
methods in each cell of a table in cloud. Whenever a user
wants to make a query, the query parameters are evaluated
against the data stored. The query results are also
decrypted by the user not the cloud itself so it increases the
overall performance.
Another method called end-to-end policy based encryption
[23] uses different policies to encrypt and decrypt data.
The decryption keys are released by the Trust Authority
enabling a user to get fine grained access control in public
clouds. Another approach called fully Homomorphic
encryption [24] is a new trend that can provide results of
calculation performed on encrypted data rather than the
raw data. It increases the data confidentiality and better
encryption.
3.5 KEY MANAGEMENT
While doing encryption, we need encryption/decryption
keys and managing these keys itself is a big security issue
in cloud environment. Storing these encryption keys on
cloud is a bad option. It is easy to store single encryption
key but for the real time systems it become a complex task
to store these keys. This may require a separate small
database to store the keys locally in a protected database.
But again that’s not a good idea because the purpose for
which we are shifting our data to clouds will become
worthless. As by doing so we will need additional
hardware and software resources and the cost issues will
also arise. The only solution to key management may be
through two-level encryption [25]. This can be very
helpful to store encryption keys in cloud.
3.6 DATA SPLITTING
Data splitting may be the better alternative to encryption.
It is surely very fast as compared to encryption itself. The
main idea behind it is to split the data over multiple hosts
that are non-communicatable. Whenever a user needs its
data back, he must have access to both of the service
providers to recollect his original data. No doubt it is very
fast technique but it has its own security issues.
Multi-Cloud Database Model [7] is a method for data
splitting where multiple clouds and different techniques
are used to ensure the integrity and availability of data
after splitting it. In this way the security is very much

2242
enhanced as the data is stored and replicated in multiple
clouds and there are fewer chances of the intruders to
attack. These clouds share data using secret sharing
algorithm [26] and TMR technique [27].
3.7 MULTI TENANCY
In a cloud environment, different resources and services
are shared among different applications at different
geographic locations. This is done to solve the issues of
resource scarcity and to eliminate cost that is the main
purpose of the cloud. But the sharing of the resources of
an organization gives birth to confidentiality issues. These
systems and applications must be isolated to some extent
in order to keep confidentiality alive. Otherwise it is very
difficult to supervise the data flow and the insecurity
issues arise [28].
Data and applications in a cloud may be stored on virtual
servers as well as on the actual hardware. In both of the
cases there are security issues involved. If these are stored
virtually, there are chances that one virtual machine
hosting a malicious application can affect the performance
of other machines. If these are stored on actual hardware,
there may be security issues because of multi-core
processing.
Cloud providers should employ Intrusion Detection
Systems to keep their customers safe in cloud environment
[29]. An architecture to deploy IDS is presented in [29].
Trusted cloud computing platform (TCCP) is designed to
provide better security of the virtual machines [30].
4. DISCUSSION
Cloud Computing has provided many exciting services
and features like flexibility, reliability, unlimited storage,
portability and the quick processing power but cloud
security is still a big issue. Major security issues faced by
the cloud like Trust, Confidentiality, Integrity,
authentication, encryption and recourse sharing issues
were discussed along with their solutions.
One main problem discussed is to define the proper format
of SLA document to make it clear in service provider as
well as in customers mind that what services the cloud is
intended to provide and what the customers expect from
the cloud.
Another major issue faced by cloud computing is
encryption and to solve this issue, different mechanisms
have been deployed like end-to-end policy based
encryption [23], Cryptographic methods [22] and fully
Homomorphic encryption [24].
Different trust management models [10],[14],[15],[16] are
also discussed. Secure cloud storage service [17],
Virtualized defense [18] and attribute-based cryptography
[19] are discussed as the major confidentiality preserving
techniques. Data splitting technique is discussed as an
alternative to encryption and its model [7] is also
described.
5. CONCLUSION
In this study, different security issues faced by cloud
computing are discussed along with the possible available
remedies to these problems. It can be concluded that the
data encryption and trust are the two major issues in this
regard followed by the authenticity and data integrity.
6. FUTURE WORK
Cloud computing is relatively a new and widely emerging
domain and it must have to overcome the security issues in
order to be more and more prominent technology of the
future. A lot of research is being done in this regard to
solve these major issues but still many problems are
unseen and unknown and the doors for future research are
always open.
REFERENCES
[1] Buyya, Rajkumar. "High performance cluster
computing." New Jersey: F'rentice (1999).
[2] Foster, Ian, and Carl Kesselman, eds. The Grid 2:
Blueprint for a new computing infrastructure.
Elsevier, 2003.
[3] What is grid computing? - Gridcafe. E-
http://sciencecity.org Retrieved 2014-06-18.
[4] Armbrust, Michael, et al. "A view of cloud
computing." Communications of the ACM 53.4
(2010): 50-58.
[5] Mell, Peter, and Timothy Grance. "The NIST
definition of cloud computing (draft)." NIST special
publication 800.145 (2011): 7.
[6] Weis, J., & Alves-Foss, J. (2011). Securing
Database as a Service. IEEE Security and Privacy,
49-55.
[7] AlZain, M., Soh, B., & Pardede, E. (2012). A New
Approach Using Redundancy Technique to Improve
Security in Cloud Computing. IEEE.
[8] Messmer, Ellen (March 31, 2009). "Cloud Security
Alliance formed to promote best practices".
Computerworld.Retrieved May 02, 2014.
[9] "Security Guidance for Critical Areas of Focus in
Cloud Computing". Cloud Security Alliance.
Retrieved May 02, 2014.
[10] Li, Wenjuan, and Lingdi Ping. "Trust model to
enhance security and interoperability of cloud
environment." In Cloud Computing, pp. 69-79.
Springer Berlin Heidelberg, 2009.
[11] Ko, Ryan KL, et al. "TrustCloud: A framework for
accountability and trust in cloud
computing." Services (SERVICES), 2011 IEEE
World Congress on. IEEE, 2011.
[12] Pearson, Siani, and AzzedineBenameur. "Privacy,
security and trust issues arising from cloud
computing." Cloud Computing Technology and

2243
Science (CloudCom), 2010 IEEE Second
International Conference on.IEEE, 2010.
[13] H. Takabi, J.B.D. Joshi, G. AhnSecurity and privacy
challenges in cloud computing environments. IEEE
Security & Privacy;, 8 (6) (2010), pp. 24–31
[14] Wooten, Ryan, et al. "Design and implementation of
a secure healthcare social cloud system." Cluster,
Cloud and Grid Computing (CCGrid), 2012 12th
IEEE/ACM International Symposium on.IEEE,
2012.
[15] M. Alhamad, "Conceptual SLA Framework for
Cloud Computing", Accepted for IEEE DEST 2010
on 15 March 2010 2010.
[16] Alhamad, Mohammed, Tharam Dillon, and
Elizabeth Chang. "Sla-based trust model for cloud
computing." Network-Based Information Systems
(NBiS), 2010 13th International Conference
on.IEEE, 2010.
[17] Kamara, Seny, and Kristin Lauter. "Cryptographic
cloud storage." Financial Cryptography and Data
Security.Springer Berlin Heidelberg, 2010.136-149.
[18] Hwang, Kai, Sameer Kulkareni, and Yue Hu.
"Cloud security with virtualized defense and
reputation-based trust mangement." Dependable,
Autonomic and Secure Computing,
2009.DASC'09.Eighth IEEE International
Conference on.IEEE, 2009.
[19] Narayan, Shivaramakrishnan, Martin Gagné, and
Reihaneh Safavi-Naini. "Privacy preserving EHR
system using attribute-based infrastructure."
Proceedings of the 2010 ACM workshop on Cloud
computing security workshop. ACM, 2010.
[20] Yu, Shucheng, et al. "Achieving secure, scalable,
and fine-grained data access control in cloud
computing." INFOCOM, 2010 Proceedings IEEE.
Ieee, 2010.
[21] Yassin, Ali A., et al. "Efficient Password-based Two
Factors Authentication in Cloud
Computing." International Journal of Security & Its
Applications 6.2 (2012).
[22] Purushothama. B., & Amberker, B. (2013). Efficient
Query Processing on Outsourced Encrypted Data in
Cloud with Privacy Preservation.
[23] Pearson, Siani, et al. "End-to-end policy-based
encryption and management of data in the cloud."
Cloud Computing Technology and Science
(CloudCom), 2011 IEEE Third International
Conference on. IEEE, 2011.
[24] Tebaa, Maha, Saïd El Hajji, and Abdellatif El Ghazi.
"Homomorphic encryption applied to the cloud
computing security." Proceedings of the World
Congress on Engineering. Vol. 1. 2012.
[25] Wang, Guojun, Qin Liu, and Jie Wu. "Achieving
fine‐grained access control for secure data sharing
on cloud servers." Concurrency and Computation:
Practice and Experience 23.12 (2011): 1443-1464.
[26] Shamir, Adi. "How to share a secret."
Communications of the ACM 22.11 (1979): 612-613.
[27] Lyons, Robert E., and Wouter Vanderkulk. "The use
of triple-modular redundancy to improve computer
reliability." IBM Journal of Research and
Development 6.2 (1962): 200-209.
[28] Behl, A., & Behl, K. (2012). An Analysis of Cloud
Computing Security Issues. IEEE, 109-114.
[29] Roschke, Sebastian, Feng Cheng, and Christoph
Meinel. "Intrusion detection in the cloud."
Dependable, Autonomic and Secure Computing,
2009. DASC'09. Eighth IEEE International
Conference on. IEEE, 2009.
[30] Santos, Nuno, Krishna P. Gummadi, and Rodrigo
Rodrigues. "Towards trusted cloud computing."
Proceedings of the 2009 conference on Hot topics in
cloud computing. 2009.
[31] Onwubiko, Cyril. "Security issues to cloud
computing." Cloud Computing. Springer London,
2010. 271-288.
Authors Biographies
Imran Ashraf is serving as a Lecturer
in Information Technology department
of University of The Punjab, Pakistan.
He did his MS in Computer Science
from Sweden. His research project in
MS was in Ericsson AB, Sweden and
was selected for “Sparbankstifflsesen
Kronan Scholarship” in Sweden. In his P.G.D he is a Gold
Medalist. His research interests include Cloud
Computing, Distributed Databases and Distributed
Computing.
Irfan Hussain is pursuing an M Phil in
Information Technology in University
of Gujrat at the moment. He got his BS
in Information Technology from
University of Gujrat. He is young
researcher with keen interest in Human
Computer Interaction and Cloud
Computing.

Security Issues in Cloud Computing - A Review

More Related Content

What's hot (16)

Viewers also liked (18)

Similar to Security Issues in Cloud Computing - A Review (20)

More from Eswar Publications (20)

Recently uploaded (20)

Security Issues in Cloud Computing - A Review