American Journal of Systems and Software
ISSN (Print): 2372-708X ISSN (Online): 2372-7071 Website: Editor-in-chief: Josué-Antonio Nescolarde-Selva
Open Access
Journal Browser
American Journal of Systems and Software. 2016, 4(1), 14-26
DOI: 10.12691/ajss-4-1-2
Open AccessReview Article

A Survey on Secure Cloud: Security and Privacy in Cloud Computing

Shyam Nandan Kumar1, and Amit Vajpayee2

1M.Tech-Computer Science and Engineering, Lakshmi Narain College of Technology-Indore (RGPV, Bhopal), MP, India

2Department of Computer Science and Engineering, Lakshmi Narain College of Technology-Indore (RGPV, Bhopal), MP, India

Pub. Date: February 01, 2016

Cite this paper:
Shyam Nandan Kumar and Amit Vajpayee. A Survey on Secure Cloud: Security and Privacy in Cloud Computing. American Journal of Systems and Software. 2016; 4(1):14-26. doi: 10.12691/ajss-4-1-2


Cloud computing is an emerging technology that is still unclear to many security problems. The security problem becomes amplified under the cloud model as new dimensions enter into the problem scope related to the architecture, multi-tenancy, layer dependency, and elasticity. This survey paper introduces a detailed analysis of the cloud security problem. In this paper various existing approaches related to data encryption and message authentications are discussed. After study the existing approaches, issues and challenges are point out during data processing over the cloud. Instead of only encryption or authentication, this paper suggests attribute based encryption and attribute based authentication together, during communication over the cloud for achieving better security.

cloud computing data sharing decryption encryption concurrent access distributed system web message signing and verification data confidentiality message authentication cloud security

Creative CommonsThis work is licensed under a Creative Commons Attribution 4.0 International License. To view a copy of this license, visit


[1]  Shyam Nandan Kumar, “Cryptography during Data Sharing and Accessing Over Cloud.” International Transaction of Electrical and Computer Engineers System, vol. 3, no. 1 (2015): 12-18.
[2]  Shyam Nandan Kumar, “DecenCrypto Cloud: Decentralized Cryptography Technique for Secure Communication over the Clouds.” Journal of Computer Sciences and Applications, vol. 3, no. 3 (2015): 73-78.
[3]  Shyam Nandan Kumar, “Review on Network Security and Cryptography.” International Transaction of Electrical and Computer Engineers System, vol. 3, no. 1 (2015): 1-11.
[4]  Shyam Nandan Kumar, “World towards Advance Web Mining: A Review.” American Journal of Systems and Software, vol. 3, no. 2 (2015): 44-61.
[5]  Omar, M.N, Salleh, M., and Bakhtiari, M., “Biometric encryption to enhance confidentiality in Cloud computing”, International Symposium on Biometrics and Security Technologies (ISBAST), 2014, IEEE, pp. 45-50, Kuala Lumpur.
[6]  Chandar, P.P., Mutkuraman, D. and Rathinrai, M., “Hierarchical attribute based proxy re-encryption access control in cloud computing”, International Conference on Circuit, Power and Computing Technologies (ICCPCT), 2014, IEEE, pp. 1565-1570, Nagercoil.
[7]  A. Sahai and B. Waters, “Fuzzy identity-based encryption”, in EUROCRYPT, ser. Lecture Notes in Computer Science, vol. 3494. Springer, pp. 457-473, 2005.
[8]  V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-Based Encryption for Fine-Grained Access Control of Encrypted data,” in Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS ’06). ACM, 2006, pp. 89-98.
[9]  B. Waters, “Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization,” in Public Key Cryptography (PKC '11), pp. 53-70, Springer, Berlin, Germany, 2011.
[10]  Wenyi Liu, Uluagac, A.S. and Beyah, R., “MACA: A privacy-preserving multi-factor cloud authentication system utilizing big data”, IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), 2014, pp. 518-523, Toronto, ON.
[11]  Jen Ho Yang and Pei Yu Lin, “An ID-Based User Authentication Scheme for Cloud Computing”, Tenth International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP), 2014, IEEE, pp. 98-101, Kitakyushu.
[12]  Jia-Lun Tsai and Nai-Wei Lo, “A Privacy-Aware Authentication Scheme for Distributed Mobile Cloud Computing Services”, Systems Journal, IEEE (Volume: 9, Issue: 3), pp. 805-815, 21 May 2015.
[13]  Zheming Dong, Lei Zhang and Jiangtao Li, “Security Enhanced Anonymous Remote User Authentication and Key Agreement for Cloud Computing”, IEEE 17th International Conference on Computational Science and Engineering (CSE), 2014, pp. 1746-1751, Chengdu.
[14]  Nimmy, K., and Sethumadhavan, M., “Novel mutual authentication protocol for cloud computing using secret sharing and steganography”, Fifth International Conference on the Applications of Digital Information and Web Technologies (ICADIWT), 2014, IEEE, pp. 101-106, Bangalore.
[15]  A. Verma and S. Kaushal, “Cloud Computing Security Issues and Challenges: A Survey”, Proceedings of Advances in Computing and Communications, Vol. 193, pp. 445-454, 2011.
[16]  P. Sharma, S. K. Sood, and S. Kaur, “Security Issues in Cloud Computing”, Proceedings of High Performance Architecture and Grid Computing, Vol. 169, pp. 36-45, 2011.
[17]  Sudharsan Sundararajan, Hari Narayanan, Vipin Pavithran, Kaladhar Vorungati, Krishnashree Achuthan, “Preventing Insider attacks in the Cloud”, Communications in Computer and Information Science, vol. 190, issue. 5, pp. 488-500, 2011.
[18]  Wayne Jansen, Timothy Grance, “NIST Guidelines on Security and Privacy in Public Cloud Computing”, Draft Special Publication 800-144, 2011.
[19]  Thomas W. Shinder, “Security Issues in Cloud Deployment models”, TechNet Articles, Wiki, Microsoft, Aug, 2011.
[20]  Alessandro Perilli, Claudio Criscione, “Securing the Private Cloud”, Article on Secure Networks,
[21]  Jon Marler, “Securing the Cloud: Addressing Cloud Computing Security Concerns with Private Cloud”, Rackspace Knowledge Centre, March 27, 2011, Article Id: 1638.
[22]  Krutz, Ronald L., and Russell Dean Vines. “Cloud Computing Security Architecture.” Cloud Security: A Comprehensive Guide to Secure Cloud Computing. Indianapolis, IN: Wiley, 2010. 179-80.
[23]  “Swamp Computing a.k.a. Cloud Computing”, Web Security Journal. 2009-12-28.
[24]  “Top Threats Cloud Computing V1.0” , Cloud Security Alliance, 2010
[25]  R. Gellman, “Privacy in the clouds: Risks to privacy and confidentiality from cloud computing”, The World Privacy Forum, 2009.
[26]  Cross Site Scripting (XSS) attacks,
[27]  During the second half of 2007, 11,253 site-specific cross-site vulnerabilities were documented by XSSed, compared to 2,134 “traditional” vulnerabilities documented by Symantec, in “Symantec Internet Security Threat Report: Trends for July–December 2007 (Executive Summary)”.
[28]  Justin Clarke; SQL Injection Attacks and Defense; Syngress 2009.
[29]  A. Liu, Y. Yuan, A Stavrou, “SQLProb: A Proxybased Architecture towards Preventing SQL Injection Attacks”, SAC March 8-12, 2009, Honolulu, Hawaii, U.S.A.
[30]  Jonathan Katz, “Efficient Cryptographic Protocols Preventing Man in the Middle Attacks”, Doctoral Dissertation submitted at Columbia University, 2002.
[32]  Ron Rivest (2002-10-29). "Lecture Notes 15: Voting, Homomorphic Encryption.
[33]  Craig Gentry, “Fully Homomorphic Encryption Using Ideal Lattices”, ACM 978-1-60558-506-2/09/05, STOC’09, May 31–June 2, 2009, Bethesda, Maryland, USA.
[34]  B. R. Kandukuri, P. V. Ramakrishna, and A. Rakshit, “Cloud security issues,” in Proceedings of the IEEE International Conference on Services Computing (SCC '09), pp. 517–520, September 2009.
[35]  “Phlashing attack thrashes embedded systems” The Register.
[36]  Jackson Higgins, Kelly (May 19, 2008). “Permanent Denial-of-Service Attack Sabotages Hardware”, Dark Reading.
[37]  Cloud Security Alliance (2012) SecaaS implementation guidance, category 1: identity and Access managament. Available: .
[38]  Cloud Security Alliance (2011) Security guidance for critical areas of focus in Cloud Computing V3.0. Available:
[39]  Ju J, Wang Y, Fu J, Wu J, Lin Z (2010) Research on Key Technology in SaaS. In: International Conference on Intelligent Computing and Cognitive Informatics (ICICCI), Hangzhou, China. IEEE Computer Society, Washington, DC, USA, pp 384-387.
[40]  Rittinghouse JW, Ransome JF (2009) Security in the Cloud. In: Cloud Computing. Implementation, Management, and Security, CRC Press.
[41]  Subashini S, Kavitha V (2011) A survey on Security issues in service delivery models of Cloud Computing. J Netw Comput Appl 34(1):1-11.
[42]  Viega J (2009) Cloud Computing and the common Man. Computer 42(8):106-108.
[43]  Owens D (2010) Securing elasticity in the Cloud. Commun ACM 53(6):46-51.
[44]  Ju KPMG (2010) From hype to future: KPMG’s 2010 Cloud Computing survey. Available:
[45]  Jensen M, Schwenk J, Gruschka N, Iacono LL (2009) On technical Security issues in Cloud Computing. In: IEEE International conference on Cloud Computing (CLOUD’09). 116, 116, pp 109-116.
[46]  OWASP (2010) The Ten most critical Web application Security risks. Available:
[47]  Bezemer C-P, Zaidman A (2010) Multi-tenant SaaS applications: maintenance dream or nightmare? In: Proceedings of the Joint ERCIM Workshop on Software Evolution (EVOL) and International Workshop on Principles of Software Evolution (IWPSE), Antwerp, Belgium. ACM New York, NY, USA, pp 88-92.
[48]  Cloud Security Alliance (2012) Security guidance for critical areas of Mobile Computing. Available:
[49]  Mather T, Kumaraswamy S, Latif S (2009) Cloud Security and Privacy. O’Reilly Media, Inc., Sebastopol, CA.
[50]  Xu K, Zhang X, Song M, Song J (2009) Mobile Mashup: Architecture, Challenges and Suggestions. In: International Conference on Management and Service Science. MASS’09. IEEE Computer Society, Washington, DC, USA, pp 1-4.
[51]  Chandramouli R, Mell P (2010) State of Security readiness. Crossroads 16(3):23-25.
[52]  Jaeger T, Schiffman J (2010) Outlook: cloudy with a chance of Security challenges and improvements. IEEE Security Privacy 8(1):77-80.
[53]  Jasti A, Shah P, Nagaraj R, Pendse R (2010) Security in multi-tenancy cloud. In: IEEE International Carnahan Conference on Security Technology (ICCST), KS, USA. IEEE Computer Society, Washington, DC, USA, pp 35-41.
[54]  Garfinkel T, Rosenblum M (2005). When virtual is harder than real: Security challenges in virtual machine based computing environments. In: Proceedings of the 10th conference on Hot Topics in Operating Systems, Santa Fe, NM. Vol. 10. USENIX Association Berkeley, CA, USA, pp 227–-29.
[55]  Morsy MA, Grundy J, Müller I (2010) An analysis of the Cloud Computing Security problem. In: Proceedings of APSEC 2010 Cloud Workshop. APSEC, Sydney, Australia.
[56]  Ertaul L, Singhal S, Gökay S (2010) Security challenges in Cloud Computing. In: Proceedings of the 2010 International conference on Security and Management SAM’10. CSREA Press, Las Vegas, US, pp 36-42.
[57]  Reuben JS (2007) A survey on virtual machine Security. Seminar on Network Security. Technical report, Helsinki University of Technology, October 2007.
[58]  Hashizume K, Yoshioka N, Fernandez EB (2013) Three misuse patterns for Cloud Computing. In: Rosado DG, Mellado D, Fernandez-Medina E, Piattini M (ed) Security engineering for Cloud Computing: approaches and Tools. IGI Global, Pennsylvania, United States, pp 36-53.
[59]  Ranjith P, Chandran P, Kaleeswaran S (2012) On covert channels between virtual machines. Journal in Computer Virology Springer 8:85-97.
[60]  Grobauer B, Walloschek T, Stocker E (2011) Understanding Cloud Computing vulnerabilities. IEEE Security Privacy 9(2): 50-57.
[61]  Wu H, Ding Y, Winer C, Yao L (2010) Network Security for virtual machine in Cloud Computing. In: 5th International conference on computer sciences and convergence information technology (ICCIT). IEEE Computer Society Washington, DC, USA, pp 18-21.
[62]  Xiaopeng G, Sumei W, Xianqin C (2010) VNSS: a Network Security sandbox for virtual Computing environment. In: IEEE youth conference on information Computing and telecommunications (YC-ICT). IEEE Computer Society, Washington DC, USA, pp 395-398.
[63]  Cloud Security Alliance (2010) Top Threats to Cloud Computing V1.0. Available:
[64]  ENISA (2009) Cloud Computing: benefits, risks and recommendations for information Security. Available:
[65]  Rosado DG, Gómez R, Mellado D, Fernández-Medina E (2012) Security analysis in the migration to cloud environments. Future Internet 4(2):469-487.
[66]  Gonzales D, Kaplan J, Saltzman E, and Winkelman Z. “Cloud-Trust - a Security Assessment Model for Infrastructure as a Service (IaaS) Clouds”, IEEE Transactions on Cloud Computing, pp 1. (2015).
[67]  Hai Jin, Xinhou Wang, Song Wu and Sheng Di, “Towards Optimized Fine-Grained Pricing of IaaS Cloud Platform”, IEEE Transactions on Cloud Computing. Vol 3, issue 4, pp. 436-448, (2015).
[68]  Tatsuaki Okamoto and Katsuyuki Takashima, “Decentralized Attribute-Based Signatures” , Public-Key Cryptography – PKC 2013, Springer Berlin Heidelberg, pp 125-142.
[69]  Xiaofeng Chen, Jin Li, Xinyi Huang, Jingwei Li, Yang Xiang and Duncan S. Wong, “Secure Outsourced Attribute-Based Signatures”, pp: 3285-3294, IEEE, vol. 25, (2014).
[70]  R. Ostrovsky, A. Sahai, and B. Waters, “Attribute-based encryption with non-monotonic access structures,” in Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS '07), pp. 195-203, November 2007.
[71]  A. Lewko, A. Sanais, and B. Waters, “Revocation systems with very small private keys,” in Proceedings of the IEEE Symposium on Security and Privacy (SP '10), pp. 273-285, Oakland, Calif, USA, May 2010.
[72]  J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attribute-based encryption,” in Proceedings of the IEEE Symposium on Security and Privacy (SP '07), pp. 321-334, May 2007.
[73]  L. Cheung and C. Newport, “Provably secure ciphertext policy ABE,” in Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS '07), pp. 456–465, November 2007.
[74]  A. Lewko, T. Okamoto, A. Sahai, and B. Waters, “Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption,” in Advances in Cryptology: EUROCRYPT 2010, vol. 6110 of Lecture Notes in Computer Science, pp. 62-91, Springer, Berlin, Germany, 2010.
[75]  N. Attrapadung and H. Imai, “Dual-policy attribute based encryption,” in Applied Cryptography and Network Security, pp. 168–185, Springer, Berlin, Germany, 2009.
[76]  M. Chase, “Multi-authority attribute based encryption,” in Theory of Cryptography, vol. 4392 of Lecture Notes in Computer Science, pp. 515–534, Springer, Berlin, Germany, 2007.
[77]  J. Han, W. Susilo, Y. Mu, and J. Yan, “Privacy-preserving decentralized key-policy attribute-based encryption,” IEEE Transactions on Parallel and Distributed Systems, vol. 23, no. 11, pp. 2150-2162, 2012.
[78]  V. Bozovic, D. Socek, R. Steinwandt, and V. I. Villanyi, “Multi-authority attribute-based encryption with honest-but-curious central authority,” International Journal of Computer Mathematics, vol. 89, no. 3, pp. 268-283, 2012.
[79]  H. Lin, Z. Cao, X. Liang, and J. Shao, “Secure threshold multi authority attribute based encryption without a central authority,” Information Sciences, vol. 180, no. 13, pp. 2618-2632, 2010.
[80]  M. Chase and S. S. M. Chow, “Improving privacy and security in multi-authority attribute-based encryption,” in Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS '09), pp. 121–130, Chicago, Ill, USA, November 2009.
[81]  M. Mambo and E. Okamoto, “Proxy cryptosystems: delegation of the power to decrypt ciphertexts,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol. 80, no. 1, pp. 54-62, 1997.
[82]  M. Blaze, G. Bleumer, and M. Strauss, “Divertible protocols and atomic proxy cryptography,” in Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques (EUROCRYPT '98), pp. 127-144, Espoo, Finland, 1998.
[83]  Guojun Wang, Qin Liu, Jie Wu and Minyi Guo, “Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers”, 2011.
[84]  K. Emura, A. Miyaji, K. Omote, A. Nomura, and M. Soshi, “A ciphertext-policy attribute-based encryption scheme with constant ciphertext length,” International Journal of Applied Cryptography, vol. 2, no. 1, pp. 46-59, 2010.