Content uploaded by Iman Shakeel
Author content
All content in this area was uploaded by Iman Shakeel on Mar 12, 2023
Content may be subject to copyright.
Securing Data in Cloud: Major Threats and
Recent Strategies
Iman Shakeel
Department of Electrical Engineering,
Jamia Millia Islamia.
New Delhi-110025, India.
E-mail: imanshakeelahmad@gmail.com
Shabana Mehfuz
Department of Electrical Engineering,
Jamia Millia Islamia.
New Delhi-110025, India.
E-mail: smehfuz@jmi.ac.in
Shahnawaz Ahmad
Department of Electrical Engineering,
Jamia Millia Islamia.
New Delhi-110025, India.
E-mail: shahnawaz98976@gmail.com
Abstract- Innovation permeates deep into every part of our
modern life and, in doing so, easily enables attackers to
readily penetrate and attack a targeted enterprise at the
least conceivable expense. Regardless, it’s challenging for
any company to notice it swiftly, even after being prepared
for any unexpected occurrence. Furthermore, while Cloud
computing lets its users maintain their data throughout the
grid in an online environment, that data can be accessed
easily from anywhere worldwide. However, as security
becomes a crucial rising concern, most people, mainly those
oblivious to the increasing number of attacks and technical
breakthroughs, are concerned about storing their data on
the cloud. This paper discusses how to solve the
aforementioned issues while providing an ingenious
approach to numerous security risks in the cloud computing
space.
Keywords- Cloud Computing, Cloud Security, Threats,
Countermeasures.
I. INTRODUCTION
The advent of cloud computing has increased both
consumers' and service providers' access to modern
computing. Cloud computing gives users access to
limitless processing power. The cloud data center
provides resources for computers. A data center is a
facility that operates twenty-four hours a day, seven days
a week, and is where many computers and servers are
kept. Most small and medium-sized firms rely on the
cloud for daily operations. Cloud resources are made up
of platforms, infrastructure, and software components.
Furthermore, the main platform for providing cloud-based
services is infrastructure as a service (IaaS). Although
Google, Microsoft, and other businesses may now offer
support for it, Amazon was the first to offer IaaS.
Utilizing the cloud guarantees the user will always have
simple and direct access to the data they have stored
whenever required. Additionally, the cloud provides the
highest possible standard of protection for data against
physical loss. However, it should be noted that data
breaches occur more frequently when it comes to
cloud-based data. One illustration of this is the power of
the cloud to stop piracy. Abuse, tapping, etc., are a few
instances [17].
Over the recent years, cloud networking has evolved
significantly to become an essential part of the current and
prospective web technological advancements. Cloud
computing is also synonymously referred to as internet
computing. The world wide web broadly provides
network computing clusters, which authorize users to
access web resources all over the Internet. Cloud
networking technology can be accessed quickly from any
place at any moment, and in doing that, avoid facing any
physical issues with essential data resources. A
noteworthy cloud networking model, Google apps
provides various services to innumerable gadgets globally
via an internet browser application [1].
The National Institute of Standards and Innovation
designated five significant businesses in the cloud
networking field: "on-demand self-service, broad network
access, resource pooling, quick elasticity or expansion,
and determined service." Multiple different associations
described network computing as vigorous while quickly
offering virtualized tech resources for their consumers
throughout the world wide web [2]. Network computing
retains the position of being established as quite an
efficient technology for all the provided benefits;
however, it brings forth numerous dangers. Over many
years of its growth, data privacy invasions and resource
theft have stood notified as critical because the
information held in the network storage by an institution
or a unique user is covert and discreet.
For quite some time now, security has remained the most
crucial worry for the system and is among the vital
essential elements of cloud computing. It frequently faces
security problems and penetrations from harmful
software. Additionally, a host of issues like data storage
and cloud data transfer pose significant problems for the
customer. Additionally, enterprises that provide cloud
computing services need to substantiate their offerings'
serviceability, security, and accessibility. Numerous
elements could perhaps influence the schedule and the
convenience of network processing resources, such as
assistance rejection or natural/abnormal catastrophes.
Information discretion also stands amongst cloud
computing protection's central issues since customers
frequently complain that their information needs to be
protected from other parties. Also, because cloud
networking is utilized for data access by different parties,
information robbery continues to be a widespread and
significant concern for service providers and users [3].
It is via cloud computing that cyberattacks are most likely
to take place in an organization. A significant deal of this
cybercrime happens from the most ordinary encounters on
the Internet like a Brute force attack, DDOS invasion, vile
abuse of network computing, Insecure platform junction
and APIs, and so forth. Thus, it's been deemed crucial for
the providers that operate in the domain of cloud network
processing to intensify their internet safety, security, and
access systems to their information to keep a ledger of
who handled them.
Businesses nowadays like offering network computing
options while building out the on-site framework in their
institution, but quite a lot of them are unsure regarding the
safety issues relating to the data and apps of their
company. The International Data Corporation surveyed
263 information technology administrators with their field
of business associates to determine the preferences and
enterprises' use of information technology cloud
networking services. Protection and security were
categorized as prime tribulations of cloud computing [4].
Given the aforementioned problems, our contribution in
this paper is to articulate and examine existing cloud
security solutions in terms of:
●Conducting a comparative analysis to evaluate
the recent works related to Cloud Computing
risks and threats.
●Providing a detailed overview of various security
vulnerabilities already existing in the cloud and
their impact on different cloud models and cloud
services.
●Having fundamental knowledge of the adverse
impacts in case of a security breach.
●Drawing special attention to areas for future
work where developments can be made by
examining the research gaps currently existing in
present-day solutions.
●Analyzing the fundamental reasons behind the
exponential rise of security threats and breaches.
The paper is organized in the following order. In section
2, the cloud computing architecture has been discussed.
Here we highlight the different cloud security threats and
ways to counter them effectively in section 3. In section 4,
we perform a comparative analysis of the recent works
accomplished in the cloud security arena, along with
suggestions to overcome the research gaps identified
during the study. Finally, the paper is summarized with a
brief conclusion in section 5.
II. CLOUD ARCHITECTURE
Fig 1. Typical Cloud Service Context
Cloud computing models are divided into public, hybrid
and private clouds.
Public Cloud: In a public cloud, a programmer develops
a variety of tools for creating and securing applications
that anybody can use. Programs are run by cloud vendors
externally in public clouds, while private clouds are used
to store critical information.
Private Cloud: A Private cloud symbolizes interior
monetary benefits that are not easily available to the
general public. The architecture for this service concept
provides a specific group of users with hosted utilities
behind a firewall.
Hybrid Cloud: A hybrid cloud combines personal and
public clouds. Organizations use hybrid clouds, where
resources are provided inside and used externally. Within
a hybrid cloud, companies only need to grant authorized
employees access to the personal cloud portion and
protect it from outside input with firewall software. On
the other hand, outsiders can access the public cloud [5].
The three primary types of service in cloud computing:
“Platform as a Service (PaaS), Software as a Service
(SaaS), and Infrastructure as a Service (IaaS)” [6]
PaaS
Consumers are granted access to internal structures,
enabling them to deploy consumer-created or acquired
application software and many others onto the cloud
platform by utilizing the tools and programming
languages supported by the cloud service. In addition to
operating server software, PaaS additionally involves
using IaaS [1, 6].
SaaS
Cloud provider apps running on public clouds are offered
as benefits to customers based on their requirements,
allowing consumers to take full advantage of services
supported by cloud servers. Patching, upgrading, and
maintenance are complex activities that SaaS avoids [1,
6].
IaaS
Customers can manage virtual computers, use them,
conduct online transactions, and connect to networks
thanks to the availability of leasing, capability,
networking, and with that, some other processing
prerequisites. Material, digital, and comparatively more
secured web devices are displayed in IaaS cloud
computing [1, 6]. Users, however, lack sufficient
confidence to upload their data to the cloud platforms.
III. CLOUD SECURITY THREATS AND
COUNTERMEASURES
Data security is the cloud's main downside for those who
question its benefits. The core issue with the cloud is data
security, a problem that is only getting worse with time
[18]. If data is lost or corrupted, businesses and their
clients suffer severely. Therefore, cloud data security is a
pressing concern [19–20]. Since the cloud is a vast
computer network, stronger and more effective data
protection is required. A hierarchical management
approach that combines user passwords with secret
sharing is provided [21] in order to prevent a
cryptographic data leak. To secure cloud data, [22] a
symmetric key encryption technique is developed, which
encrypts a file locally on the client side before uploading
to the cloud and decrypts the file using the key received
during encryption after downloading on the client side.
One can be sure of the safety of their data when using
cryptography. But not all encryption techniques work well
in a cloud setting [23]. This study aims to assess current
techniques and safe data storage developments in cloud
computing to address security and privacy challenges,
such as data loss, manipulation, and theft [24].
Outsourcing IT services is possible due to cloud
computing. However, data breaches are multiplied when
data is outsourced. In terms of cloud security, data
security is a great concern. The data that has been
outsourced is maintained and controlled by the cloud
service providers. The user is unaware of third-party
cloud service providers. Users are also unable to
determine who is in charge of keeping their data up to
date and where it is kept. Cloud vendors store user data
according to their standards. More alternatives for
learning about the data sent to the cloud may be available
to providers. Data security in the cloud is provided both
when the data is in transit and at rest. Both internal and
external users can attack data while it is in storage and
during transmission across the network. Although it takes
time, data security in a hybrid cloud environment is of the
utmost importance. To avoid these problems, the user
encrypts the data and saves it on the cloud.
The suggested strategy's main focus is the cloud storage
of data in the cloud. However, the data can also be stored
in a hybrid cloud. The data may be stored in a hybrid
cloud, depending on the user's preference. Depending on
the user's request, a private or a public cloud can store the
data. Users can also choose the type of cloud depending
on how sensitive the data is. Under the suggested
approach, encryption, keys, and storage would be housed
in separate regions of the cloud because if they were all
obtained from the same cloud provider, they might share
information about the material in their storage. The
suggested framework design in Fig. 2 illustrates the use of
entities to safeguard data.
Fig 2. A Conceptual Framework and its Constituent Elements
Threat is the term used to describe an external force that
causes nodes currently in one state to move to another.
This node houses the data and provides a platform for the
user to use the application in the form of services.
Multiple attacks or intrusions can occur within cloud
applications. The subsequent paragraph mentions three
cloud service models that provide various services to the
user and make security and threat issues with data within
cloud systems visible.
1. Abuse and Dubious Utilization of Cloud Computing
Nowadays, signing up for and using cloud services has
become much more straightforward. This makes it simple
for hackers to access the cloud and exploit bugs in the
initial cloud registration procedure. SaaS, PaaS, and IaaS
services are available to them. Because of this, hackers
can engage in various risky actions like fraud, scamming,
and/or spamming. The dangers mentioned above stand
easily accessible across all three cloud levels.
Defensive measures involve (1) Stringent initial
authentication and validation process, (2) Enhanced
monitoring of illicit practices, (3) Comprehensive
introspection of network activity (4) Analyzing public
blacklists to supervise one's own network block.
2. Network Sniffing
Additionally, SaaS presents a threat. The hacker gains
access to web applications through this kind of threat. By
doing this, they can intercept packets as they move
through a network and seize any unencrypted data
transmitted through the captured packages. In such a
threat, the stolen data becomes accessible to everyone.
Defensive measures encompass (1) Restrict physical
access to the network media so that a packet sniffer
cannot be installed. (2) Utilise encryption to safeguard
private data while it is being transmitted and stored.
3. Session Hijacking
It is a violation of the user's session security. A new
session is started on the network when a user logs into a
website. It contains all the user's data and the data used by
the server so that the user does not need a password when
accessing unique pages. With all the crucial details, a
hacker can enter an active session and successfully access
that session ID using HTTP. The server uses session IDs
to identify users for a particular session. Hackers can
access this session hijacking to hijack the session ID and,
as a result, gain additional unauthorized access to the
user's data without consent. The most common session
hijacking attacks include cross-site scripting, session
fixation, side jacking, and session prediction.
Countermeasures include (1) making it illegal for users
and services to share login information, (2) implementing
two-factor solid authentication where appropriate, (3)
actively monitoring and spotting unauthorized activity,
and (4) comprehending the security policies and SLAs of
cloud providers.
4. Man in The Middle Attack
Another form of event hijacking is the MITM attack, in
which the hackers use a sniffer to intercept information
being exchanged between the devices used for data
collection and then send the information to themselves.
As a result, the consumer is fully convinced that the
interaction is uninterrupted, secure, and personal even
after the malicious attacker establishes an independent
connection with the device. In reality, though, the session
is entirely under the control of the hackers. Again, this
severely threatens the SaaS model.
Defensive measures involve (1) Trying to analyze the
security framework of Cloud Provider interfaces, (2)
Ensuring multi-factor robust authentication and access
control alongside the encrypted transmission, (3)
Monitoring the dependency chain affiliated with the API
5. Denial of Service
DoS is an attack upon the SaaS layer. By employing this
malicious attack, the hackers flood the web management
and services with so many requests that regular traffic
cannot be processed, disrupting normal operations.
Defensive measures involve (1) Trying to promote rigid
authentication for administrative usage and operations, (2)
Implementing SLAs for patching and vulnerability
reclamation, and (3) Undertaking vulnerability scanning
and configuration audits.
6. Flooding Attacks
This type of "denial of service attack" is used to saturate
the network with anomalous traffic to make it more
clogged. This foray happens when hackers flood the web
or other services with data packets. The host's buffer
memory is overrun with redundant and unused data due to
the server's constant assault from incomplete connections.
In the end, the network won't be able to establish any
connection if the buffer is given no space. Denial of
service will occur as a result of this. The IaaS and PaaS
layers of the cloud model are the targets of this attack.
Mitigation strategies include (1) Implementing
comprehensive API access control, (2) Encrypting and
securing the integrity of information during transmission,
(3) Analyzing data protection at run time as well as design
time, (4) Integrating robust key generation, and
management, data storage, and destruction.
7. Privacy Breach
As a result of giving up direct control over many
security-related issues to the cloud computing model,
organizations hand over an unprecedented amount of their
information and trust to the cloud provider. Any cloud
security gap will allow unauthorized users to access
information. This will make it possible for unauthorized
users to gain access to their personal data, which could
further result in unauthorized and malicious activities
involving the info saved. The SaaS model's users will be
affected the most by this.
Security measures entail (1) Strictly enforcing chain
management and undertaking regular evaluations, (2)
Adopting transparency in overall network security and
management procedures, and (3) Trying to incorporate
security breach alert processes.
IV. COMPARATIVE ANALYSIS OF RECENT
WORKS ACCOMPLISHED IN CLOUD
SECURITY
From comparatively analyzing the papers on computing
risks and threats, we suggest various possible solutions to
overcome the research gaps identified in the
methodologies used. A hands-on solution to consider the
effect of various system components (CPU, RAM, and
cache memory) is to use a Cache-Based Side-Channel
Intrusion Detector that uses Hardware Performance
Counters. Furthermore, a highly-secure cryptographic
technique known as the Manage-Your-Own-Key (MYOK)
model can enable hybrid cloud users to securely store
their data in the cloud. In the case of the three-MAKA
model, the communication cost can be reduced by taking
into account the full complexity of the networking
environment and the interactions that take place within it.
From our analysis, we also observed that it's crucial to
consider multiple attackers and the effect of their
malicious activities on numerous data storage systems, as
considering a single attacker attacking a single target
through one entry point will not be sufficient to analyze
the intensity of the security breach caused.
5.CONCLUSION
This paper aims to highlight cloud computing users'
serious security risks. There is still much to understand
about cloud computing because it has not yet been
sufficiently developed, and multiple possibilities exist for
potential successive development. After completing our
study on cloud security, we observed that security is the
main hurdle for both consumers and cloud service
companies. Many issues and concerns with cloud
computing security have been conceded as having severe
adverse effects on consumers' trust and confidentiality.
Prospective risks and security breaches to cloud
computing will be substantial as the technology improves.
This paper also aims to provide helpful recommendations
and constraints of primary open research to elucidate the
cloud's dilemmas, risks, and negative consequences.
While doing all that, this research study also strives to
provide a holistic range of perspectives for this field of
research and aid the researchers in identifying potential
countermeasures to such dangers and risks.
Cloud security continues to be crucial as more companies
integrate cloud services into their corporate
infrastructures. However, cloud security inadequacies are
known to have a deterrent effect on business interest in
cloud services, and to counter just that as the situation
stands, researchers are taking a proactive interest in
investigating different security paradigms to tackle the
concerns of the potential cloud subscriber base and
reassure them to safely and securely move their critical
applications and core business processes to the cloud.
Sources
Year
Proposal
Parameters taken
into account
Protocols used
Research gaps
identified
Advantages present
[25]
2021
An efficacious framework
is developed wherein each
network device is
targeted, observed, and
alternative solutions are
employed to defend the
cloud server.
Pattern Matching
Attack, Brute Force
Attack, DDoS Attack
URP, HIDS,
NIDS
Doesn’t take into
consideration the
effect of (RAM,
CPU, and cache)
at the time of
Intrusion
Detection System
(IDS) execution.
An efficacious
intrusion detection
system software is
tested and developed
to specifically
intercept intrusions
from the cloud.
[26]
2021
A key access management
scheme is created that
provides everyone in your
organization with a secure
way to access the public
cloud inside and outside
your organization's
network.
Key Recovery
Security, Key
Indistinguishability
Security
SLP, NCP
Does not take the
hybrid cloud
model into
account
The KDC does not
need to store private
keys anywhere,
eliminating data
breach issues and the
risk of key exposure.
[27]
2019
In a three-factor MAKA
protocol, Schnorr
signatures are used to
achieve dynamic
management of users and
provide a formal random
proof of security oracle.
Password and
Biometrics
Three-factor
MAKA
Communication
costs can be
improved
Supports dynamic
revocation, achieves
the security
characteristics of
requirements from
multi-server
environments,
improves functionality
without sacrificing
efficiency, and has
good computation
time.
[28]
2019
A Trust Assessment
Framework for Efficiently
and Effectively
Evaluating the
trustworthiness of Cloud
Services
Security and
reputation
assessment,
Trustworthy cloud
service selection,
Cloud-based IoT
Security controls
deliverable
(SCD
Practical cloud
Environment is
not tried and
tested.
Combines security and
reputation capabilities
of cloud services
[29]
2018
The suggested software
solution enables a cloud
provider's security
administrator to
effectively choose
mitigation measures
against certain threats.
Security Risk
Evaluation, Threat,
Vulnerability
STRIDE model
Assumes a
wholesome risk
of a VM without
analyzing the
impacts of
subcomponents
Considers a
single hacker,
single invasion
entry point, and a
single point of
attack.
Focuses on the unique
security requirements
that each customer has
in relation demands
outsourced from the
cloud
[30]
2021
Proactive auditing
strategy, which can
preclude breaches of
security guidelines at
runtime with a reasonable
reaction time without
prior knowledge about
future changes.
Security Auditing,
Runtime
Enforcement, Cloud
Security, Proactive
Auditing
VeriFlow] and
NetPlumber
The policies
involving
session/context-s
pecific data are
not considered in
this work.
Can aid analysts in
diagnosing critical
events more
efficaciously, which
could enhance the
accuracy of
comprehensive
protection auditing.
REFERENCES
[1]. Farhan Bashir Shaikh and S. Haider, "Security threats in
cloud computing," 2011 International Conference for Internet
Technology and Secured Transactions, Abu Dhabi, 2011, pp.
214-219.
[2]. I. M. Khalil, A. Khreishah, S. Bouktif, and A. Ahmad,
"Security Concerns in Cloud Computing," 2013 10th
International Conference on Information Technology: New
Generations, Las Vegas, NV, 2013, pp. 411-416.
[3]. B. Reddy, R.Paturi, "Cloud Security Issues," IEEE
International Conference on Services Computing, 2009
[4]. K. Popović and Ž. Hocenski, "Cloud computing security
issues and challenges," The 33rd International Convention
MIPRO, Opatija, 2010, pp. 344-349
[5]. F. Sabahi, "Cloud computing security threats and responses,"
2011 IEEE 3rd International Conference on Communication
Software and Networks, Xi'an, 2011, pp. 245-249.
[6]. Hussein, N.H. and Khalid, A., A survey of cloud computing
security challenges and solutions. International Journal of
Computer Science and Information Security, 2016, 14(1),
p.52.
[7]. Zissis, D., & Lekkas, D, "Addressing cloud computing
security issues." Future Generation Computer Systems,
Vol.28, no.3, pp 583- 592, 2012.
[8]. Cloud computing Environment against DDoS Attacks”,
IEEE, pp. 1-Bansidhar Joshi, A. Santhana Vijayan, Bineet
Kumar Joshi, “Securing 5, 2011.
[9]. Haoyong Lv and Yin Hu, "Analysis and Research about
Cloud Computing Security Protect Policy," IEEE, pp.
214-216, 2011.
[10]. M.Rajendra Prasad, R. Lakshman Naik, V.Bapuji," Cloud
Computing: Research Issues and Implications, "International
Journal of Cloud Computing and Services Science
(IJ-CLOSER) Vol.2, no.2, pp. 134- 140, 2013.
[11]. Mladen A. Vouch," Cloud Computing Issues, Research and
Implementations," Journal of Computing and Information
Technology, Vol. 4, pp 235–246, 2008.
[12]. Ashish Kumar," World of Cloud Computing & Security,"
International Journal of Cloud Computing and Services
Science (IJ- CLOSER) Vol.1, no.2, pp. 53~58, 2012.
[13]. Hemraj Saini, T. C. Panda, Minaketan Panda, "Prediction of
Malicious Objects in Computer Network and Defense,"
International Journal of Network Security & Its Applications
(IJNSA), Vol.3, no.6, pp.161-171, 2011.
[14]. Pankaj Patidar and Arpit Bhardwaj, "Network Security
through SSL in Cloud Computing Environment,"
International Journal of Computer Science and Information
Technologies, Vol. 2, no.6, 2011.
[15]. S. Subashini and V. Kavitha, “A survey on security issues in
service delivery models of cloud computing,” J. Netw.
Comput. Appl., vol. 34, no. 1, pp. 1–11, 2011.
[16]. Z. Wang, “Security and Privacy Issues within Cloud
Computing,” in 2011 International Conference on
Computational and Information Sciences, pp.175–178,2011.
[17]. W. Wu, Q. Zhang and Y. Wang, "Public Cloud Security
Protection Research," 2019 IEEE International Conference
on Signal Processing, Communications and Computing
(ICSPCC), 2019, pp. 1-4, doi:
10.1109/ICSPCC46631.2019.8960734.
[18]. J. Zhang, D. Sun and D. Zhai, "A research on the indicator
system of Cloud Computing Security Risk Assessment,"
2012 International Conference on Quality, Reliability, Risk,
Maintenance, and Safety Engineering, 2012, pp. 121-123,
doi: 10.1109/ICQR2MSE.2012.6246200.
[19]. M. Colombo, R. Asal, Q. H. Hieu, F. Ali El-Moussa, A.
Sajjad and T. Dimitrakos, "Data Protection as a Service in the
Multi-Cloud Environment," 2019 IEEE 12th International
Conference on Cloud Computing (CLOUD), 2019, pp. 81-85,
doi: 10.1109/CLOUD.2019.00025.
[20]. E. Bacis, S. De Capitani di Vimercati, S. Foresti, S.
Paraboschi, M. Rosa and P. Samarati, "Securing Resources in
Decentralized Cloud Storage," in IEEE Transactions on
Information Forensics and Security, vol. 15, pp. 286-298,
2020, doi: 10.1109/TIFS.2019.2916673.
[21]. H. Song, J. Li, and H. Li, "A Cloud Secure Storage
Mechanism Based on Data Dispersion and Encryption," in
IEEE Access, vol. 9, pp. 63745-63751, 2021, doi:
10.1109/ACCESS.2021.3075340.
[22]. A. Musa and A. Mahmood, "Client-side Cryptography Based
Security for Cloud Computing System," 2021 International
Conference on Artificial Intelligence and Smart Systems
(ICAIS), 2021, pp. 594-600, doi:
10.1109/ICAIS50930.2021.9395890.
[23]. Megha Vashishtha, Dr Pradeep Chouksey, “A Hybrid Data
Security and Identification Mechanism in Cloud Computing,”
nternational Journal of Scientific and Technological
Research, Volume 8, Issue 09, (2019), pp. 1565-1571.
[24]. R. Adee and H. Mouratidis, "A Dynamic Four-Step Data
Security Model for Data in Cloud Computing Based on
Cryptography and Steganography", Sensors, vol. 22, no. 3, p.
1109, 2022. doi: 10.3390/s22031109.
[25]. Muhammad Nadeem; Ali Arshad; Saman Riaz; Shahab S.
Band; Amir Mosavi, “Intercept the Cloud Network from
Brute Force and DDoS Attacks via Intrusion Detection and
Prevention System”, vol. 9, pp. 152300 - 152309, 2021. doi:
10.1109/ACCESS.2021.3126535
[26]. Baris Celiktas; Ibrahim Celikbilek; Enver Ozdemir, “A
Higher-Level Security Scheme for Key Access on Cloud
Computing”, vol. 9, pp. 107347 - 107359, 2021,
10.1109/ACCESS.2021.3101048
[27]. Wei Li; Xuelian Li; Juntao Gao; Haiyu Wang, “Design of
Secure Authenticated Key Management Protocol for Cloud
Computing Environments”, vol. 18, Issue 3, pp. 1276 - 1290,
2019, doi: 10.1109/TDSC.2019.2909890
[28]. Xiang Li; Qixu Wang; Xiao Lan; Xingshu Chen; Ning
Zhang; Dajiang Chen, “Enhancing Cloud-Based IoT Security
Through Trustworthy Cloud Service: An Integration of
Security and Reputation Approach”, vol. 7, pp. 9368 - 9383,
2019, doi: 10.1109/ACCESS.2018.2890432
[29]. Armstrong Nhlabatsi; Jin B. Hong; Dong Seong Kim;
Rachael Fernandez; Alaa Hussein; Noora Fetais,
“Threat-Specific Security Risk Evaluation in the Cloud”, vol.
9, Issue: 2, 2021, doi: 10.1109/TCC.2018.2883063
[30]. Suryadipta Majumdar; Gagandeep Singh Chawla; Amir
Alimohammadifar; Taous Madi; Yosr Jarraya, Makan
Pourzandi, Lingyu Wang and Mourad Debbabi, “ProSAS:
Proactive Security Auditing System for Clouds”, vol. 19,
Issue 4, 2021, doi: 10.1109/TDSC.2021.3062204