西南交通大学学报

第 55 卷 第 1 期 Vol. 55 No. 1
JOURNAL OF SOUTHWEST JIAOTONG UNIVERSITY
2020年 2 月 Feb. 2020

ISSN: 0258-2724 DOI：10.35741/issn.0258-2724.55.1.11

Research article

Computer and Information Science

INTEGRITY AND SECURITY IN CLOUD COMPUTING ENVIRONMENT:

A REVIEW

云计算环境中的完整性和安全性：回顾

Safa S. Abdul-Jabbar a, *, Ali Aldujaili b, Saja G. Mohammed с, Hiba S.Saeed d

a
Department of Computer Science, College of Science for Women, University of Baghdad
Al-Jadriya, Karrada, Baghdad, Iraq, safa.s@csw.uobaghdad.edu.iq
b
Department Affairs of Student Accommodation, University of Baghdad
Al-Jadriya, Karrada, Baghdad, Iraq, ali@uobaghdad.edu.iq
c
Department of Mathematics, College of Science, University of Baghdad
Al-Jadriya, Karrada, Baghdad, Iraq, saj85_gh@yahoo.com
d
College of Science for Women, University of Baghdad
Al-Jadriya, Karrada, Baghdad, Iraq, hiba.toshi1987@gmail.com

Abstract
Cloud computing is a newly developed concept that aims to provide computing resources in the most
effective and economical manner. The fundamental idea of cloud computing is to share computing
resources among a user group. Cloud computing security is a collection of control-based techniques and
strategies that intends to comply with regulatory compliance rules and protect cloud computing-related
information, data apps, and infrastructure. On the other hand, data integrity is a guarantee that the digital
data are not corrupted, and that only those authorized people can access or modify them (i.e., maintain
data consistency, accuracy, and confidence). This review presents an overview of cloud computing
concepts, its importance in many applications, and tools that can be used for providing the integrity and
security to the data located in the cloud environment.

Keywords: Data Security, Data Integrity, Cloud Computing, Cloud Security, Cloud Integrity

摘要 云计算是一个新近发展的概念，旨在以最有效，最经济的方式提供计算资源。云计算的基本
思想是在用户组之间共享计算资源。云计算安全性是基于控制的技术和策略的集合，旨在遵守法
规遵从性规则并保护与云计算有关的信息，数据应用程序和基础架构。另一方面，数据完整性保
证了数字数据不会被破坏，并且只有那些授权人员才能访问或修改它们（即，保持数据的一致性
，准确性和可信度）。本文对云计算概念，其在许多应用程序中的重要性以及可用于为位于云环
境中的数据提供完整性和安全性的工具进行了概述。

关键词: 数据安全性，数据完整性，云计算，云安全性，云完整性
 2 Abdul-Jabbar et al. / Journal of Southwest Jiaotong University / Vol. 55 No. 1 Feb. 2020

I. INTRODUCTION The cloud computing business model implies

Cloud computing offers a flexible and cost- two major key factors [7]:
effective solution for many Internet services [1].  The cloud service provider (CSP): deliver
By using cloud service, users transfer the burden applications via the Internet, which are accessed
of software installation, data maintenance, from web browsers and desktops, as well as
infrastructure, storage space, etc. to the cloud mobile apps.
service provider; these facilities give their users  Cloud service user (CSU): such as a
the opportunity to store, collect, and share consumer or an enterprise that accesses and uses
information in a transparent manner with other the cloud services, while business software and
users [2]. Small and medium-sized organizations information are stored remotely on servers.
are moving to cloud computing, as it supports Three types of clouds can be identified
quick access to their application and reduces depending on the level of provided service:
infrastructure costs. Therefore, cloud computing Infrastructure-as-a-Service (IaaS), Platform-as-a-
is considered as a technical solution and business Service (PaaS), and Software-as-a-Service
model that can sell and rent computing energy (SaaS), as shown in Figure 1. Cloud computing
[3]. Cloud computing is seen as one of today's faces various challenges, such as data security,
most successful computing techniques, capable lack of resources and knowledge, etc. [7].
of addressing inherently a number of challenges. Security was listed as the biggest challenge from
A number of key cloud computing features were all these challenges. The cloud providers need to
recognized, such as reliability, broad network make sure that they have appropriate security
access, scalability of infrastructure, flexibility, aspects because if things go wrong, they are the
location independence, economies of scale and ones who will take the responsibility [8], [9].
cost-effectiveness, and sustainability [4], [5]. In Data security is also described as the protection
addition, this cloud computing system contains and processing of private data from illegitimate
many characteristics, such as [5], [6]: entry, alteration, or interruption [10]. While cloud
1. Multiple operating systems run on multiple storage requires security that differs from
virtual machines and different underlying different users and apps, users share the same
hardware. three goals as availability, integrity, and
2. It can share all resources simultaneously to confidentiality. To achieve these goals, different
all users at the same time. types of instruments have been developed, such
3. The cloud system completely depends on as audition, access control, authentication,
virtualization. encryption, and digital signature [7].
4. For networks, clouds are distributed over This paper was organized as follows: Section
local area networks (LANs), wide area networks 2 describes a number of previous works. Section
(WANs), and metropolitan area network 3 deals with a general description of the cloud
(MANs). computing deployment model, as well as types of
5. Clouds allow multiple applications or services and applications. Section 4 is a
services to run at the same time. description of cloud computing attacks. The
6. Each user or application is provided with a security requirements and limitations are
secure virtual machine because the cloud system presented in Section 5. Furthermore, in section 6,
suffers from many challenges regarding sharing the conclusions are summarized.
and other characteristics mentioned previously.
 3

Figure 1. Cloud system model [8]

II. TYPES OF CLOUDS that information is correctly managed within the

There are essentially four kinds of clouds, as organization alone without the network
follows [6]: bandwidth limits.

A. Public Cloud C. Community Cloud

This is one of the clouds where cloud services This kind of cloud is essentially managed by a
are accessible over the Internet to customers group of origin servers with a common goal to
through a service provider. It offers them with a accomplish. Members share cloud access to data.
control mechanism. The services might be
available free of charge or on a pay-per-use D. Hybrid Cloud
model. This is a mixture of both public and private
clouds. It can also be described as multiple cloud
B. Private Cloud systems connected in a way that makes it easy to
This offers many of the public's advantages, move programs and data from one system to
but the primary distinction between the two is another.

Figure 2. Cloud computing deployment models

 4 Abdul-Jabbar et al. / Journal of Southwest Jiaotong University / Vol. 55 No. 1 Feb. 2020

Figure 2 describes the four different types of use qualification or assigned based strategies to
cloud computing deployment models with the detect unauthorized customers [30].
most advantages of each type. On the other hand, All these three types were illustrated
the most common and widely adopted types of previously in Figure 1. There are many
cloud computing services are: applications for cloud computing (e.g. healthcare,
1) Infrastructure-as-a-Service smart home and smart metering, smart energy,
IaaS is a computer deployment infrastructure smart logistics, smart cities and communities,
model that allows users, who have control over environmental monitoring, and web
the IT system virtually, to use lease power for applications). Moreover, several web-based
processing, networks, and other computer services use SaaS, IaaS, and PaaS besides the
resources from cloud providers [6]. pervious mentioned application examples (e.g.,
2) Platform-as-a-Service Gmail, Yahoo, and Skype use SaaS; Google
PaaS is a way to use lease hardware, operating Maps and Microsoft’s Azure use PaaS; IBM,
systems, storage, and network capability. The Amazon … etc.) [31].
service delivery model enables the client to use
lease virtualized servers and related services to III. LITERATURE REVIEW
run current apps or to develop and test new apps Cloud computing security and integrity is the
[30]. most widely discussed area in both industry and
3) Software-as-a-Service academic researchers. Therefore, in this section, a
SaaS ensures clear physical and application- number of related works will be addressed and
level to separate data from distinct users. This discussed as follows:
access control architecture can be used in cloud  Security Concern (Table 1)
computing for access management. It is better to

Table 1.
Related works in security concern
The proposed The used
Year Author names Advantage(s) Disadvantage(s)
method name technique(s)
- Simplifies the distribution of public
keys and reduces the size of SOAPa HIBC, SOAP
2009 Yan et al. [11] - headers. - messages, and
- HIBCb approach could limit the key PKG
issue of identity-based cryptography.
Marium et al. - Using EAP-CHAP and RSAd ensure RSA
2012 EAP-CHAPc -
[12] the security of client data in the cloud. algorithm
Data Third party
management and auditor, DESe,
Hojabri and - Improves the security of
software in the and Kerberos
2013 Venkat Rao - cloud computing through the provision
cloud may not
[13] of an authentication service.
be fully
confident.
- Saves time and computing TPA and
resources with the user's reduced online HMAC
burden.
- HMACg may provide data
stored in the cloud during the audit
2013 Arasu et al. [14] - -
process, together with homomorphic
tokens with data erasure-coded.
- One of the key issues is to
detect changes and misconduct during
TPAf's audit process.
- These three-way mechanisms AES
make it difficult for hackers to crack algorithm,
the security system and thus protect Diffie
Rewagad and data stored in the cloud. Hellman key,
2013 - -
Pawar [15] - If the key were hacked and digital
through transition, the data signature
confidentiality would be maintained by
using AESh.
- This new method helps users RSA
Shereek et al.
2014 to build trust in the cloud computing - algorithm and
[16]
environment. Fermat’s
 5

- - It also decreases the theorem

disadvantage of RSA encryption; this
means that making RSA encryption can
be faster than previous.
- Security for the entire cloud
computing environment, where it is
provided. RSA
- Each algorithm is performed algorithm and
on various servers to overcome the digital
Lenka and - system's slowdown problem. signature
2014 -
Nayak [17] - The used algorithms are technique
executed in altered servers at altered (MD5
locations; this will affect the intruder algorithm)
performance because he cannot easily
access or upload any file.

- This system is highly SHA-1i and

Shimbre and effective against malicious attacks on AES
2015 - -
Deshpande [18] data modification and collusion on algorithms
servers. and TPA
The proposed AES, TPA,
scheme cannot RSA
- It ensures privacy and public
perform all data algorithm, and
More and auditing for the cloud through the use
2016 - operations, such SHA-2
Chaudhari [19] of a TPA, which performs the audit
as updating data,
without retrieving the copy of the data.
deletion, and
insertion.
- This system provides IBC
confidentiality for encrypted data
stored on public servers.
- This system provides users
with controlled access and sharing of
Kaaniche et al.
2016 - data. -
[2]
- By using IBC-PKG, they can
issue their own public elements and
keep their resulting IBCj confidential.
Also, they use a data key that is derived
from the data identifier to encrypt.
- Improves security and
authentication through the use of RSA
algorithms, and only the authorized
user can access the data. RSA
2016 Singh et al. [20] - -
- If an unauthorized user can algorithm
access the data and decrypt them, he
cannot get back the original data from
it.
- Provides more confidential
data protection.
- Provides greater security for
residual data (cloud server) and moving AES, PGPk
2017 Jothy et al. [21] - data (network channel). - algorithms,
- The designed system will not and SSLl
allow anyone that has only a public key
to encrypt and decrypt data, which is
transmitted across the network.
- A collaborative solution.
- Avoid time attacks in the
2017 Raza et al. [22] VKCm - AES and VKC
cache in the cloud environment.

- Increases data security during

storage and transfer.
- By using the TPA technique,
the auditor is denied access to the user
AES
data.
2018 Akhil et al. [23] - Algorithm,
- - Since the AES encryption
and TPA
technique is used to transfer data, it
excludes the possibility of the system
being unavailable at times when huge
data arrives.
 6 Abdul-Jabbar et al. / Journal of Southwest Jiaotong University / Vol. 55 No. 1 Feb. 2020

- The combination of the used Triple AES

Taking long
techniques (AES and PGP over SSL) and PGP over
time duration
provides security to the confidential SSL
(time
data. algorithms
2018 Jothy et al. [24] consumption)
- The designed system will not
- and a lot of key
allow anyone that has only a public key
number
to encrypt and decrypt data, which is
generators.
transmitted across the network.
- Provides data
(confidentiality, authentication, and
AES, blow
verification).
fish algorithm,
- Protects the information from
Applied on text SMSn,
2018 Pius et al. [25] - unauthorized users.
only. OOADMo,
- Cloud users can manage the
and C#
privacy and integrity of their cloud-
programming
based data securely without relying on
the cloud provider's credibility.
a
SOAP: Simple object access protocol
b
HIBC: Hierarchical identity-based cryptography
c
EAP-CHAP: Extensible authentication protocol and Challenge handshake authentication protocol
d
RSA: Rivest–Shamir–Adleman
e
DES: Data Encryption Standard
f
TPA: Third-party auditor
g
HMAC: Hash message authentication code
h
AES: Advanced encryption standard
i
SHA-1: Secure hash algorithm-1
j
IBC: ID-based cryptography
k
PGP: Pretty good privacy
l
SSL: Secure socket layer
m
VKC: Variable key block cipher
n
SMS: Short message service
o
OOADM: Object-oriented analysis and Design method

 Integrity Concern (Table 2)

 7

Table 2.
Related works in integrity concern
The
proposed The used
Year Author names Advantage(s) Disadvantage(s)
method technique(s)
name
- Secure, efficient to use and Data owner,
possesses cloud storage capabilities. It verifies the data TPA, cloud
- Achieves privacy-preserving by using data server, AES,
and public auditing for the cloud by signatures SHA-2a, and
using TPA, which does the auditing comparison only, RSA
More and
2016 - without retrieving the data copy, which does not deal algorithms
Chaudhari [19]
hence privacy is preserved. with dynamic data
- The data is separated into operations, such as
some parts and then stored in the deletion, insertion,
cloud storage in an encrypted format, ...etc.
which keeps the data confidential.
- Public auditability.
- The proposed model has a
low client cost.
- Storage correctness.
- Batch auditing.
- Lightweight this allows the
user to carry out the initialization with
2019 Li et al. [26] - TPA and CSPb
the minimum
computation
overhead to access devices.
- Also, the proposed method
was designed to support data
dynamics and public
verifiability.
- A multipower variant of the PHCd and
Paillier cryptography system with a Hadoop
homomorphic tag is the main building MapReduce
component of the proposed approach. framework
Saxena and - It helps in cloud-based
2019 - -
Dey [27] dynamic data operations with less
overhead.
- The proposed system has
better security in the case of the
MITMc attack.
- Avoids the privacy issues by
separating the public and private data.
- Reduces the latency (avoids
Pitchai et al. the communication and computation
2019 AIVPe - CSPsf
[28] cost).
- Increases both the
outperforms efficiency and system
throughput.
- The proposed system is AES, hybrid
shown to be secure and highly reliable steganography
through extensive analysis of security scheme SVD-
Mahmood et al.
2019 - and efficiency. - DWTg, and
[29]
- The proposed method SHA-2
reduces the assumption of information
that is concealed in the image.
a
SHA-2: Secure hash algorithm-2
b
CSP: Cloud service provider
c
MITM: Man-in-the-Middle
d
PHC: Paillier homomorphic cryptography
e
AIVP: Availability and integrity verification protocol
f
CSPs: Cloud service providers
g
SVD-DWT: DWT (Discrete Wavelet Transform) and SVD (Singular Value Decomposition)
 8 Abdul-Jabbar et al. / Journal of Southwest Jiaotong University / Vol. 55 No. 1 Feb. 2020

IV. ATTACKS ON CLOUD COMPUTING A side-channel attack (SCA) is a reverse

engineering type of attack. Inherently, electronic
ENVIRONMENT circuits and software programs are leaky; they
Cloud computing becomes more sophisticated
generate emissions or a means of interaction as
and exposed to many attacks. Several types of
by-products, which allow an intruder to deduce
attacks, which threaten system security and
how the circuit operates and what data it
integrity, are illustrated as follows:
processes without access to the circuit itself [33].
A. Cloud Malware Injection Attack
F. User to Root Attack
An attacker attempts to inject malicious
In this type of attack, the attacker intends to
service or virtual machines into the cloud. In this
obtain administrator access privileges for an
attack, the attacker creates its own malicious
unauthorized account [34].
service implementation module (SaaS or PaaS) or
virtual machine instance (IaaS) and attempts to
G. Denial of Service Attack
add it to the cloud system [32].
This is a form of attack where the attacker
sends the victim a thousand request packets over
B. Man-In-The-Middle Cryptographic Attack the Internet. The attacker's primary objective is to
This type of attack is related to an attack that
exhaust all the victim's resources. An intruder can
involves an attacker in the center and accesses
flood a big amount of demands to waste
the information that is passed between two sides.
computational energy, time of execution, and
This attack is feasible because a Secure
cryptographic activities. This type of attack can
Socket Layer (SSL) lacks safety configuration.
affect cloud behavior and cloud services
To illustrate this situation if we have two parties
availability [7].
(sender and receiver) that they interact in the
cloud, and if there was an intruder currently
H. Phishing Attack
resides in the center. the intruder can access to
By phishing attack, the attacker manipulates
the transmitted information if the communication
the web link. As a result, a lawful user is
channel is not safe [7].
redirected to a false web page, and he believes
that the open web page is a secure page for
C. Authentication Attack entering credentials (user name and password).
Authentication is a major weakness that is
After that, the attacker will be able to access his
often targeted by an attacker in cloud computing
credentials [7].
services. Most services still use a simple
username and password type of knowledge-based
I. Metadata Spoofing Attack
authentication today, but some exception is
In this type of attack, the attacker wants to
financial institutions that use different forms of
access the Web Services Description Language
secondary authentication (such as site keys,
(WSDL) file and perform the file modification or
shared secret questions, etc.), which make it
deletion operation because the features and
harder for popular phishing attacks [32].
details of the service are stored in [7].
D. Attack on Virtualization
J. Port Scanning Attack
Two distinct kinds of attacks are conducted
Port scanning is used to distinguish system
the virtualization attack in the cloud; one is
parts that are closed, open, and filtered. In port
virtual machine (VM) escape, and the other is
scanning, intruders use open ports, such as
hypervisor rootkit. In a virtualization attack, VM
services, IP addresses, and MAC addresses,
control will be captured in the virtual
which are parts of a connection to capture
environment. The other attack involves a
information. TCP, UDP, (FIN, SYN, ACK) flag
backdoor attack, alteration of VMs, distribution
sets, and window scanning are the most common
of storage, and multi-tenancy [7].
port scanning attack. After scanning the port, the
actual attack is performed by attackers [7].
E. Side-Channel Attack
The effects of these attacks on different cloud
services are illustrated in Figure 3.
 9

Figure 3. Cloud services effected by each attack

V. SECURITY REQUIREMENTS AND E. Availability

It is essential to guarantee that network and
LIMITATIONS Internet service providers are constant and not
interrupted. The cloud server information should
A. Confidentiality be available to their customers. A Denial of
This is a concept that protects the information
Service (DoS) assaults, natural disasters, and
by safeguarding it secure from unauthorized
machinery failures at the end of each service
recipients and users. In most instances, the cloud
provider because there are major threats that can
may also contain delicate information that must
access to these services, so it will prevent some
be kept confidential without any risk disclosure.
online service from working properly [3].
The only way of keeping the information
confidential is by encrypting such information
F. Time Synchronization
with a secret key that is accessible to the location
Since power is a critical issue in the cloud, it
on its own [35].
is essential to synchronize time to save energy.
Data synchronization errors will result in data
B. Integrity inconsistency. Last but not least, tracking the
Even if, because of confidentiality, the
suitability of data operations is more difficult for
attacker cannot steal the information, it can still
CSUs [37].
change, add new, or remove some certain
fragments before reaching its target. Data in the
cloud should be accurate, regular, and reliable. VI. DISCUSSION
Also, integrity ensures that the transmission of a The discussion of the results starts with the
message through media remains uncorrupted various security and integrity studies identified in
[35]. the literature featuring different case studies of
cloud computing. The findings of the current
C. Authentication study show twenty-one studies discussed the
This characteristic authenticates the sender security and integrity in cloud computing with
with the receiver to guarantee that each obtained advantages and drawbacks (if they found) for
data packet comes from the authenticated each study and technique used in each one. The
transmitter, and particularly important packages results of this paper are summarized in Table 3
that add to the decision-making scenario, such as and Figure 4. In this regard, Table 3 illustrates
the selection of clusters, and the shortest path new methods, which were used with the authors’
(trading of credentials) is necessary to guarantee studies, while Figure 4 shows the statistics of
authentication [36]. turnout for each method based on the researches
presented in the literature review section.
D. Freshness In Table 3, there are three novel methods (i.e.,
Cloud data must be new and not replaced. The extensible authentication protocol and challenge
packet must be accompanied by a time stamp handshake authentication protocol (EAP-CHAP),
choice or time counter to ensure its freshness. It variable key block cipher (VKC), and availability
must provide timely and accurate data on critical and integrity verification protocol (AIVP) in
cases, such as climate or earthquake [35]. different papers; these new methods can be used
in order to enhance security and integrity in cloud
computing. Figure 4 discusses the number of
 10 Abdul-Jabbar et al. / Journal of Southwest Jiaotong University / Vol. 55 No. 1 Feb. 2020

repetitions of the techniques used in all presented provide rapid development, dynamic resources,
researches. and economies of scale. Most of cloud computing
Through the potential explanations in this services fall into three broad categories: IaaS,
review, six studies discussed the Rivest–Shamir– PaaS, and serverless and SaaS. These services
Adleman (RSA) algorithm. This algorithm is help to reduce the operating costs and operate
characterized via increases in security capability your network more effectively and scale up as
by increasing the speed of data encryption. your business needs change.
Equally important, ten studies discussed the Our review paper discussed the security and
advanced encryption standard (AES) algorithm as integrity aspect of the cloud. For example, in
a technique. This technique provides security to sharing of critical data through the cloud
confidential data. environment, data leakage and data theft can be
Another important finding was the third party done. In this regard, we found that the biggest
auditor (TPA). Seven studies used this technique and most appalling concern about cloud
to prevent attackers from accessing data in an computing is confidentiality and security (safety).
easy way. Moreover, three studies focused on Thus, data security and data integrity are major
secure hash algorithm-2 (SHA-2). This algorithm issues that should be maintained. Moreover, this
is used for encryption, which contributes to the review paper provides a general view of the
complexity of the encryption process and reduces problems that can occur with multiple security
harmful attacks. Besides that, among the possible and integrity issues in a cloud computing system;
explanations for these findings, these techniques it also provides some solutions that are suggested
were used twice, such as pretty good privacy by researchers.
(PGP), digital signature, SSL, and CSP. The limitation of this research is various
Finally, other authors showed the use of studies that show how it has been difficult to
different algorithms and methods, such as SHA- study and consider the reliability and security of
1, hierarchical identity-based cryptography cloud computing in different ways. Therefore, it
(HIBC), simple object access protocol (SOAP) took a lot of time and energy to obtain this
message, PKG, Kerberos, hash message amount of data, comprehend the topic correctly,
authentication code (HMAC), ID-based and summarize it, as well as take most studies
cryptography (IBC), and Paillier homomorphic over the last ten years. Furthermore, future work
cryptography (PHC). These algorithms and involves adding more references (articles and
methods are also used to keep data confidential conferences) to investigate the other security
and encrypt it in complex ways. All the issues in the cloud computing world, as well as
mentioned studies were categorized in Figure 4. developing a security model by using some
authentication techniques in order to maintain
Table 3. data integrity and information dissimulation in
New proposed methods among the studies that have been the cloud environment.
presented
Technique name Authors
EAP-CHAP Marium et al. [12]
REFERENCES
VKC Raza et al. [22]
AIVP Pitchai et al. [28] [1] NEPAL, S., CHEN, S., YAO, J., and
THILAKANATHAN, D. (2011) DIaaS: Data
15 integrity as a service in the cloud. In:
10 Proceedings of the 2011 IEEE 4th
5
International Conference on Cloud
Computing, Washington, District of
0
Columbia, July 2011. Piscataway, New
Jersey: Institute of Electrical and Electronics
Engineers, pp. 308-315.
Figure 4. Percentage of turnout for each method [2] KAANICHE, N., BOUDGUIGA, A.,
and LAURENT, M. (2013) ID based
VII. CONCLUSION cryptography for cloud data storage. In:
In Cloud Computing Model, computer Proceedings of the 2013 IEEE 6th
services (such as servers, databases, storages, International Conference on Cloud
networking, analytics, intelligence, and software) Computing, Santa Clara, California, June-
over the cloud environment are required to July 2013. Piscataway, New Jersey: Institute
 11

of Electrical and Electronics Engineers, pp. 5931. Berlin, Heidelberg: Springer, pp. 167-
375-382. 177.
[3] MELL, P. and GRANCE, T. (2011) [12] MARIUM, S., NAZIR, Q., AHMED,
The NIST Definition of Cloud Computing. A., AHTHASHAM, S., and MIRZA, A.M.
Gaithersburg, Maryland: National Institute of (2012) Implementation of EAP with RSA for
Standards and Technology, U.S. Department enhancing the security of cloud computing.
of Commerce. International Journal of Basic and Applied
[4] REESE, G. (2009) Cloud Application Science, 1 (3), pp. 177-183.
Architectures: Building Applications and [13] HOJABRI, M. (2013) Innovation in
Infrastructure in the Cloud. Sebastopol, cloud computing: Implementation of
California: O'Reilly Media. Kerberos version 5 in cloud computing in
[5] BUYYA, R., YEO, C.S., order to enhance the security issues. In:
VENUGOPAL, S., BROBERG, J., and Proceedings of the 2013 International
BRANDIC, I. (2009) Cloud computing and Conference on Information Communication
emerging IT platforms: Vision, hype, and and Embedded Systems, Chennai, February
reality for delivering computing as the 5th 2013. Piscataway, New Jersey: Institute of
utility. Future Generation Computer Electrical and Electronics Engineers, pp.
Systems, 25 (6), pp. 599-616. 452-456.
[6] ABDELBAKI, N., RADWAN, T., [14] ARASU, S.E., GOWRI, B., and
and AZER, M.A. (2017) Cloud computing ANANTHI, S. (2013) Privacy-preserving
security: challenges and future trends. public auditing in cloud using HMAC
International Journal of Computer algorithm. International Journal of Recent
Applications in Technology, 55 (2), pp. 158- Technology and Engineering, 2 (1), pp. 149-
172. 152.
[7] KUMAR, P.R., RAJ, P.H., and [15] REWAGAD, P. and PAWAR, Y.
JELCIANA, P. (2018) Exploring data (2013) Use of Digital Signature with Diffie
security issues and solutions in cloud Hellman Key Exchange and AES Encryption
computing. Procedia Computer Science, 125, Algorithm to Enhance Data Security in
pp. 691-697. Cloud Computing. In: Proceedings of the
[8] CYRIL, B.R. and KUMAR, D.S. 2013 International Conference on
(2015) Cloud computing data security issues, Communication Systems and Network
challenges, architecture and methods - A Technologies, Gwalior, April 2013.
survey. International Research Journal of Piscataway, New Jersey: Institute of
Engineering and Technology, 2 (4), pp. 848- Electrical and Electronics Engineers, pp.
857. 437-439.
[9] VIEGA, J. (2009) Cloud computing [16] SHEREEK, B.M., MUDA, Z., and
and the common man. Computer, 1 (8), pp. YASIN, S. (2014) Improve Cloud
106-108. Computing Security Using RSA Encryption
[10] WANG, C., WANG, Q., REN, K., with Fermat's Little Theorem. IOSR Journal
and LOU, W. (2010) Privacy-preserving of Engineering, 4 (2), pp. 1-8.
public auditing for data storage security in [17] LENKA, S.R., and NAYAK, B.
cloud computing. In: 2010 Proceedings IEEE (2014) Enhancing data security in cloud
INFOCOM, San Diego, California, March computing using RSA encryption and MD5
2010. Piscataway, New Jersey: Institute of algorithm. International Journal of
Electrical and Electronics Engineers, pp. 1-9. Computer Science Trends and Technology, 2
[11] YAN, L., RONG, C., and ZHAO, G. (3), pp. 60-64.
(2009) Strengthen cloud computing security [18] SHIMBRE, N. and DESHPANDE, P.
with federal identity management using (2015) Enhancing distributed data storage
hierarchical identity-based cryptography. In: security for cloud computing using TPA and
JAATUN, M.G., ZHAO, G., and RONG, C. AES algorithm. In: Proceedings of the 2015
(eds.) Cloud Computing. CloudCom 2009. International Conference on Computing
Lecture Notes in Computer Science, Vol. Communication Control and Automation,
 12 Abdul-Jabbar et al. / Journal of Southwest Jiaotong University / Vol. 55 No. 1 Feb. 2020

Pune, February 2015. Piscataway, New [27] SAXENA, R. and DEY, S. (2019)
Jersey: Institute of Electrical and Electronics Data integrity verification: a novel approach
Engineers, pp. 35-39. for cloud computing. Sādhanā, 44 (3), 74.
[19] MORE, S. and CHAUDHARI, S. [28] PITCHAI, R., BABU, S., SUPRAJA,
(2016) Third party public auditing scheme P., and ANJANAYYA, S. (2019) Prediction
for cloud storage. Procedia Computer of availability and integrity of cloud data
Science, 79, pp. 69-76. using soft computing technique. Soft
[20] SINGH, S.K., MANJHI, P.K., and Computing, 23 (18), pp. 8555-8562.
TIWARI, R.K. (2016) Data Security Using [29] MAHMOOD, G.S., HUANG, D.J.,
RSA Algorithm in Cloud Computing. and JALEEL, B.A. (2019) Achieving an
International Journal of Advanced Research Effective, Confidentiality and Integrity of
in Computer and Communication Data in Cloud Computing. International
Engineering, 5 (8), pp. 11-16. Journal of Network Security, 21 (2), pp. 326-
[21] JOTHY, K.A., SIVAKUMAR, K., 332.
and DELSEY, M.J. (2017) Efficient Cloud [30] RAO, R.V. and SELVAMANI, K.
Computing with Secure Data Storage Using (2015) Data security challenges and its
AES and PGP Algorithm. International solutions in cloud computing. Procedia
Journal of Computer Science and Computer Science, 48, pp. 204-209.
Information Technologies, 8 (9), pp. 582- [31] BOTTA, A., DE DONATO, W.,
585. PERSICO, V., and PESCAPÉ, A. (2016)
[22] RIZVI, S.S., ULLAH, M.A., Integration of Cloud Computing and Internet
ABBAS, S., and NASEEM, S. (2017) of Things: A Survey. Future Generation
Enhancing Cloud Security Using VKC as a Computer Systems, 56, pp. 684-700.
Service. International Journal of Computer [32] CHOUHAN, P. and SINGH, R.
Science and Network Security, 17 (6), pp. (2016) Security attacks on cloud computing
185-190. with possible solution. International Journal
[23] AKHIL, K.M., KUMAR, M.P., and of Advanced Research in Computer Science
PUSHPA, B.R. (2017) Enhanced cloud data and Software Engineering, 6 (1), pp. 92-96.
security using AES algorithm. In: [33] SADIQUE, U.M. and JAMES, D.
Proceedings of the 2017 International (2016) A Novel Approach to Prevent Cache-
Conference on Intelligent Computing and Based Side-Channel Attack in the Cloud.
Control (I2C2), Coimbatore, June 2017. Procedia Technology, 25, pp. 232-239.
Piscataway, New Jersey: Institute of [34] CARLIN, A., HAMMOUDEH, M.,
Electrical and Electronics Engineers, pp. 1-5. and ALDABBAS, O. (2015) Defence for
[24] Prof. V. Sangeetha and D. distributed denial of service attacks in cloud
Jagadeeshwari, “Enhancing the Security of computing. Procedia Computer Science, 73,
the Cloud Computing With Triple Aes, Pgp pp. 490-497.
Over Ssl Algorithms,” Rev. Res., vol. 7, no. [35] RADY, M., ABDELKADER, T., and
12, pp. 1–9, 2018. ISMAIL, R. (2019) Integrity and
http://www.ijesrt.com/issues%20pdf%20file/Arc confidentiality in cloud outsourced data. Ain
hive-2018/February-208/10.pdf Shams Engineering Journal, 10 (2), pp. 275-
[25] PIUS, U.T., ONYEBUCHI, E.C., 285.
CHINASA, O.P., and ADOBA, E.F. (2018) [36] SINGH, A. and CHATTERJEE, K.
A Cloud-Based Data Security System Using (2017) Cloud security issues and challenges:
Advanced Encryption (AES) and Blowfish A survey. Journal of Network and Computer
Algorithms. Journal of Scientific and Applications, 79, pp. 88-115.
Engineering Research, 5 (6), pp. 59-66. [37] LIU, Y., SUN, Y.L., RYOO, J.,
[26] LI, A., TAN, S., and JIA, Y. (2019) A RIZVI, S., and VASILAKOS, A.V. (2015) A
method for achieving provable data integrity survey of security and privacy challenges in
in cloud computing. The Journal of cloud computing: solutions and future
Supercomputing, 75 (1), pp. 92-108. directions. Journal of Computing Science
and Engineering, 9 (3), pp. 119-133.
 13

调查。国际工程与技术研究杂志，2（4）
，第 848-857 页。
参考文: [9]
[1] NEPAL，S.，CHEN，S.，YAO，J. 和 VIEGA，J.（2009）云计算与普通人。计
THILAKANATHAN，D.（2011）DIaaS： 算机，1（8），第 106-108 页。
数据完整性作为云中的服务。在：2011年 [10] WANG，C.，WANG，Q.，REN，K.
电气工程师学会第4届国际云计算国际会 和
议论文集，华盛顿，哥伦比亚特区，2011 LOU，W.（2010）在云计算中为数据存储
年7月。新泽西州皮斯卡塔维：电气与电 安全性保留隐私的公共审计。在：2010年
子工程师协会，第 308-315 页。 会议记录，电气工程师学会INFOCOM，
[2] N. KAANICHE，A。BOUDGUIGA 和 加利福尼亚圣地亚哥，2010年3月。新泽
M. 西州皮斯卡塔维：电气与电子工程师协会
LAURENT（2013）基于鉴定的云数据存 ，第 1-9 页。
储加密技术。在：2013年电气工程师学会 [11] YAN L.，RONG，C. 和
第6届国际云计算国际会议论文集，加利 ZHAO，G.（2009）使用基于分层身份的
福尼亚州圣克拉拉，2013年6月至7月。新 加密技术，通过联邦身份管理来增强云计
泽西州皮斯卡塔维：电气与电子工程师协 算安全性。于：M.G.的JAATUN，G。的
会，第 375-382 页。 ZHAO 和 G.
[3] MELL，P. 和 RONG，C.（编辑）云计算。云通2009。
GRANCE，T.（2011）云计算的国家标准 计算机科学讲义，第1卷。5931。柏林，
技术研究所定义。马里兰州盖瑟斯堡：美 海德堡：施普林格，第 167-177 页。
国商务部国家标准与技术研究所。 [12]
[4] MARIUM，S.，NAZIR，Q.，AHMED，
REESE，G.（2009）云应用架构：在云中 A.，AHTHASHAM，S。和
构建应用和基础架构。加利福尼亚塞巴斯 MIRZA，A.M。（2012）通过RSA实施E
托波尔：奥赖利媒体。 AP，以增强云计算的安全性。国际基础与
[5] 应用科学杂志，1（3），第 177-183 页。
BUYYA，R.，YEO，CS，VENUGOPAL [13]
，S.，BROBERG，J。和 HOJABRI，M.（2013）云计算中的创新
BRANDIC，I。（2009）云计算和新兴的 ：在云计算中实施Kerberos版本5，以增强
它平台：作为第五实用程序交付计算的愿 安全性问题。于：2013年国际信息通信与
景，炒作和现实。下一代计算机系统，25 嵌入式系统国际会议论文集，金奈，2013
（6），第 599-616 页。 年2月。新泽西州皮斯卡塔维：电气与电
[6] N. ABDELBAKI，T。RADWAN 和 子工程师协会，第 452-456 页。
M.A. [14] S.E. ARASU，B。GOWRI 和 S.
AZER（2017）云计算安全性：挑战和未 ANANTHI（2013）使用HMAC算法在云
来趋势。国际计算机技术应用杂志，55（ 中保护隐私的公共审计。国际最新技术与
2），第 158-172 页。 工程杂志，2（1），第 149-152 页。
[7] KUMAR，P.R.，RAJ，P.H. 和 [15] REWAGAD，P. 和
JELCIANA，P.（2018）探索云计算中的 PAWAR，Y.（2013）将数字签名与迪菲·
数据安全性问题和解决方案。普罗迪亚计 赫尔曼密钥交换和AES加密算法结合使用
算机科学，125，第 691-697 页。 ，以增强云计算中的数据安全性。在：20
[8] CYRIL，B.R. 和 13年国际通信系统和网络技术国际会议论
KUMAR，D.S.（2015）云计算数据安全 文集，瓜廖尔，2013年4月。新泽西州皮
性问题，挑战，架构和方法-
 14 Abdul-Jabbar et al. / Journal of Southwest Jiaotong University / Vol. 55 No. 1 Feb. 2020

斯卡塔维：电气与电子工程师协会，第 [24]
437-439 页。 [25]
[16] SHEREEK，B.M.，MUDA，Z. 和 美国的PIUS，加拿大的ONYEBUCHI，加
YASIN，S.（2014）使用具有费马小定理 拿大的CHINASA 和
的RSA加密提高云计算安全性。IOSR工程 加拿大的ADOBA（2018）一种使用高级
杂志，4（2），第 1-8 页。 加密（AES）和河豚算法的基于云的数据
[17] LENKA，S.R. 和 安全系统。科学与工程研究杂志，5（6）
NAYAK，B.（2014）使用RSA加密和医 ，第 59-66 页。
学博士5算法增强云计算中的数据安全性 [26] LI，A.，TAN，S. 和
。国际计算机科学趋势与技术杂志，2（3 JIA，Y.（2019）一种在云计算中实现可
），第 60-64 页。 证明的数据完整性的方法。超级计算杂志
[18] SHIMBRE，N. 和 ，75（1），第 92-108 页。
DESHPANDE，P.（2015）使用TPA和AE [27] SAXENA，R。和
S算法增强云计算的分布式数据存储安全 DEY，S。（2019）数据完整性验证：一
性。在：2015年国际计算通信控制与自动 种用于云计算的新颖方法。萨达纳，44（
化国际会议论文集，浦那，2015年2月。 3），74。
新泽西州皮斯卡塔维：电气与电子工程师 [28]
PITCHAI，R.，BABU，S.，SUPRAJA，
协会，第 35-39 页。
P. 和
[19] MORE，S. 和
ANJANAYYA，S.（2019）使用软计算技
CHAUDHARI，S.（2016）云存储的第三
术预测云数据的可用性和完整性。软计算
方公共审计方案。普罗迪亚计算机科学，
，23（18），第 8555-8562 页。
79，第 69-76 页。
[29] G.S. MAHMOOD，D.J。HUANG 和
[20] S.K. SINGH，P.K。MANJHI 和 R.K.
B.A.
TIWARI。（2016）在云计算中使用RSA
JALEEL。（2019）在云计算中实现数据
算法的数据安全性。国际计算机和通信工 的有效，机密性和完整性。国际网络安全
程高级研究杂志，5（8），第 11-16 页。 杂志，21（2），第 326-332 页。
[21] JOTHY，K.A.，SIVAKUMAR，K. [30] RAO，R.V。和
和 SELVAMANI，K.（2015）云计算中的数
DELSEY，M.J.（2017）使用AES和PGP
据安全挑战及其解决方案。普罗迪亚计算
算法通过安全数据存储进行高效云计算。
机科学，48，第 204-209 页。
国际计算机科学与信息技术杂志，8（9）
[31] A. BOTTA，W。DE
，第 582-585 页。
DONATO，V。PERSICO 和
[22] S.S.
A.PESCAPÉ（2016）云计算和物联网的集
RIZVI，马萨诸塞州阿拉拉，S。ABBAS
成：一项调查。下一代计算机系统，56，
和 S.
第 684-700 页。
NASEEM（2017）使用VKC作为服务增强
[32] CHOUHAN，P. 和
云安全性。国际计算机科学与网络安全杂
SINGH，R.（2016）对云计算的安全攻击
志，17（6），第 185-190 页。
和可能的解决方案。国际计算机科学与软
[23] AKHIL，K.M.，KUMAR，M.P. 和
件工程高级研究杂志，6（1），第 92-96
PUSHPA，B.R.（2017）使用AES算法增
页。
强云数据安全性。于：2017年6月，哥印
[33] SADIQUE，美国 和
拜陀，2017年国际智能计算与控制国际会
JAMES，D.（2016）一种防止云中基于缓
议（一世2C2）会议录。新泽西州皮斯卡
存的侧通道攻击的新颖方法。普罗迪亚技
塔维，电气与电子工程师协会，第 1-5
术，25，第 232-239 页。
页。
 15

[34] A. CARLIN，M。HAMMOUDEH 和 挑战：一项调查。网络与计算机应用杂志

O. ，79，第 88-115 页。
ALDABBAS（2015）云计算中的分布式 [37] LIU
拒绝服务攻击防御。普罗迪亚计算机科学 Y，SUN，Y.L.，RYOO，J.，RIZVI，S.
，73，第 490-497 页。 和
[35] RADY，M.，ABDELKADER，T. 和 VASILAKOS，A.V.（2015）对云计算中
ISMAIL，R.（2019）云外包数据的完整 的安全性和隐私挑战的调查：解决方案和
性和机密性。艾因·夏姆斯工程杂志，10 未来方向。计算科学与工程学报，9（3）
（2），第 275-285 页。 ，第 119-133 页。
[36] SINGH，A. 和
CHATTERJEE，K.（2017）云安全问题和