With tremendous growth of cloud computing in IT industries, cloud security has become one of the major issues that garnered noticeable attention of researchers from industries as well as academia. Cloud computing technology is vulnerable to number of security threats and attacks. Security challenges are major barriers in the adaptation of cloud computing model. Security issues are related to virtualization, network and data including eavesdropping, masquerading, privacy, confidentiality, availability of resources, access control, and identity management. In cloud computing, data are stored on a remote server and accessed through public network. Many of the cryptographic based solutions such as encryption/decryption and digital signature for authentication have been developed. In this paper, we have identified and discussed number of security issues such as authentication, access control, data confidentiality, data integrity, identity management, legal and contractual issues, data breaches, data theft, and unavailability. Moreover, we have also discussed some possible solutions to the security issues and their feasibility and security analysis in real time cloud environment.

Cloud, Data, Security, Threats, Attacks, Mitigation

[1]. P. Mell, T. Grance, “NIST Definition of Cloud Computing”, 2011.
[2]. “Top Threats to cloud Computing”, Cloud Security Alliance (CSA), 2010.
[3]. Y. Ghanam, J. Ferreira, F. Maurer, “Emerging issues & challenges in Cloud- A hybrid approach”. Journal of software engineering and applications, vol. 5, no. 11, pp.923-937, 2012.
[4]. McAfee Labs Threats Reports, 2016.
[5]. L. Wei, H. Zhu, Z. Cao, X. Dong, W. Jia, Y. Chen, A.V. Vasilakos, “Security and privacy for storage and computation in cloud computing”, ACM International Journal of Information Science, vol. 258, pp.371–386, 2014.
[6]. S. Sajithabanu, E. G. P. Raj, “Data Storage Security in Cloud”. International Journal of Computer Science and Technology, vol. 2, no. 4, pp.37-44, 2011.
[7]. S. Ruj, A. Nayak, V. Stojmenovic, “DACC: Distributed Access Control in Clouds”. In the proceeding of International Joint Conference of IEEE TrustCom, pp.91-98, 2011.
[8]. C. Gentry, “A Fully Homomorphic Encryption Scheme”, 2009.
[9]. P. Paillier, “Public-key Cryptosystems based on Composite Degree Residuosity Classes”. In the proceeding of International Conference on Theory and Application of Cryptographic Techniques, Heidelberg: Springer-Verlag, pp.223–238, 1999.
[10]. R. Rivest, A. Shamir, L. Adleman, “A Method for Obtaining Digital Signatures and Public-key Cryptosystems”. Communications of the ACM, vol. 2, pp.120–12, 1978.
[11]. S. Halevi and V. Shoup, “Design and Implementation of a Homomorphic - Encryption Library”, Nov, 2012.
[12]. R.D. Dhungana, A. Mohammad, A. Sharma, I. Schoen, “Identity management framework for cloud networking infrastructure”. In the proceeding of IEEE International Conference on Innovations in Information Technology, South Africa, pp.13–17, 2013.
[13]. G. Wang, Q. Liu, J. Wu, “Hierarchical Attribute-Based Encryption for Fine-Grained Access Control in Cloud Storage Services”, In the proceeding of 17thACM conference on Computer and communications Security, USA, pp.735-737, 2010.
[14]. Z. Wan, J. Liu, R.H. Deng, “HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing”. IEEE Transaction Information Forensics Section, vol. 7, no. 2, pp.743–754, 2012.
[15]. Boneh, Dan, M. Franklin, “Identity-based encryption from the Weil pairing”, SIAM Journal on Computing”, vol. 32, no.3, pp.586-615, 2003.
[16]. Q. Liu, G. Wang, J. Wu, “Time-based proxy re-encryption scheme for secure data sharing in a cloud environment”, ACM International Journal Information Science, vol. 258, pp.355–370, 2014.
[17]. M. Rak, N. Suri, J. Luna, D. Petcu, V. Casola, U. Villano, “Security as a service using an SLA-based approach via SPEC”.In the proceeding of 5th IEEE International Conference on Cloud Computing Technology and Science, UK, pp.1-6, 2013.
[18]. M.L. Hale, R. Gamble, “Secagreement: advancing security risk calculations in cloud services”. In the proceeding of 8th IEEE World Congress on Services, pp.133-140, 2012.
[19]. “Best Practice for Mitigating Risks in Virtual Environments”, Cloud Security Alliance (CSA), April, 2015.
[20]. Z. Tari, “Security and privacy in cloud computing”. IEEE Cloud Computing, vol. 1, no. 1, pp.54–57, 2014.
[21]. A. Singh, K. Chatterjee, “Cloud security issues and challenges: a survey”. Elsevier Journal of Network and Computer Application, vol. 79, no. 1, pp.88-115, 2016.
[22]. K. K. Chauhan, A. Sanger, A. Verma, “Homomorphic Encryption for Data Security in Cloud Computing”, In the proceeding of 14th IEEE International conference on Information Technology, India, pp.206-209, 2015.
[23]. S. Subashini, V. Kavitha, “A Survey on Security issues in Service delivery models of Cloud Computing”, Elsevier Journal of Network and Computer Applications, vol. 34, pp.1-11, 2011.
[24]. N. Jain, P. Sharma, “A Security Key Management Model for Cloud Environment”, International Journal of Scientific Research in Computer Science and Engineering, vol.5, issue.1, pp.45-48, Feb-2017.
[25]. S. Kathuria, “A Survey on Security Provided by Multi-Cloud in Cloud Computing”, International Journal of Scientific Research in Network Security and Communication, vol.6, issue.1, pp.23-27, Feb-2018.
[26]. M.A. Khan, “A Survey of Security issues for Cloud Computing”, Elsevier Journal of Network and Computer Applications, vol. 71, pp. 11-29, 2016.