Proceedings of the International Conference on Smart Electronics and Communication (ICOSEC 2020)

IEEE Xplore Part Number: CFP20V90-ART; ISBN: 978-1-7281-5461-9

Recent Trends on Security Issues in Multi-Cloud

Computing: A Survey

Kushala M V1 , Dr. B S Shylaja 2

1 2
Research Scholar, Dept. of ISE, Professor, Dept. of ISE,
Dr.Ambedkar Institute of Technology, Dr.Ambedkar Institute of Technology,
Bangalore, India. Bangalore, Karnataka, India.
[email protected] [email protected]

Abstract :- Cloud computing (CC) is no doubt the most popular examples of co mpanies that use cloud computing are
and sprightly emerging technology in the field of computation. Amazon Web Serv ices, Google Cloud, iCloud, Microsoft
The reasons for its popularity is known to be its cost- Azure, IBM SmartCloud etc.
effectiveness, ease of troubleshooting problems and variable
server capacity. Despite these advantages, the shift from local More than 80% of co mpanies are predicted to
computing to CC has given rise to many security challenges migrate to the cloud, hosting and co-location services by
and a threat to the customers as well as service providers. In 2025. The recent survey indicates 84% of co mpanies run on
this paper, the basic features of CC, Multi-Cloud
a multi-cloud strategy. Riccardo Di Pietro et. A l. [25]
Computing(MCC), multi-Cloud security issues and their
ARIANNA is an Android application representing the
possible solutions are discussed.
software enabler wh ich allows extending the SSM E Cloud
Keywords: Cloud computing, Multi-Cloud Computing, Security Service.
threat, server capacity, computer architecture.

A. Multi-Cloud Computing
I. INTRODUCTION

Cloud computing is a recent technology, it delivers Multi-cloud computing is all about using multiple

cloud service through the internet. These services include cloud services from mu ltip le cloud service provider (CSP).

applications like storage, software, hardware and Multi-cloud computing is deployable on a private cloud

networking. Multi-cloud computing is a cloud service environment, public cloud environ ment (or) a co mbination

approach made up o f mo re than one cloud service of the private and public c loud environ ment. The

providers(CSP). When a user needs to host a website, first organizations will be accessing the cloud service fro m

thing that is required was to buy a stack of expensive mu ltip le CSP's to distributed computing resource, in turn,

servers. The next issue is after hosting the website this minimizes the risk of service unavailability problem and

monitoring and maintain ing the servers for variable data data loss. The majo r challenges of mu lti-cloud computing

traffic. Since the data traffic was variable, the co mplete are i. Data Governance and Co mpliance, ii. Mu ltip le

server space was utilized only during the peak time and the Vendors and Skill Sets, iii. Security Issues and iv.

rest of the time remained idle. A ll these issues led to a Co mpliance Standards. Fig 1 shows a conceptual diagram of

number of unfavourable situations. This is where CC co mes a multi-cloud deployable for an organization.

handy.

CC is storing, processing and managing

applications and data with the use of remote servers instead
of a local server or personal co mputers. So me o f the

978-1-7281-5461-9/20/$31.00 ©2020 IEEE 777

Authorized licensed use limited to: Consortium - Saudi Arabia SDL. Downloaded on January 19,2021 at 20:41:55 UTC from IEEE Xplore. Restrictions apply.
 Proceedings of the International Conference on Smart Electronics and Communication (ICOSEC 2020)
IEEE Xplore Part Number: CFP20V90-ART; ISBN: 978-1-7281-5461-9

Shyam Ku mar P et. al [1], Sengupta et. al. [2] and Subashini
et. al. [3], in their work, studied the security issues related to
remote data storage, loss of control over the data, data
locality. The better security solutions were prescribed by
Sood SK et. al., [4], Tang Y et. al [5] and Wei L et. al [6] in
their work which suggested for the use of better security
scheme, "File assured deletion (FADE) scheme" for data
security. They also recommended seeing cloud protocol for
secure storage.

2.Cryptography: It is a mechanism wh ich is used to secure

the data and informat ion in the cloud. It is somewhat an
Fig: 1 Organization cloud service from multiple CSP's.
upright idea to secure the cloud data. This mechanism
converts the plain text data into a different form known as
II.CLOUD SECURITY cipher text. The whole idea is based on the fact that it is
impossible to find out plain text data fro m the cipher text
It is a known fact that cloud co mputing can rep lace
unless and until proper encryption key is used. Since the
traditional co mputing methods but the question is the cloud
whole security of the data depends on the encryption key
secure? For instance, Linkedin in 2012 experienced a cyber-
used, the use of a weak and bad algorithm to generate the
attack where made on millions of end-users and their
key may attract hackers. There are encryption standards
password. The SONY experienced the most severe cyber
such as AES (Advanced Encryption Standard) and MAC
attack in the history wherein their highly confidential data
(Message Authentication Code) wh ich protect the integrity
like upco ming movie projects, financials etc were made
of the data. A ES uses 128-b it encryption key to protect 128-
public by the hackers. iCloud which is a service fro m apple
bit plain text data and to verify the sender’s identity digital
was hacked, wherein all the private photos and data were
made public by the hackers. All these scenarios show a signature is used.

breach in security that need to be addressed. This is where

Grobauer et. al [7], Yu H. et al. [8] in their work
cloud security plays a prominent role. Cloud security is the
studied the security issues related to insecure cryptography
use of the latest security techniques and technologies to
mechanis m, brute fo rce and d ictionary attack, poor key
protect the data, infrastructure and applications which are
treatment and wrong or faulty cryptography algorith m. The
associated with cloud computing.
solutions to cryptography related security issues which
included order-preserving encryption and cryptography in
2.1 Cloud Computing Security Issues
cloud computing were given by Boldyreva et. al [9] and
1.Data Storage: Since the customer is physically separated Jaber et. ‘al [10].
fro m h is data and does not have full control over it wh ile
3.Data sanitization: The process of recycling or removing
operating in the cloud, it will be very difficult to check the
the cloud data that is completely utilized or which is no
confidentiality and integrity of data. Also, it is very difficu lt
longer needed and has to be sent to the garbage so that the
to locate the actual location of the server where the data is
cloud space could be utilized effectively. Imp roper disposal
stored. This is because all the cloud computing resources
of these garbage data may result in loss of data to attackers
such as data storage, servers etc; will be controlled and
which may contain important results. Some of the security
managed by the vendor. Hence the loss of control over the
issues such as resource recycling, hard disk multi-tenant
data is the major issue regarding data storage.
usage, un-used data hard disk discarding and deficient

978-1-7281-5461-9/20/$31.00 ©2020 IEEE 778

Authorized licensed use limited to: Consortium - Saudi Arabia SDL. Downloaded on January 19,2021 at 20:41:55 UTC from IEEE Xplore. Restrictions apply.
 Proceedings of the International Conference on Smart Electronics and Communication (ICOSEC 2020)
IEEE Xplore Part Number: CFP20V90-ART; ISBN: 978-1-7281-5461-9

implementation of data devastation policies were studied by 7. Service Availability: In the recent development of mu lti-
Casale et. al [11]. Reardon J et al. [12] in their work have cloud computing, most of the mult i-national co mpanies
suggested the secure data deletion method. replace the old centralized server technology with recently
introduced mult i-cloud computing is a solution for high
4.Virtualization: The main intention behind using CC in the
availability of service. Fu ll access to multi-cloud service and
industry is due to the concept of virtualized CC. The concept
user data anytime anywhere is one of the main advantages of
of virtualization and mu lti-tenancy may be cost-effective but
mu lti-cloud computing. many of the core services with the
is not free fro m attackers and threats. There are many cases
public cloud and its underlying services are available across
where the attacker has performed together attack to access
the world. These features help to strengthen the availability
the data and services. The virtualized code may break or get
of user data and mu lti-cloud services and protects against
damaged due to the different type of v irus contained in the
downtimes. Mohammed. A et. al [17] describes the journey
virtualizat ion software that is used for virtualization
of cloud computing fro m single-cloud computing towards
services. The side-channel attacks ("data flowing between
mu lti-cloud to provide the high security of user data is very
sender to receiver without interfering") and covert channel
much necessary.
attacks ("data flowing between sender to the receiver")
happened in A mazon EC2 is d iscussed in by [13]. In the III. RELATED WORK
above cases the attacker gains access to the data or services
Marco Miglierina et. Al. [21] describes the concept of mu lti-
by injecting some bit of data in the data flow.
cloud applications in “Model based control for Multi-Cloud
5. Confidential Computing: In mult i-cloud computing, the Applications”. Th is model was able to prov ide continuous
cloud service provider needs to focus security in data service at a minimal cost. The imp rovements of resolution
storage on the network and the private data when it is in use. constraint optimizat ion problems cope with adopted
There will be sensitive data on the network, the private data technique had some issues in finding the optimal solution.
which needs more security policies while process ing the André Almeida and Francisco Dantas [22] introduced the
sensitive data which is in use. The end-user is unhappy to computational experiments comparing the branch and bound
leave their private sensitive on their company network and algorith m with other algorith ms that evaluate the branch and
user ask mu lti-cloud service provider to place more security bound algorithm is faster than the previous algorithms.
policies on sensitive data. The sensitive data moving on a Haider A li Khan Khattak et. al [23] have discussed the
network between mu ltip le clouds requires more security possibility in single and mu lti cloud computing and security
policies. The " Linu x Foundation" has created a committee to issues in healthcentre, it has been noticed in cloud service in
investigate and build solutions in this area called "The both single and mu lti-cloud co mputing in terms of security
confidential computing consortium". vulnerabilities. Saravanan and Rajeswari Sridhar [24]
describes the concept of “Software as a Service by
6.Authentication and Authorization: In mu lti-cloud
Interoperating in a Multi-Cloud Environ ment”, the security
computing access to the user data, admin istrator data,
challenges are optimized in mu lti-cloud in a private cloud
auditor data and system operations on user applications are
infrastructure. Brokers are used in private cloud
more co mplex. Authentication and authorization in a mu lti-
infrastructure as a solution for interoperation, wh ich deviates
cloud computing application will have no guarantee that
the security of multi-cloud and increases the cost of
cloud service provider P's policy will scale and work across
interoperation. Toolkit named Cloud Inter-operation Toolkit
cloud service provider Q's policy or cloud service provider
(CIT), these tools are used reduced the security challenges in
R's . The different applicat ion isis being able to apply mu lti-
interoperation without brokers interaction in a p rivate cloud
cloud security policies based on user applications. environment. Cloud Inter-operation Toolkit are unsuccessful
in giving some of the cloud services , the external clouds

978-1-7281-5461-9/20/$31.00 ©2020 IEEE 779

Authorized licensed use limited to: Consortium - Saudi Arabia SDL. Downloaded on January 19,2021 at 20:41:55 UTC from IEEE Xplore. Restrictions apply.
 Proceedings of the International Conference on Smart Electronics and Communication (ICOSEC 2020)
IEEE Xplore Part Number: CFP20V90-ART; ISBN: 978-1-7281-5461-9

give continues services were failed and minimizes the "Secure Storage as a Serv ice (SSaaS)" in M CC. Quantitative
options in the mult i-cloud inter-operation toolkit to provide performance analysis comparing some commercial Cloud
continues services in mu lti-cloud computing. Riccardo Di storage services such as Google Drive, Dropbox and
Pietro and Marco Scarpa [25], integrated data in MCC with OpenStack Swift, with the multi-cloud approach enabled by
Mobile cloud computing. ARIANNA -a software-based the ARIANNA application.
program instead of the software policies that allows the

T able 1 : Addressed security risk, security mechanism used and type of cloud.
Addressed Security Risk

Year Cloud Data Data Service Service/ Security Mechanism T ype of Cloud Cloud
Securi Integrit Intrusio Availabili Storage
Author ty y n ty Service
problem Single Multi

Ashish Singh et.Al [26] 2019 √ √ √ RSA √ √

Riccardo Di Pietro et.Al 2018 √ √ √ Cloud Inter-operative √ √

[25] T oolkit(CIT )

Saravanan I 2015 √ √ √ Byzantine Protocol √ √ √

et.Al [24]
Haider Ali Khan 2014 √ √ √ Optimization T echnique √ √
Khattak et.Al [23]
André Almeida et.Al 2013 √ √ √ Self-adaptive T echnique √ √
[22]
Mohammed A. AlZain 2011 √ √ √ √ DepSky(Byzantine + secret
et.Al [17] sharing + cryptography )

A. Bessani 2010 √ RAID-like T echnique + √ √

et.Al [16] introduced RACS

H. Abu-Libdeh et.Al 2010 √ √ ICstore (client centric distributed √ √

[15] protocols)

Marco Miglierina 2010 √ √ SPORC (fork) √

et.Al [21]
A.J. Feldman et.Al [20] 2009 √ √ √ HAIL (Proofs + cryptography) √ √
K.D. Bowers et.Al [19] 2009 √ √ √ T CCP √ √

Shakya [27] studied the robotic system with cloud securities applied on the cloud. In the o lder days , theoretical
computing and cloud based robotic architecture which uses scenarios were taken to study the cloud security on a single
both the centralized and decentralized cloud computing that cloud. The experimental work carried out on the simulated
manages machine to cloud and vice versa communication environment and study the security risk in single cloud
respectively. Abul Baskar [28] describes the Big-data computing. Recent developments are still improved and
analytics techniques are used to analyze the deeper values designed, implemented, deployed on the physical server.
hidden in the large set of data flow, its more pro minent in Cloud service providers are mainly focusing on cloud
various applications like industrial development, smart security issues in the multi-cloud environment are access
home to smart city development and security management. management, data security, infrastructure security,
microservices security, threat management, vulnerability
The survey of related work on co mputing security issues in management, secure SDLC, logging and auditing, incident
mu lti-cloud computing is compared in Table 1. The security response and compliance. The main aim o f this survey is to
mechanis m is applied on both single and multi-cloud study the service unavailability problems in mu lti-cloud
computing with metrics data integrity, data intrusion and

978-1-7281-5461-9/20/$31.00 ©2020 IEEE 780

Authorized licensed use limited to: Consortium - Saudi Arabia SDL. Downloaded on January 19,2021 at 20:41:55 UTC from IEEE Xplore. Restrictions apply.
 Proceedings of the International Conference on Smart Electronics and Communication (ICOSEC 2020)
IEEE Xplore Part Number: CFP20V90-ART; ISBN: 978-1-7281-5461-9

computing and how to overcome the service unavailability [16] A. Bessani, M. Correia, B. Quaresma, F. André and P. Sousa,
"DepSky: dependable and secure storage in a cloud-of-clouds",
issues in multi-cloud computing. EuroSys'11:Proc. 6thConf. on Computer systems, 2011, pp. 31-46.
[17] . Mohammed A. AlZain, Ben Soh and Eric Pardede, "MCDB: Using
Multi-Clouds to Ensure Security in Cloud Computing ", DOI:
10.1109/DASC.2011.133 · Source: DBLP.
CONCLUSION [18] N. Santos, K.P. Gummadi and R. Rodrigues, "Towards trusted cloud
computing", USENIX Association, 2009, pp. 3-3.
[19] K.D. Bowers, A. Juels and A. Oprea, "HAIL: A high-availability and
Cloud computing is rapidly emerg ing and widely integrity layer for cloud storage", CCS'09: Proc. 16th ACM Conf. on
Computer and communications security, 2009, pp. 187-198.
accepted computing technology because of its huge storage [20] A.J. Feldman, W.P. Zeller, M.J. Freedman and E.W. Felten, "SPORC:
Group collaboration using untrusted cloud resources", OSDI, October2010,
space available, quick and easy deployment, cost- pp. 1-14.
effectiveness and more importantly accessibility to the [21] Marco Miglierina, Giovanni P. Gibilisco, Danilo Ardagna and
Elisabetta Di Nitto Politecnico di Milano, Italy “ Model Based Control for
system anytime and anywhere. But when it co mes to privacy Multi-cloud Applications” 978-1-4673-6447-8/13/$31.00 c 2013 IEEE,
MiSE 2013, San Francisco, CA, USA.
and data security, there is always a concern of adopting [22] André Almeida, Francisco Dantas , Everton Cavalcante and Thais
Batista “ A Branch-and-Bound Algorithm for Autonomic Adaptation of
cloud computing. Attacks can happen with the use of weak Multi-Cloud Applications” , 2014 14th IEEE/ACM International
Symposium on Cluster, Cloud and Grid Computing.
cryptography key, improper disposal of used data, absence [23] Haider Ali Khan Khattak, Haider Abbass, Ayesha Naeem and Kashif
Saleem “ Security Concerns of Cloud-Based Healthcare Systems” 2015
of proper isolation at the virtualizat ion level. Further, the IEEE 17th International Conference.
[24] Saravanan I and Rajeswari Sridhar “ Software as a Service by
necessary solution to above-mentioned security issues has Interoperating in a Multi-Cloud Environment” 978-1-5386-5314-
2/18/$31.00 ©2018 IEEE.
been discussed at different levels. [25] Riccardo Di Pietro, Marco Scarpa and Antonio Puliafito “How much
enhancing Confidentiality and Integrity on data can affect Mobile Multi-
Cloud: The “ARIANNA” Experience”, 978-1-7281-0676-2/19/$31.00
REFERENCES ©2019 IEEE.
[26] Ashish Singh, Kakali Chatterjee. "Cloud security issues and
challenges: A survey", Journal of Network and Computer Applications,
[1] Syam Kumar P, Subramanian R. “ An efficient and secure protocol for 2017.
ensuring data storage security in Cloud Computing.” IJCSI International [27] Shakya, Subarna. "Survey on Cloud Based Robotics Architecture,
Journal of Computer Science Issues. 2011;8(6). Challenges and Applications." Journal of Ubiquitous Computing and
[2] Sengupta S, Kaulgud V, Sharma VS. “ Cloud computing security–trends Communication Technologies (UCCT) 2, no. 01 (2020): 10-18.
and research directions. InServices (SERVICES),” 2011 IEEE World [28] Bashar, A. (2019),”Intelligent Development Of Big Data Analytics For
Congress on 2011 Jul 4 (pp. 524-531). IEEE. Manufacturing Industry In Cloud Computing”,Journal of Ubiquitous
[3] Subashini S, Kavitha V. “ A survey on security issues in service delivery Computing and Communication Technologies (UCCT), 1(01), 13-22.
models of cloud computing. Journal of network and computer
applications”. 2011 Jan 31;34(1): pp. 1-11.
[4] Sood SK. “ A combined approach to ensure data security in cloud
computing”. Journal of Network and Computer Applications. 2012 Nov
30;35(6): pp. 1831-1838.
[5] Tang Y, Lee PP, Lui J, Perlman R. “ Secure overlay cloud storage with
access control and assured deletion. Dependable and Secure Computing”,
IEEE T ransactions on. 2012 Nov;9(6): pp. 903-916.
[6] Wei L, Zhu H, Cao Z, Dong X, Jia W, Chen Y, Vasilakos AV. “ Security
and privacy for storage and computation in cloud computing.Information
Sciences”. 2014 Feb 10;258:371-86.
[7] Grobauer B, Walloschek T, Stcker E. “Understanding cloud computing
vulnerabilities. Security & privacy”, IEEE. 2011 Mar;9(2): pp. 50-57.
[8] Yu H, Powell N, Stembridge D, Yuan X. “ Cloud computing and
security challenges”. InProceedings of the 50th Annual Southeast Regional
Conference 2012 Mar 29 (pp. 298-302). ACM.
[9] Boldyreva A, Chenette N, ONeill A. “Order-preserving encryption
revisited: Improved security analysis and alternative solutions”. In-
Advances in CryptologyCRYPTO 2011 2011 Jan 1 (pp. 578-595). Springer
Berlin Heidelberg.
[10] Jaber AN, Zolkipli B, Fadli M. "Use of cryptography in cloud
computing. InControl System, Computing and Engineering (ICCSCE),
2013 IEEE International Conference" on 2013 Nov 29 (pp. 179-184). IEEE.
[11] Casale, A.: “The Dangers of Recycling in the Cloud”. TheMakegood
(2013).
[12] Reardon J, Basin D, Capkun S. Sok: “ Secure data deletion. InSecurity
and Privacy (SP)”, 2013 IEEE Symposium on 2013 May 19 (pp. 301-315).
IEEE.
[13] Bugiel S, Nrnberger S, Pppelmann T, Sadeghi AR, Schneider T.
AmazonIA: “ when elasticity snaps back”. InProceedings of the 18 th ACM
conference on Computer and communications security 2011 Oct 17 (pp.
389-400). ACM.
[14] C. Cachin, R. Haas and M. Vukolic, "Dependable storage in the
Intercloud", Research Report RZ, 3783, 2010.
[15] H. Abu-Libdeh, L. Princehouse and H. Weatherspoon, "RACS: a case
for cloud storage diversity", SoCC'10:Proc. 1st ACM symposium on Cloud
computing, 2010, pp. 229-240.

978-1-7281-5461-9/20/$31.00 ©2020 IEEE 781

Authorized licensed use limited to: Consortium - Saudi Arabia SDL. Downloaded on January 19,2021 at 20:41:55 UTC from IEEE Xplore. Restrictions apply.