A Survey on Modern Cloud Computing Security over Smart City Networks: Threats, Vulnerabilities, Consequences, Countermeasures, and Challenges
Abstract
:1. Introduction
2. Privacy and Security Models of CC and Related Concepts
2.1. Related Work and Concepts
2.2. Taxonomy Diagram
3. CC Security: Concerns, Consequences, Challenges
3.1. CC Security
3.2. Attacks, Threats, Concerns, Consequences, and Challenges
3.3. Countermeasures against Security Threats and Attacks
3.4. CC Security Prospects in the Future Networks
3.5. Aggregate/Comprehensive CC Challenges
- Cloud Service Customers: These are the ambiguity in responsibilities, loss, and lack of trust, security and privacy, service unavailability, cloud service provider lock-in, misappropriation of the sensitive and intellectual data and property, loss of governing body, control, and software integrity
- Cloud Service Providers: Uncertainty in management, responsibility, and administration in shared cloud environments, inconsistency and conflict in security and data protection measures, jurisdictional conflicts, evolutionary risks, bad and worst process migration, integration, discontinuity in business, cloud service partner lock-in, supply chain vulnerability, software dependencies.
- Cloud Service Partners: These are ambiguities in responsibilities, monitoring, regulation, and misappropriation and forger ring of the intellectual property.
4. Security & Privacy Concerns in Cloud-Based Smart City Networks
4.1. Why Is Security & Privacy a Concern in CC-Based Smart City?
4.2. Consequences of Security and Privacy Concerns in Smart City Networks over CC
4.3. Attacks, Threats, and Vulnerabilities in CC-Based Smart City Network
4.4. Countermeasures for Security & Privacy Concerns
4.5. Tabular Analysis and Methodology Representations
5. Open Issues
6. Conclusions and Recommendations
Author Contributions
Funding
Conflicts of Interest
References
- Elmaghraby, A.S.; Losavio, M.M. Cyber security challenges in Smart Cities: Safety, security and privacy. J. Adv. Res. 2014, 5, 491–497. [Google Scholar] [CrossRef] [Green Version]
- Belanche-Gracia, D.; Casaló-Ariño, L.V.; Pérez-Rueda, A. Determinants of multi-service smartcard success for smart cities development: A study based on citizens’ privacy and security perceptions. Gov. Inf. Q. 2015, 32, 154–163. [Google Scholar] [CrossRef]
- Choudhary, A.; Bhadada, R. Emerging Threats in Cloud Computing. In Proceedings of the International Conference on Emerging Technology Trends in Electronics Communication and Networking, Surat, India, 7–8 February 2020; Springer: Berlin/Heidelberg, Germany, 2020. [Google Scholar]
- Ijaz, S.; Shah, M.A.; Khan, A.; Ahmed, M. Smart cities: A survey on security concerns. Int. J. Adv. Comput. Sci. Appl. 2016, 7, 612–625. [Google Scholar] [CrossRef]
- Van Zoonen, L. Privacy concerns in smart cities. Gov. Inf. Q. 2016, 33, 472–480. [Google Scholar] [CrossRef] [Green Version]
- Li, Y.; Dai, W.; Ming, Z.; Qiu, M. Privacy protection for preventing data over-collection in smart city. IEEE Trans. Comput. 2016, 65, 1339–1350. [Google Scholar] [CrossRef]
- Smirnova, T.; Polishchuk, L.; Smirnov, O.; Buravchenko, K.; Makevnin, A. Research of cloudy technologies as a services. Cybersecur. Educ. Sci. Tech. 2020, 3, 43–62. [Google Scholar] [CrossRef]
- Gretzel, U.; Sigala, M.; Xiang, Z.; Koo, C. Smart tourism: Foundations and developments. Electron. Mark. 2015, 25, 179–188. [Google Scholar] [CrossRef] [Green Version]
- Vattapparamban, E.; Vattapparamban, E.; Güvenç, I.; Yurekli, A.I.; Akkaya, K.; Uluağaç, S. Drones for smart cities: Issues in cybersecurity, privacy, and public safety. In Proceedings of the Wireless Communications and Mobile computing Conference (IWCMC), Paphos, Cyprus, 5–9 September 2016. [Google Scholar]
- Shepard, D.P.; Bhatti, J.A.; Humphreys, T.E.; Fansler, A.A. Evaluation of smart grid and civilian UAV vulnerability to GPS spoofing attacks. In Proceedings of the 25th International Technical Meeting of The Satellite Division of the Institute of Navigation (ION GNSS), Nashville, TN, USA, 17–21 September 2012; pp. 3591–3605. [Google Scholar]
- Liberatore, S. How Do You Catch a Drone? with an Even Bigger Drone and a Giant Net. Daily Mail. 2015. Available online: http://www.dailymail.co.uk/sciencetech/article-3356746 (accessed on 7 June 2021).
- Washburn, D.; Sindhu, U.; Balaouras, S.; Dines, R.A.; Hayes, N.; Nelson, L.E. Helping CIOs understand “smart city” initiatives. Growth 2009, 17, 1–17. [Google Scholar]
- Caragliu, A.; Del Bo, C.; Nijkamp, P.J.J. Smart cities in Europe. J. Urban Technol. 2011, 18, 65–82. [Google Scholar] [CrossRef]
- Tari, Z. Security and Privacy in Cloud Computing. IEEE Cloud Comput. 2014, 1, 54–57. [Google Scholar] [CrossRef]
- Edwards, L. Privacy, security and data protection in smart cities: A critical EU law perspective. Eur. Data Prot. L. Rev. 2016, 2, 28. [Google Scholar] [CrossRef]
- Fortino, G.; Russo, W.; Savaglio, C.; Shen, W.; Zhou, M. Agent-oriented cooperative smart objects: From IoT system design to implementation. IEEE Trans. Syst. Man, Cybern. Syst. 2017, 48, 1939–1956. [Google Scholar] [CrossRef]
- Ai, Y.; Peng, M.; Zhang, K. Edge computing technologies for Internet of Things: A primer. Digit. Commun. Netw. 2018, 4, 77–86. [Google Scholar] [CrossRef]
- Botta, A.; De Donato, W.; Persico, V.; Pescapé, A. Integration of cloud computing and internet of things: A survey. Future Gener. Comput. Syst. 2016, 56, 684–700. [Google Scholar] [CrossRef]
- Al-Fuqaha, A.; Guizani, M.; Mohammadi, M.; Aledhari, M.; Ayyash, M. Internet of things: A survey on enabling technologies, protocols, and applications. IEEE Commun. Surv. Tutor. 2015, 17, 2347–2376. [Google Scholar] [CrossRef]
- Gharaibeh, A.; Salahuddin, M.A.; Hussini, S.J.; Khreishah, A.; Khalil, I.; Guizani, M.; Al-Fuqaha, A. Smart cities: A survey on data management, security, and enabling technologies. IEEE Commun. Surv. Tutor. 2017, 19, 2456–2501. [Google Scholar] [CrossRef]
- Qureshi, K.N.; Bashir, F.; Abdullah, A.H. An energy and link aware next node selection protocol for body area networks. In Proceedings of the 2018 International Conference on Information Networking (ICOIN), Chiang Mai, Thailand, 10–12 January 2018. [Google Scholar]
- Perera, C.; Zaslavsky, A.; Christen, P.; Georgakopoulos, D. Sensing as a service model for smart cities supported by internet of things. Trans. Emerging Telecommun. Technol. 2014, 25, 81–93. [Google Scholar] [CrossRef] [Green Version]
- Qureshi, K.N.; Abdullah, A.H.; Ullah, G. Sensor based Vehicle Environment Perception Information System. In Proceedings of the 4 IEEE International Conference on Ubiquitous Intelligence and Computing/International Conference on Autonomic and Trusted Computing/International Conference on Scalable Computing and Communications and Its Associated Workshops, Bali, Indonesia, 9–12 December 2014. [Google Scholar]
- Zhang, T.; Yan, L.; Yang, Y.J.W.N. Trust evaluation method for clustered wireless sensor networks based on cloud model. Wirel. Netw. 2018, 24, 777–797. [Google Scholar] [CrossRef]
- Han, G.; Jiang, J.; Shu, L.; Niu, J.; Chao, H.C. Management and applications of trust in Wireless Sensor Networks: A survey. J. Comput. Syst. Sci. 2014, 80, 602–617. [Google Scholar] [CrossRef]
- Martínez-Ballesté, A.; Pérez-Martínez, P.A.; Solanas, A. The pursuit of citizens’ privacy: A privacy-aware smart city is possible. IEEE Commun. Mag. 2013, 51, 136–141. [Google Scholar] [CrossRef]
- Schumacher, M.; Fernandez-Buglioni, E.; Hybertson, D.; Buschmann, F.; Sommerlad, P. Security Patterns: Integrating Security and Systems Engineering; John Wiley & Sons: Hoboken, NJ, USA, 2013. [Google Scholar]
- Qureshi, K.N.; Bashir, F.; Abdullah, A.H. Provision of Security in Vehicular Ad hoc Networks through An Intelligent Secure Routing Scheme. In Proceedings of the 2017 International Conference on Frontiers of Information Technology (FIT), Islamabad, Pakistan, 18–20 December 2017. [Google Scholar]
- Fu, X.; Fortino, G.; Pace, P.; Aloi, G.; Li, W. Environment-fusion multipath routing protocol for wireless sensor networks. Inf. Fusion 2020, 53, 4–19. [Google Scholar] [CrossRef]
- Stergiou, C.; Psannis, K.E.; Kim, B.G.; Gupta, B. Secure integration of IoT and cloud computing. Future Gener. Comput. Syst. 2018, 78, 964–975. [Google Scholar] [CrossRef]
- Aliero, M.S.; Qureshi, K.N.; Pasha, M.F.; Ghani, I.; Yauri, R.A. Systematic Review Analysis on SQLIA Detection and Prevention Approaches. Wirel. Pers. Commun. 2020, 112, 2297–2333. [Google Scholar] [CrossRef]
- Pearson, S. Privacy, security and trust in cloud computing. In Privacy and Security for Cloud Computing; Springer: London, UK, 2013; pp. 3–42. [Google Scholar]
- Chakrabarty, S.; Engels, D.W. A secure IoT architecture for Smart Cities. In Proceedings of the 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, 9–12 January 2016. [Google Scholar]
- Khan, Z.; Pervez, Z.; Ghafoor, A. Towards cloud based smart cities data security and privacy management. In Proceedings of the 2014 IEEE/ACM 7th International Conference on Utility and Cloud Computing, London, UK, 8–11 December 2014. [Google Scholar]
- Arafati, M.; Dagher, G.G.; Fung, B.C.; Hung, P.C. D-mash: A framework for privacy-preserving data-as-a-service mashups. In Proceedings of the IEEE 7th International Conference on Cloud Computing (CLOUD), Anchorage, AK, USA, 27 June–2 July 2014. [Google Scholar]
- Xiao, Y.; Jia, Y.; Liu, C.; Cheng, X.; Yu, J.; Lv, W. Edge computing security: State of the art and challenges. Proc. IEEE 2019, 107, 1608–1631. [Google Scholar] [CrossRef]
- Tabrizchi, H.; Rafsanjani, M.K. A survey on security challenges in cloud computing: Issues, threats, and solutions. J. Supercomput. 2020, 76, 9493–9532. [Google Scholar] [CrossRef]
- Balani, Z.; Varol, H. Cloud Computing Security Challenges and Threats. In Proceedings of the 2020 8th International Symposium on Digital Forensics and Security (ISDFS), Belrut, Lebanon, 1–2 June 2020. [Google Scholar]
- Bratterud, A.; Happe, A.; Duncan, R.A.K. Enhancing cloud security and privacy: The Unikernel solution. In Proceedings of the Eighth International Conference on Cloud Computing, GRIDs, and Virtualization, Athens, Greece, 19–23 February 2017. [Google Scholar]
- Mo, J.; Hu, Z.; Chen, H.; Shen, W. An efficient and provably secure anonymous user authentication and key agreement for mobile cloud computing. Wirel. Commun. Mob. Comput. 2019, 2019. [Google Scholar] [CrossRef]
- Dorri, A.; Kanhere, S.S.; Jurdak, R.; Gauravaram, P. Blockchain for IoT security and privacy: The case study of a smart home. In Proceedings of the 2017 IEEE international conference on pervasive computing and communications workshops (PerCom workshops), Kona, HI, USA, 13–17 March 2017. [Google Scholar]
- Kaaniche, N.; Laurent, M. Data security and privacy preservation in cloud storage environments based on cryptographic mechanisms. Comput. Commun. 2017, 111, 120–141. [Google Scholar] [CrossRef]
- Hossain, M.S.; Muhammad, G. Emotion recognition using secure edge and cloud computing. Inf. Sci. 2019, 504, 589–601. [Google Scholar] [CrossRef]
- Verginadis, Y.; Michalas, A.; Gouvas, P.; Schiefer, G.; Hübsch, G.; Paraskakis, I. Paasword: A holistic data privacy and security by design framework for cloud services. J. Grid Comput. 2017, 15, 219–234. [Google Scholar] [CrossRef] [Green Version]
- Yu, Y.; Miyaji, A.; Au, M.H.; Susilo, W. Cloud Computing Security and Privacy: Standards and Regulations; Elsevier: Amsterdam, The Netherlands, 2017. [Google Scholar]
- Kolhar, M.; Abu-Alhaj, M.M.; El-atty, S.M.A. Cloud data auditing techniques with a focus on privacy and security. IEEE Secur. Priv. 2017, 15, 42–51. [Google Scholar] [CrossRef]
- Mollah, M.B.; Azad, M.A.K.; Vasilakos, A. Security and privacy challenges in mobile cloud computing: Survey and way ahead. J. Netw. Comput. Appl. 2017, 84, 38–54. [Google Scholar] [CrossRef]
- Li, Y.; Yu, Y.; Yang, B.; Min, G.; Wu, H. Privacy preserving cloud data auditing with efficient key update. Future Gener. Comput. Syst. 2018, 78, 789–798. [Google Scholar] [CrossRef]
- Shakeel, P.M.; Baskar, S.; Dhulipala, V.S.; Mishra, S.; Jaber, M.M. Maintaining security and privacy in health care system using learning based deep-Q-networks. J. Med. Syst. 2018, 42, 186. [Google Scholar] [CrossRef] [PubMed]
- Gong, Y.; Zhang, C.; Fang, Y.; Sun, J. Protecting location privacy for task allocation in ad hoc mobile cloud computing. IEEE Trans. Emerg. Top. Comput. 2015, 6, 110–121. [Google Scholar] [CrossRef]
- Elhoseny, M.; Abdelaziz, A.; Salama, A.S.; Riad, A.M.; Muhammad, K.; Sangaiah, A.K. A hybrid model of internet of things and cloud computing to manage big data in health services applications. Future Gener. Comput. Syst. 2018, 86, 1383–1394. [Google Scholar] [CrossRef]
- Xue, K.; Hong, J.; Ma, Y.; Wei, D.S.; Hong, P.; Yu, N. Fog-aided verifiable privacy preserving access control for latency-sensitive data sharing in vehicular cloud computing. IEEE Netw. 2018, 32, 7–13. [Google Scholar] [CrossRef]
- Tian, H.; Nan, F.; Chang, C.C.; Huang, Y.; Lu, J.; Du, Y. Privacy-preserving public auditing for secure data storage in fog-to-cloud computing. J. Netw. Comput. Appl. 2019, 127, 59–69. [Google Scholar] [CrossRef]
- Lo’ai, A.T.; Mehmood, R.; Benkhlifa, E.; Song, H. Mobile cloud computing model and big data analysis for healthcare applications. IEEE Access 2016, 4, 6171–6180. [Google Scholar]
- Hasson, F.; Keeney, S.; McKenna, H. Research guidelines for the Delphi survey technique. J. Adv. Nurs. 2000, 32, 1008–1015. [Google Scholar]
- Liu, L.S.; Shih, P.C.; Hayes, G.R. Barriers to the adoption and use of personal health record systems. In Proceedings of the 2011 iConference, Seattle, WA, USA, 8–11 February 2011; pp. 363–370. [Google Scholar]
- Bahga, A.; Madisetti, V.K. A cloud-based approach for interoperable electronic health records (EHRs). IEEE J. Biomed. Health Inf. 2013, 17, 894–906. [Google Scholar] [CrossRef]
- Hsieh, G.; Chen, R.-J. Design for a secure interoperable cloud-based Personal Health Record service. In Proceedings of the 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings, CloudCom 2012, Taipei, Taiwan, 3–6 December 2012. [Google Scholar]
- Ahmadi, M.; Aslani, N. Capabilities and advantages of cloud computing in the implementation of electronic health record. Acta Inform. Medica 2018, 26, 24. [Google Scholar] [CrossRef] [Green Version]
- Qiu, M.; Gai, K.; Thuraisingham, B.; Tao, L.; Zhao, H. Proactive user-centric secure data scheme using attribute-based semantic access controls for mobile clouds in financial industry. Future Gener. Comput. Syst. 2018, 80, 421–429. [Google Scholar] [CrossRef]
- Alshehri, S.; Radziszowski, S.P.; Raj, R.K. Secure access for healthcare data in the cloud using ciphertext-policy attribute-based encryption. In Proceedings of the IEEE 28th International Conference on Data Engineering, ICDE 2012, Arlington, VA, USA, 1–5 April 2012. [Google Scholar]
- Athena, J.; Sumathy, V.; Kumar, K. An identity attribute–based encryption using elliptic curve digital signature for patient health record maintenance. Int. J. Commun. Syst. 2018, 31, e3439. [Google Scholar] [CrossRef]
- Seol, K.; Kim, Y.G.; Lee, E.; Seo, Y.D.; Baik, D.K. Privacy-preserving attribute-based access control model for XML-based electronic health record system. IEEE Access 2018, 6, 9114–9128. [Google Scholar] [CrossRef]
- Lindsay, J.R. Demystifying the Quantum Threat: Infrastructure, Institutions, and Intelligence Advantage. Secur. Stud. 2020, 29, 335–361. [Google Scholar] [CrossRef]
- Qadri, Y.A.; Ali, R.; Musaddiq, A.; Al-Turjman, F.; Kim, D.W.; Kim, S.W. The limitations in the state-of-the-art counter-measures against the security threats in H-IoT. Cluster Comput. 2020, 23, 2047–2065. [Google Scholar] [CrossRef]
- Waheed, N.; He, X.; Ikram, M.; Usman, M.; Hashmi, S.S.; Usman, M. Security and privacy in IoT using machine learning and blockchain: Threats and countermeasures. Acm Comput. Surv. 2020, 53, 1–37. [Google Scholar] [CrossRef]
- Khan, N.; Al-Yasiri, A. Cloud security threats and techniques to strengthen cloud computing adoption framework. In Cyber Security and Threats: Concepts, Methodologies, Tools, and Applications; IGI Global: Hershey, PA, USA, 2018; pp. 268–285. [Google Scholar]
- Fu, K.; Kohno, T.; Lopresti, D.; Mynatt, E.; Nahrstedt, K.; Patel, S.; Richardson, D.; Zorn, B. Safety, security, and privacy threats posed by accelerating trends in the Internet of Things. arXiv 2020, arXiv:2008.00017. [Google Scholar]
- Chen, M.; Zhang, Y.; Hu, L.; Taleb, T.; Sheng, Z. Cloud-based wireless network: Virtualized, reconfigurable, smart wireless network to enable 5G technologies. Mob. Netw. Appl. 2015, 20, 704–712. [Google Scholar] [CrossRef]
- Pérez-Martínez, P.A.; Solanas, A. W3-privacy: The three dimensions of user privacy in LBS. In Proceedings of the 12th ACM Int’l. Symp. Mobile Ad Hoc Networking and Computing, Paris, France, 16–19 May 2011. [Google Scholar]
- Mishra, A.; Gupta, N.; Gupta, B.B. Security Threats and Recent Countermeasures in Cloud Computing. In Modern Principles, Practices, and Algorithms for Cloud Security; IGI Global: Hershey, PA, USA, 2020; pp. 145–161. [Google Scholar]
- David, B.; Dowsley, R.; van de Graaf, J.; Marques, D.; Nascimento, A.C.; Pinto, A.C. Unconditionally Secure, Universally Composable Privacy Preserving Linear Algebra. IEEE Trans. Inf. Forensics Secur. 2016, 11, 59–73. [Google Scholar] [CrossRef]
- Chourabi, H.; Nam, T.; Walker, S.; Gil-Garcia, J.R.; Mellouli, S.; Nahon, K.; Pardo, T.A.; Scholl, H.J. Understanding smart cities: An integrative framework. In Proceedings of the 45th Hawaii International Conference on System Sciences, Maui, HI, USA, 4–7 January 2012. [Google Scholar]
- Smith, M.L. Viktor Mayer-Schönberger, Delete: The virtue of forgetting in the digital age. Identity Inf. Soc. 2009, 2, 369–373. [Google Scholar] [CrossRef] [Green Version]
- Djigal, H.; Jun, F.; Lu, J. Secure framework for future smart city. In Proceedings of the 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), New York, NY, USA, 26–28 June 2017. [Google Scholar]
- Sengupta, N. Designing cyber security system for smart cities. In Proceedings of the Smart Cities Symposium 2018, Zallaq, Bahrain, 22–23 April 2018. [Google Scholar]
- Gubbi, J.; Buyya, R.; Marusic, S.; Palaniswami, M. Internet of Things (IoT): A vision, architectural elements, and future directions. Future Gener. Comput. Syst. 2013, 29, 1645–1660. [Google Scholar] [CrossRef] [Green Version]
- Farzandipour, M.; Sadoughi, F.; Ahmadi, M.; Karimi, I. Security requirements and solutions in electronic health records: Lessons learned from a comparative study. J. Med. Syst. 2010, 34, 629–642. [Google Scholar] [CrossRef]
- Batty, M.; Axhausen, K.W.; Giannotti, F.; Pozdnoukhov, A.; Bazzani, A.; Wachowicz, M.; Ouzounis, G.; Portugali, Y. Smart cities of the future. Eur. Phys. J. Spec. Top. 2012, 214, 481–518. [Google Scholar] [CrossRef] [Green Version]
- Xiao, Z.; Xiao, Y. Security and privacy in cloud computing. IEEE Commun. Surv. Tutorials 2013, 15, 843–859. [Google Scholar] [CrossRef]
- Thoke, O. Cloud and Mobile Device Security: Challenges for 2016. Available online: Https://www.lifewire.com/cloud-mobile-device-security-challenges-3473908 (accessed on 17 May 2021).
- Kumar, J.S.; Patel, D.R. A survey on internet of things: Security and privacy issues. Int. J. Comput. Appl. 2014, 90, 20–26. [Google Scholar]
- Barth, S.; de Jong, M.D. The privacy paradox–Investigating discrepancies between expressed privacy concerns and actual online behavior–A systematic literature review. Telemat. Inform. 2017, 34, 1038–1058. [Google Scholar] [CrossRef]
- Khatoun, R.; Zeadally, S. Cybersecurity and privacy solutions in smart cities. IEEE Commun. Mag. 2017, 55, 51–59. [Google Scholar] [CrossRef]
- Moustaka, V.; Theodosiou, Z.; Vakali, A.; Kounoudes, A. Smart Cities at Risk!: Privacy and Security Borderlines from Social Networking in Cities. Athena 2018, 357, 25870072. [Google Scholar]
- Zaman, F.; Raza, B.; Malik, A.K.; Anjum, A. Self-Protection against Insider Threats in DBMS through Policies Implementation. Self 2017, 8, 3. [Google Scholar] [CrossRef] [Green Version]
- Cheon, J.H.; Kim, J. A hybrid scheme of public-key encryption and somewhat homomorphic encryption. IEEE Trans. Inf. Forensics Secur. 2015, 10, 1052–1063. [Google Scholar] [CrossRef]
- Zaman, A.; Obimbo, C.; Dara, R.A. Information Disclosure, Security, and Data Quality. In Proceedings of the International Conference on Industrial, Engineering and Other Applications of Applied Intelligent Systems, Montreal, QC, Canada, 25–28 June 2018. [Google Scholar]
- Schaffers, H.; Komninos, N.; Pallot, M.; Trousse, B.; Nilsson, M.; Oliveira, A. Smart cities and the future internet: Towards cooperation frameworks for open innovation. In The Future Internet Assembly; Springer: Berlin/Heidelberg, Germany, 2011; pp. 431–446. [Google Scholar]
- Spiekermann, S.; Cranor, L.F. Engineering privacy. IEEE Trans. Softw. Eng. 2009, 35, 67–82. [Google Scholar] [CrossRef]
- Chaudhary, R.; Jindal, A.; Aujla, G.S.; Kumar, N.; Das, A.K.; Saxena, N. LSCSH: Lattice-Based Secure Cryptosystem for Smart Healthcare in Smart Cities Environment. IEEE Commun. Mag. 2018, 56, 24–32. [Google Scholar] [CrossRef]
- Perera, C.; Ranjan, R.; Wang, L.; Khan, S.U.; Zomaya, A.Y. Big data privacy in the internet of things era. IT Prof. 2015, 17, 32–39. [Google Scholar] [CrossRef] [Green Version]
- Moreno, J.; Serrano, M.A.; Fernández-Medina, E. Main issues in big data security. Future Internet 2016, 8, 44. [Google Scholar] [CrossRef] [Green Version]
- Smutny, Z.; Vehovar, V. Social informatics research: Schools of thought, methodological basis, and thematic conceptualization. J. Assoc. Inf. Sci. Technol. 2020, 71, 529–539. [Google Scholar] [CrossRef]
Ref. | Data Storage Organization | Privacy | Data Owner | Portable | Type of Access | Techniques | Strengthens | Limitations | Confidentiality | Availability | Usability | Non-Repudiation | Integrity |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
[62] | EHR Cloud | Normal | Data Provider | Vary: Depends on organization | Vary | XML encryption and XML digital signature | Provides fully CIA and AAA | Limited Access Control | Yes | No | Yes | Yes | Yes |
[63] | Interoperable EHR Cloud | Normal | Vary | Yes | Read/Write/Edit | RBAC, AES-256, SSO, MAC, SSL | Scalability, Interoperability | Not flexible with Access Control | No | Yes | Yes | No | Yes |
[64] | PHR-based Cloud | Normal | Data Provider | Yes | Read/Write/Edit | ABAC, XML Security | An individual can control everywhere, provide integrity and confidentiality | Not implemented in real-time | Yes | Yes | Yes | Yes | Yes |
[65] | Hybrid Cloud | High | Third-Party | Yes | View | ABAC, CP-ABE, K-Anonymity | Anonymize data, Fine-grained Access Control | It focuses only on who accesses the data | No | Yes | Yes | No | No |
[66] | CC | Normal | User | Vary: Depends on the organization | Role-based Access Control | Attribute-based Encryption | Secure against chosen plain text attacks | Suitable for resource-limited mobile users in CC. | Yes | Yes | Yes | Yes | Yes |
[67] | CSP (Hospital/Owner) | High | User | Yes | Role-based Access Control | ECDH, Digital signature | Strong against Man-in-the-middle, provides authentication | CA involve, Key generation complexity | Yes | Yes | Yes | Yes | Yes |
[68] | Industrial Data Centric Cloud | High | Vary | Yes | Role-based Access Control | P2DS which contain four algorithms (SDAA, CDAA, A-SAC, and PDA) | User can access the data dynamically, provide higher level sustainability | Practically Implementation required | Yes | Yes | Yes | Yes | Yes |
[69] | Medium EHR Cloud | Medium | CSP | Read/Write/Edit | CP-ABE | Provides high performance over storage and time overhead | Does not provide Non-Repudiation | No | Yes | Yes | No | Yes | |
[70] | Ad hoc Cloud Control | High | user | yes | Role-based Access Control | ABAC (XACML), XML Security | Provides fully CIA and AAA | Complex Access | Yes | Yes | Yes | Yes | Yes |
S.No | Ref | Challenges | Description | Compromised | S.No | Ref | Challenges | Description | Compromised Attributes |
---|---|---|---|---|---|---|---|---|---|
1 | [23,31] | WS-Security | A significant specification which addresses the security for Web Services. | Integrity, Confidentiality | 21 | [23,33,70,73] | Physical security | The risk and basic fact that individuals or natural disasters may target the hardware components, regardless of the level of internal software and policy protection implemented. | Security, availability, non-repudiation |
2 | [67,73] | Phishing attack | The attacker’s risk is that the victim will be sent to a bogus Web page (either through spoofed emails or DNS assaults) where they will be asked to enter their login credentials. | Confidentiality | 22 | [8,15,34,73] | WLANs security | Due to risk of WLAN openness, several security vulnerabilities, such as network eavesdropping, identity theft, and message manipulation, have become more prevalent. | Usability, Non-repudiation |
3 | [69] | Wrapping attack | Risk of utilizing XML-based signature for authentication or integrity protection. | Integrity Authentication | 23 | [44,70,77] | Direct attacking method | It deciphers the cipher text immediately rather than attempting to crack the encryption key. | Confidentiality |
4 | [10,16,85] | Injection Attack | Injecting a malicious service implementation or virtual machine into the cloud system is the goal. | Availability | 24 | [51,57,82] | Replay attack | A replay attack is a type of an assault on the network where a lawful data transaction is replayed or delayed deliberately or fraudulently. | Integrity |
5 | [10] | IP Spoofing | Risk of utilizing another person’s authentication information, such as their user name and password, without permission. | Confidentiality | 25 | [31,73] | Man-in-the middle attack | It is a type of active eavesdropping in which the attacker establishes separate connections with the victims and passes communications back and forth between them. | Availability, Non-repudiation, Integrity |
6 | [44] | Tampering | Unauthorized tampering of permanent data or data transmission via a network. | Integrity | 26 | [34,42,53] | Reflection attack | It is a technique for breaking into a challenge response authentication system that use the same protocol in both ways. | Confidentiality, Non-repudiation |
7 | [37,42] | Repudiation | The possibility that a user may carry out an unlawful action in a system that lacks the capacity to track it down. | Audit ability | 27 | [91,92] | Interleaving attack | These attacks are alike man-in-the-middle attacks, except they can target protocols where all parties hold legitimate copies of each other’s public keys. | Integrity, Confidentiality, Non-repudiation |
8 | [41] | Information Disclosure | User of a cloud access and reads a file without permission from a co-tenants workflow. | Confidentiality | 28 | [16,61] | Timeliness attack | Danger of not having a deadline is that the protocol will not know when the step is finished, which might cause issues. | Usability, Availability |
9 | [73] | Denial of Service | An adversary gains control of a tenant’s VM and makes another’s web server unavailable. | Availability | 29 | [14,60,73] | Self-adaptive storage resource management | Sensitive data which is under constant monitoring is required to be kept optimized, and application of dynamic control for the big size data specially during transactions on connection oriented media, scheduling of the transfer of data, scheduling for distribution and prediction matrix for performance over remotely access storage services. | Integrity, Confidentiality |
10 | [70] | Elevation of Privilege | An attacker bypasses all system protections in order to get access to the trusted system. | Confidentiality | 30 | [3,10,62] | Client monitoring and security | The storage service must be aware of the various client types and their access privileges. | Security, Availability, Non-repudiation |
11 | [75] | Lack of trust | Customers are becoming more discerning as the number of Cloud service providers grows. Finding it difficult to choose the finest and most suited suppliers from a numerous options. | Confidentiality | 31 | [25,70,73,83] | Completeness | To the fact that a data service provider must supply a user with all the entitled or authorized information to give access based on the allotted authorizations. | Availability, Usability, Non-repudiation |
12 | [42,62] | Weak Service Level Agreements (SLAs) | Vendor lock-in, weak security measures, data unavailability, hidden expenses, and nontransparent infrastructure may cause difficulties for consumers. | Availability, Confidentiality, Non-repudiation | 32 | [70] | Roll back attack | Data owner when updates the information to the new version then the malevolent service provider continues the supply of previous version to the user. | Availability, Usability |
13 | [42] | Perceived Lack of Reliability | Risk of not having clear information about whether availability is for a single server where a customer’s virtual instance sits or for all servers located in data centers across the world. | Availability | 33 | [80,85] | Fairness | In order to acquire specific benefits throughout the data transmission operation, a malicious party may refuse to respond after obtaining evidence from another peer. | Confidentiality, Non-repudiation |
14 | [49] | Auditing | It is the process of analyzing and scrutinizing authorization and authentication records to see if they meet preset security standards and rules [50]. | Security, Confidentiality | 34 | [56,64,72] | Data Loss or Leakage | A provider may keep additional copies of the data in an unethical manner in order to sell it to interested third parties. | Availability, Non-repudiation |
15 | [41,42] | Back-Door | It is a method of gaining access to a network by circumventing the network’s control systems and entering through a "back door", such as a modem. | Usability | 35 | [50,52,64] | Computer Network Attack (CAN) | It is defined as Information disruption, denial, degradation, or destruction operations are described as activities that disrupt, deny, degrade, or destroy information. Computers and computer networks, as well as the computers and networks themselves, have residents. | Integrity, Confidentiality, Usability |
16 | [73] | TCP Hijacking | The attacker computer replaces the trusted client’s IP address with its own, and the server continues the conversation as if it were with the trustworthy client. | Confidentiality, Integrity | 36 | [61,73,77] | Denial of service attack | The system’s availability is destroyed. | Availability, Non-repudiation |
17 | [77,90] | Social Engineering | In this attack, social skills are used to acquire information, such as login credentials, like PIN numbers, which are to be used against the information systems. | Confidentiality | 37 | [35,36] | Data Security | Each enterprise’s sensitive data remains within the enterprise’s perimeter, subject to its physical, logical, and human security and access control regulations. | Security, Availability, Non-repudiation |
18 | [84,85] | Dumpster Diving | The act of obtaining information that has been abandoned by a person or organization. | Availability | 38 | [10,14] | Network Security | To avoid the loss of critical information, all data flow over the network must be protected and breach of information to be deprived. | Integrity, Usability, Security |
19 | [33,70,84] | Password Guessing | It is the most prevalent method of user authentication. Getting passwords is a popular and efficient attack strategy. | Confidentiality | 39 | [63,70] | Data locality | The possibility that the consumer is unaware of where his or her data is being stored. | Reliability, Usability |
20 | [55,78] | Trojan Horses and Malware | They conceal harmful code within a host software that appears to be beneficial. | Usability, Availability | 40 | [52,74] | Data integrity | Transactions across numerous data sources must be handled appropriately and in a fail safe manner in a distributed system to guarantee data integrity. | Integrity |
Paper Reference | Technology | Security/Privacy Concerns | Recommendations /Comments |
---|---|---|---|
[1,2] | Radio frequency Identification (RFID) | Data from multiple RFID readers can be correlated to reveal the movement and social interactions of individuals. | Physical mechanisms can disable the RFID when not in use and cryptographic mechanisms can reduce privacy leakage and security breach risks when RFID is in use. |
[5,6] | Intelligent Transport System (ITS) | The issue in this system is that an attacker can keep the vehicle track record. | Solution proposed is to change pseudonyms frequently for protecting location privacy. |
[2] | Smart Card (SC) | This gradual development in SC technology has raised the threat of privacy leakage. | With the advancements in ICT, smart cards are also coming in newer and more advance versions as contact less SC. |
[8] | Smart Tourism (ST) | The location-based services make the consumers vulnerable to privacy threats. | Information governance and privacy are the suggested major areas of research. |
[9,10,11] | Drone Technology (DT) | Drones are not only prone to cyber-attacks but also they can be used to launch cyber-attacks. Their falling costs are making their use possible in malicious attempts. | Research is needed in order to not only make drones secure against security and privacy attacks but also they must not be able to be used in malicious intentions. |
[6] | Smart Phones (SP) | Data over-collection in smart phones makes them vulnerable to privacy attacks. | A mobile cloud framework is presented to solve data over-collection problem. |
[14,15] | Cloud Technology (CT) | The integration of big data with cloud storage is a threat to privacy due to the involvement of a third party. Data accountability is the problem in cloud services. | It is a challenge to share the responsibility of data sharing with the government. |
Reference Number | Model/Method/Framework | Main Function/Purpose | Details |
---|---|---|---|
[22] | Sensing as a Service | Smart city and Internet of things are from different origin but sensors make them move into each other. | In this model, sensor data privacy is preserved if sensor owner defines restrictions to access. |
[26] | 5D model for privacy in smart cities | The proposed model has the quality of preserving privacy in the 5 dimensions; identity, query, footprint, owner, location. | This model is based on the proper handling of coexistent domains and secures transportation of information. |
[5] | 2 × 2 framework | The four types of sensitivities that people have about their data are represented as a 2 × 2 framework. | This framework is used to hypothesize if the smart city technologies provide privacy concern among citizens of the smart city. |
[33] | Self-Protection Against Insider Attacks | Self-protection model of database management systems against insider’s attacks is provided. | The self-protection model proposed by authors enforces the implementation of policies for access control, encryption, and database auditing. |
[35] | Stake-holder model | The authors presented a framework based on the stakeholder model for providing secure and privacy aware services in smart cities. | Smart city is essentially comprised of citizens from different cadres and having different point of views. This model brings forth the necessity of dealing the aspects of data security and privacy from the point of view of different stakeholders. |
[36] | A framework for privacy preserving D-Mash | To fulfill the request of a consumer, mashing the data from different sources is carried out. This involves the risk of revealing sensitive information of users. | The proposed DaaS mash up framework is an effective solution to data privacy concerns. |
[38] | Linear algebra to preserve privacy | Privacy preserving of distributed data. | The proposed protocols are computationally efficient. Privacy invasion is protected. |
[39,40] | A three-layer model of user privacy concerns | Guidelines have been developed for the construction of privacy-friendly systems. | Two approaches are distinguished: privacy by policy and privacy by architecture. |
[41] | Anonymized transaction techniques | Raw data can be a cause of identity theft and information leakage. The anonymization of raw data is necessary. | Adaptive Differential Privacy algorithm has been proposed for sharing sanitized data instead of raw data. |
[43] | Lattice-Based Secure Cryptosystem for smart healthcare | This privacy preserving technique is designed for constrained nodes of smart cities. | This scheme works more efficiently as compared to other schemes presently in use. Although the scheme is introduced for smart healthcare I smart cities, it can be practically implemented in other infrastructures of smart cities. |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Tahirkheli, A.I.; Shiraz, M.; Hayat, B.; Idrees, M.; Sajid, A.; Ullah, R.; Ayub, N.; Kim, K.-I. A Survey on Modern Cloud Computing Security over Smart City Networks: Threats, Vulnerabilities, Consequences, Countermeasures, and Challenges. Electronics 2021, 10, 1811. https://doi.org/10.3390/electronics10151811
Tahirkheli AI, Shiraz M, Hayat B, Idrees M, Sajid A, Ullah R, Ayub N, Kim K-I. A Survey on Modern Cloud Computing Security over Smart City Networks: Threats, Vulnerabilities, Consequences, Countermeasures, and Challenges. Electronics. 2021; 10(15):1811. https://doi.org/10.3390/electronics10151811
Chicago/Turabian StyleTahirkheli, Abeer Iftikhar, Muhammad Shiraz, Bashir Hayat, Muhammad Idrees, Ahthasham Sajid, Rahat Ullah, Nasir Ayub, and Ki-Il Kim. 2021. "A Survey on Modern Cloud Computing Security over Smart City Networks: Threats, Vulnerabilities, Consequences, Countermeasures, and Challenges" Electronics 10, no. 15: 1811. https://doi.org/10.3390/electronics10151811
APA StyleTahirkheli, A. I., Shiraz, M., Hayat, B., Idrees, M., Sajid, A., Ullah, R., Ayub, N., & Kim, K. -I. (2021). A Survey on Modern Cloud Computing Security over Smart City Networks: Threats, Vulnerabilities, Consequences, Countermeasures, and Challenges. Electronics, 10(15), 1811. https://doi.org/10.3390/electronics10151811