Article Preview
TopIntroduction
Cloud computing has started an emerging trend for efficient and economical delivery of various resources to the user over the internet on demand. It has introduced a new business which attracts more customers to use public cloud for their online data storage and sharing with other users, organizations. User’s needs to pay amount only for the resources utilized by them, which reduces their initial setup and IT infrastructure cost. Apart from business, individual can also utilize cloud services to store their huge amount of data at third party, situated at remote location and access it at anytime and anywhere which relieves the user from its data maintenance and management. Cloud provides huge storage (Amazon S3, 2015, Quick, 2014, Zip Cloud, 2013) to store large data of various individuals and organizations. However, this stored data is obstructed by various security issues, which requires high concern before migrating towards cloud. These security issues are as: - data access control, confidentiality, integrity and security from data leakage. Once data owner (DO) store its sensitive or private data over the cloud system, then it is Cloud Service Provider’s (CSP) responsibility to control and keep it secure from any mishandling and malicious activity performed by any intruder.
Unfortunately, CSP is not a trusted party. It also stores the data at numerous locations; the data may comprise of the user’s private data for its own benefit and brings new vulnerabilities or new economic loss to DO.
This raises a security consideration while outsourcing the data at cloud. CSP may use customer’s private data either alone or with the help of other server or malicious attackers. Some major example for data breach in cloud are Apple’s data leakage in which 1,00,000 iPad’s user’s email address were leaked publicly (Thomas, 2013) and other one is announcement by Microsoft that an unauthorized user downloaded data from Business Productivity online suite (Deltcheva, 2013). Thus, maintaining a trust among different parties in cloud environment is become a necessity for efficient data handling and attract mass users towards the usage of cloud computing. This trust evaluation is either based on either direct trust method (Buzzanca, 2017), in which direct communication among entities, or recommendation-based trust (Bhattasali, 2018; chen, 2018), where no direct interaction among entities.
Many researchers had presented their work (AbdElminaam, 2018; Yachana, 2018)) to secure the outsourced data from any unauthorized user access and any malicious activity. A simplest way to achieve security or integrity is to encrypt your data with cryptographic technique and distribute its corresponding key to authorized user only. Another way to secure data from any unauthorized user access is to attach the signature of the file with itself; user can verify its integrity by the information provided to him at the time of recipient. However, distributing the correct key to only authorized user and protect it from any leakage is also another security issue. Various security approaches (Wan, 2012; Yu, 2010; Hota, 2011; Shamir 1979; Tang 2012) have been proposed to achieve file access control and its deletion to protect it from any unauthorized access in cloud system. But unfortunately, all these proposed works did not address the security issues occur during the file deletion, while data owner request to revoke any user from further file access. Apart from these, cloud service provider is not trustworthy party to store any secret or confidential data. CSP store its data at multiple storages to have a backup and can disclose user’s secret data to any unauthorized user. In addition to this, CSP can use the owner secret data for its own benefit and can cause huge economical loss to DO. All the previous proposed work (Wan,2012; Yu, 2010; Hota, 2011; Shamir 1979; Tang 2012) mainly focus on the file deletion upon user revocation but did not concern about fine- grained access control.