Advertisement

Multimedia Tools and Applications

, Volume 77, Issue 17, pp 21947–21965 | Cite as

Malicious insiders attack in IoT based Multi-Cloud e-Healthcare environment: A Systematic Literature Review

  • Afsheen Ahmed
  • Rabia Latif
  • Seemab Latif
  • Haider Abbas
  • Farrukh Aslam Khan
Article

Abstract

The emergence of Internet of Things (IoT) has introduced smart objects as the fundamental building blocks for developing a smart cyber-physical universal environment. The IoTs have innumerable daily life applications. The healthcare industry particularly has been benefited due to the provision of ubiquitous health monitoring, emergency response services, electronic medical billing, etc. Since IoT devices possess limited storage and processing power, therefore these intelligent objects are unable to efficiently provide the e-health facilities, or process and store enormous amount of collected data. IoTs are merged with Cloud Computing technology in Multi-Cloud form that basically helps cover the limitations of IoTs by offering a secure and on-demand shared pool of resources i.e., networks, servers, storage, applications, etc., to deliver effective and well-organized e-health amenities. Although the framework based on the integration of IoT and Multi-Cloud is contributing towards better patient care, yet on the contrary, it is challenging the privacy and reliability of the patients’ information. The purpose of this systematic literature review is to identify the top security threat and to evaluate the existing security techniques used to combat this attack and their applicability in IoT and Multi-Cloud based e-Healthcare environment.

Keywords

Internet of Things Cloud Computing Multi-Cloud Confidentiality Integrity E-Healthcare Malicious Insiders 

References

  1. 1.
    Abbas H, Latif R, Latif S, Masood A (2016) Performance evaluation of Enhanced Very Fast Decision Tree (EVFDT) mechanism for distributed denial-of-service attack detection in health care systems. Ann Telecommun 71(9):477–487CrossRefGoogle Scholar
  2. 2.
    Balasaraswathi VR, Manikandan S (2014) Enhanced security for multi-cloud storage using cryptographic data splitting with dynamic approach, in Proceedings of International Conference on Advanced Communication, Control and Computing Technologies (ICACCCT), pp. 1190–1194Google Scholar
  3. 3.
    Chouhan P, Singh R (2016) Security Attacks on Cloud Computing with Possible Solutions. International Journal of Advanced Research in Computer Science and Software Engineering 6(1):92–96Google Scholar
  4. 4.
    Claycomb WR, Nicoll A (2012) Insider Threats to Cloud Computing: Directions for New Research Challenges, In Proceedings of IEEE 36th Annual Computer Software and Applications Conference (COMPSAC), pp. 387–394Google Scholar
  5. 5.
    Duncan A, Creese S, Goldsmith M (2012) "Insider Attacks in Cloud Computing", In Proceedings of IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 857–862Google Scholar
  6. 6.
    Duncan A, Creese S, Goldsmith M, Quinton JS (2013) Cloud Computing: Insider Attacks on Virtual Machines During Migration, In Proceedings of 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 493–500Google Scholar
  7. 7.
    Eberleand W, Holder L (2009) Insider threat detection using graph-based approaches, In Proceedings of the Cybersecurity Applications and Technology Conference for Homeland Security, pp. 237–241Google Scholar
  8. 8.
    Eken H (2013) Security Threats and Solutions in Cloud Computing, In Proceedings of World Congress on Internet Security (WorldCIS-2013), 2013, pp. 139–143Google Scholar
  9. 9.
    Garkoti G, Pedojuu SK, Balasubramanian R (2014) Detection of Insider Attacks in Cloud based e-Healthcare Environment, In Proceedings of 2014 International Conference on Information Technology, pp. 192–200Google Scholar
  10. 10.
    Gelenbe E, Gorbil G, Tzocaras D, Liebergekd S, Garcia D, Baltatu M, Lyberopoulos G (2013) NEMESYS: Enhanced Network Security for Seamless Service Provisioning in the Smart Mobile Ecosystem, in Proceedings of Information Sciences and Systems, pp. 369–378Google Scholar
  11. 11.
    Grobauer B, Walloschek T, Stocker E (2011) Understanding Cloud Computing vulnerabilities. IEEE Secur Priv 9(2):50–57Google Scholar
  12. 12.
    Gunasekhar T, Rao KT, Reddy VK, Kiran PS, Rao BT (2015) Mitigation of Insider Attacks through Multi-Cloud. International Journal of Electrical and Computer Engineering (IJECE) 5:136–141Google Scholar
  13. 13.
    Hanley M (2011) Deriving candidate technical controls and indicators of insider attack from socio-technical models and data (CMU/SEI-2011-TN-003). Software Engineering Institute, Carnegie Mellon University. Available: http://www.sei.cmu.edu/library/abstracts/reports/11tn003.cfm. Accessed 15 Sept 2016
  14. 14.
    Hu Y et al (2016) Simultaneously aided diagnosis model for outpatient departments via healthcare big data analytics. Multimedia Tools Appl.  https://doi.org/10.1007/s11042-016-3719-1
  15. 15.
    IBM X-Force® Research: 2016 Cyber Security Intelligence Index (2016) Available: https://www-01.ibm.com/marketing/iwm/dre/signup?source=ibm-WW_Security_Services&S_PKG=ov47123&S_TACT=000000NJ&&S_OFF_CD=10000254. Accessed 15 Oct 2016
  16. 16.
    Inam ul Haq M (2013) The Major Security Challenges to Cloud Computing, Masters Thesis, University of BorasGoogle Scholar
  17. 17.
    Islam SR, Kwak D, Kabir MH, Hossain M, Kwak KS (2015) The Internet of Things for Health Care: A Comprehensive Survey. IEEE Access 3:678–708CrossRefGoogle Scholar
  18. 18.
    Kandias M, Vircilis N, Gritzalis D (2011) The Insider Threat in Cloud Computing. International Workshop on Information Security & Critical Infrastructure Security 2011:93–103Google Scholar
  19. 19.
    Kavyashree MU, Manjunath H (2014) A Framework to avoid Vulnerability Incidents in Cloud Computing. International Journal on Advanced Computer Theory and Engineering (IJACTE) 3:12–16Google Scholar
  20. 20.
    Kitchenham B, Brereton OP, Budgen D, Turner M, Bailey J, Linkman S (2009) Systematic Literature Reviews in Software Engineering –A systematic literature review. J Inf Softw Technol 51(1):7–15CrossRefGoogle Scholar
  21. 21.
    Latif R, Abbas H, Assar S (2014) Distributed denial of service (DDoS) attack in cloud-assisted wireless body area networks: a systematic literature review. J Med Syst 38(11):1–10Google Scholar
  22. 22.
    Latif R, Abbas H, Latif S, Masood A (2015) EVFDT: An Enhanced Very Fast Decision Tree Algorithm for Detecting Distributed Denial of Service Attack in Cloud-Assisted Wireless Body Area Network. Mob Inf Syst 2015:1–13Google Scholar
  23. 23.
    Latif R, Abbas H, Latif S, Masood A (2016) Distributed Denial of Service Attack Source Detection Using Efficient Traceback Technique (ETT) in Cloud-Assisted Healthcare Environment. J Med Syst 40(7)Google Scholar
  24. 24.
    Latif R, Abbas H, Latif S (2016) Distributed Denial of Service (DDoS) Attack Detection Using Data Mining Approach in Cloud-Assisted Wireless Body Area Networks. International Journal of Ad Hoc and Ubiquitous Computing 23(1):24–35CrossRefGoogle Scholar
  25. 25.
    Mahajan A, Sharma S (2015) The Malicious Insiders Threat in the Cloud. International Journal of Engineering Research and General Science 3(2):245–256Google Scholar
  26. 26.
    Mavoungou S, Kaddoum G, Taha M, Matar G (2016) Survey On Threats And Attacks On Mobile Networks. IEEE Access 4:4543–4572CrossRefGoogle Scholar
  27. 27.
    Min Y, Shin H, Bang Y (2012) Cloud Computing Security Issues and Access Control Solutions. Journal of Security Engineering 9(4):135–142Google Scholar
  28. 28.
    Muhil M, Krishna UH, Kumar RK, Maryanita EA (2015) Securing Multi-Cloud Using Secret Sharing Algorithm, In Proceedings of 2nd International Symposium On Big Data And Cloud Computing (ISBCC’15), pp. 421–426Google Scholar
  29. 29.
    Munir K, Palaniappan S (2013) Secure Cloud Architecture. Advanced Computing: An International Journal 4(1):9–22Google Scholar
  30. 30.
    Na W (2015) Internet of Things based on Cloud Computing Architecture, In Proceedings of 17th International Conference on Measuring Technology and Mechatronics Automation, pp. 585–587Google Scholar
  31. 31.
    Nguyen M, Chau N, Jung S, Jung S (2014) A Demonstration of Malicious Insider Attacks inside Cloud IaaS Vendor. International Journal of Information and Education Technology 4(6):483–486CrossRefGoogle Scholar
  32. 32.
    Noor TH, Sheng QZ, Alfazi A (2013) Detecting Occasional Reputation Attacks on Cloud Services, In Proceedings of International Conference on Web Engineering, pp. 416–423Google Scholar
  33. 33.
    Razaque A, Nadipalli SSV, Vommina S, Atukuri DK, Nayani D, Anne P, Vegi D, Mallapu VS (2016) Secure Data Sharing in Multi-clouds”, In proceddings of International Conference on Electrical, Electronics and Optimization Techniques(ICEEOT)Google Scholar
  34. 34.
    Rui J, Danpeng S (2015) Architecture Design of Internet of Things based on Cloud Computing. In Proceedings of 17th International Conference on Measuring Technology and Mechatronics Automation, pp. 206–209Google Scholar
  35. 35.
    Salman T (2015) On securing multi-clouds: survey on advances and current challenges. Draft published in Semantics Scolar. Available: https://www.semanticscholar.org/paper/On-Securing-Multi-Clouds-Survey-on-Advances-and-Cu-Salman/c04b71682dca2c24d34ab676ee381cb71d5b8ee3. Accessed 12 Sept 2016
  36. 36.
    Security 1:1 - Part 3 - Various Types Of Network Attacks | Symantec Connect (2017) Symantec.com. N.p., 2017. Web. 14Google Scholar
  37. 37.
    Sevak B (2012) Security Against Side Channel Attack in Cloud Computing. International Journal of Engineering and Advanced Technology (IJEAT) 2(2):183–186Google Scholar
  38. 38.
    Shamir's Secret Sharing (2017) En.wikipedia.org. N.p., 2017. Web. 14Google Scholar
  39. 39.
    Singh A, Shrivastav M (2012) Overview of Attacks in Cloud Computing. International Journal of Engineering and Innovative Technology 1(4):321–323Google Scholar
  40. 40.
    Singh S, Pandey B, Srivastava R, Rawat N, Rawat P (2014) Cloud Computing Attacks: A Discussion with Solutions. Open Journal of Mobile Computing and Cloud Computing 1(1):1–10Google Scholar
  41. 41.
    Singh A, Jain D, Chavan P, Jain S (2016) Multi Cloud Data Security. International Research Journal of Engineering and Technology (IRJET) 3(3):895–898Google Scholar
  42. 42.
    Subramanian K, John L (2016) Secure And Reliable Unstructured Data Sharing In Multi-Cloud Storage Using The Hybrid Crypto System. International Journal of Computer Science and Network Security 4(11):196–206Google Scholar
  43. 43.
    What Are Some Disadvantages Of Homomorphic Encryption Schemes? (2017) Crypto.stackexchange.com. N.p., 2017. Web. 14Google Scholar
  44. 44.
    Yusop Z, Abawajy J (2014) Analysis of Insiders Attack Mitigation Strategies. In Proceedings of Social and Behavioral Sciences 129:611–618CrossRefGoogle Scholar
  45. 45.
    Zhang Y, Juels A, Rieter M, Ristenpart T (2014) Cross-Tenant Side-Channel Attacks in PaaS Clouds, In Proceedings of 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 990–1003Google Scholar
  46. 46.
    Zhang Y, Qui CT, Hassan MM, Alamri A (2017) Health-CPS: Healthcare Cyber-Physical System Assisted by Cloud and Big Data. IEEE Syst J 11(1):88–95CrossRefGoogle Scholar
  47. 47.
    Zhang Y, Chen M, Huang D, Wud D, Li Y (2017) iDoctor: Personalized and Professionalized Medical Recommendations Based on Hybrid Matrix Factorization. Futur Gener Comput Syst 66:30–35CrossRefGoogle Scholar
  48. 48.
    Zhenji Z, Wu L, Hong Z (2013) Context-Aware Access Control Model For Cloud Computing. International Journal of Grid and Distributed Computing 6(6):1–12CrossRefGoogle Scholar
  49. 49.
    Zhou J, Leppanen T, Harjula E, Ylianttila M, Ojala T, Yu C, Jin H (2013) "CloudThings: a Common Architecture for Integrating the Internet Of Things with Cloud Computing", In Proceedings of IEEE 17th International Conference on Computer Supported Cooperative Work in Design, pp. 651–657Google Scholar
  50. 50.
    Zibouh O, Dalli A, Drissi H (2016) Cloud Computing Security Through Parallelizing Fully Homomorphic Encryption Applied To Multi-Cloud Approach. Journal of Theoretical and Applied Information Technology 87(2):300–307Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.National University of Sciences and TechnologyIslamabadPakistan
  2. 2.Center of Excellence in Information AssuranceKing Saud UniversityRiyadhSaudi Arabia

Personalised recommendations