Skip to main content
SpringerLink
Log in

Review of the Main Security Threats and Challenges in Free-Access Public Cloud Storage Servers

  • Chapter
  • First Online:
Book cover Computer and Network Security Essentials

Abstract

The twenty-first century belongs to the world of computing, specially as a result of the so-called cloud computing. This technology enables ubiquitous information management and thus people can access all their data from any place and at any time. In this landscape, the emergence of cloud storage has had an important role in the last 5 years. Nowadays, several free-access public cloud storage services make it possible for users to have a free backup of their assets and to manage and share them, representing a low-cost opportunity for Small and Medium Enterprises (SMEs). However, the adoption of cloud storage involves data outsourcing, so a user does not have the guarantee about the way her data will be processed and protected. Therefore, it seems necessary to endow public cloud storage with a set of means to protect users’ confidentiality and privacy, to assess data integrity and to guarantee a proper backup of information assets. Along this paper, we discuss the main challenges to achieve such a goal, underlining the set of functionalities already implemented in the most popular public cloud storage services.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://tinyurl.com/hkypel5, http://tinyurl.com/hdqoum3, http://tinyurl.com/kryf254 Accessed 2016-12-27.

  2. 2.

    http://tinyurl.com/jdonyg7. Accessed 2016-12-27.

  3. 3.

    https://support.google.com/accounts/answer/1066447. Accessed 2016-12-27.

  4. 4.

    http://tinyurl.com/jpqtndx. Accessed 2016-12-27.

  5. 5.

    http://tinyurl.com/p2s8dlw. Accessed 2016-12-27.

  6. 6.

    https://tinyurl.com/gr86xxu. Accessed 2016-12-27.

  7. 7.

    http://tinyurl.com/lhjr7zf. Accessed 2016-12-27.

  8. 8.

    http://tinyurl.com/h3fbqdx. Accessed 2016-12-27.

  9. 9.

    http://tinyurl.com/hy6pyqr. Accessed 2016-12-27.

  10. 10.

    www.dyadicsec.com. Accessed 2016-06-04.

  11. 11.

    http://sharemind-sdk.github.io/.

  12. 12.

    http://tinyurl.com/z78dssy. Accessed 2016-12-27.

  13. 13.

    http://tinyurl.com/3uc96d. Accessed 2016-12-27.

  14. 14.

    http://tinyurl.com/jtvq2o4. Accessed 2016-12-27.

  15. 15.

    https://tinyurl.com/pnax3go. Accessed 2016-01-08.

  16. 16.

    www.sparkleshare.org. Accessed 2016-08-15.

  17. 17.

    https://github.com/AGWA/git-crypt. Accessed 2016-08-15.

  18. 18.

    http://tinyurl.com/pljob9s. Accessed 2016-12-27.

  19. 19.

    http://tinyurl.com/jxp7jp8 Accessed 2016-12-27.

  20. 20.

    http://maude.cs.uiuc.edu/tools/Maude-NPA. Accessed 2016-10-09.

  21. 21.

    https://cryptosense.com/. Accessed 2016-06-04.

  22. 22.

    http://tinyurl.com/2642d8. Accessed 2016-12-27.

References

  1. Abdalla, M., Fouque, P. A., & Pointcheval, D. (2005). Password-based authenticated key exchange in the three-party setting. In Public key cryptography-PKC 2005 (pp. 65–84). Berlin: Springer.

    Chapter  Google Scholar 

  2. Alphr. How secure are Dropbox, Microsoft OneDrive, Google Drive and Apple iCloud? [Online]. Available from: http://www.alphr.com/dropbox/1000326/how-secure-are-dropbox-microsoft-onedrive-google-drive-and-apple-icloud. Accessed December 29, 2015.

  3. Archer, D. W., Bogdanov, D., Pinkas, B., & Pullonen, P. (2015). Maturity and performance of programmable secure computation. Technical Report, IACR Cryptology ePrint Archive.

    Google Scholar 

  4. Armknecht, F., Bohli, J. M., Karame, G. O., & Youssef, F. (2015). Transparent data deduplication in the cloud. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (pp. 886–900). New York: ACM.

    Google Scholar 

  5. Arroyo, D., Diaz, J., & Gayoso, V. (2015). On the difficult tradeoff between security and privacy: Challenges for the management of digital identities (pp. 455–462). Cham: Springer International Publishing.

    Google Scholar 

  6. Arroyo, D., Diaz, J., & Rodriguez, F. B. (2015). Non-conventional digital signatures and their implementations - a review. In CISIS’15 (pp. 425–435). Berlin: Springer

    Google Scholar 

  7. Bansal, C., Bhargavan, K., Delignat-Lavaud, A., & Maffeis, S. (2014). Discovering concrete attacks on website authorization by formal analysis. Journal of Computer Security, 22(4), 601–657.

    Article  MATH  Google Scholar 

  8. Becker, G. (2008). Merkle signature schemes, Merkle trees and their cryptanalysis. Ruhr-Universität Bochum.

    Google Scholar 

  9. Bellare, M., Keelveedhi, S., & Ristenpart, T. (2013). Message-locked encryption and secure deduplication. In Annual International Conference on the Theory and Applications of Cryptographic Techniques (pp. 296–312). New York: Springer.

    Google Scholar 

  10. Best Backups. 7 cloud storage managers for multiple cloud storage services - Best backups.com [Online]. Available from: http://www.bestbackups.com/blog/4429/7-cloud-storage-managers-for-multiple-cloud-storage-services Accessed March 26, 2016.

  11. Bogdanov, D., Laur, S., & Willemson, J. (2008). Sharemind: A framework for fast privacy-preserving computations. In Computer Security-ESORICS 2008 (pp. 192–206). New York: Springer.

    Chapter  Google Scholar 

  12. Bowers, K. D., van Dijk, M., Juels, A., Oprea, A., & Rivest, R. L. (2011). How to tell if your cloud files are vulnerable to drive crashes. In Proceedings of the 18th ACM Conference on Computer and Communications Security (pp. 501–514). New York: ACM.

    Google Scholar 

  13. Boyd, C. (2013). Cryptography in the cloud: Advances and challenges. Journal of Information and Communication Convergence Engineering 11(1), 17–23.

    Article  Google Scholar 

  14. Butler, B. Researchers steal secret RSA encryption keys in Amazon’s cloud [Online]. Available from: http://www.networkworld.com/article/2989757/cloud-security/researchers-steal-secret-rsa-encryption-keys-in-amazon-s-cloud.html. Accessed November 22, 2015.

  15. Cavoukian, A., & Dixon, M. (2013). Privacy and security by design: An enterprise architecture approach. Ontario: Information and Privacy Commissioner.

    Google Scholar 

  16. Cryptosense. Cryptosense automated analysis for cryptographic systems [Online]. Available from: https://cryptosense.com. Accessed November 22, 2015.

  17. Diaz, J., Arroyo, D., & Rodriguez, F. B. (2014). A formal methodology for integral security design and verification of network protocols. Journal of Systems and Software, 89, 87–98.

    Article  Google Scholar 

  18. Dmitrienko, A., Liebchen, C., Rossow, C., & Sadeghi, A. R. (2014). Security analysis of mobile two-factor authentication schemes. Intel®; Technology Journal, 18(4), 138–161.

    Google Scholar 

  19. Escobar, S., Meadows, C., & Meseguer, J. (2009). Maude-NPA: Cryptographic protocol analysis modulo equational properties. In Foundations of security analysis and design V (pp. 1–50). Berlin: Springer.

    Google Scholar 

  20. Escobar, S., Meadows, C., & Meseguer, J. (2012). The Maude-NRL protocol analyzer (Maude-NPA) [Online]. Available from: http://maude.cs.uiuc.edu/tools/Maude-NPA. Accessed October 9, 2016.

  21. European Commission. European Commission launches EU-U.S. Privacy shield: stronger protection for transatlantic data flows [Online]. Available from: http://tinyurl.com/jeg3doq. Accessed September 12, 2016.

  22. Fernandez, E. B., Monge, R., & Hashizume, K. (2015). Building a security reference architecture for cloud systems. Requirements Engineering, 21, 1–25.

    Google Scholar 

  23. Fett, D., Küsters, R., & Schmitz, G. (2016). A comprehensive formal security analysis of OAuth 2.0 (pp. 1–75). http://arxiv.org/abs/1601.01229.

  24. Ford, W., & Kaliski, B. S., Jr. (2000). Server-assisted generation of a strong secret from a password. In IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2000. (WET ICE 2000). Proceedings (pp. 176–180).

    Google Scholar 

  25. González-Manzano, L., & Orfila, A. (2015). An efficient confidentiality-preserving proof of ownership for deduplication. Journal of Network and Computer Applications, 50, 49–59.

    Article  Google Scholar 

  26. Gordon, W. Two-factor authentication: The big list of everywhere you should enable it right now [Online]. Available from: http://www.lifehacker.com.au/2012/09/two-factor-authentication-the-big-list-of-everywhere-you-should-enable-it-right-now. Accessed December 31, 2015.

  27. Grassi, P. A., Fenton, J. L., Newton, E. M., Perlner, R. A., Regenscheid, A. R., Burr, W. E., Richer, J. P., Lefkovitz, N. B., Choong, J. M. D. Y. Y., Mary, K. K. G., & Theofanos, F. (2016). Digital authentication guideline; authentication and lifecycle management. Technical Report Draft NIST SP 800-63B, National Institute of Standards and Technology.

    Google Scholar 

  28. Hankerson, D., Menezes, A. J., & Vanstone, S. (2004). Guide to elliptic curve cryptography. New York, NY: Springer.

    MATH  Google Scholar 

  29. Happe, A. Git with transparent encryption [Online]. Available from: https://snikt.net/blog/2013/07/04/git-with-transparent-encryption Accessed August 16, 2016.

  30. Imperva. Man in the cloud attacks [Online] http://tinyurl.com/qf7n6s8. Accessed December 27, 2016.

  31. Jansma, N., & Arrendondo, B. (2004). Performance comparison of elliptic curve and RSA digital signatures. Technical Report, University of Michigan College of Engineering (pp. 1–20).

    Google Scholar 

  32. Juels, A., & Kaliski, B. S., Jr. (2007). PORs: Proofs of retrievability for large files. In Proceedings of the 14th ACM Conference on Computer and Communications Security (pp. 584–597).

    Google Scholar 

  33. Kandias, M., Virvilis, N., & Gritzalis, D. (2011). The insider threat in cloud computing. In International Workshop on Critical Information Infrastructures Security (pp. 93–103). New York: Springer.

    Google Scholar 

  34. Karat, C. M., Brodie, C., & Karat, J. (2005). Usability design and evaluation for privacy and security solutions. In L. F. Cranor & S. Garfinkel (Eds.), Security and usability (pp. 47–74). O’Reilly Media, Inc.

    Google Scholar 

  35. Li, J., Chen, X., Xhafa, F., & Barolli, L. (2014). Secure deduplication storage systems with keyword search. In Proceedings of 2014 IEEE 28th International Conference on Advanced Information Networking and Applications (AINA’14) (pp. 971–977).

    Google Scholar 

  36. Li, W., & Mitchell, C. J. (2014). Security issues in OAuth 2.0 SSO implementations. In Information Security - 17th International Conference, ISC 2014, Proceedings, Hong Kong, China, October 12–14, 2014 (pp. 529–541).

    Google Scholar 

  37. Mainka, C., Mladenov, V., Feldmann, F., Krautwald, J., & Schwenk, J. (2014). Your software at my service: Security analysis of SaaS single sign-on solutions in the cloud. In Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing Security (pp. 93–104). New York: ACM.

    Google Scholar 

  38. Meadows, C. (2015). Emerging issues and trends in formal methods in cryptographic protocol analysis: Twelve years later. In Logic, rewriting, and concurrency (pp. 475–492). New York: Springer.

    Chapter  Google Scholar 

  39. Pasquier, T., Singh, J., Bacon, J., & Eyers, D. (2016). Information flow audit for PaaS clouds. In International Conference on Cloud Engineering (IC2E). New York: IEEE.

    Google Scholar 

  40. Pulls, T., & Slamanig, D. (2015). On the feasibility of (practical) commercial anonymous cloud storage. Transactions on Data Privacy, 8(2), 89–111.

    Google Scholar 

  41. Puzio, P., Molva, R., Onen, M., & Loureiro, S. (2013). ClouDedup: secure deduplication with encrypted data for cloud storage. In Proceedings of 2013 IEEE 5th International Conference on Cloud Computing Technology and Science (CloudCom’13) (pp. 363–370).

    Google Scholar 

  42. Puzio, P., Molva, R. Önen, M., & Loureiro, S. (2016). PerfectDedup: Secure data deduplication. In J. Garcia-Alfaro, G. Navarro-Arribas, A. Aldini, F. Martinelli, N. Suri (Eds.), Data Privacy Management, and Security Assurance: 10th International Workshop, DPM 2015, and 4th International Workshop QASA 2015, Vienna, Austria, September 21–22, 2015 (pp. 150–166). Cham: Springer International Publishing. doi:10.1007/978-3-319-29883-2_10, ISBN:978-3-319-29883-2, http://dx.doi.org/10.1007/978-3-319-29883-2_10.

  43. Rabotka, V., & Mannan, M. (2016). An evaluation of recent secure deduplication proposals. Journal of Information Security and Applications, 27, 3–18.

    Article  Google Scholar 

  44. Radke, K., Boyd, C., Nieto, J. G., & Bartlett, H. (2014). CHURNs: Freshness assurance for humans. The Computer Journal, 58, 2404–2425. p. bxu073.

    Google Scholar 

  45. Radke, K., Boyd, C., Nieto, J. G., & Brereton, M. (2011). Ceremony analysis: Strengths and weaknesses. In Future challenges in security and privacy for academia and industry (pp. 104–115). Berlin: Springer.

    Chapter  Google Scholar 

  46. Rahumed, A., Chen, H. C. H., Tang, Y., Lee, P. P. C., & Lui, J. C. S. (2011). A secure cloud backup system with assured deletion and version control. In Proceedings of the International Conference on Parallel Processing Workshops (pp. 160–167).

    Google Scholar 

  47. Ransome, J., & Misra, A. (2013). Core software security: Security at the source. Boca Raton: CRC Press.

    Google Scholar 

  48. Razavi, K., Gras, B., Bosman, E., Preneel, B., Giuffrida, C., & Bos, H. (2016). Flip Feng Shui: hammering a needle in the software stack. In Proceedings of the 25th USENIX Security Symposium.

    Google Scholar 

  49. Renaud, K., Volkamer, M., & Renkema-Padmos, A. (2014). Why doesn’t Jane protect her privacy? In Privacy enhancing technologies (pp. 244–262). New York: Springer.

    Google Scholar 

  50. Rifà-Pous, H., & Herrera-Joancomartí, J. (2011). Computational and energy costs of cryptographic algorithms on handheld devices. Future Internet, 3(1), 31–48.

    Article  Google Scholar 

  51. Rusbridger, A. (2013). The Snowden leaks and the public.

    Google Scholar 

  52. Ruvalcaba, C., & Langin, C. (2009). Four attacks on OAuth - How to secure your OAuth implementation. System, 1, 19. https://www.sans.org/reading-room/whitepapers/application/attacks-oauth-secure-oauth-implementation-33644.

    Google Scholar 

  53. Samarati, P., & di Vimercati, S. (2016). Cloud security: Issues and concerns. In Encyclopedia on cloud computing. New York: Wiley.

    Google Scholar 

  54. Shirey, R. G., Hopkinson, K. M., Stewart, K. E., Hodson, D. D., & Borghetti, B. J. (2015). Analysis of implementations to secure Git for use as an encrypted distributed version control system. In 2015 48th Hawaii International Conference on System Sciences (HICSS) (pp. 5310–5319). New York: IEEE.

    Chapter  Google Scholar 

  55. Shostack, A. (2014). Threat modeling: Designing for security. New York: Wiley.

    Google Scholar 

  56. Srinivasan, S. (2014). Security, trust, and regulatory aspects of cloud computing in business environments. In IGI Global.

    Google Scholar 

  57. Strandburg, K. (2014). Monitoring, datafication and consent: Legal approaches to privacy in a big data context. In J. Lane, V. Stodden, S. Bender, & H. Nissenbaum (Eds.), Privacy, big data, and the public good: Frameworks for engagement. Cambridge: Cambridge University Press.

    Google Scholar 

  58. Torres-Arias, S., Ammula, A. K., Curtmola, R., & Cappos, J. (2016) On omitting commits and committing omissions: Preventing Git metadata tampering that (re)introduces software vulnerabilities. In 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10–12, 2016 (pp. 379–395).

    Google Scholar 

  59. Tysowski, P. K. (2013). Highly scalable and secure mobile applications in cloud computing systems. Ph.D. thesis, University of Waterloo.

    Google Scholar 

  60. Whitten, A., & Tygar, J. D. (1999). Why Johnny can’t encrypt: A usability evaluation of PGP 5.0. In Usenix Security (Vol. 1999).

    Google Scholar 

  61. Wilcox-O’Hearn, Z. (2008). Drew Perttula and attacks on convergent encryption [Online]. Available from: https://tahoe-lafs.org/hacktahoelafs/drew_perttula.html. Accessed December 9, 2016.

  62. Wu, T. D., et al. (1998). The secure remote password protocol. In NDSS (Vol. 98, pp. 97–111).

    Google Scholar 

  63. Xue, K., & Hong, P. (2014). A dynamic secure group sharing framework in public cloud computing. IEEE Transactions on Cloud Computing, 2(4), 459–470.

    Article  Google Scholar 

  64. Yang, G., Yu, J., Shen, W., Su, Q., Fu, Z., & Hao, R. (2016). Enabling public auditing for shared data in cloud storage supporting identity privacy and traceability. Journal of Systems and Software, 113, 130–139.

    Article  Google Scholar 

  65. Yeo, H. S., Phang, X. S., Lee, H. J., & Lim, H. (2014). Leveraging client-side storage techniques for enhanced use of multiple consumer cloud storage services on resource-constrained mobile devices. Journal of Network and Computer Applications, 43, 142–156.

    Article  Google Scholar 

Download references

Acknowledgements

This work was supported by Comunidad de Madrid (Spain) under the project S2013/ICE-3095-CM (CIBERDINE).

Author information

Authors and Affiliations

  1. Departamento de Ingeniería Informática, Escuela Politécnica Superior, Universidad Autónoma de Madrid, Madrid, Spain

    Alejandro Sanchez-Gomez & David Arroyo

  2. BEEVA, Madrid, Spain

    Jesus Diaz

  3. Institute of Physical and Information Technologies (ITEFI), Spanish National Research Council (CSIC), Madrid, Spain

    Luis Hernandez-Encinas

Authors
  1. Alejandro Sanchez-Gomez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jesus Diaz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Luis Hernandez-Encinas
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. David Arroyo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to David Arroyo .

Editor information

Editors and Affiliations

  1. University of Detroit Mercy, Detroit, Michigan, USA

    Kevin Daimi

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this chapter

Cite this chapter

Sanchez-Gomez, A., Diaz, J., Hernandez-Encinas, L., Arroyo, D. (2018). Review of the Main Security Threats and Challenges in Free-Access Public Cloud Storage Servers. In: Daimi, K. (eds) Computer and Network Security Essentials. Springer, Cham. https://doi.org/10.1007/978-3-319-58424-9_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-58424-9_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-58423-2

  • Online ISBN: 978-3-319-58424-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation