2018 4th IEEE International Conference on Big Data Security on Cloud

Critical Security Issues in Cloud Computing: A

Survey
Xiaotong Sun
Department of Computer Science
Pace University
New York, NY 10038, USA
xs43599n@pace.edu
Abstract—An exponential growth of cloud computing is deriving from security concerns. Due to the connected
dramatically changing contemporary network service environment, cloud computing implementations are
manners. A large scope of cloud-based service offerings, X- facing all vulnerabilities of the network [7], [8].
as-aService (XaaS), are empowering flexible adoptions with Meanwhile, besides networking vulnerabilities, cloud
ondemand provisions. However, cloud computing also
introduces a series of security concerns, even though there are
applications also need to deal with potential threats
numerous advantages of using cloud computing. from involvers in the cloud, such as unknown third
Understanding security concerns in cloud computing is a
fundamental requirement for successfully adopting cloud
solutions. This paper focuses on a variety of security issues in
cloud computing and accomplishes a survey that addresses
three major security dimensions of cloud security, including
computer security, network security, and information
security. Literature review provides a holistic view of cloud
security as well as converges recent achievements in the field.
The main findings of this work can provide future research in
the field of cloud security with theoretical supports and
evidence. Fig. 1: Dimensions of Cloud Computing Security
Index Terms—Cloud computing, security, privacy, data
storage, networking security
party service providers or unexpected data users. It
I. INTRODUCTION implies that most cloud applications are facing threats
978-1-5386-4399-0/18/$31.00 ©2018 IEEE from both insiders and outsiders [9], [10]. Typical
DOI 10.1109/BDS/HPSC/IDS18.2018.00053 cloud risks cover data abuse, malicious insiders,
With the rapid development of the network insecure interface and APIs, shared technology issues,
technology, cloud computing has bas grown as a data loss or leakage, account or service hijacking, and
broadly accepted deployment in business and has been unknown risk profile. A proper and accurate
driving people’s lives towards a connected understanding on cloud security is a fundamental
environment [1]–[3]. One of the major advantages of requirement for a success of the cloud deployment.
cloud computing is that it can offer numerous service
This paper thereby focuses on discerning typical
models depending on users’ demands. Service models
aspects of the cloud security. In order to provide a
can be represented as an X-as-a-Service (XaaS), in panoramic view of cloud security, we show a high
which X refers to the computing offerings [4]. Basic structure of security dimensions in cloud computing in
computing offerings include infrastructure, software, Fig. 1. There are three main dimensions, as shown in
and platform [5]. Meanwhile, service offerings, Xs, can the figure, which include computer security, network
be represented in any manners that are deliverable to security, and information security. These three
users, such as information, security, back-end, and dimensions will guide the structure of this survey. At
process [6]. The flexible service deliveries have each dimension, the survey only selects significant and
remarkably scaled up the service content on the representative aspects for reviews due to the limit of
network. pages.
Despite the high convenience and flexibility brought Moreover, literature reviews completed by this
by cloud computing, the implementation of cloud- survey work mainly focus on updated research
based solutions is still encountering restrictions

216

Authorized licensed use limited to: Cornell University Library. Downloaded on September 04,2020 at 13:44:35 UTC from IEEE Xplore. Restrictions apply.
 accomplishments rather than going through a history of
cloud computing. The objective of this work is to
provide scholars and practitioners with a knowledge
scaffold about recent The main contributions of this
survey are threefold: (1) this work highlights vital
vulnerabilities of cloud security and covers key issues
in the field; (2) we synthesize characteristic solutions
to each type of threats in cloud security; (3) discussions
deriving from main findings provide future security
research with theoretical supports.
The reminder of this work is organized by the
following order. Section II is the main body of this
paper, which addresses three major security
dimensions in cloud computing, including computer
security, network security, and information security.
Each dimensions is structured by a number of sub-
dimensions. Next, Section III states the main findings
obtained from literature review and gives a discussion
about future work. A conclusion is drawn based on our
main findings.
II. SECURITY DIMENSIONS IN CLOUD COMPUTING
A. Computer Security
Computer security is a wide concept that covers
most aspects of computer system protections. The
protection objectives include hardware, software and
information. This section selects three typical aspects
of computer security, which are attack types, access
control, and cryptography.
1) Attack Types: We summarize a number of typical
attack types in this section, which include Denial-of-
Service (DoS), clickjacking, eavesdropping, spoofing,
social engineering, tampering, privilege escalation, and
backdoor attacks. Each attack is specific or non-
specific to the networking connection layer or
operating system. Fig. 2 shows a synthesis of the
typical attacks and their attached layers. A brief review
about attack types is given below.
Fig. 2: Main attack types and their layers.
First, a DoS attack is a group of malicious methods
that prevent users from reaching the desired computing
resource via the network. Main issues have been
217
Authorized licensed use limited to: Cornell University Library. Downloaded on September 04,2020 at 13:44:35 UTC from IEEE Xplore. Restrictions apply.
surveyed by prior work that can be referred to
literatures [11], [12]. Lyamin et al. [13] proposed a
real-time method for detecting DoS attacks in
Vehicular Ad-Hoc Networks. This method focused on
detecting jamming attacks based on the observations of
the false alarm probabilities. Another study [14] had an
attempt to utilize the advantage of Software-
Defined Network (SDN) to defeat Distributed Denial-
ofService (DDoS) attacks. The authors also highlighted
the contradictory relationship between SDN and DDoS
attacks such that a few research issues were raised.
Next, a Clickjacking attack generally is considered an
adversarial activity at the transport layer. The attack
usually is attached to a browser, in which the attack is
launched by a clickable object on the page with
embedded adversarial codes or a script. Wu et al. [15]
emphasized the a stealthy clickjacking attack could
take place by clicking on any malicious object on the
page, such as a fake system reminder. Users would not
notice the adversarial activities since relaunching
malicious software could be automatic, such as using a
timer. Some examples of clickjacking included
Likejacking [16] and Cursorjacking.
Furthermore, eavesdropping and spoofing are two
attack methods that generally take place at network
layer. An eavesdropping attack mainly targets at those
unencrypted data by capturing small packets for
stealing information. A spoofing attack is an
adversarial action that pretends to be a legal
communicator by making fake data or identity.
Recently, some studies have tried to lower down the
chance of eavesdropping attacks. For instance, an
investigation [17] has attempted to examine whether a
dynamic encryption strategy could increase privacy
protection. This method gave those data that carried
sensitive information the priority in order to deal with
the computation workload caused by big volume data.
From the perspective of adversaries, a research
proposed a mixed method that combined spoofing and
jamming attacks [18]. The attack effect could be
maximized when considering the restriction of the
power supply.
Moreover, some attacks may take place at all layers,
such as social engineering and tampering attacks. A
social engineering attack is a type of adversarial
actions utilizing psychological behaviors for the
purpose of information stealing. Some examples of
social engineering techniques are Pretexting, Phishing
[19], and Baiting attacks [20]. A tampering attack is a
presentation of a group of attacks that modify software
settings or hardware configuration without users’
permissions.
Finally, privilege escalation and backdoor attacks are
two common malicious actions at the operating system
layer. A privilege escalation attack mainly describes an
 adversary who utilizes vulnerabilities/bugs of the
system to obtain the access to the information. A
backdoor attack refers to adversaries learn the hidden
part of the program or system and utilize it to illegally
obtain information. Tsoutsos et al. [21] developed an
zero-overhead privilege escalation approach for
microprocessor modifications. Another study explored
an approach using multi-IDS systems that could detect
privilege escalation or backdoor attacks in multi-tier
web applications. Additionally, Zhang et al. [22]
argued that it was possible to prevent backdoor attacks
at the system design stage by using their proposed
technique. The approach was called VeriTrust that
continuously examined verification corners for
identifying potential adversarial triggers.
The next section will discuss the aspect of access
control.
2) Access Control: An access control system refers to
a series of system configuration that determines
whether a user can have the access to a certain
information. The mechanism of an access control
system is to examine whether the access requester
matches the criterion. Common network access
enforcement methods include IEEE 802.1X, Virtual
Local Area Networks (VLANs), firewall, and Dynamic
Host Configuration Protocol (DHCP) management.
Meanwhile, the core of most access control systems
is applying a Computer File System (CFS), which
creates a list of requirements/criterion for access
examinations. A main vulnerability of contemporary
CFS is that the system maybe fooled by adversaries by
making fake data for matching criterion. In line with
current access control settings, there are a few
components in a typical access control system. Four
main parts are shown in Fig. 3. Among these
components, authentication methods are usually
concerned by system designers. Applying an
Extensible Authentication Protocol (EAP) transport
service can support the authentication information
exchange between client system and an authentication
server. Some examples supported by EAP are EAP
Transport Layer Security, EAP Tunneled TLS, EAP
Generalized Pre-Shared Key, and EAP-IKEv2.
Fig. 3: Main components of access control.
Moreover, some advanced access control approaches
have been explored by recent research as well. One
popular research direction is to design an Attribute-
218
Authorized licensed use limited to: Cornell University Library. Downloaded on September 04,2020 at 13:44:35 UTC from IEEE Xplore. Restrictions apply.
based Access Control (AAC) to strengthen the security.
The advantage of using an AAC method is that some
attributes can be hardly fabricated by adversaries. A
few recent achievements are reviewed as follows.
Wang et al. [23] developed a hierarchical attribute-
based approach for implementing multi-level access
controls. Qiu et al. [24] had a focus of data security in
the financial industry and proposed an attribute-based
semantic access control method. This method used
ontologies to formulate relationship between data
owners and data usage to avoid unexpected parties
reaching data in the context of cloud computing. Some
other studies had distinct focuses. For example,
Cheung and his colleagues [25] studied the
optimization approach for spectrum allocations in two-
tier networks, by which access controls are determined.
The authors also considered the quality of service
constraints covering success probabilities and per-tier
minimum rates.
We will discuss the last key aspect of computer
security in the next section.
3) Cryptography in Clouds: Cryptography in cloud
computing has its own characteristics [26], [27]. An
ideal cryptographic design for cloud-based applications
need to deal with both insider and outsider threats.
However, most cryptographic approaches could only
take care one side, mostly outsider threats. In fact,
threats from insiders also restricts the implementation
of cloud solutions, due to uncertain operations done on
the clouds and unknown parties who have accesses to
the data.
There are three advanced encryption types that
match the requirement of cloud computing for both
insider and outsider threats. The first option is an
Attribute-based Encryption (ABE). This type of
solutions has been explored over years and two
common kinds of ABE are Ciphertextpolicy ABE (CP-
ABE) and Key-policy ABE (KP-ABE). Li et al. [28]
have investigated the flexibility of using ABE to secure
personal health records in clouds. Lat et al. [29] argued
that a verifiability should be a requirement of ABE and
proposed method for verifying outsourced decryption.
Similarly, another study [30] addressed the
checkability of the outsourced decryption. Two main
issues in ABE designs include (1) complexity of the
cryptographic key design will become complex when
the number of attributes in access strategy set grows.
Moreover, the second alternative is Fully
Homomorphic Encryption (FHE). A proper FHE allows
arithmetic operations over the decrypted data in the
cloud, such that cloud operators (insider threats) cannot
access plain-texts. The implementation of FHE can be
also combined with other security protocol to against
threats from outsider. A basic manipulation process of
an FEH is shown in Fig. 4. We can observe that
 operators on the cloud sider always reach encrypted
data.
Fig. 4: Basic manipulation process of an FHE.
Despite a perfect match for cloud computing, there is
no active FHE adoption in practice. Gentry’s FHE
[31]–[33] is considered the first logical method for
achieving homomorphism encryptions. However, this
approach is far away from the practical implementation
due to its heavy computations and noise creations.
Many scholars have tried to improve the efficiency of
this approach from both cryptographic design and
hardware, but current performance still cannot satisfy
the requirement of the industry [34]–[36].
Recent break-through of FHE design took place
when a totally distinct direction was addressed. A new
design [37]– [39] was proposed, which used tensor
theory to achieve homomorphism results. The
advantages of this approach are threefold. First, the
complexity of this approach was lower than Gentry’s
method so that its execution efficiency was higher.
Second, this approach did not create noise during the
whole mathematical process; thereby, data users can
always obtain accurate results. Finally, data can be
secured during the whole process of data usage. The
problem of this approach is that the workload of
decryptions is heavy.
Finally, the last option for cloud-oriented encryption
is Searchable Encryption (SE) that can be referred to
literatures in [40], [41]. This type of encryptions
emphasizes the searching operation rather than
mathematic operations. The main challenge of this type
of encryption is that it generally requires a large of key
distributions for both encryptions and searching.
Naveed et al. [42] highlighted the problem of
identifying basic primitives to achieve blind storage.
Another study [43] also addressed the problem of the
key distributions and designed a concept of
keyaggregate searchable encryption. In this approach,
only one single key is required by a data owner for
sharing sharing a large amount documents with one
user. In order to obtain a higher-level security, Han et
al. [44] considered both ABE and SE and proposed a
general transformation approach that covers features of
ABE and SE.
219
Authorized licensed use limited to: Cornell University Library. Downloaded on September 04,2020 at 13:44:35 UTC from IEEE Xplore. Restrictions apply.
In summary, we have reviewed a few crucial aspects
of computer security in this section, which covers
attack types, access control systems, and cryptography
in cloud computing. The review not only summarizes
key facets but also points out existing problems as well
as recent achievements. We will talk about network
security in next section.
B. Network Security
In this section, two sides are addressed to describe
main issues in network security, which are attack types
and recent explorations in enhancing security of the
network.
1) Attack Types: The attack types in network security
have many overlaps with computer security. As a web-
based technique, cloud computing is facing all
network-oriented attack types. From the perspective of
the attack triggers, types of attacks can be categorized
into two groups, namely, passive and active attacks.
A passive attack refers to malicious activities that
grabs information while directly intercepting traffics of
the network [45]. Common methods against passive
attacks include wiretapping [46], port scanner [47], idle
scan [48], data encryption, and traffic analysis [49].
Meanwhile, an active attack means that an intruder
who distorts networking operations or obtains access
illegally via malicious codes. A few typical active
attacks include virus, eavesdropping, DoS attack,
spoofing, Smurf attack, man in the middle attack, ARP
poisoning, buffer overflow, heap overflow, SQL
injection, phishing, and cross-site scripting. Except the
attack types mentioned in Section II-A, we briefly
introduce a number of representative active attack
types.
First, Address Resolution Protocol (ARP) poisoning
is a kind of active attack that relies on the spoofing
attacks on a Local Area Network (LAN) via a spoofed
ARP message [50], [51]. Basic idea of ARP poisoning
is causing traffic deceiving via pretending a host’s IP
address so that LAN users send message to malicious
users instead of the default gateway. Yang et al. [52]
points out that ARP’s vulnerability is that it does not
have a verification mechanism for verifying
authenticity of the ARP messages, even though it is a
trusting protocol. Attacks often take place from
malicious hosts in an LAN. Fig. 5 illustrates a basic
mechanism of ARP poisoning.
Fig. 5: Basic mechanism of ARP poisoning.
 Next, a Smurf attack is a kind of DDoS attack that
launches a traffic flood to the victim’s device over the
Internet Control Message Protocol (ICMP) [53]. The
process of the Smurf attack mainly consists of two
steps. The first step is that an attacker send out ICMP
packets with spoofed IP to numerous devices. The
second step is that the attacker receive ICMP responses
and redirect them to the victim device. Thus, victim
device will receive a flood traffic if the number of the
responses is great. We provide a process diagram of
Smurf attack in Fig. 6. In the figure, solid lines refer to
ICMP packets with spoofed IP; broken lines refer to
ICMP responses.
Next section will address the enhancement of
network security.
2) Network Security Enhancement: As one of the
most broadly adopted security services, Secure Socket
Layer (SSL) establishes an encrypted connections
between a web server and a browser. Its
implementations are generally based on a set of
security protocols. With the development of the
Internet, SSL cannot satisfy the requirement of the
security and is being replaced by another protocol set
that is Transport Layer Security (TLS).
Fig. 6: Basic mechanism of Smurf attack.
Moreover, the methods against adversaries are
various and some of them are mentioned in prior
sections. Each defense method maybe suitable for one
or multiple network threats. Representative defense
methods include access control, software-oriented
security tool, authentication, authorization,
cryptography, firewall, Intrusion Detection System
(IDS), Intrusion Prevention System (IPS), and secure
gateway.
C. Information Security
This section concentrates on the information security
issues in cloud computing. Two aspects are involved in
this security, which are identity management and
privacy protection.
1) Identity Management: The concept of identity
management is a group of activities to verify whether a
person or a group of users has/have access to a
220
Authorized licensed use limited to: Cornell University Library. Downloaded on September 04,2020 at 13:44:35 UTC from IEEE Xplore. Restrictions apply.
computing object, such as an application or a system.
Major activities during the verification process include
identification, authentication, and authorization. It has
an overlap with the operation of the access control.
However, identity management and access control
have distinct focuses. Normally, identity management
focus on authentication, while access control mainly
addresses authorization.
Moreover, there are some challenges for current
identity management from the perspective of the
implementation [54]. The first challenge is password
management in a distributed environment. The cost of
identity management will be increased when
authentication systems are deployed in multi-
geographic locations. The other challenging issue is to
secure identity information. In the distributed context,
attackers have a chance to monitor identity information
if authentication system is connected to a remote
server. There will be more threats when wireless
networks are used.
2) Privacy Protection: Privacy concern is a
common issue in the implementation of cloud
computing. Data carrying sensitive information are
adversaries’ targets. What is more, data owners have
rare control on their data when data are stored/operated
on the remote cloud server. Data trades between
service providers also threaten users’ privacy.
A few approaches can enhance the level of privacy
protection in the cloud. First, increasing data control
during the whole data usage cycle can reduce the risk
caused by loss of control. A data usage cycle covers a
chain of states, including at rest, in transit, in use, and
access. Next, encryption is a positive alternative for
data owners (clients) to prevent data from malicious
actions during transmissions. In most situations, an
encrypted data package is assumed to be secure. Future
solutions may include advanced encryption technique,
such as FHE and block-chain techniques. Finally, a
multi-encryption strategy will become a trend to deal
with big data privacy. Encryption priority will be given
to those data that carry sensitive information so that the
selection of the encryption is a dynamic work.
III. CONCLUSIONS
In this paper, a survey was accomplished to review
all crucial security aspects of cloud computing. The
convergence was organized by three parts, which were
computer security, network security, and information
security. The literature review synthesized major
threats and vulnerabilities of cloud computing, as well
as the corresponding defense methods or potential
solutions. The survey also depicted that security issues
in cloud computing derived from both insider and
outsider threats. Traditional security protocols could
mainly prevent risks from outsider threats; an effective
 FHE was a desired solution even though there was yet
no ubiquitous solution available.
REFERENCES
[1] M. Armbrust, A. Fox, R. Griffith, A. Joseph, R. Katz, A.
Konwinski, G. Lee, D. Patterson, A. Rabkin, and I. Stoica. A
view of cloud computing. Communications of the ACM,
53(4):50–58, 2010.
[2] S. Subashini and V. Kavitha. A survey on security issues in
service delivery models of cloud computing. Journal of
network and computer applications, 34(1):1–11, 2011.
[3] K. Gai, M. Qiu, H. Zhao, L. Tao, and Z. Zong. Dynamic
energy-aware cloudlet-based mobile cloud computing model
for green computing. Journal of Network and Computer
Applications, 59:46–54, 2015.
[4] P. Mell and T. Grance. The NIST definition of cloud
computing. Special Publication - National Institute of
Standards and Technology, U.S. Department of Commerce,
2011.
[5] L. Qian, Z. Luo, Y. Du, and L. Guo. Cloud computing: An
overview. Cloud computing, pages 626–631, 2009.
[6] B. Hayes. Cloud computing. Communications of the ACM,
51(7):9– 11, 2008.
[7] T. Dinh, Y. Xuan, M. Thai, P. Pardalos, and T. Znati. On new
approaches of assessing network vulnerability: hardness and
approximation. IEEE/ACM Transactions on Networking,
20(2):609–619, 2012.
[8] T. Khorshed, A. Ali, and S. Wasimi. A survey on gaps, threat
remediation challenges and some thoughts for proactive attack
detection in cloud computing. Future Generation computer
systems, 28(6):833– 851, 2012.
[9] S. Stolfo, M. Salem, and A. Keromytis. Fog computing:
Mitigating insider data theft attacks in the cloud. In Security
and Privacy Workshops (SPW), 2012 IEEE Symposium on, pages
125–128, San Francisco, CA, USA, 2012. IEEE.
[10] C. Wang, Q. Wang, K. Ren, N. Cao, and W. Lou. Toward
secure and dependable storage services in cloud computing.
IEEE Trans. on Services Computing, 5(2):220–232, 2012.
[11] S. Zargar, J. Joshi, and D. Tipper. A survey of defense
mechanisms against distributed denial of service (DDoS)
flooding attacks. IEEE communications surveys & tutorials,
15(4):2046–2069, 2013.
[12] Q. Yan, F. Yuand Q. Gong, and J. Li. Software-defined
networking (SDN) and distributed denial of service (DDoS)
attacks in cloud computing environments: A survey, some
research issues, and challenges. IEEE Communications Surveys
& Tutorials, 18(1):602–622, 2016.
[13] N. Lyamin, A. Vinel, M. Jonsson, and J. Loo. Real-time
detection of denial-of-service attacks in IEEE 802.11 p
vehicular networks. IEEE Communications letters, 18(1):110–
113, 2014.
[14] Q. Yan and F. Yu. Distributed denial of service attacks in
softwaredefined networking with cloud computing. IEEE
Communications Magazine, 53(4):52–59, 2015.
[15] L. Wu, B. Brandt, X. Du, and B. Ji. Analysis of clickjacking
attacks and an effective defense scheme for android devices. In
Communications and Network Security (CNS), 2016 IEEE
Conference on, pages 55–63, Philadelphia, PA, USA, 2016.
IEEE.
[16] C. Wisniewski. What is “likejacking”? sophos senior security
advisor chester wisniewski explains this malicious facebook
phenomenon. url=https://www.sophos.com/en-us/securitynews-
trends/security-trends/what-is-likejacking.aspx.
[17] K. Gai, M. Qiu, and H. Zhao. Privacy-preserving data
encryption strategy for big data in mobile cloud computing.
IEEE Transactions on Big Data, PP(99):1, 2017.
[18] K. Gai, M. Qiu, Z. Ming, H. Zhao, and L. Qiu. Spoofing-
jamming attack strategy using optimal power distributions in
wireless smart grid networks. IEEE Transactions on Smart Grid,
8(5):2431 – 2439, 2017.
221
Authorized licensed use limited to: Cornell University Library. Downloaded on September 04,2020 at 13:44:35 UTC from IEEE Xplore. Restrictions apply.
[19] T. Jagatic, N. Johnson, M. Jakobsson, and F. Menczer. Social
phishing. Communications of the ACM, 50(10):94–100, 2007.
[20] A. Maiti, O. Armbruster, M. Jadliwala, and J. He.
Smartwatchbased keystroke inference attacks and context-
aware protection mechanisms. In Proceedings of the 11th ACM
on Asia Conference on Computer and Communications
Security, pages 795–806, Xi’an, China, 2016. ACM.
[21] N. Tsoutsos and M. Maniatakos. Fabrication attacks: Zero-
overhead malicious modifications enabling modern
microprocessor privilege escalation. IEEE Transactions on
Emerging Topics in Computing, 2(1):81–93, 2014.
[22] J. Zhang, F. Yuan, L. Wei, Y. Liu, and Q. Xu. VeriTrust:
Verification for hardware trust. IEEE Transactions on
Computer-Aided Design of Integrated Circuits and Systems,
34(7):1148–1161, 2015.
[23] Z. Wan, J. Liu, and R. Deng. HASBE: a hierarchical attribute-
based solution for flexible and scalable access control in cloud
computing. IEEE transactions on information forensics and
security, 7(2):743– 754, 2012.
[24] M. Qiu, K. Gai, B. Thuraisingham, L. Tao, and H. Zhao.
Proactive user-centric secure data scheme using attribute-based
semantic access controls for mobile clouds in financial
industry. Future Generation Computer Systems, 80:421–429,
2018.
[25] C. Cheung, T. Quek, and M. Kountouris. Throughput
optimization, spectrum allocation, and access control in two-
tier femtocell networks. IEEE Journal on Selected Areas in
Communications, 30(3):561–574, 2012.
[26] D. Zissis and D. Lekkas. Addressing cloud computing security
issues. Future Generation computer systems, 28(3):583–592,
2012.
[27] W. Diffie and M. Hellman. New directions in cryptography.
IEEE transactions on Information Theory, 22(6):644–654, 1976.
[28] M. Li, S. Yu, Y. Zheng, K. Ren, and W. Lou. Scalable and
secure sharing of personal health records in cloud computing
using attributebased encryption. IEEE Trans. on Parallel and
Distributed Systems, 24(1):131–143, 2013.
[29] J. Lai, R. Deng, C. Guan, and J. Weng. Attribute-based
encryption with verifiable outsourced decryption. IEEE
Transactions on Information Forensics and Security, 8(8):1343–
1354, 2013.
[30] J. Li, X. Huang, J. Li, X. Chen, and Y. Xiang. Securely
outsourcing attribute-based encryption with checkability. IEEE
Transactions on Parallel and Distributed Systems, 25(8):2201–
2210, 2014.
[31] C. Gentry. A fully homomorphic encryption scheme. PhD
thesis, Stanford University, 2009.
[32] V. Dijk, C. Gentry, S. Halevi, and V. Vaikuntanathan. Fully
homomorphic encryption over the integers. In EUROCRYPT,
pages 24–43. Springer, French Riviera, 2010.
[33] C. Gentry and S. Halevi. Implementing Gentry’s fully-
homomorphic encryption scheme. In Advances in Cryptology–
EUROCRYPT, pages 129–148. Springer, Tallinn, Estonia, 2011.
[34] V. Vaikuntanathan. Computing blindfolded: New
developments in fully homomorphic encryption. In IEEE 52nd
Annual Symposium on Foundations of Computer Science, pages
5–16, Palm Springs, CA, USA, 2011. IEEE.
[35] D. Stehle and R. Steinfeld.´ Faster fully homomorphic
encryption. In Advances in Cryptology-ASIACRYPT, pages 377–
394. Springer, Singapore, 2010.
[36] W. Wang, Y. Hu, L. Chen, X. Huang, and B. Sunar. Exploring
the feasibility of fully homomorphic encryption. IEEE
Transactions on Computers, 64(3):698–706, 2015.
[37] K. Gai and M. Qiu. Blend arithmetic operations on tensor-
based fully homomorphic encryption over real numbers. IEEE
Transactions on Industrial Informatics, PP(99):1, 2017.
[38] K. Gai, M. Qiu, Y. Li, and X. Liu. Advanced fully
homomorphic encryption scheme over real numbers. In Cyber
Security and Cloud Computing (CSCloud), 2017 IEEE 4th
International Conference on, pages 64–69, New York, USA,
2017. IEEE.
 [39] K. Gai and M. Qiu. An optimal fully homomorphic encryption
scheme. In IEEE 3rd International Conference on Big Data
Security on Cloud, pages 101–106, Beijing, China, 2017. IEEE.
[40] C. Liu, L. Zhu, M. Wang, and Y. Tan. Search pattern leakage in
searchable encryption: Attacks and new construction.
Information Sciences, 265:176–188, 2014.
[41] E. Stefanov, C. Papamanthou, and E. Shi. Practical dynamic
searchable encryption with small leakage. In NDSS, volume 14,
pages 23–26, San Diego, CA, USA, 2014.
[42] M. Naveed, M. Prabhakaran, and C. Gunter. Dynamic
searchable encryption via blind storage. In Security and Privacy
(SP), 2014 IEEE Symposium on, pages 639–654. IEEE, 2014.
[43] B. Cui, Z. Liu, and L. Wang. Key-aggregate searchable
encryption (KASE) for group data sharing via cloud storage.
IEEE Transactions on computers, 65(8):2374–2385, 2016.
[44] F. Han, J. Qin, H. Zhao, and J. Hu. A general transformation
from KPABE to searchable encryption. Future Generation
Computer Systems, 30:107–115, 2014.
[45] D. Kapetanovic, G. Zheng, and F. Rusek. Physical layer
security for massive MIMO: An overview on passive
eavesdropping and active attacks. IEEE Communications
Magazine, 53(6):21–27, 2015.
[46] S. El Rouayheb, E. Soljanin, and A. Sprintson. Secure network
coding for wiretap networks of type II. IEEE Transactions on
Information Theory, 58(3):1361–1371, 2012.
[47] E. Bou-Harb, M. Debbabi, and C. Assi. Cyber scanning: a
comprehensive survey. IEEE Communications Surveys &
Tutorials, 16(3):1496–1519, 2014.
[48] L. Kekely, J. Kucera, V. Puˇ s, J. Koˇ ˇrenek, and A. Vasilakos.
Software defined monitoring of application protocols. IEEE
Transactions on Computers, 65(2):615–626, 2016.
[49] K. Gai, M. Qiu, L. Tao, and Y. Zhu. Intrusion detection
techniques for mobile cloud computing in heterogeneous 5G.
Security and Communication Networks, pages 1–10, 2015.
[50] G. Iba´nez,˜ J. Carral, J. Arco, D. Rivera, and A. Montalvo.
Arppath: Arp-based, shortest path bridges. IEEE
communications letters, 15(7):770–772, 2011.
[51] D. Abts and B. Felderman. A guided tour of data-center
networking. Communications of the ACM, 55(6):44–51, 2012.
[52] Y. Yang, K. McLaughlin, S. Sezer, T. Littler, E. Im, B.
Pranggono, and H. Wang. Multiattribute scada-specific
intrusion detection system for power networks. IEEE
Transactions on Power Delivery, 29(3):1092– 1102, 2014.
[53] D. Schneider. The state of network security. Network Security,
2012(2):14–20, 2012.
[54] J. Torres, M. Nogueira, and G. Pujolle. A survey on identity
management for the future network. IEEE Communications
Surveys & Tutorials, 15(2):787–802, 2013.

222

Authorized licensed use limited to: Cornell University Library. Downloaded on September 04,2020 at 13:44:35 UTC from IEEE Xplore. Restrictions apply.