International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 1557

An Analysis on Privacy Preserving in Cloud
Computing
J ithin S
#1
, Dr. P. Sujatha
*2

#1
PG Scholar in Department of Computer Science
*2
Faculty in Department of Computer Science
Pondicherry University, India


Abstract Cloud computing has brought a new way that
organizations store and manage their data, due to reduced cost,
robustness and ubiquitous nature. It offers the promise of
massive cost savings along with increased IT agility. But the
storage and access of sensitive data in cloud computing is an
important issue to consider. Still many organizations are not fully
confident to have the benefits of the cloud, pointing problems
regarding data loss and unauthorized access, and are reluctant to
give faith on cloud providers to solve these challenges. This paper
discusses some mechanisms and techniques which are used to
preserve the privacy in cloud computing.

Keywords Tree based cryptographic key management, hash
function, data storage, Digital Signatures, Virtualization and
authentication mechanism
I. INTRODUCTION
Cloud computing is an internet based
infrastructure which provides organizations and
users to use various kinds of applications and
services without actually installing those on their
own computers. It provides huge benefits to
organizations of all sizes. In this way cloud
computing is becoming as a new and promising
platform for delivering information infrastructure
and resources as IT services. The users can directly
access these services to run their business jobs in a
pay and use fashion. It can be used in business
processes and make the employees administrative
tasks easier, grow the business, increase
productivity, and generate more revenue. So, many
organizations are taking advantages of the cloud
services for their business. When large no of
companies use cloud storage facility to store their
private data, which is controlled by un-trusted
parties, many issues regarding the security and
privacy will occurs. The storage and access of
sensitive data in cloud computing is still a crucial
issue. Customers often have doubt about whether
their privacy can be protected while taking services
in the cloud, since they are not having much control
inside the cloud. They are also doubtful about the
people who manage the cloud system and the
amount of security that they can get from the
providers. Because of these issues still many
organizations are not fully confident to take benefits
of the cloud. They are having many doubts
regarding data loss and unauthorized access, and are
reluctant to give faith on cloud providers to solve
these challenges. To make the cloud system even
more effective for all the kinds of business, personal
uses, more security measures should be taken in to
account. This paper analyses some mechanisms
which are used to preserve the privacy in cloud
computing. This discusses pros and corns of each
mechanism and provides some suggestions for
overcoming those disadvantages.
II. ANALYSIS OF PRIVACY PRESERVING MECHANISMS IN
CLOUD COMPUTING
This section discusses about various methods and
proposals which are introduced for preserving user
privacy and security in Cloud computing
technology. This gives a brief idea of the proposed
techniques and evaluates the advantages and
disadvantages. It also provides some modifications
to the proposals for achieving a better result and
more efficiency.
A. Privacy Enhanced Outsourcing Of Cloud Data
Privacy enhanced data outsourcing in the cloud
model [1] discussed an enhanced privacy preserving
technique for outsourcing data in cloud. This paper
presented a tree-based key derivation hierarchy.
This tree-based key derivation hierarchy allows
only the outsourcing party to access the data block
located at a particular node while he cannot access
the data blocked encrypted with child keys. It is
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 1558



based on the concept that a data source protected
with a node key in a key management tree can be
shared with or managed by another party without
compromising the security of the data encrypted
with its child nodes keys. For a particular node two
decryption keys (d1, d2) will be assigned. d1 is
associated with the tree and can be utilized to
generate its childrens keys. d1 is used for the
decryption of the database located at the
corresponding node and the generation of sub-keys
for the child nodes, while d2 can only be used for
the decryption of the database at the same node. A
cryptographic one way hash function is used as key
generation function. Security of this system relies
on the difficulty of computing discrete logarithm.
The protocols are based on a polynomial function
and a set of exponentials. But this concept is
generalized in such a way that one encryption key is
associated with many decryption key so that many
user can access the same node at a time. But in this
scenario, Brute force attack can be applied to this
method so that the attacker can access either the
node data or the entire child node data.


Fig. 1 Brute force Attack model
This is a major drawback of this technique. If we
are including an authorization mechanism like
Encryption proxy or a password authentication
system to check whether the requested user is a
valid one or not, we can achieve a high efficiency
data outsourcing model.
B. Cloud Computing By Using A Privacy Preserving System
Data in cloud can be outsourced securely by
using encryption mechanism to the data that we
want to outsource. Still by using encryption, only
the cloud server is prevented from learning content
in the outsourced databases. It cant avoid scenarios
such as employees using cloud applications may
learn more than it is necessary to perform their
respective duties. To prevent a local administrator
from learning the database content of the
outsourced data, A Privacy Preserving System for
Cloud Computing [2] proposed a data outsourcing
technique which prevents sensitive information
need to be protected not only against external
administrators, service providers, but also local
administrators. This technique used machine
readable rights expressions in order to limit users of
the database to a need-to-know basis, which gives a
system architecture that allows sufficient and
flexible restriction writing. So, local administrators
as well as cloud administrators are not able to
change the access rules after an application is
launched. This system uses an Encryption proxy,
which is the key part of the system. It provides user
access to the unencrypted data and acts as an
intermediary between users and cloud that serves
secure data storage. The main advantage of this
technique is that, it follows the information-centric
approach which aims to make cloud data self-
intelligent. Also cloud data are packaged and
encrypted with a usage policy mechanism. While
accessing the data will consult its policy, create a
virtualization environment and attempt to assess the
trustworthiness of the data environment by using a
Trusted Computing mechanism. But this technique
is having some disadvantages. The creation of
complex machine readable access rights to the
decryption keys becomes a challenging problem.
The syntax of XML-based rights expressions is
complicated and obscure when the user-related
conditions become sophisticated. If we are applying
this authorization technique along with some
privacy enhanced outsourcing model like tree-based
key derivation hierarchy model, we can obtain a
high efficiency privacy preserving technique.

C. Ensuring Security of Data in Cloud Computing Using a
Combined Approach
In Cloud Computing, several techniques
including encryption mechanism for protecting
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 1559



privacy of the outsourced data are not fully
accurate.By using encryption, all these techniques
are used for encrypted data searching but increase
complexity and make the system Cumbersome.
Those models did not provide any information
about the security attacks, confidentiality and
integrity. Also these techniques dont focus on
situations like what to do if cloud service provider
turn against the owner. To provide a way to protect
the data, check the integrity and authentication by
following the best possible industry mechanisms, A
combined approach to ensure data security in cloud
computing [3] discussed a technique. The proposed
frame work is divided into two phases. First phase
deals with process of transmitting and storing data
securely into the cloud. Second phase deals with the
retrieval of data from cloud and showing the
generation of requests for data access, double
authentication, verification of digital signature and
integrity, thereby providing authorized user with
data on passing all security mechanisms. An
approach is introduced for storing the data in
different sections in the cloud (public, private,
limited access) basis of three cryptographic
parameters via: Confidentiality, Availability and
Integrity. As the data on cloud will be stored in
encrypted form and the index for searching the data
will be also encrypted. MAC code is used to check
whether data has been tampered throughout the
transmission and this check can be made by the user
or owner of data on retrieving the file. By SSL
encryption, there is also a key that allows only an
authorized person to be able to decode the
information. The main advantages of the proposed
systems are discussing here. This technique
provides a way to protect the data, check the
integrity and authentication by following the best
possible industry mechanisms. It provides
availability of data by surpassing many issues like
data leakage, tampering of data and unauthorized
access even from the cloud service provider. One of
the disadvantages of this technique is that since it
includes lots of procedures for verification and
access granting, it will take significant amount of
time, which will causes the access process slow. If
the encryption process if handled by the owner, it
will make some complication. So as a solution it
will be better to add a key derivation tree like
structure to develop the keys for encryption.
D. Towards Trusted Cloud Computing
In normal cloud applications, clients of cloud
computing services currently have no means of
verifying the confidentiality and integrity of their
data and computation. In these systems, anyone
with privileged access to the host can read or
manipulate a customers data.So the customers
cannot protect their VMs on their own. As a
solution for this problem, Towards Trusted Cloud
Computing [4] discussed a method which enables
IaaS providers to provide a closed box execution
environment that guarantees confidential execution
of guest virtual machines. It allows users to attest to
the IaaS provider and determine whether the service
is secure before they launch their virtual machines
or not. Each node of the backend runs a TVMM that
hosts Customers VMs and prevents privileged
users from inspecting or modifying them. The
Trusted virtual machine monitor protects its own
integrity over time, and complies with the TCCP
protocols. The Trusted coordinator manages the set
of nodes that can run a customers VM securely.
Trusted coordinator maintains a record of the nodes
located in the security perimeter. Also it attests to
the nodes platform for verifying whether the node
is running a Trusted virtual machine monitor
implementation or not. External trusted entity that
hosts the trusted coordinator, and securely updates
the information provided to the Trusted coordinator
about the set of nodes deployed within the IaaS
perimeter, and the set of trusted configurations.
Advantages of the proposed method are given: It
enables IaaS services for providing a closed box
environment for execution. TCCP can guarantee
confidential execution of guest Virtual machines. It
also allows users to attest to the IaaS provider and
determine whether the service is secure before they
launch their Virtual Machines or not. If we can
apply the closed box execution of services to the
other services offered by the cloud, an efficient
cloud computing architecture can be formed.
E. Addressing And Analysing Cloud Computing Security
Issues
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 1560



Many of the organizations and users of cloud
computing technologies are having so many
questions and doubts regarding the security and
privacy of their data and information. Addressing
cloud computing security issues [5] discusses about
the security issues and challenges regarding the
cloud and cloud computing services. It firstly
evaluates cloud security by identifying unique
security requirements and secondly to attempt to
present a viable solution that eliminates these
potential threats. Then it proposes to introduce a
Trusted Third Party, which is used for assuring
specific security characteristics within a cloud
environment. The proposed solution method uses
cryptography, particularly the Public Key
Infrastructure operating by an agreement with SSO
and LDAP. This is to ensure the authentication,
confidentiality and integrity of involved
communications and data. The solution provides a
horizontal service level which is available to all of
the implicated entities. This identifies a security
mesh, in which essential trust is maintained. It has
identified generic design principles of a cloud
environment which stem from the necessity to
control relevant vulnerabilities and threats. To do
so, software engineering and information systems
design approaches were adopted.
F. Digital Identity Management for Preserving Privacy in
Cloud Computing
Users of cloud services must have control on
which personal information is disclosed and how
this information is used in order to minimize the
risk of identity theft and fraud. Digital identity
management in cloud computing can offer some
sort of security to the data outsourcing and
accessing. But digital identity management in cloud
platforms leads to interoperability. The use of
different names for identity attributes leads to
naming heterogeneity. Privacy-preserving Digital
Identity Management for Cloud Computing [6]
provide a privacy enhanced technique to
authenticate users and to support flexible access
control to services, based on user identity properties
and past interaction histories. It Provides a privacy-
preserving multi-factor identity attribute
verification protocol supporting a matching
technique based on ontology mapping techniques,
look-up tables and dictionaries to match cloud
service providers and clients vocabularies. The CSP
matches the identity attributes in the clients
vocabulary with its own attributes to help the client
understand its identity verification policy. The
client executes the AgZKPK protocol to prove the
CSP the knowledge of the matched attributes for
identity. Use of this protocol allows the client for
convincing the Cloud Service Provider that the
client knows the values of the identity attributes
without having to reveal to the CSP the values in
clear. This attribute name matching technique uses
a combination of ontology mapping, dictionaries
and look-up tables in order to address the different
variations in identity attribute names. The
Advantages of the proposal is that, it propose a
privacy enhanced technique to authenticate users
and to support flexible access control to services,
based on user identity properties and past
interaction histories and addresses the
heterogeneous naming. But this technique is having
some drawbacks. This approach gives rights to the
user for using pseudonyms when interacting with
the Cloud Service Providers, if the CSP policies
allow the use of pseudonyms. This may lead to
disclosing the actual user identity or the values of
some of users identity attributes, thus leading to
privacy breaches. It will be better planning to
address this problem by investigating techniques
that maintain unlink ability among multiple
transactions carried out by the same user with the
same or different CSPs.
G. Outsourcing Data in Cloud by combining Cryptography
and Access Control
In many of the data outsourcing techniques in
cloud computing using a reference monitor, it does
not even have to know the access control policy that
is defined by the data owner. So we need to rethink
the open environments access control notation,
where external servers take full management of the
outsourced data and are not trusted with respect to
the data confidentiality. In A Data Outsourcing
Architecture Combining Cryptography and Access
Control [7], it propose a novel access control model
and architecture that eliminates the need for a
reference monitor and relies on cryptography to
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 1561



ensure confidentiality of data stored on a server.
Here Data are encrypted as the data owner stores
them on an external server. Authorizations and
encryption are merged thus allowing access control
enforcement to be outsourced together with the
data. This introduces two separate layers of
encryption, both adopting the key derivation
method. The Base Encryption Layer (BEL) is
performed by the data owner before transmitting
data to the server; and a Surface Encryption Layer
(SEL), performed by the server over the resources
already encrypted by the data owner. In the two-
layer model, each user u receives two keys: one to
access BEL and the other to access SEL, to be used
for decryption one after the other. The main
advantage of this architecture is that here the data
owner, while specifying the policy, needs not be
involved in its enforcement. It also described an
approach for policy evolution that takes into
account the main features of the scenario and is able
to guarantee in most cases confidentiality of the
information in the presence of significant policy
updates, clearly identifying the exposure to
collusion when this risk may arise. One
disadvantage of this architecture is that efficient and
fast execution of different queries given by the user
will be slow. We should incorporate a mechanism
that will provide efficient execution of various user
queries.
H. Cloud Computing Security Challenges
The ongoing development and growth of
cloud and its vast benefits and advantages are not
that much effective because of the challenges and
inconsistencies that exist in its current state.
Considering about the data security, efficiency and
effectiveness of cloud services are a result of these
challenges. Beyond lightning: A survey on security
challenges in cloud computing [8] presents a survey
regarding security in cloud computing and discusses
a number of possible research topics to improve
security in cloud. It presented an overview of cloud
computing, its classifications and benefits. Then it
discussed security challenges that occur in the
current cloud computing model. That includes both
the conventional security challenges which can be
applied to cloud computing and a number of new
challenges which are inherently connected to the
new cloud paradigm. So many cloud security issues
are present in this scenario. In that this study
emphasized three areas of particular interest, which
are: trusted data sharing, SLAs and accountability
in the cloud. Then it outlined ongoing work on
security of SLAs for cloud computing and also it
briefly presented a scheme to address the privacy
issue and security in the cloud. Secure data storage
in cloud environment is a significant concern which
prevents many users from using the cloud. For this
issue, it presented a solution to provide security and
privacy for user data when it is located in a public
cloud. This particular secure storage solution does
not always fit as there are still a number of
applications that rely on accessing cleartext data
in the cloud. This shows the need for further work
regarding accountability mechanisms in public
clouds for providing transparent services that can be
trusted by all users.
I. Accessing Outsourced Data Securely and Efficiently
In Cloud computing, since many service
providers are un-trusted, the confidentiality,
integrity, and privacy of the clients' information
must be protected by some mechanisms. Secure and
Efficient Access to Outsourced Data [9] propose a
mechanism that provides a secure and efficient
access to large scale outsourced data in cloud
computing. It proposes to encrypt every data block
with a different key so that flexible cryptography-
based access control can be achieved. It introduces
mechanisms to handle both updates to outsourced
data and changes in user access rights. The data
owner stores a large amount of encrypted
information on the service provider. It generates the
data block encryption keys through a tree based key
derivation hierarchy. Dynamics in user access rights
can be represented as different combinations of two
primitive operations: access right grant and
revocation. It uses over-encryption and/or lazy
revocation to prevent revoked users from getting
access to updated data blocks. The main advantages
are listed as: Through the adoption of key
derivation method, the owner needs to maintain
only a few secrets. Also it reduces the
computational, storage, and communication
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 1562



overhead. But it has some disadvantages also. Once
the outsourced party is granted the node key, it can
be used to derive all sub-keys for its child nodes. Ie
once a parent node in the tree is given, all the
children would be known. To solve this we can add
multiple decryption keys for an encrypted block,
where one can be used for deriving the child keys
and other for accessing only the current node data.
If we add an authentication system along with this,
we can make a highly secured data outsourcing
system.
J. Identity Attribute Service for Cloud with Protection of
Privacy in Cyberspace
Cyber applications and usage are increasing day
by day. So we have to provide huge scale cyber
trusted service and privacy protection for all these
services. All national E-Business and E-
Government moving deeply in cyberspace, hence
the trust and privacy should be considered more and
more seriously. Most of the cyber applications
request authenticating the user identity in the real
world, and most applications only confirm only few
user attributes and features to decide whether giving
specific services. Currently, most of the internet
applications and services adopt the registration of
the user name and the password, Email, or the
phone number only, so that it concludes difficult to
confirm the identity and easy to steal and abuse the
identity. Considering this Cloud-Based Identity
Attribute Service with Privacy Protection in
Cyberspace [10] presents a cloud-based service
method for user identity attribute service in
cyberspace, and a method based on the service
model of multilevel cyber identity management
provides user identity attribute service for cyber
applications. It implements the mechanism of
multilevel privacy protection policy, and presents
the authentication service of the eID certificate and
the coherence authentication service of the eID
identity. The cloud-based trusted identity attribute
service model will separate users real identity
management from the business account
management, entrust official management
departments to maintain the real identity service
separately and manage the real identity in the
official management domain. The main advantage
of this method is that the security of web
applications along with user privacy is protected by
providing fine-grained access control with user
identity attribute and strong authentication services.
K. Combining Policy Monitoring and Virtualization
Techniques for Enhanced Cloud Security
Enhanced Cloud Security by Combining
Virtualization and Policy Monitoring Techniques
[11] discusses details about different challenges and
issues of Cloud Computing and solution to
overcome those issues. Cloud computing is
undergoing so many security and privacy issues.
Many of the companies and organizations are
doubtful to use this service because of the fear that
they may lose their valuable data. Using
virtualization server, resources, network, desktop,
application, operating system and storage can be
virtualized. One of the major concerns in future is
computing with less power. With virtualization,
apart from flexibility, scalability, security, utilizing
underutilized resources/idle resources,
manageability, cost effective cloud computing with
virtualization technology takes less power since
more than one virtual machines can be run on a
single physical machine. There are many standards
and organizations working on cloud security. Some
of them are Cloud Security Alliance (CSA), ISO
27001-27006 series, European Network and
Information Security Agency (ENISA), Information
Technology Infrastructure Library (ITIL) and
National Institute of Standards and Technology
(NIST). An automated monitoring tool along with
virtualization will solve the security problems of
cloud. When we use the monitoring tool, it checks
for the port scanning as well as for service scanning
and protocol scanning and we can check the
incoming request for the service and its route ip
also from where request has generated. By
combining Authentication and Authorization
(JAAS) along with the service policy monitoring
besides updating virtual machines periodically will
enhance the security of cloud.
L. Privacy and Security Issues in the Cloud Computing
Privacy and security issues in cloud computing:
The role of institutions and institutional evolution
[12] investigates how the contexts provided by
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 1563



formal and informal institutions affect the
perceptions of privacy and security issues in the
cloud. It shows the origin, nature, and implications
of institutions and institutional changes in the
context of cloud computing technology. A goal of
this is also to gain insights into the mechanisms and
forces that have brought about institutional changes
in the cloud computing industry. Particularly, they
have investigated how contradictions generated at
various levels by the formation of dense networks
and relationships, the technology and the changing
power dynamics have triggered institutional
changes. The current analysis of the reasons, effects
of institutions and institutional change are mainly
focused with more established markets and
industries. This paper is expected to give insights
into institutions surrounding to this new and
emerging technological development.
III. CONCLUSION
Security and privacy of outsourced data is one of
the major challenges in the cloud computing. For
providing security the data stored in the cloud are
encrypted so that only authorized parties having the
decryption key can access them. But here also it is
subjected to brute force attack which is a major issue
to consider. The cloud clients and organizations
often have doubt about whether their privacy and
secrecy can be preserved while taking services in the
cloud, since they are not having much control and
access inside the cloud. Since many issues regarding
these security aspects, still many organizations are
not fully confident to take benefits of the cloud. This
paper analyses different secure mechanisms and
techniques used for storing and accessing the
outsourced data in cloud system. It analyses each
work and discusses those in details along with some
improvement suggestions.
REFERENCES
[1] Miao Zhou , YiMu, Willy Susilo ,J unYan and Liju Dong, Privacy
enhanced data outsourcing in the cloud, J ournal of Network and
Computer Applications ;13671373, Elsevier; J anuary 2012.
[2] Ulrich Greveler, Benjamin J ustus and Dennis Loehr, A Privacy
Preserving Systemfor Cloud Computing ,J uly 2011.
[3] Sandeep K.Sood, A combined approach to ensure data security in cloud
computing, J ournal of Network and Computer Applications; 1831
1838, Elsevier; J uly 2012.
[4] Nuno Santos, Krishna P. Gummadi and Rodrigo Rodrigues, Towards
Trusted Cloud Computing, 2010.
[5] Dimitrios Zissis and Dimitrios Lekkas, Addressing cloud computing
security issues, Future Generation Computer Systems 28 (2012) 583
592; Elsevier, 2012.
[6] Elisa Bertino, Federica Paci and Rodolfo Ferrini, Privacy-preserving
Digital Identity Management for Cloud Computing.
[7] Sabrina De Capitani di Vimercati, Sara Foresti, Sushil J ajodia, Stefano
Paraboschi and Pierangela Samarati, A Data Outsourcing Architecture
Combining Cryptography and Access Control, ACM Workshop on
Computer Security Architecture, Fairfax,Virginia, USA, November
2007.
[8] Chunming Rong, Son T. Nguyen and Martin Gilje J aatun, Beyond
lightning: A survey on security challenges in cloud computing,
Computers and Electrical Engineering 39 (2013) 4754, Elsevier, 2012.
[9] Wang W, Li Z, Owens R and Bhargava B, Secure and efficient access
to outsourced Data, Proceedings of the 2009 ACM workshop on cloud
computing security, CCSW 09. 5566 New York, NY, USA:ACM;
2009.
[10] Xiang Zou, Bing Chen and Bo J in, Cloud-Based Identity Attribute
Service with Privacy Protection in Cyberspace, 1160 1164, Elsevier;
2012.
[11] Loganayagi.B and S.Sujatha, Enhanced Cloud Security by Combining
Virtualization and Policy Monitoring Techniques, 654 661, Elsevier;
2012.
[12] Nir Kshetri, Privacy and security issues in cloud computing: The role
of institutions and institutional evolution, Elsevier; 2012.
[13] C. Blundo and S. Cimato and S. De Capitani di Vimercati, A. De Santis
andS. Foresti and S. Paraboschi and P.Samarati, Efficient Key
Management for Enforcing Access Control in Outsourced Scenarios, p.
36475, Boston: Springer; 2009.
[14] Fa-Chang Cheng and Wen-Hsing Lai, The Impact of Cloud Computing
Technology on Legal Infrastructure within InternetFocusing on the
Protection of Information Privacy, 241 251, Elsevier; 2012.
[15] Cloud computing world home page http://Cloudcomputingworld.org.