From cloud computing security towards homomorphic encryption: A comprehensive review

ABSTRACT

NIST also defines reference architecture which is intended to simplify the understanding of the operational complexity in cloud computing. Its target is to describe, discuss, and develop a system-specific architecture [5]. The reference architecture defines five main actors in the relation to the responsibilities and roles. These actors are: cloud consumer, cloud provider, cloud auditor, cloud broker, and cloud carrier [5], [24]. Table 2 illustrates the responsibilities of each actor [24].

SECURITY IN CLOUD COMPUTING
Security is a major requirement of many researchers, anyone how interested in can find a lot of papers that focus on this field, for example see [25]- [31]. At the same time, security and privacy concerns are the main issues that prevent wide acceptance of cloud concepts [3], [32] where switching to a commercial public cloud reduces direct control of systems that manage reliable data and applications [7]. Figure 1 illustrates the differences between traditional security and cloud security.
According to a survey by Gartner, 70% of users do not use cloud computing services because of data security and privacy concerns [6]. These users are not ready to dump their infrastructure and move to the cloud, where their data is kept remotely. They know that their sensitive data remains under cloud control only and not by them [6], [7], [12], [21], [33]. For this reason, cloud security and privacy should be a major concern in the cloud scenario. It is worth noting that cloud computing has many essential security issues when using its services, such as outsourcing, system monitoring and access control, massive data, and intense computation and multi-tenancy issues [9], [15].

TOP CLOUD SECURITY THREATS
The cloud security alliance (CSA) defines a list of the topmost organizations of security threats that face when trying to use cloud services. As this list defined, the top security threats summarized the concerns which can be taken into consideration (by cloud security organization) in order to utilize the advantage of cloud computing as more as possible, without falling in the drawbacks that cloud-based systems have [11], [33], [34]. The top cloud security threats explained in Table 3 [2], [6], [7], [34]- [36] where Table 4 explains the analysis of them [34]. Caused by authentication weakness Use more than one factor of encryption and authentication Broken authentication and credentials Appears when trying to assign suitable permissions for user's job role Using multi-factor authentication systems

Hacked interfaces and APIs
An attacker utilizes a cloud API to grant access to the resources of cloud Interfaces must be designed to protect against both accidental and malicious attempts to circumvent policy Exploited system vulnerabilities Exploitable bugs in programs are used to penetrate a computer system to damage service operations, steal data or take control of the system Using the best practices in order to discover potential vulnerabilities and manage the discovered problems rapidly Account hijacking Attackers may occupy the control of legitimate users' account Using multi-factor authentication with evasion of account credentials sharing Malicious insiders An insider can manipulate data or damage the whole infrastructures of cloud Control the encryption operation and keys, separate jobs and reduce access given to users, Active logging and auditing administrator activities Advanced persistent threat (APT) Penetrates cloud systems and remain hidden and persistently doing their activities for a long-time interval Advanced security controls, frequent infrastructure monitoring and rigid process management Constant data loss delete data constantly Different levels of backup and data distribution key management DoS attacks Effects the availability of a system consumes processing power and up the bandwidth Detection is needed, prepare the key of DoS mitigating, access resources which can be used as mitigation immediately.

Shared Technology Vulnerabilities
As a result of resource sharing in the cloud, one vulnerability can produce a compromise across an entire provider's cloud.

CLOUD DATA SECURITY AND PRIVACY 5.1. Cloud data security
The security of data in the cloud is more complex than traditional systems [4]. However, any cloud must be in a trustworthy environment in order to gain user confidence to adopt this technology [2], [21].
There're lots of security concerns related to cloud computing, these issues collapse into two types [37]: − Cloud service provider's security issues. − The customer's security issues.
However, in order to offer reliable services, the cloud providers should confirm the security of their infrastructure, so their clients' applications and data are secured and stay integrated. Simultaneously, the user should apply measures to reinforce their application and use robust passwords/authentication methods [37]. In the environment of cloud computing, data security is a combination of three concepts, called the CIA triangle which consists of: confidentiality, integrity, and availability [3], [14], [38].

Cloud data confidentiality
The main concerns respected with cloud computing is cloud confidentiality. In cloud computing, it can be defined as "the process of keeping the computation jobs and customer's data private to both cloud provider and other customers" [2], [15], [18], [21], [38]. Confidentiality must be assured in the cloud environment, because of the fact that the data of a user are saved remotely and all computations which applied to them are controlled by the cloud provider, [15], [21], [38]. Various approaches proposed to keep data confidentiality in cloud computing environment such as RSA, DES, SDES, SSL 128-bit encryption, mixed encryptions algorithms, RC5, RBE, and AES [39].

Cloud data integrity
Integrity in the cloud environment involves both of integrity of data and integrity of computations [2], [18], [40]. Where data integrity guarantees that user's data are stored inside the cloud providers in a fidelity way without any modification and any violations if occur must be detected [15], [18], [40]. On another side, computation integrity is a concept of executing the programs without being deformed by cloud providers, malware, or any else of malicious users and detect any incorrect computing [21], [38]. One of the most important methods used to achieve cloud data integrity is the hash algorithm [41].

Cloud data availability
The term data availability means the degree to which user's data can be recovered or used (if there is an event of any hard disk damage or failure) and how to confirm user data by technology rather than relying on the credit guarantee via the CPS only [2], [21], [42], [43]. Availability is a very important concern since the essentiality task of cloud computing is providing on-demand service at different levels. If a particular service isn't available or its quality can't meet the service level agreement (SLA), any customers may forfeit trust in the cloud systems [15], [21], [42], [43].
Usually, cloud providers achieve delivering highly available services, but outages and failures are something they have to face at any time. Failures that might happen include, but are not bound, to the following: human mistakes, network vulnerability, server, storage, or power failures. The suggested solutions to recover from some of the outages are high quality and the organized maintenance of the hardware component, data redundancy, failure detection, backup, infrastructure scalability, and redundant architecture [44].

Cloud data privacy
Privacy is the capability of individuals or groups to isolate themselves or their information from their selves then reveal them in a selective way [6], [21]. In cloud systems, when users want to see sensitive data, privacy has appeared here obviously. The cloud services must have the ability to inhibit possible adversaries from deducing the behavior of the user by the user's visit model [6], [21]. The meaning of privacy in cloud computing is divided into two categories: data privacy and computation privacy [15].
There are many cryptography procedures which are utilized to keep the privacy of the information in order to secure huge information examination in the cloud, such as, homomorphic encryption (HE), verifiable computation (VC), multiparty computation (MPC) [45]. Table 5 explains the main data security aspects in cloud computing, with their possible threats and Defense strategies (for more details see [15]). Where Figure 2 shows the number of noticed research papers written about cloud security and privacy topics in the last five years.

HOMOMORPHIC ENCRYPTION
Homomorphic encryption (HE) gives a great asset to ensure users' privacy in a cloud computing environment. It is a mathematical model, developed in 1978 from the privacy homomorphism concept [46], [47]. It is one of the most popular schemas which are currently focused by computer science researchers in order to achieve the confidentiality of data [47]. Its importance came due to allowing transfer, store, and process the encrypted data securely because it permits encrypted data to be calculated without being decrypted [46], [48], [49]. It converts plaintext to cipher one which can be used and analyzed as if it were in its original form yet [38].

Definition
Like any encryption schema, HE includes four functions when applying it, these functions are key generation, encryption, evaluation, and decryption [49], [50]. Mathematically, HE means translation of one data set to an alternative one, without losing its relation between them [17]. Let (P; C; K; E; D) be an encryption method, where [46]: P& C are the plaintext and ciphertext, respectively K is the key (secret or public key depending on the type of cryptosystem) E&D are the encryption and decryption algorithms. Suppose that the plaintexts compose a group (P;ₒ), and the ciphertexts produce a group (C; ◊), consequently, the encryption algorithm E is a map from the group P to 1158 the group C [46], [51]. An encryption schema is Homomorphic encryption if [46]. For all a and b in P and k in K: Last years, HE usage in a cloud computing environment is spread widely due to its ability to perform arithmetic operations on encrypted texts without the need for a decryption key so that the results are exactly the same as if they were performed on the explicit text. Now, the provider can apply any computation operation on stored decrypted data of the user without any need for the key. This will gain both of consumer trust and ensure data privacy [8], [46], [52]. Figure 3 illustrates how dealing with encrypted data in cloud computing using homomorphic encryption [8], [49], [53].

Categories
HE has been classified into three types depending on the number of mathematical operations that can be performed. These types are [46], [49], [50], [53], [54]: − Partial HE: Performs addition or multiplication operation (not both). − Somewhat HE: Performs a bounded number of addition and multiplication operations. − Fully HE: Can perform both addition and multiplication operations together. Table 6 explains the difference between partial and fully homomorphic encryption [54].

Properties
In general, HE has two properties that appear when applying its schemas. According to these properties, HE can classify into two categories [49], [51], [54], [55]: − Additive homomorphic encryption: HE is classified as an additive if: − Multiplicative Homomorphic Encryption: A Homomorphic encryption is a multiplicative, if: Enc(x⊗ y)= Enc(x) ⊗ Enc(y)

1159
According to the above definitions, many encryption algorithms classified as HE schema. Table 7 illustrates some of them with their related Homomorphic property [47], [49], [53].

CONCLUSION
Currently, cloud computing became the most important thing for many people. They use it in their daily lives and businesses to ensure they get the time, effort, cost, and keep data in a place that they can access from their device anywhere if a network connection is possible. With all of the facilities provided by cloud computing, except it faced many security challenges in different directions, which made the security of the cloud one of the most significant things associated with it in order to gain people's trust and attract them to the use of the cloud services continuously. Therefore, the cloud must be more and more secure in many directions (such as data storage, network). One of these important requirements is preserving privacy in the cloud. Homomorphic Encryption is a famous method that used to ensure the privacy of cloud data due to its feature which makes it easy to perform arithmetic operations on encrypted data without the need for a decryption key.