Abstract
The emergence of Internet of Things (IoT) has introduced smart objects as the fundamental building blocks for developing a smart cyber-physical universal environment. The IoTs have innumerable daily life applications. The healthcare industry particularly has been benefited due to the provision of ubiquitous health monitoring, emergency response services, electronic medical billing, etc. Since IoT devices possess limited storage and processing power, therefore these intelligent objects are unable to efficiently provide the e-health facilities, or process and store enormous amount of collected data. IoTs are merged with Cloud Computing technology in Multi-Cloud form that basically helps cover the limitations of IoTs by offering a secure and on-demand shared pool of resources i.e., networks, servers, storage, applications, etc., to deliver effective and well-organized e-health amenities. Although the framework based on the integration of IoT and Multi-Cloud is contributing towards better patient care, yet on the contrary, it is challenging the privacy and reliability of the patients’ information. The purpose of this systematic literature review is to identify the top security threat and to evaluate the existing security techniques used to combat this attack and their applicability in IoT and Multi-Cloud based e-Healthcare environment.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Avoid common mistakes on your manuscript.
1 Introduction
In this era of growing technology, every entity aims to be connected, and nowadays this goal is achieved by making the use of Internet of Things (IoT). The idea of IoTs was first given by Kevin Ashton in 1999 [49], where he described that in future computing will rely more on data gathered by electronic objects rather than the data collected by humans. Now the time has come when the devices are able to identify, capture and understand the information of their surroundings. These devices are also capable of exchanging the captured data over the internet more efficiently, accurately and at a lower cost thereby reducing the data loss. Today, these devices have their applications in daily life including traffic monitoring, agricultural monitoring, healthcare, smart homes, smart grids, critical infrastructure, etc.
Due to the above-mentioned advantages, the IoT is currently playing a vital role in transforming the healthcare industry [17, 47]. With the deployment of IoTs in the healthcare environment, the patients are now treated much better and at lower costs. Patient monitoring is now done on real time basis, as these devices are capable of communicating the information. However, the challenge lies in managing the enormous amount of data generated by these objects since IoT devices have limited resources like computing power, storage and energy [21, 22, 30]. The need of the hour is to combine IoTs with some other technology [34] that would overcome the above-mentioned limitations and can provide an efficient framework for healthcare establishments.
1.1 Integrating IoT with Cloud Computing technology for e-Healthcare
Cloud computing is another big hit in the IT industry that delivers shared pool of resources on demand including; servers, storage, applications, etc., to different organizations. Cloud computing integrates grid, parallel and distributed computing [34] and is thus able to provide high computation power as well as real time processing [1]. Moreover, cloud computing provides sufficient storage by eliminating the need of deploying physical resources. Because of the aforementioned benefits of cloud computing, it can be successfully merged with IoT to present a system that could be deployed for e-Healthcare services [14, 23] like handling huge amount of data gathered by IoT, continuous patient health monitoring, analysis of patients’ records, etc., economically on the basis of pay-as-you-go plan [21, 24, 46].
A general framework based on the integration of IoTs and cloud computing [34] for e-Healthcare organizations is shown in Fig. 1. This framework is multi-layered and is described below.
-
Tier 1
Represents two phases, one is the information gathering phase and the other is the communication subnet phase. In Phase 1, the data of the patient is collected by means of IoTs; e.g., sensors and cameras. In Phase 2, short distance communication technology including; Bluetooth, UWB, ZigBee, Wi-Fi, etc., are used to form a peripheral network in order to transfer patient’s information to tier 2.
-
Tier 2
Depicts two networks; Access Network and Core Network. The patients’ information from tier 1 is transferred to the Access Network, which can either be wired or wireless medium. From Access Network, the data travels to the Core Network that can use any one of the transmission technologies like Packet-based transport network, Optical Transport Network, Synchronous Digital Hierarchy, 2G, 3G, LTE or Next Generation Network, to further transmit the information.
-
Tier 3
Consists of the most important part of the framework; Cloud Computing. This layer is capable of storing and processing huge amount of data collected in tier 1. In Fig. 1, it can be seen that it is a Multi-cloud architecture where one cloud provides access to the concerned people to e-health applications like health portal, medical billing, staff information, etc. The second cloud consists of e-health storage where the patients’ information, coming from tier 2, is stored and further processed by the Cloud Service Provider (CSP). The third cloud consists of e-health storage backup, which continuously backs up data stored in the second cloud for availability in unforeseen emergency situations and to ensure the integrity of the stored data.
-
Tier 4
Depicts that the data is transferred and is now accessible to the staff of the e-Healthcare organizations. At this stage, the doctors can view the patients’ health information and can provide health services and their recommendations accordingly to treat the patients in a suitable manner.
IoT based on Cloud Framework for e-Healthcare
Although the above-mentioned framework efficiently fulfils the requirements of e-Healthcare establishments, yet there are certain security issues associated with this framework [27, 40]. Among the security attacks that could threaten the Confidentiality, Integrity and Availability (CIA) triad [8], the most important risk to healthcare organizations is the Malicious Insiders threat. If there are any malicious insiders residing in the e-Healthcare environment, then they can modify, delete or leak the patients’ data. This can challenge a patient’s privacy and lead to wrong treatment of a patient as well, thereby risking a life. Malicious Insider Attack is particularly focused in this research, since it is one of the most frequently occurred attacks in the world. According to 2016 Cyber Security Intelligence Index [15], 60% of all the cyber attacks are carried out by the insiders. Therefore, in this research, all the recent studies on the threat of Malicious Insiders to IoT and Multi-Cloud based healthcare architecture have been critically assessed.
Malicious Insiders attack is possible in all the tiers of general IoT and Multi-Cloud based e-Healthcare framework. In tier-1 where sensors and cameras are deployed to gather the health information of patients, one can modify the settings to send wrong information to the healthcare organization or one could attain and leak the patients’ data. Similarly, in tier-1 and tier-2 where different mediums are used to transmit the patient information to tier-3, malicious insiders can perform several malicious activities including redirecting the traffic to a rogue network, compromising the availability of records by launching DoS attack [26] on the network; giving access of patients’ health information to unauthorized people who can then perform various network related attacks [36] including leakage [10] of the sensitive data.
In tier-3, a Multi-Cloud architecture is shown that could generally be adopted by healthcare organizations for load balancing and better security [35, 41]. However, this architecture is as vulnerable to the threat of Malicious Insiders as the single cloud architecture because the malicious insiders can:
-
Gain access to patients’ data through e-health applications.
-
Modify the e-health apps to execute any malicious code.
-
Manipulate data stored in e-health storage.
-
Leak or delete the e-health storage backup.
-
Perform collusion attacks etc.
Just as other tiers, tier-4 is also exposed to Malicious Insiders attack as any authorized person from lower to upper level can leak or modify the patients’ health information thereby affecting the level of trust between the patient, health organization and the doctor.
From the above discussion, it can be observed that Malicious Insiders attack is a type of attack that can occur at any level in the e-Healthcare framework based on the integration of IoT and Cloud Computing. This attack is more prominent in tier-3 i.e., Multi-Cloud layer. Hence in this research, the Malicious Insiders attack along with its solutions is mainly focused in tier-3.
The rest of the paper is structured as follows: First of all in the systematic mapping section, the research methodology is described. Then the results obtained from the systematic review are discussed in the next part i.e., results and discussion. After that, analysis of the results is conducted. At the end, conclusion is presented along with the future work on the debated topic.
2 Systematic mapping
This research includes a systematic review of the existing literature on the security threats related to IoT based Cloud e-Healthcare environment. The purpose of this research is not only to summarize the associated cyber threats and vulnerabilities, but also to examine the current posture of cyber security and frequently occurring attacks on IoT and Multi-Cloud based e-Healthcare organizations.
2.1 Question formalization
The objective of this research is to recognize the most significant cyber threats, risks, vulnerabilities and issues faced by the IoT based Multi-Cloud e-Healthcare environment along with the present solutions to address these challenges. This paper aims to cater the following research questions:
-
RQ1
Which security attack is mainly addressed in the literature review among the top security threats to confidentiality and integrity of patients’ data in IoT based Multi-Cloud e-Healthcare environment?
-
RQ2
Critically analyze the existing solutions available for handling the Malicious Insiders attack inside Multi-Cloud and e-Healthcare environment.
In order to answer the above mentioned questions, a Systematic Literature Review (SLR) was conducted based on the guidelines proposed by Kitchenham et al. [20]. This review is basically concentrated on peer-reviewed published papers that addressed security challenges associated with both IoTs and Cloud Computing.
During the review procedure, the following keywords and relevant initiatives were used: IoTs, Cloud Computing, Multi-Cloud, e-Healthcare, Security attacks, Confidentiality, Integrity and Malicious Insiders attack.
2.2 Search strings
To look into the pertinent published articles that mainly focused on the Malicious Insiders attack and the current solutions to handle this threat in IoT based Multi-Cloud e-Healthcare, the following search strings were developed from the aforementioned keywords. In the e-Healthcare environment, Malicious Insiders can challenge the privacy of patients by modifying or leaking patients’ health information, thereby leading to wrong treatment and putting a life in danger. In both cases, the reputation of that organization will be questioned, which will cause defamation along with great financial loss to the business.
-
Seach String for RQ1:
Open issues in IoT and Multi-Cloud OR security attacks on confidentiality in Multi-Cloud OR security attacks on integrity in Multi-Cloud AND frequently occurring attack in e-Healthcare.
-
Seach String for RQ2:
Malicious Insiders Attack AND handling Malicious Insiders attack in Multi-Cloud.
2.3 Selection of sources
The mentioned search strings for both research questions were used to collect relevant data from digital libraries. The searched content is based on the conference papers and journal articles published in most authentic electronic databases that are technically and scientifically reviewed by the peers. These include IEEE explore, ACM digital library, Science Direct, Elsevier Journals and Springer Link. Grey Literature that consists of articles, technical reports, etc., also supported the search process. These databases were searched thoroughly because of the reason that good quality proceedings of conferences and journals related to computer science and engineering were easily accessible. The recent articles that were published between the years 2009 to Aug 2017 became part of this review.
2.4 Inclusion and exclusion criteria
The articles addressing the security issues in IoT based Multi-Cloud and published from 2009 to Aug 2017 were included in this research. The research papers mentioning and handling the attack of Malicious Insiders were mainly focused. As this research work was performed in Nov 2016 and then revised in Aug 2017, therefore, the articles published after this date are not included in this work. Moreover, the exclusion criteria was based on: non-English contributes, duplicate papers, and publications associated to security attacks but not related to IoT based Multi-Cloud architecture.
2.5 Quality assessment checklist
A quality assessment checklist was developed to evaluate the individual studies based on Kitchenham [20]. This checklist involved the following questions: a) Is the research methodology clearly specified in the research paper? (b) Is the research methodology applicable to the problem under consideration? (c) Is the analysis of the study appropriately done? If the study fulfilled the assessment criteria then it was given a “yes.”
3 Results and discussion
Search strings were constructed based on the formalized research questions to get the required data from the electronic databases (ACM, IEEE, Springer etc.), which were then evaluated according to the developed criteria that has been mentioned above. Figure 2 shows the steps that were followed in the selection of articles for RQ1 and RQ2.
a) RQ1: Paper Selection, b) RQ2: Paper Selection
First, the search process was carried out by making use of the formulated search strings to gather the material relevant to the research topic based on the inclusion and exclusion criteria defined above. After that, the selected keywords were used to refine the research method. Finally, full screening was carried out to filter the papers that mainly served as primary proposals for the research.
To cater the research questions, IoT and Multi-Cloud based general framework was conceptually analyzed for different types of attacks that could challenge the secrecy and validity of the medical records. Among those attacks, Malicious Insiders was identified as a severe threat that is always there and can severely harm the two important components of the CIA triad; Confidentiality and Integrity. In Fig. 1, the dotted circles depict the locations where this attack mainly occurs and thus should be controlled to ensure the reliability and privacy of the patients’ archives.
-
RQ1:
Mainly addressed security attack in the literature review among the top security threats to confidentiality and integrity of patients’ data in IoT based Multi-Cloud e-Healthcare environment
In order to answer RQ1, the selected material was thoroughly and conceptually reviewed. Based on these studies, the top security threats to the authenticity and covertness of patients’ information were identified. A security attack on confidentiality basically reveals health information of a patient under treatment to unauthorized individuals. This not only leads to violation of Health Insurance Portability and Accountability Act (HIPAA); the US legislation that safeguards privacy of health information, but also risks the issue of moral respect and bond of trust between a patient and a doctor. Similarly, an attack on the integrity leads to the modification/deletion of patients’ health information that may result in a number of serious issues related to HIPAA violations and compromised health care. Possible attacks on patients’ records pertaining to confidentiality and integrity in a general IoT and Multi-Cloud based framework are described below. Table 1 shows the frequencies of occurrence of these attacks in the existing literature.
-
a)
Side-channel Attack: A perpetrator could attack the confidentiality of data present in the cloud by placing an attacking Virtual Machine (VM) close to the targeted VM in order to perform a side-channel attack. The attacker can then gain an unauthorized access to the patients’ encrypted information by obtaining the cryptographic keys through that malicious VM, hence attacking the patients’ privacy [3, 27, 37, 39, 40, 45].
-
b)
Man-in-the-middle Attack: This attack occurs when an attacker sits in a communication track linking two users. He can either place himself in a path connecting patient and cloud or between cloud and e-Healthcare organization. In both cases, he accesses patient’s information by intercepting it or even alters this data to put its valuable traits; confidentiality and integrity, in danger [3, 27, 39, 40].
-
c)
Malicious Insiders Attack: The term malicious insider [13] refers to an existing or a former employee, a business partner or a contractor who has authorized access to an organization’s systems, annals, information or network, and who intentionally misuses his authority to compromise the confidentiality and integrity of the patients’ records [6, 14, 16, 17, 19,19,20,21,23, 28,28,30].
-
d)
Session Hijacking Attack: This attack occurs through the exploitation of a valid session by attaining the session key, that leads to illegal access to a patient’s data and hence to the disclosure of his information along with targeting its reliability [11, 16, 29].
The subsequent sub-section presents the frequently occurring and mostly addressed attack in the literature review.
3.1 Why malicious insiders attack?
Malicious insiders pose a major threat to any organization including e-Healthcare. According to 2016 cyber security intelligence index [15], 60% of all the attacks are caused by the insiders. Among this 60%, the part constituted by the malicious insiders is 44.5%, which is indeed a large contribution. Malicious insiders can adversely affect an organization’s mission and reputation, and thus can cause a great harm to any business.
If the malicious insiders are residing inside an e-Healthcare environment as shown in Fig. 1, then they can become a threat to the organization in the following ways:
-
i.
If a malicious insider lies inside the Multi-Cloud environment, then he/she can easily access the patients’ real time information coming from the IoT objects and can therefore tamper or leak this data in order to tarnish the market image of CSP or the healthcare organization that is acquiring the cloud services.
-
ii.
Similarly, if a malicious insider is a current or former employee of the healthcare organization, then he/she can modify the patient’s data leading to wrong treatment of the patient, thus putting a life at stake. Similarly, he/she can also release the health information of a patient to unauthorized entities, thus violating the law of privacy i.e., HIPAA.
-
iii.
At patients’ side or while the data is being transmitted through the network, the patients’ health information can be leaked or modified by any malicious insider residing in those areas of the framework.
-
RQ2:
Existing solutions to handle Malicious Insiders attack in IoT and Multi-Cloud based e-Healthcare environments
To answer RQ2, a thorough review of the selected papers was conducted as indicated in Fig. 2. The detailed analysis of already published work identified the publications that contained some techniques to handle the Malicious Insiders attack. In Fig. 1, the dotted circles highlighted the areas where this attack could mostly occur, thus studies related to combatting this attack at those areas mainly served the purpose in answering RQ2. As indicated in Fig.2b, ten research papers were included in this review as only these papers contributed towards achieving the aim of this study, i.e., to analyze the present solutions associated with managing the malicious insiders’ threat specifically in the IoT based Multi-Cloud environment. Table 2 provides the detailed analysis of the already available solutions depicting their strengths and weaknesses.
4 Analysis
The main objectives of this research work are to comprehensively review the selected studies in order to handle the defined research questions and to identify the important threat that was addressed on a frequent basis in IoT based Multi-Cloud e-Healthcare organizations (RQ1). After that, analysis of the proposed solutions to counter the identified attack was carried out (RQ2).
Table 1 gives an overview of the detailed study of the attacks pertaining to confidentiality and integrity of patients’ data in integrated IoT and Multi-Cloud based e-Healthcare establishments. It depicts that the most occurring and threating attack to patients’ information in that particular environment is the Malicious Insiders attack. This attack can not only put the confidentiality and integrity of patients’ data at stake, but can also lead to a number of attacks challenging the security of healthcare information with respect to CIA triad [44]. Although this attack is frequently taking place, yet less solutions are there to cater the Malicious Insiders attack in the IoT based Multi-Cloud e-Healthcare environment.
Table 2 consists of the results of reviews and analysis of the existing solutions to manage the threat of malicious insiders in e-Healthcare environment based on the integration of IoT and Cloud Computing. It can be deducted from the studied literature that the existing solutions have some strengths as well as weaknesses.
Most of the solutions that have been suggested involve cryptographic techniques to handle the malicious insiders threat. It can be seen from the above table that each cryptographic technique has its own drawbacks, which can compromise the e-Healthcare data by any privileged role and collusion attacks inside the cloud. Furthermore, these techniques involve intensive computation to make the data intangible, which is not an efficient way to secure real time data gathered by IoT devices as the patient data should be monitored without much delay to achieve better patient care, which is the main objective of integrating IoTs with cloud computing for healthcare. Most of the solutions are there to combat this threat inside the cloud and only a few methods are available to manage this threat inside the e-Healthcare organizations where the patients’ data is as much susceptible as it is inside the cloud to this threat.
So a detailed and efficient solution should be proposed for IoT and Multi-Cloud based e-Healthcare organization focusing the different perspectives of malicious insiders attack in each tier of the general framework shown in Fig. 1. This solution may combine access controls with cryptographic techniques and behavioral analysis of the people associated with the patient end, the cloud atmosphere and the e-Healthcare organization.
5 Conclusions
The following conclusions have been drawn after systematically reviewing the literature in order to handle both research questions related to the security issues in IoT and Multi-Cloud based e-Healthcare environment.
5.1 Regarding RQ1
From the systematic literature survey and review, it has been concluded that IoT based Multi-Cloud e-Healthcare organizations are most vulnerable to the Malicious Insiders threat among all the other threats associated to the attacks on confidentiality and integrity of patients’ medical records. Malicious Insiders can cause a great damage to the business and can serve as a great hurdle in its growth as well as in maintaining a better image in the market. Moreover, this threat can form the basis of other attacks that lead to the leakage of patients’ information and thus to the violation of HIPAA privacy law. The malicious insiders can also tamper with the patients’ health data that can put a life in danger through the mistreatment of the patients according to the altered data.
5.2 Regarding RQ2
The malicious insiders threat should be countered in order to: ensure the privacy and reliability of the patients’ health information, for the provision of better health services and to maintain the health organizations’ reputation. By conducting the systematic literature review, the following conclusion is reached pertaining to the solutions already present to cater the threat of Malicious Insiders. The existing techniques have advantages as well as some flaws. The strengths of the present solutions should be used as a guide to design new techniques in future that would overcome the drawbacks of the current schemes so as to manage the threat of malicious insiders in a more appropriate manner in order to safeguard two most important components of the information security CIA triad relevant to healthcare data i.e., Confidentiality and Integrity.
5.3 Future directions
There is a need to propose a method to control the Malicious Insiders threat that will overcome the limitations of the present techniques and can fight against this attack in both situations: inside Multi-Cloud environment and inside e-Healthcare establishment, by implementing preventive, detective and reactive controls. Some of the techniques that should be considered in future to avoid the threat of Malicious Insiders in IoT based Multi-Cloud e-Healthcare environment are as follows:
-
User Behavior Analysis
-
Policy-based Frameworks
-
Socio-technical Approach
Models for User Behavior Analysis and Socio-technical approaches [4] have been proposed by a number of researchers, but there are loopholes in all the proposed models and thus cannot be applied to IoT based Multi-Cloud e-Healthcare environment to control Malicious Insiders. This challenges future researchers to design schemes that are appropriate to: analyze user behavior and apply technical controls to cater this threat specifically in the above-mentioned environment.
From the literature review, it has been observed that policy-based solutions are there for privacy concerns but none of them specifically caters the Malicious Insiders threat in the integrated IoT and Multi-Cloud based e-Healthcare environment. This domain is therefore open for research as well. Researchers can propose a Policy-based Framework to limit the Malicious Insiders threat particularly in IoT based Multi-Cloud e-Healthcare organizations as solutions based on policies are proved to be easily implemented and most effective in securing the important information.
As the world is moving towards the use of IoT day-by-day, the threat of Malicious Insiders is equally possible at the patients’ end where the people in contact with patients can intentionally or unknowingly modify the settings of the information gathering devices (IoTs) that could adversely affect the response of the healthcare organizations pertaining to patient care. A technique should be developed that could detect such a change, notify the healthcare organization about this and could also revert the modification in the settings.
References
Abbas H, Latif R, Latif S, Masood A (2016) Performance evaluation of Enhanced Very Fast Decision Tree (EVFDT) mechanism for distributed denial-of-service attack detection in health care systems. Ann Telecommun 71(9):477–487
Balasaraswathi VR, Manikandan S (2014) Enhanced security for multi-cloud storage using cryptographic data splitting with dynamic approach, in Proceedings of International Conference on Advanced Communication, Control and Computing Technologies (ICACCCT), pp. 1190–1194
Chouhan P, Singh R (2016) Security Attacks on Cloud Computing with Possible Solutions. International Journal of Advanced Research in Computer Science and Software Engineering 6(1):92–96
Claycomb WR, Nicoll A (2012) Insider Threats to Cloud Computing: Directions for New Research Challenges, In Proceedings of IEEE 36th Annual Computer Software and Applications Conference (COMPSAC), pp. 387–394
Duncan A, Creese S, Goldsmith M (2012) "Insider Attacks in Cloud Computing", In Proceedings of IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 857–862
Duncan A, Creese S, Goldsmith M, Quinton JS (2013) Cloud Computing: Insider Attacks on Virtual Machines During Migration, In Proceedings of 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 493–500
Eberleand W, Holder L (2009) Insider threat detection using graph-based approaches, In Proceedings of the Cybersecurity Applications and Technology Conference for Homeland Security, pp. 237–241
Eken H (2013) Security Threats and Solutions in Cloud Computing, In Proceedings of World Congress on Internet Security (WorldCIS-2013), 2013, pp. 139–143
Garkoti G, Pedojuu SK, Balasubramanian R (2014) Detection of Insider Attacks in Cloud based e-Healthcare Environment, In Proceedings of 2014 International Conference on Information Technology, pp. 192–200
Gelenbe E, Gorbil G, Tzocaras D, Liebergekd S, Garcia D, Baltatu M, Lyberopoulos G (2013) NEMESYS: Enhanced Network Security for Seamless Service Provisioning in the Smart Mobile Ecosystem, in Proceedings of Information Sciences and Systems, pp. 369–378
Grobauer B, Walloschek T, Stocker E (2011) Understanding Cloud Computing vulnerabilities. IEEE Secur Priv 9(2):50–57
Gunasekhar T, Rao KT, Reddy VK, Kiran PS, Rao BT (2015) Mitigation of Insider Attacks through Multi-Cloud. International Journal of Electrical and Computer Engineering (IJECE) 5:136–141
Hanley M (2011) Deriving candidate technical controls and indicators of insider attack from socio-technical models and data (CMU/SEI-2011-TN-003). Software Engineering Institute, Carnegie Mellon University. Available: http://www.sei.cmu.edu/library/abstracts/reports/11tn003.cfm. Accessed 15 Sept 2016
Hu Y et al (2016) Simultaneously aided diagnosis model for outpatient departments via healthcare big data analytics. Multimedia Tools Appl. https://doi.org/10.1007/s11042-016-3719-1
IBM X-Force® Research: 2016 Cyber Security Intelligence Index (2016) Available: https://www-01.ibm.com/marketing/iwm/dre/signup?source=ibm-WW_Security_Services&S_PKG=ov47123&S_TACT=000000NJ&&S_OFF_CD=10000254. Accessed 15 Oct 2016
Inam ul Haq M (2013) The Major Security Challenges to Cloud Computing, Masters Thesis, University of Boras
Islam SR, Kwak D, Kabir MH, Hossain M, Kwak KS (2015) The Internet of Things for Health Care: A Comprehensive Survey. IEEE Access 3:678–708
Kandias M, Vircilis N, Gritzalis D (2011) The Insider Threat in Cloud Computing. International Workshop on Information Security & Critical Infrastructure Security 2011:93–103
Kavyashree MU, Manjunath H (2014) A Framework to avoid Vulnerability Incidents in Cloud Computing. International Journal on Advanced Computer Theory and Engineering (IJACTE) 3:12–16
Kitchenham B, Brereton OP, Budgen D, Turner M, Bailey J, Linkman S (2009) Systematic Literature Reviews in Software Engineering –A systematic literature review. J Inf Softw Technol 51(1):7–15
Latif R, Abbas H, Assar S (2014) Distributed denial of service (DDoS) attack in cloud-assisted wireless body area networks: a systematic literature review. J Med Syst 38(11):1–10
Latif R, Abbas H, Latif S, Masood A (2015) EVFDT: An Enhanced Very Fast Decision Tree Algorithm for Detecting Distributed Denial of Service Attack in Cloud-Assisted Wireless Body Area Network. Mob Inf Syst 2015:1–13
Latif R, Abbas H, Latif S, Masood A (2016) Distributed Denial of Service Attack Source Detection Using Efficient Traceback Technique (ETT) in Cloud-Assisted Healthcare Environment. J Med Syst 40(7)
Latif R, Abbas H, Latif S (2016) Distributed Denial of Service (DDoS) Attack Detection Using Data Mining Approach in Cloud-Assisted Wireless Body Area Networks. International Journal of Ad Hoc and Ubiquitous Computing 23(1):24–35
Mahajan A, Sharma S (2015) The Malicious Insiders Threat in the Cloud. International Journal of Engineering Research and General Science 3(2):245–256
Mavoungou S, Kaddoum G, Taha M, Matar G (2016) Survey On Threats And Attacks On Mobile Networks. IEEE Access 4:4543–4572
Min Y, Shin H, Bang Y (2012) Cloud Computing Security Issues and Access Control Solutions. Journal of Security Engineering 9(4):135–142
Muhil M, Krishna UH, Kumar RK, Maryanita EA (2015) Securing Multi-Cloud Using Secret Sharing Algorithm, In Proceedings of 2nd International Symposium On Big Data And Cloud Computing (ISBCC’15), pp. 421–426
Munir K, Palaniappan S (2013) Secure Cloud Architecture. Advanced Computing: An International Journal 4(1):9–22
Na W (2015) Internet of Things based on Cloud Computing Architecture, In Proceedings of 17th International Conference on Measuring Technology and Mechatronics Automation, pp. 585–587
Nguyen M, Chau N, Jung S, Jung S (2014) A Demonstration of Malicious Insider Attacks inside Cloud IaaS Vendor. International Journal of Information and Education Technology 4(6):483–486
Noor TH, Sheng QZ, Alfazi A (2013) Detecting Occasional Reputation Attacks on Cloud Services, In Proceedings of International Conference on Web Engineering, pp. 416–423
Razaque A, Nadipalli SSV, Vommina S, Atukuri DK, Nayani D, Anne P, Vegi D, Mallapu VS (2016) Secure Data Sharing in Multi-clouds”, In proceddings of International Conference on Electrical, Electronics and Optimization Techniques(ICEEOT)
Rui J, Danpeng S (2015) Architecture Design of Internet of Things based on Cloud Computing. In Proceedings of 17th International Conference on Measuring Technology and Mechatronics Automation, pp. 206–209
Salman T (2015) On securing multi-clouds: survey on advances and current challenges. Draft published in Semantics Scolar. Available: https://www.semanticscholar.org/paper/On-Securing-Multi-Clouds-Survey-on-Advances-and-Cu-Salman/c04b71682dca2c24d34ab676ee381cb71d5b8ee3. Accessed 12 Sept 2016
Security 1:1 - Part 3 - Various Types Of Network Attacks | Symantec Connect (2017) Symantec.com. N.p., 2017. Web. 14
Sevak B (2012) Security Against Side Channel Attack in Cloud Computing. International Journal of Engineering and Advanced Technology (IJEAT) 2(2):183–186
Shamir's Secret Sharing (2017) En.wikipedia.org. N.p., 2017. Web. 14
Singh A, Shrivastav M (2012) Overview of Attacks in Cloud Computing. International Journal of Engineering and Innovative Technology 1(4):321–323
Singh S, Pandey B, Srivastava R, Rawat N, Rawat P (2014) Cloud Computing Attacks: A Discussion with Solutions. Open Journal of Mobile Computing and Cloud Computing 1(1):1–10
Singh A, Jain D, Chavan P, Jain S (2016) Multi Cloud Data Security. International Research Journal of Engineering and Technology (IRJET) 3(3):895–898
Subramanian K, John L (2016) Secure And Reliable Unstructured Data Sharing In Multi-Cloud Storage Using The Hybrid Crypto System. International Journal of Computer Science and Network Security 4(11):196–206
What Are Some Disadvantages Of Homomorphic Encryption Schemes? (2017) Crypto.stackexchange.com. N.p., 2017. Web. 14
Yusop Z, Abawajy J (2014) Analysis of Insiders Attack Mitigation Strategies. In Proceedings of Social and Behavioral Sciences 129:611–618
Zhang Y, Juels A, Rieter M, Ristenpart T (2014) Cross-Tenant Side-Channel Attacks in PaaS Clouds, In Proceedings of 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 990–1003
Zhang Y, Qui CT, Hassan MM, Alamri A (2017) Health-CPS: Healthcare Cyber-Physical System Assisted by Cloud and Big Data. IEEE Syst J 11(1):88–95
Zhang Y, Chen M, Huang D, Wud D, Li Y (2017) iDoctor: Personalized and Professionalized Medical Recommendations Based on Hybrid Matrix Factorization. Futur Gener Comput Syst 66:30–35
Zhenji Z, Wu L, Hong Z (2013) Context-Aware Access Control Model For Cloud Computing. International Journal of Grid and Distributed Computing 6(6):1–12
Zhou J, Leppanen T, Harjula E, Ylianttila M, Ojala T, Yu C, Jin H (2013) "CloudThings: a Common Architecture for Integrating the Internet Of Things with Cloud Computing", In Proceedings of IEEE 17th International Conference on Computer Supported Cooperative Work in Design, pp. 651–657
Zibouh O, Dalli A, Drissi H (2016) Cloud Computing Security Through Parallelizing Fully Homomorphic Encryption Applied To Multi-Cloud Approach. Journal of Theoretical and Applied Information Technology 87(2):300–307
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Ahmed, A., Latif, R., Latif, S. et al. Malicious insiders attack in IoT based Multi-Cloud e-Healthcare environment: A Systematic Literature Review. Multimed Tools Appl 77, 21947–21965 (2018). https://doi.org/10.1007/s11042-017-5540-x
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-017-5540-x