Next Article in Journal
Experimental and Numerical Flow Assessment of the Main and Additional Tract of Prototype Differential Brake Valve
Previous Article in Journal
Ulcerative Severity Estimation Based on Advanced CNN–Transformer Hybrid Models
Previous Article in Special Issue
ROLQ-TEE: Revocable and Privacy-Preserving Optimal Location Query Based on Trusted Execution Environment
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 15
Issue 13
10.3390/app15137485
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Advancing Data Privacy in Cloud Storage: A Novel Multi-Layer Encoding Framework

by
Kamta Nath Mishra
1,
Rajesh Kumar Lal
2,
Paras Nath Barwal
3 and
Alok Mishra
4,5,*
1
Department of Computer Science &Engineering, Birla Institute of Technology, Ranchi 835215, India
2
Department of Electronics and Communication Engineering, Birla Institute of Technology, Ranchi 835215, India
3
Centre for Development of Advanced Computing (CDAC), Noida 201307, India
4
Faculty of Engineering, Norwegian University of Science and Technology (NTNU), 7034 Trondheim, Norway
5
Informatics and Digitalization Group, Molde University College-Specialized University in Logistics, 6402 Molde, Norway
*
Author to whom correspondence should be addressed.
Appl. Sci. 2025, 15(13), 7485; https://doi.org/10.3390/app15137485
Submission received: 22 April 2025 / Revised: 30 June 2025 / Accepted: 1 July 2025 / Published: 3 July 2025
(This article belongs to the Special Issue Cybersecurity: Advances in Security and Privacy Enhancing Technology)
Browse Figures
Versions Notes

Abstract

Data privacy is a crucial concern for individuals using cloud storage services, and cloud service providers are increasingly focused on meeting this demand. However, privacy breaches in the ever-evolving cyber landscape remain a significant threat to cloud storage infrastructures. Previous studies have aimed to address this issue but have often lacked comprehensive coverage of privacy attributes. In response to the identified gap in privacy-preserving techniques for cloud computing, this research paper presents a novel and adaptable framework. This approach introduces a multi-layer encoding storage arrangement combined with the implementation of a one-time password authorization approach. By integrating these elements, the proposed approach aims to enhance both the flexibility and efficiency of data protection in cloud environments. The findings of this study are anticipated to have significant implications, contributing to the advancement of existing techniques and inspiring the development of innovative research-driven solutions. Continuous research efforts are required to validate the effectiveness of the proposed framework across diverse contexts and assess its performance against evolving privacy vulnerabilities in cloud computing.

1. Introduction

The rise of cloud computing (CC) has generated significant interest in digitally-connected elegant systems [1]. CC offers convenient access to abundant assets and data-related services, catering to the needs of large-scale, data-driven systems [2]. However, amidst the advantages of secure and reliable data storage in the cloud, the issue of data privacy has become a prominent concern [3]. Safeguarding data privacy is crucial to ensure the trust and integrity of cloud storage [4]. Privacy breaches can disrupt services, leading to financial losses [5]. Moreover, compromised personal data (sensitive identifiers) poses risks to individuals, organizations, and governments if misused [6]. Privacy-preserving techniques in the cloud have gained significant attention, offering mathematical and cryptographic solutions to critical challenges in cybersecurity [7]. These techniques aim to establish reliable and secure systems, although their designs may vary based on specific threats [8]. While numerous privacy-preserving recommendations exist, they often focus on specific objectives, such as user identity, data integrity, or analysis [9,10,11,12,13,14]. However, the need for a comprehensive framework that addresses diverse privacy-preserving attributes persists [7,15,16]. This study aims to fill that gap by proposing a framework that effectively addresses multiple privacy-preserving attributes.
This research direction is crucial in ensuring data privacy in cloud storage. By identifying and addressing various privacy attributes, we can establish a comprehensive framework that caters to the evolving needs and challenges of privacy preservation. It is essential to move beyond isolated techniques and embrace an integrated approach that encompasses the entire data lifecycle in cloud storage. By doing so, we can establish a solid foundation for protecting sensitive information, mitigating risks, and building trust between users and service providers. The main research question of this paper aims to gain a deeper understanding and utilize privacy-preserving attributes that lead to the development of innovative solutions that will be aligned with real-world practical requirements, utilizing a multi-layer encoding framework. By addressing this question, authors can contribute to the ongoing efforts of creating a secure and privacy-enhanced cloud storage ecosystem.
The following are the research contributions of this study:
(i)
Development of a novel and adaptable framework that combines a multi-layer encoding storage arrangement and the one-time password (OTP) authorization approach for enhanced data protection in cloud environments.
(ii)
Ensuring a holistic novel approach to privacy preservation in cloud data storage through the examination and then categorization of several privacy attributes into distinct categories.
(iii)
Integration of a multi-cloud-based storage arrangement, enhancing data availability and redundancy for robust data privacy in cloud storage.
(iv)
Introduction of a novel multi-layer encryption approach as an additional layer of protection against privacy breaches in the ever-evolving cyber landscape.
(v)
Inspiring innovative research-driven solutions and aiding in the evaluation and enhancement of privacy approaches in cloud storage.
The structure of the paper is as follows: Section 2 provides background information and related work. Section 3 presents a classification of privacy-protecting attributes for the storage of cloud data. Section 4 describes the anticipated cloud storage structure and illustrates the proposed privacy-preserving framework and its functions. Section 5 includes a discussion of the study. Finally, Section 6 concludes with a discussion of limitations and future research directions.

2. Background

2.1. Privacy Safeguarding

Data confidentiality encompasses several attributes, including identity privacy (keeping users’ identities secret from unauthorized entities), data privacy (maintaining the confidentiality of data for authorized users only), and usage privacy (ensuring the secrecy of user activities against unauthorized parties) [17]. As the internet and informatics domains have rapidly expanded in recent years, the importance of privacy safeguards in cyberspace has gained significant attention [18]. The growing concern for privacy in the industry has spurred the exploration of innovative solutions by experts [19]. Initially, efforts focused on understanding data preservation and defining privacy-preserving techniques [20]. Cloud data failure can result from various factors, such as power outages or hardware and network issues. To protect data privacy, recommendations like randomization, data condensing, and micro-aggregation have been proposed [6]. These systems require a unique approach that incorporates essential privacy attributes [7]. The pixel-related system proposed by Nagraj and Kumar [21] offers another example, designed to ensure privacy in email communication. It employs a pixelated user interface created with an online application programming language. This architecture permits the users to establish a secure link with the server for safeguarding their data [8].
In the authors’ opinion, the ongoing efforts to address privacy concerns in the industry are commendable. It is essential to delve deeper into data preservation and establish clear definitions for privacy-preserving techniques to effectively protect sensitive information. The recommended approaches, such as randomization and micro-aggregation, provide valuable insights into safeguarding data streams in cloud storage. Furthermore, the incorporation of essential privacy attributes, as demonstrated by the four-component model and the pixelated system, showcases the importance of a comprehensive approach. These innovative solutions contribute significantly to enhancing data privacy and fostering a more secure digital environment.

2.2. Related Work

Cloud computing (CC) is widely recognized as the foundation of future innovative research [22,23]. However, data privacy has emerged as a threat to CC services in various forms. Over the past decade, researchers have focused on developing privacy-protecting approaches to alleviate these data threats. Initially, frameworks and strategies were developed without a comprehensive understanding of the diverse range of threats present in cloud storage [24]. To gain insights into these threats, several survey studies have been conducted, categorizing privacy threat types in cloud storage [24,25,26,27]. These categorizations include commonly highlighted attributes such as encryption, access control, and auditing. For example, in [25], integrity checking was employed to protect cloud storage privacy.
Ensuring the reliability of data during transfer is of utmost importance, and integrity checking serves as a vital mechanism in achieving this. By comparing the data to a previous version, integrity checking provides conclusive evidence of its validity. Keyword search, on the other hand, enables users to encrypt textual documents and perform searches for specific keywords or phrases while preserving privacy [28]. This novel approach involves locally encrypting the data before transmitting it to the cloud. To address the challenge of data privacy when retrieving information from cloud storage, remote data integrity checking protocols have emerged as promising technologies. These protocols verify the privacy and integrity of data during retrieval, ensuring that it remains protected from unauthorized access [29]. In a related study, a methodology called dynamic metadata reconstruction was developed to efficiently organize metadata in cloud storage databases. This methodology aims to enhance the overall management and organization of data in cloud storage systems [30]. SecuDB is a secure relational database built on Intel TDX. It offers multi-level privacy and tamper resistance in cloud-based environments. Further, it uses advanced masking techniques and secure temporal tables to protect data from online theft and attacks. It maintains up to 94.70% performance with minimal overhead by ensuring efficient and verifiable operations for contemporary cloud-based workloads [31].
Hence, the categorization and exploration of privacy threat types in cloud storage are crucial steps towards developing robust privacy-preserving techniques. By identifying and understanding these threats, we can devise comprehensive strategies that effectively address privacy concerns. The use of encryption, access control, and auditing measures demonstrates the importance of incorporating multiple layers of protection into cloud storage systems. Moreover, the emergence of innovative approaches like dynamic metadata reconstruction and remote data integrity checking highlights the continuous evolution of privacy-preserving techniques. As the cyber landscape evolves, it is essential to explore new methods and technologies to stay ahead of emerging threats and ensure the privacy of data stored in the cloud. By considering a wide range of attributes and approaches, we can enhance the effectiveness and adaptability of privacy-preserving measures, making cloud storage a secure and trusted environment for data storage and retrieval. Data anonymization is another technique that involves encoding or modifying user data to prevent the disclosure of the data owner’s identity.
The authors Wang X. et al. [32] applied multi-layered security frameworks and offered innovative strategies to reinforce data privacy within cloud-based environments. Their study introduced a hierarchical federated learning-based approach for tracing anomalies in industrial IoT systems. The research work of [33] combined blockchain concepts with edge computing technologies to permit secure data aggregation in IoT networks. It included the description of encryption, decentralized validation, and tamper-proof storage approaches to secure sensitive data during collection and processing. Therefore, it is most suitable for the design of cloud-integrated architectures.
The authors of [34] proposed a trust evaluation model using blockchain and artificial intelligence for an intelligent transportation system. Their approach used layer-based encoding and distributed trust metrics to protect the data used in communication between vehicular networks, thereby optimizing privacy and efficiency in 5G networks. The study presented by Wang X. et al. [35] offered a federated reinforcement learning model that has the ability to support privacy-sensitive-based quality awareness routing in industrial applications. These contributions [32,33,34,35] present a unified framework to address privacy, reliance, and data protection in modern cloud-IoT-based computing and storage systems that can protect the original participant’s identification and reduce vulnerability to identity theft attacks. The ranking-driven approach applies unique ranking algorithms developed by [36] to data while preserving privacy and aiming for accurate results. Cloud activities with user data partition has emerged as a newer option, emphasizing mutual trust between parties to ensure timely and error-free completion of assigned tasks. Various researchers [37,38,39] have developed their methods of providing data privacy and security using cloud activities and user data partition. In supporting cloud data privacy, hardware trust approaches complement soft-trust techniques. An organization called TCG (Trusted Computing Group), focused on secure industrial standards, has recently developed techniques to enhance the privacy and trustworthiness of hardware [40]. Additionally, establishing laws to govern various actions within the cloud computing system is considered by various researchers to be a crucial characteristic of combating potential hazards.

3. Privacy-Protecting Attributes Classification for the Storage of Cloud Data

This subdivision of the research paper focuses on addressing the research question and aims to identify the essential privacy-protecting attributes in cloud data storage. Developing a privacy preservation framework requires a thorough consideration of all relevant attributes. To achieve this, various extensive reviews of the literature and other contributions were conducted, utilizing multiple databases and search phrases for locating studies that discuss privacy preservation in cloud data storage. The compilation of privacy-protecting attributes from these studies covers various aspects and is divided into several categories. These attributes represent the latest advancements in cybersecurity and encompass different dimensions of privacy preservation [40].
Design management includes features related to auditing techniques, cryptographic approaches, exterior assets, and the structure of the cloud storage. Key management focuses on mechanisms for the generation of keys, the length of the keys, governance, and various functions. The test management function involves the test environment and the applied tests to ensure privacy [41]. The threat management function addresses different types of threats and the measures taken to mitigate them. The performance management function encompasses standards, abnormality detection, and achievements in privacy. In addition to discussing these privacy attributes, this paper incorporates recent studies that highlight innovative approaches to tackle cybersecurity challenges. For instance, J. Tan [42] proposed an image steganography technique for adversarial network architecture.
Furthermore, J. Hu [43] introduced a new technique for detecting compressed deepfake videos, which have become a significant concern. Similarly, J. Chen et al. [44] present an SNIS (Swiss Network for International Studies)-based approach for forgery detection in post-processed images. In the upcoming sections, this paper will delve into these privacy-protecting attributes (descriptions in Figure 1) and explore the findings of these innovative studies. By incorporating the attributes in Figure 1 and advancements, the aim is to provide a complete understanding of privacy preservation in cloud data storage and offer insights into potential solutions and strategies for enhancing data privacy in the cloud.
LedgerDB is an advanced database system used to enhance trust, auditability, and data verification in the modern era. It is a centralized ledger database that mainly focuses on ensuring transparent and verifiable data operations. It includes cryptographic structures, e.g., Merkle trees, to link the security of records. Therefore, it identifies any unauthorized changes in databases. Further, it permits the users to audit data history efficiently and supports integrity checks, without the help of system administrators, using a sequential and tamper-resistant design.
On the other hand, the VeDB has the capability to integrate software techniques and hardware-based security to convey a trusted relational database platform. It uses a trusted execution environment, e.g., Intel SGX, for safeguarding computations within secure hardware zones. Hence, it prevents unauthorized access to the system software. Here, remote attestation mechanisms are engaged to verify and validate the integrity of the secure zones. These advanced database technologies display a shift toward combining strong assurance models with conventional database capabilities. LedgerDB and VeDB provide high-assurance applications with enhanced security without compromising performance or usability by embedding cryptographic authentication and hardware-based protection. These database technologies are used in writing queries in structured query languages.

3.1. Design Management

Design plays a crucial role as it enables the integration of enhanced functionalities within the operational system. With the increasing demand for secure and multifunctional privacy systems, experts strive to incorporate novel privacy design layers, techniques, and methodologies to create a more efficient and secure framework [7,45,46]. Within this category, five attributes, namely design features, cryptographic techniques, cloud-storage-structure, data auditing, and external assets, have been identified [47]. A one-time key, or one-time password (OTP), is a powerful encryption method used for securing data, especially in cloud environments. It ensures unparalleled security by using a unique, random key for each of the encryption sessions, which is never reused. This may eliminate repetition and may prevent attackers from identifying patterns or decrypting the message through analysis.
To generate an OTP, the generated key must be truly random, match the message length, and be used only once. These keys can be generated using hardware-based or cryptographically secure random number generators.
Example: Encrypting “HELLO” (converted to numbers: H = 7, E = 4, etc.) with a key like [3,5,8,19,21], we add each number mod 26 to get an encrypted result. The recipient will reverse the process using the same key.
Since OTPs offer perfect secrecy when used correctly, they are especially suitable for protecting highly sensitive information transmitted through the cloud or stored in the cloud.
The upcoming sections will comprehensively discuss these attributes, and Table 1 provides a summary of the attributes within the design-management category.

3.1.1. Design Features

When considering the privacy of cloud storage, the inclusion of design elements empowers individuals working in the field to integrate diverse countermeasures [11,14]. By appropriately applying design features, a reliable platform can be established, capable of withstanding any potential breaches that may jeopardize the security of the cloud environment [52].

3.1.2. Approaches to Data Auditing

Data auditing in the context of cloud computing (CC) refers to the process of inspecting the services provided by the cloud service providers (CSPs), as well as the communication between different parties involved in the cloud environment [43]. The purpose of the auditing process is to ensure the integrity of transmitted data by employing various detection methods, including review, analysis, protocols, and observation [46]. Additionally, data auditing ensures compliance, thereby preventing any unauthorized breaches. There are two types of data auditing: external and internal audits. External audits are conducted by independent entities to evaluate and verify the integrity of data transmitted among participants in the cloud network. On the other hand, internal audits are performed by users to assess the data and services provided by the CSP, focusing on evaluating the privacy capabilities of the CSP [43]. Here, the authors have suggested organizing cloud-stored data using a multi-layered encoded structure. This involves breaking the data into smaller parts, each of which is encoded individually using various methods, e.g., base64 or other customized schemes. These encoded chunks are then tagged with metadata such as identifiers and verification codes (e.g., hash values) for improving the traceability and integrity-related checks.
Retrieving the data includes collecting the relevant chunks using their identifiers, verifying the integrity through hash matching, and decoding each of the layers in reverse order to reconstruct the original data. The layered encoding structure improves privacy in several ways:
  • Concealment: Encoded data appears meaningless without the decoding logic.
  • Multiple Barriers: Even if one encoding layer is breached, others remain intact.
  • Built-in Verification: Integrity checks ensure that any unauthorized modifications are detected.
  • Decoupled Storage: Metadata and decoding information can be stored separately, reducing the risk of full data exposure.
Further, the authors implemented an SQL (structured query language) procedure to support the organized storage and retrieval of these encoded components. The following is a simple example:
  • SQL for inserting new encoded data
  • INSERT INTO cloud_data (file_id, chunk_id, data_chunk, hash_code, uploaded_at)
  • VALUES (‘F001’, ‘C01’, ‘U2FtcGxlRGF0YQ==’, ‘d3486ae9136e7856bc42212385ea797094475802’, NOW());
  • SQL for retrieving all chunks linked to a specific file
  • SELECT chunk_id, data_chunk FROM cloud_data WHERE file_id = ‘F001’ ORDER BY chunk_id;
  • SQL for validation of integrity
  • SELECT chunk_id FROM cloud_data WHERE file_id = ‘F001’ AND hash_code != SHA1(data_chunk);
The above queries handle data entry, validation, and retrieval for ensuring efficient and secure cloud data management.

3.1.3. Cryptographic Techniques

Cryptographic techniques play a crucial role in ensuring the security of data in cloud storage. These techniques encompass a range of approaches, methods, and tools used to encrypt and decrypt digital data, providing a protective layer for its contents. Encryption serves as a fundamental process in converting plain text into a secure format, enabling secure communication between parties involved. Several encryption methods, e.g., RSA, DES, and AES, are commonly employed to safeguard data in the cloud. Encryption secures data by transforming it into an unintelligible form that can only be understood by authorized individuals possessing the decryption key. Decryption, on the other hand, involves reversing the encryption process to obtain the original data from the encrypted data. This process is essential for retrieving encoded data from cloud repositories in response to authorized user requests.
To access the desired data stored in the cloud, users must possess the appropriate credentials and the corresponding decryption key. This ensures that only authorized individuals with the necessary permissions can decrypt and access sensitive information. The utilization of decryption algorithms in cloud computing enables the secure retrieval of encrypted data, maintaining data confidentiality and integrity. The incorporation of cryptographic techniques in cloud data storage enhances data security, preventing unauthorized access and mitigating the risk of privacy breaches. By employing robust encryption and decryption algorithms and ensuring the proper management of encryption keys, cloud service providers can offer a secure environment for storing and accessing sensitive data.
Here, Lagrange interpolation encryption is used as a secret-sharing key method where the key is hidden in a polynomial format. Only a fixed number of shared points or fragments is required to reconstruct the key using Lagrange’s formula. Hence, it adds a threshold-based security layer.
Triple encryption is used not because single encryptions fail, but to further strengthen the defense mechanism. By layering multiple cryptographic methods (e.g., RSA, AES, and interpolation), the system is capable of protecting data even if one layer’s security is compromised.
SHA-256 is the hash function applied due to its strong resistance to tampering and collisions. It ensures data integrity by producing a unique, fixed-length hash for any input. While encryption processes are typically efficient, decryption, especially when using RSA or polynomial recovery, is more computationally intensive. The authors mitigate this with optimization techniques and modular processing to maintain client-side performance.
AES is selected despite its heavier load and lack of format preservation because it offers fast, secure, and well-supported symmetric encryption suitable for bulk data. Cryptography in the cloud does require significant CPU and memory resources. However, using scalable cloud infrastructure and optimized code helps reduce overhead. Efficiency is tested through simulations involving large-scale datasets, measuring speed, accuracy, and system response under various workloads to ensure real-world reliability. For RSA, the authors propose parallel processing and splitting large operations into smaller parts to handle the algorithm’s high computational demands effectively in cloud environments.

3.1.4. External Assets

External assets within the privacy system can be referred to as third-party tools that enhance the overall functionality of the technique structure [50]. By incorporating external assets, the privacy-preserving technique gains complexity and exceptional privacy capabilities [50]. The integration of external mechanisms has significantly enhanced the architecture of privacy systems. The integration of external assets and advanced techniques in cloud data storage enhances the overall security and privacy of the system. These assets and techniques contribute to the development of robust defense mechanisms against various security attacks, ensuring the effective implementation of encryption and key generation techniques.
One example is the utilization of the RFC (6238) standard for one-time passwords (OTP), which adds an additional layer of security by providing defenses against access control attacks. OTPs generated through this protocol offer a dynamic and time-limited authentication method, reducing the risk of unauthorized access to cloud resources. The application of the Chinese remainder theorem (CRT) in the design of encryption and key generation techniques provides an efficient approach for secure data transmission. By leveraging the properties of the CRT, encryption algorithms can achieve faster computations and optimize the storage and retrieval of encryption keys, strengthening the overall security of cloud data storage.
In addition, innovative techniques such as Lagrange interpolation and the Monotonic encryption algorithm offer unique solutions for encrypting mathematical representations of digital data while preserving their order. These techniques are particularly useful when dealing with sensitive data that requires mathematical operations or maintaining a specific order, such as financial records or sequential datasets. By incorporating these algorithms into the encryption process, the privacy and integrity of numerical data in the cloud can be effectively preserved.
Overall, the integration of external assets and advanced techniques in cloud data storage adds layers of security and ensures the confidentiality, integrity, and availability of data. By leveraging these assets and techniques, cloud service providers can enhance the protection of sensitive information and maintain the trust of users in the secure storage and management of their data.

3.1.5. Cloud Storage Structures

The structure of cloud storage plays a significant role in determining the level of data privacy and security within the cloud environment. Different organizations and individuals have diverse requirements when it comes to storing and managing their data, which has led to the emergence of various cloud storage structures, including public cloud, private cloud, and hybrid cloud. Among these structures, the cloud storage structure specifically designated for implementing privacy-preserving measures becomes crucial. This structure defines how data is stored, accessed, and protected within the cloud. It serves as the foundation for deploying privacy-enhancing techniques and safeguards. Two primary storage structures commonly used in cloud storage are the single-cloud structure and the multiple-cloud structure, and each one has its own merits and demerits. Initially, organizations and individuals often relied on a single-cloud infrastructure to meet their data storage and service requirements. This approach simplified data management and offered convenience, but it also had limitations in terms of scalability, redundancy, and potential vendor lock-in [51].
On the other hand, the multi-cloud structure has gained popularity due to its ability to distribute data across multiple cloud providers. This approach provides increased resilience, fault tolerance, and flexibility by leveraging different cloud platforms and service offerings. It allows organizations to choose the most suitable cloud providers for their specific needs, avoiding dependence on a single vendor and mitigating the risks associated with potential service disruptions or data breaches. While the multi-cloud structure offers enhanced reliability and diversity, it also introduces complexities in terms of data synchronization, interoperability, and security coordination across multiple cloud environments. Organizations must carefully evaluate their requirements, budget constraints, and risk tolerance to determine the most suitable cloud storage structure for their data privacy needs. Hence, selecting the appropriate cloud storage structure is a critical decision for organizations and individuals seeking to protect their data privacy [52]. Whether opting for a single-cloud or adopting a multi-cloud approach, it is essential to consider factors such as scalability, security, vendor lock-in, and the specific privacy-preserving measures that can be implemented within the chosen structure. By making informed choices, stakeholders can ensure their data remains confidential, secure, and accessible while leveraging the benefits of cloud storage services. However, as the CC industry advanced and cyber world applications continued to proliferate [53], the adoption of multi-cloud infrastructure became inevitable. Multi-cloud technology refers to the utilization of multiple CC and storage services within a single heterogeneous design [36].

3.2. Key Management

Key management refers to the process of administering cryptographic keys [54]. Four attributes, namely key length, key generation, key function, and key governance, are identified within this category. Subsequent sections will describe these attributes in detail. A summary of the attributes within the key-management category can be found in Table 2.

3.2.1. Approaches for Generating Keys

The process of generating keys is vital for encryption and decryption operations as it involves the creation of encryption/decryption keys used for ciphering and deciphering data [55]. While these key generation techniques significantly improve cloud data security, it is essential to strike a balance between the level of security and the ease of key management. For instance, dynamic key generation and public/private key encryption provide robust security measures but may involve additional computational overhead and complexity. On the other hand, symmetric key encryption is faster and more straightforward, but the challenge lies in securely distributing and managing the shared key. Cloud service providers and users need to carefully evaluate their specific security requirements and operational constraints when selecting key generation techniques. By implementing the most suitable approach and adopting best practices in key management, organizations can significantly enhance the security, safeguarding it against potential data theft and ensuring data integrity throughout its lifecycle [48]. By implementing privacy-preserving techniques with robust key generation capabilities, the confidentiality of cloud-sensitive data becomes significantly harder to compromise [48]. Moreover, researchers like Yuan [11] have introduced supplementary algorithms, e.g., IGEN, to enhance the establishment of signature keys, thereby reinforcing the credibility of the key generation process.

3.2.2. Length of the Keys

The importance of key length cannot be overstated in cryptography. While advancements in computing technology enable more powerful processing capabilities, it is imperative to adapt cryptographic systems to employ longer and more robust key lengths to withstand evolving threats. Additionally, organizations and individuals must remain vigilant in implementing best practices for key management to mitigate the risk of key compromise and ensure the long-term security of their sensitive data. Cryptographic keys are critical components in securing sensitive data. Their length, combined with sound key management practices, forms the cornerstone of an effective privacy platform. By employing longer key lengths and following recommended key management guidelines, organizations can bolster the security of their cryptographic systems and safeguard sensitive information against unauthorized access [53]. Various key lengths are available depending on the methods used. Symmetric encryption algorithms like 3DES and AES typically utilize key lengths ranging from 128 to 256 bits, while asymmetric encoding algorithms like RSA use key lengths ranging from 1024 to 4096 bits [54]. It is worth noting that the longer the key length, the more challenging and time-consuming the encryption or decryption process becomes [14].

3.2.3. Key Governance

To ensure the security of cryptographic keys within the cloud service provider (CSP), key governance can be offered as a service. Further, owners of the data may have concerns about maintaining the key’s privacy [55]. The utilization of hardware privacy modules has proven to be beneficial in terms of managing and safeguarding cryptographic keys [56]. Various key governance methods have been proposed, including the use of a group key governance system to handle encoded keys [14]. Additionally, the implementation of a master and session key governance system has been suggested [45]. These measures aim to enhance the security and privacy of cryptographic keys within the cloud environment.

3.2.4. Key Function

By employing these key functions, cryptographic systems enhance the security of firewalls and mitigate various risks associated with data communication. They provide a strong defense against unauthorized access, message tampering, and impersonation, ensuring the integrity and privacy of sensitive information. Therefore, key functions are integral to the operation of cryptographic systems [54]. They enable various techniques for contributing to the security and privacy of data. By leveraging these key functions effectively, organizations can establish robust security measures, protect against cyber threats, and foster trust in their digital communication processes [49].

3.3. Test Management

Tests play a crucial role in privacy-preserving techniques, serving as essential actions to ensure their effectiveness. Following the implementation of a privacy-preserving technique, various performance assessment tests are typically conducted [57]. These tests are instrumental in identifying performance issues and possible faults that may compromise the functionality of the technique in specific scenarios [58]. The test-management category encompasses two attributes, namely test environment and applied tests. The subsequent sections delve into these attributes, providing comprehensive insights. Table 3 provides a summary of the attributes within the test-management category.

3.3.1. Testing Environment

The testing environment plays a crucial role in evaluating the performance and effectiveness of privacy-preserving techniques. It encompasses dedicated software, hardware, and networks that are specifically designed for this purpose. Within this controlled workspace, developers and researchers can conduct comprehensive testing operations to assess the functionality and robustness of their privacy-preserving techniques. To support the test environment, leading chipmakers such as ARM, AMD, Qualcomm, and Intel have developed specialized hardware. This hardware is tailored to meet the unique requirements of privacy-preserving evaluations, enabling accurate and efficient testing processes. It ensures that the implemented techniques function optimally in real-world scenarios and provide the desired level of privacy protection.
In addition to hardware, testing software also plays a vital role in the test environment. It collaborates with the specialized hardware to facilitate the evaluation process. Both software and hardware work hand in hand, aligning their objectives to ensure the accurate implementation and assessment of privacy-preserving techniques. Together, the test environment, comprising hardware, software, and networks, serves as a vital platform for conducting rigorous testing and validation of privacy-preserving techniques. Its existence enables researchers to refine their approaches, enhance the effectiveness of privacy preservation, and contribute to the development of secure and privacy-conscious systems.

3.3.2. Test Applied

The efficiency and performance of privacy-protecting approaches are crucial factors in ensuring their effectiveness. Previous studies have conducted various tests to assess these aspects, including session management, broken authentication, etc. Additionally, to protect data from malicious attackers, a novel test was introduced in [11]. These tests contribute to the development of robust privacy-preserving solutions and safeguard sensitive information from potential threats. Additionally, authors have employed traditional tests, including storage, time, and cost analyses, as seen in works by [12,13,14]. Other tests involve evaluating user responsibility to establish trustworthiness, ensuring data confidentiality during transmission between cloud entities, and detecting potential data leakage by third-party authorities [11]. Furthermore, compatibility tests have utilized SQL operations in web-based applications [45].

3.3.3. Empirical Validation of the Framework (Real-World Testing)

The empirical validation process for a multi-layer encoding framework dedicated to enhancing data security involves a systematic evaluation of the proposed solution in both real-world and simulated environments. The term “multi-layer encoding framework” in this context refers to a sophisticated strategy utilizing various encoding or encryption methods to bolster data security within cloud storage. This validation process aims to demonstrate the effectiveness, efficiency, and resilience of the framework in safeguarding sensitive information’s confidentiality and integrity. Initiating empirical validation requires a clear delineation of the multi-layer encoding framework, encompassing the specification of encoding techniques, encryption algorithms, and additional security measures integrated into the framework. Leveraging a combination of cryptographic methods such as homomorphic encryption, attribute-based encryption, and tokenization, the framework establishes a multi-layered defense against unauthorized access and potential data breaches.
A comprehensive literature review was undertaken to position the framework within existing research, examining related works in data security, cloud computing, and encryption. Understanding the strengths and limitations of prior approaches aids in identifying the framework’s distinctive contributions.
The data collection phase is pivotal, involving the gathering of diverse datasets that reflect real-world cloud storage scenarios. These datasets cover various data types, sizes, and formats, enabling an assessment of the framework’s adaptability and scalability. Realistic datasets facilitate the simulation of diverse scenarios to evaluate the framework’s performance under different conditions. Following the framework’s specifications, competent developers implement it, ensuring the use of established programming languages and frameworks for reliability and reproducibility. The implementation closely aligns with the proposed design, incorporating selected encoding and encryption methods.
The experimental design phase involves crafting scenarios and use cases for a comprehensive evaluation of the framework’s capabilities. Metrics, including data privacy, computational overhead, storage efficiency, and overall security, are defined for performance measurement. Benchmarking is crucial for comparative analysis against existing encryption standards and privacy-preserving techniques. This aids in establishing the framework’s relative strengths and weaknesses, providing insights into its performance compared to established methods.
Simulations and testing follow, evaluating the framework in controlled environments and real-world scenarios. This assesses its practical applicability and adaptability to different use cases, with performance metrics like encryption speed, storage overhead, and data retrieval time measured and analyzed. To bolster credibility, the framework undergoes further testing with real-world cloud storage data through collaboration with industry partners. This step verifies its efficacy in handling actual data and ensures readiness for real-world deployment. Peer review, incorporating feedback and refining the framework based on expert opinions, strengthens its validity and potential impact on data security and privacy in cloud storage. Hence, it can be said that the empirical validation ensures a thorough evaluation and positioning of the proposed multi-layer encoding framework within the broader landscape of data security.
The real-world testing examples to evaluate the efficacy of a multi-layer encoding framework for ensuring data privacy in cloud storage are as follows:
(i)
Performance Assessment and Scalability Testing: The authors evaluated the framework’s encryption and decryption speeds across diverse file sizes and formats to benchmark its performance. Further, its scalability was tested under varying data volumes and user loads to ensure consistent efficiency even as demand increases.
(ii)
Security Evaluation and Vulnerability Assessment: The authors conducted thorough security tests to uncover any potential weaknesses in the framework’s encryption methods and assessed its resilience against common cyber threats like brute force attacks and unauthorized access attempts to guarantee robust data protection.
(iii)
Usability Analysis and User Experience Testing: The authors assessed the framework’s user interface and overall user experience through usability tests. Feedback was solicited from users to gauge the framework’s ease of use and effectiveness in meeting their needs, thus ensuring high adoption rates and user satisfaction.
(iv)
Compliance Validation and Regulatory Conformance Testing: The framework’s compliance was verified with relevant data protection regulations such as GDPR, HIPAA, or PCI DSS. Audits were conducted to confirm adherence to legal requirements and the implementation of adequate safeguards for sensitive data stored in the cloud.
(v)
Real-World Scenario Simulation and Use-Case Testing: The authors simulated real-world scenarios like secure file sharing and collaborative data analysis to evaluate the framework’s performance in practical applications. This testing ensures that the framework effectively safeguards data privacy while supporting common tasks and workflows in real-world cloud storage environments.

3.3.4. Impact of the Framework on the End User Usability

The integration of a multi-layer encoding framework to bolster data privacy in cloud storage can significantly influence end-user experiences, introducing both positive and challenging aspects with regard to usability. This framework, designed to enhance security through layered encryption processes, has implications that directly impact how users interact with and manage their data in cloud environments.
One noteworthy positive aspect is the emphasis on user-friendly encryption techniques. Striking a delicate balance between robust security measures and a seamless user experience, modern encryption algorithms are crafted to ensure data protection without burdening end users with intricate encryption processes. The intent is to shield users from the complexities of encoding by implementing transparent encryption solutions that operate seamlessly in the background, allowing users to engage with their data in a manner consistent with their expectations.
Moreover, the framework’s transparent nature, if effectively implemented, means end users might not even be cognizant of the intricate encoding processes occurring behind the scenes. This transparency serves to augment usability, providing users with a familiar interaction with their data without the need for managing encryption keys or undertaking additional procedural steps. The implementation of granular access controls and permissions is another positive aspect contributing to usability. Empowering end users to govern who can access their data, the framework, when accompanied by an intuitive interface for managing permissions, enhances usability by affording users a sense of control over their data privacy.
The fluctuating bandwidth conditions may significantly affect the reliability of multi-layer infill data transmission. It may lead to interruptions, delays, or incomplete data delivery in cases where network capacity varies. A multi-layer encoding framework addresses these problems by organizing data into various prioritized layers. Here, the essential information is kept in the base layer, while additional data content is segmented into augmented layers. If bandwidth drops, then the multi-layer encoding system ensures that only the decisive base layers are transmitted. Hence, it preserves the core functionalities of the service. This framework is more effective in large-scale data computing environments because of its horizontal scalability. More processing and storage nodes may be added without altering the existing architecture when the data volume grows. This distributed approach-based design supports load balancing and parallel data handling. Hence, it helps in maintaining consistent performance and reliability. Verification of the multi-layer encoding framework is evident in the adaptive video streaming that adjusts the content quality based on the current bandwidth. In similar cases, enterprise cloud backup systems use multi-layer encoding to continue data synchronization even when network conditions degrade. These cases confirm the flexibility and scalability of the framework. Thus, its usefulness in miscellaneous data transmission scenarios is proven.
Hence, the authors can say that the usability impact of a multi-layer encoding framework hinges on several factors, including transparency, access controls, user empowerment, and integration with existing workflows. A well-designed framework that prioritizes these aspects can positively shape the user experience, fostering secure interactions with cloud-stored data. Nevertheless, attention must be given to potential challenges such as latency, ensuring that the implementation strikes the right balance between enhanced security and user-friendly functionality. Moreover, furnishing educational materials and assistance can aid users in navigating the security features without encountering substantial challenges related to usability.

3.4. Threat Management

In order to compromise the structure of the cryptosystem and gain access to sensitive data, attackers employ various methods. LedgerDB presents a novel verification framework called “Dasein verification” to address what, when, and who, and validation for enhancing the auditability in the CLS (centralized ledger systems). The CLS ensures transparent, tamper-evident records with the help of minimized models, e.g., FAM and CM-Tree. Further, it enables speedy existence and ancestry verification processes. LedgerDB provides significantly lower latency time and higher throughput in notarization and lineage-tracking tasks within public-cloud environments in comparison to other database technologies like Hyperledger Fabric and QLDB, etc. [59]. Further, the threat-management category comprises two essential attributes, namely the type of threat and the number of threats addressed.
The upcoming sections will describe these attributes, providing an in-depth understanding. Table 4 presents a summary of the attributes within the threat-management category.

3.4.1. Types of Threats

Developing a comprehensive risk assessment report requires a thorough understanding of the various types of privacy threats that a system may encounter. Conducting risk estimation helps privacy-protecting approach designers anticipate potential attacks that can target the system [60]. Early discovery of these threats enables designers to strengthen the privacy measures incorporated in the technique. Our analysis reveals that active attacks are the primary cause of privacy breaches, aligning with findings from other studies. However, it is important to acknowledge that passive threats are also a possibility [10]. By identifying and addressing these threats proactively, privacy-preserving techniques can be further enhanced to provide robust protection against privacy breaches.

3.4.2. Threats Addressed

The “threats handled” attribute plays a critical role in quantifying the effectiveness of privacy-preserving techniques in addressing data breaches and ensuring optimal privacy levels. With the continuous expansion of cloud computing services, addressing vulnerabilities and weaknesses in privacy systems has become a complex and ongoing challenge, without any absolute guarantees [59]. Protecting personal information is a fundamental aspect of privacy-protecting approach design, allowing designers to mitigate system weaknesses and vulnerabilities. However, to truly enhance privacy measures, designers need to develop new technological approaches that mitigate the overall impact of privacy risks and make privacy-protecting approaches more resilient to a wide range of threats [22].
Privacy-preserving techniques typically incorporate running method algorithms that can handle various forms of attacks. These attacks include known plaintext and MITM attacks. By employing these algorithms, privacy-preserving techniques can effectively mitigate the risks posed by these threats and ensure the privacy and safekeeping of susceptible data.
It may be essential for designers to stay updated with the evolving landscape of privacy threats and continuously improve the capabilities of privacy-preserving techniques. By addressing a comprehensive set of threats and vulnerabilities, designers can bolster the resilience and effectiveness of privacy-preserving techniques, providing robust protection for users’ sensitive information in cloud computing environments.

3.5. Management of Performance

The management of the performance in privacy-preserving techniques entails evaluating the efficiency and effectiveness of a system by assessing specific aspects [7]. This category encompasses three important attributes, namely privacy achievements, performance standards, and abnormality. These attributes play a crucial role in determining the overall performance of privacy-preserving techniques and measuring their success in achieving privacy goals. In the upcoming sections, we will delve deeper into these attributes, offering valuable insights into their significance and impact on privacy preservation in various systems. Table 5 provides a summary of the attributes associated with performance management.

3.5.1. Performance Standards

Performance standards establish measurable criteria that are utilized to evaluate the adequacy of technique designs [63]. They serve as benchmarks for assessing the capabilities and efficiency of a system. The specific performance standards employed in privacy-preserving techniques can vary considerably. For instance, in assessing the efficiency of transmitting and receiving OTP passwords, factors such as response time, average request duration, throughput, and the number of cloud users or existing clients may be considered [61]. These standards provide valuable insights.
The evaluation of privacy-preserving techniques involves considering various factors and metrics to assess their performance and effectiveness [11]. One crucial aspect is the amortized cost, which takes into account factors like communication overhead, runtime, and transaction efficiency for different storage and block sizes [11]. Comparisons with established techniques like AES and DES require analyzing specific variables like key computation time, time of key recovery, and encryption/decryption time [14]. In addition to these factors, other criteria are suggested for assessing the level of privacy preservation. These include auditing time, communication cost, and privacy-protecting performance under active attacks [13]. The time required for the download/upload process and the storage capacity utilized during method execution also play a role in evaluating the proposed technique [12]. Considering these diverse metrics and variables ensures a comprehensive evaluation of privacy-preserving techniques, enabling researchers and practitioners to make informed decisions about their performance and effectiveness in safeguarding data privacy. By thoroughly analyzing these factors, it is possible to identify the strengths and weaknesses of different techniques and make improvements to enhance their privacy-preserving capabilities.
The influence of system performance on security enhancements, particularly regarding encryption and decryption timings within real-world contexts, is pivotal for the effectiveness of data protection measures in a multi-layer encoding framework. Understanding how the efficiency of the system impacts these key aspects provides valuable insights into its practical application and user experience. The acceleration of encryption processes is paramount in real-world scenarios, particularly during data upload to the cloud. A well-optimized framework ensures swift encryption at multiple layers without introducing perceptible delays, thus fortifying the overall security posture. This efficiency directly contributes to the timely protection of sensitive information. Similarly, the expeditious speed of decryption processes is crucial for real-time data access and retrieval. An efficient system guarantees that decryption occurs promptly, facilitating user access to data without significant delays. In situations where rapid data retrieval is imperative, a responsive decryption process contributes to a positive user experience, fostering compliance with security measures.
The framework’s ability to handle real-time processing requirements in various applications is vital. Ensuring that multi-layer encoding and decoding processes operate seamlessly in real-time is essential for maintaining system responsiveness without compromising security measures. This capability is particularly valuable for users engaged in activities such as financial transactions or real-time analytics. User experience is a focal point, and the swift pace of both encryption and decryption processes directly contributes to a positive outcome. In real-world scenarios, users benefit from an efficiently operating system, enabling them to interact with their data seamlessly. This positive experience is instrumental for user adoption and adherence to security measures, minimizing the likelihood of users seeking alternative, less secure methods due to performance concerns.
Scalability considerations play a crucial role in influencing encryption and decryption timings. The multi-layer encoding framework must be adept at handling increased data volumes and user demands in real-world scenarios. Effective scalability prevents bottlenecks, preserving optimal encryption and decryption timings and ensuring the overall security of the system. Adaptability to varying workloads is essential for maintaining optimized encryption and decryption timings across diverse scenarios. Real-world usage patterns fluctuate, and an adaptive system can sustain efficiency under different conditions, ensuring consistent security improvements.
Continuous monitoring and optimization are imperative for sustained system performance. Regular assessments of performance metrics facilitate the identification of potential bottlenecks or inefficiencies, allowing continuous optimization based on real-world performance data. This iterative process ensures that encryption and decryption timings are consistently improved, aligning with evolving security requirements in dynamic environments. Lastly, adherence to service-level agreements (SLAs) is indispensable. The system’s performance, encompassing encryption and decryption timings, must consistently meet the defined SLAs, underscoring the reliability and effectiveness of the multi-layer encoding framework in real-world usage scenarios.

3.5.2. Abnormality

The term “abnormality”refers to behavior that deviates from the norm and sets a privacy technique apart from others [40]. These unique design features and attributes play a crucial role in the overall performance of privacy-preserving techniques. For example, Ref. [10] proposed an automated blocker protocol that adds an additional layer of protection by triggering a stop operation within the auditing protocols of third-party authorities, preventing unauthorized access to private data. Another approach suggested by [11] involves the replacement of the traditional structure with a binary tree shape for enhancing data privacy and access control mechanisms. Additionally, Ref. [13] introduced the deployment of a Merkle hash tree to identify corrupted data blocks. This technique strengthens the integrity and security of cloud data. Furthermore, Ref. [44] emphasized the use of certificates as a means of audit party verification, allowing external authorities to distinguish between authorized and illegal cloud data access, thereby enhancing data protection.
These examples highlight how the incorporation of unique design features and attributes, such as automated blocking protocols, customized storage structures, hash-based authentication, and verification mechanisms, can significantly enhance the privacy-preserving capabilities of techniques and mitigate privacy threats in cloud storage environments. These innovative methods and techniques introduce abnormality into the privacy-preserving landscape, enhancing the security and efficiency of the overall system.

3.5.3. Privacy Achievements

Privacy achievement refers to the outcomes or consequences of specific functions within the technique that contribute to its overall effectiveness. Privacy assessment encompasses various crucial aspects. It involves identifying the types of attacks that are addressed by the techniques, assessing the privacy achievement level after implementing a particular algorithm [62,63]. These techniques prevent unauthorized parties from manipulating data and restrict the external authorities from disclosing high-value information without proper authorization. Furthermore, the use of digital signatures and certifications plays a vital role in ensuring the integrity and trustworthiness of data. By employing these mechanisms, data integrity is protected, and the authenticity of data can be verified.
Employing a data hiding approach and implementing a multi-cloud storage structure addresses two essential privacy objectives: ensuring data availability and preserving data integrity. By concealing the data and distributing it across multiple cloud providers, the risk of unauthorized access or data leakage is significantly reduced. Finally, employing the multi-layer encoding method enhances privacy by deterring various attempts to expose susceptible data from the users of individual clouds [64]. With multiple layers of encryption, the security of the data is strengthened, making it significantly more challenging for unauthorized parties to decipher. Therefore, it can be said that the application of these privacy-preserving techniques leads to significant privacy achievements, including data confidentiality, integrity, availability, and trustworthiness. By implementing these measures, organizations can better protect sensitive data in cloud storage environments, and these privacy achievements contribute to the overall success and effectiveness of privacy-preserving techniques.

4. The Anticipated Cloud Storage Structure

In order to develop an effective system, many privacy-protecting techniques have incorporated sophisticated and advanced approaches. However, it is important to note that complexity does not always yield favorable outcomes [65]. In fact, the complexity of privacy-protecting approaches can introduce challenges across various aspects of their functionality. Complex designs may generate high costs, limited accessibility, lengthy computation times, maintenance difficulties, and inefficient resource utilization [66]. Therefore, it is crucial to design privacy-preserving techniques that prioritize efficiency, adaptability, and reliability in order to mitigate the likelihood of performance issues [67]. The subsequent sections will delve into the components, processes, and requirements of the anticipated framework.

4.1. Design Requirements

In recent years, a diverse range of privacy-preserving techniques has emerged, each incorporating its unique privacy features and enhancements. However, it is essential to construct privacy-preserving techniques in alignment with design principles and privacy-preserving attributes, as outlined in Section 3. Given that many organizations and online services, including CSPs, heavily depend on these attributes, designing privacy defenses becomes a critical endeavor [68]. Prior to developing a new privacy-preserving framework, it is necessary to provide a concise description of the overall system. The following sections will delve into these elements, drawing as follows from sources such as [66,67,69]:
(i)
Technical expertise: The developer of the privacy-protecting approach should possess a comprehensive understanding of cloud-computing technologies. This ensures that designers can effectively address any design or security issues that may arise.
(ii)
Privacy policies and regulations: It is essential to establish a set of standards and regulations governing the usage of cloud services during the development of the privacy-preserving technique. Network participants must adhere to these requirements before establishing any connections within the cloud.
(iii)
Auditing mechanisms: Implementing monitoring mechanisms for network traffic is highly recommended. Auditing procedures serve as a vigilant checkpoint and a continuously observing system to identify any doubtful or abnormal activities.
(iv)
Data segmentation: Data partitioning into smaller segments has become a very basic-level approach for concealing sensitive information. Leveraging data segments and cloud technology can be outsourced to a multi-cloud-based storage approach for further enhancing privacy protection.
(v)
Access control and authentication: Robust approaches for controlling and managing access to cloud services must be employed. Implementing reliable access control measures is paramount in meeting privacy standards and ensuring authorized usage.
(vi)
Data encryption: Data transferred inside the cloud surroundings should be safeguarded against cryptographic threats. It is advisable to encrypt data using appropriate encryption protocols at all levels of the cloud network to ensure data privacy and integrity.

4.2. Components of the Framework

There are nine components of the framework, and these components are described below:
(i)
Participants: In this section, we will integrate the privacy-protecting attributes and design elements to develop a new framework designed to protect cloud storage from privacy breaches. The subsequent components describe the framework’s structure, and the design elements incorporated within it are as follows: the proposed framework involves three key participants: the cloud service providers (CSPs), users, and the system administrator. The CSP offers a range of services, including network connectivity, computation time, etc. Users seek secure communication with the CSP, while the system administrator is responsible for crucial tasks such as data reception, initial AES encryption, and maintaining a list of authorized individuals.
(ii)
Registration: A registration process is implemented to allow users to fully utilize the features and cloud services.
(iii)
Data processing: To add an element of dispersion and enhance security, the framework allows for data segmentation and recombination. Users have the option to encode their data before outsourcing it to the cloud, utilizing AES encryption for the initial layer of protection.
(iv)
Cryptographic techniques: The framework employs two encoding levels to safeguard susceptible data. The 1st layer of encoding is performed by authenticated participants using AES. The 2nd layer utilizes the RSA algorithm. This dual-layer encryption approach enhances the overall security of the system. AES and RSA algorithms generally work together to provide secure and efficient encryption. AES is fast and more suitable for encrypting large volumes of data, whereas RSA is used to securely transmit the AES key. In this combined approach, the data is first encrypted using AES for speed, and then the AES key is encrypted using the recipient’s RSA public key. After receiving the message, the recipient may decrypt the AES key using the private RSA key to access encrypted data. This combination will offer a balance between secure key exchange and speed. Example: While sending a highly confidential document, the sender will encrypt the file using AES, and then he/she will encrypt the AES key using RSA. The recipient will use his/her RSA private key to retrieve the AES key for decrypting the file. Further, the homomorphic encryption will allow data to remain encrypted during processing. Hence, it protects sensitive information while performing computations and data transmission. However, sometimes this method may involve high computational costs.
(v)
Auditing: The framework emphasizes internal auditing conducted by the system admin rather than relying on external auditors. Internal auditing provides a higher level of security and confidentiality, as there is no risk of exposing sensitive data to external entities.
(vi)
Data controller: The framework includes a data controller mechanism that enables efficient retrieval and storage of data from cloud storage through the CSP. This ensures proper data management and facilitates seamless access to stored information.
(vii)
External assets: One notable technology integrated into the framework is the one-time password (OTP) for additional verification. OTP technology provides an extra layer of security by generating unique, time-limited passwords that users must provide for authentication purposes. By employing OTP, the framework enhances the verification process and strengthens user authentication.
(viii)
Combining data and segmentation: The framework employs combining data and segmentation mechanisms to enhance privacy. Prior to encryption, data is segmented into smaller chunks. Upon decryption, the combined result of these segments is supposed to be the original data.
(ix)
Multi-cloud storage: The framework recommends adopting a multi-cloud storage approach to ensure the availability of data and anonymization in the event of storage failures. This may help in enhancing data availability and maintaining anonymity.
The above components of the proposed framework encompass various aspects, including participant roles, registration procedures, data-processing techniques, cryptographic methods, auditing practices, data control mechanisms, and the utilization of external assets such as OTP technology. These elements collectively contribute to establishing a secure and efficient cloud environment for users and enhance the overall privacy and confidentiality of the system [70,71,72].

4.3. Proposed Framework Functions

The multi-layer encoding system incorporates several design elements to ensure robust data protection and privacy. Together, the system elements form a comprehensive framework for secure data processing and transfer. The system includes the cryptographic capabilities provided by the cloud service provider (CSP), as illustrated in Figure 2. Each component of the system performs specific tasks to effectively handle data encryption, decryption, and transfer. The administrator plays a crucial role in conducting audits and assessments to maintain the integrity and safety of the system [73,74]. This includes verifying user identities, examining transmitted data for potential privacy breaches, and ensuring compliance with established security protocols.
The user interface serves as the gateway for users to interact with the services of the cloud more efficiently. It provides a user-friendly environment where users can input data, manage their privacy settings, and perform various operations. The data controller ensures that data is properly managed and facilitates seamless access when needed [75]. The pre-encoding and the data-processing functions are responsible for transforming the plain data into a suitable format for the initial encryption layer. This step prepares the data for the subsequent encryption process, optimizing its security and confidentiality. The cryptographic system is the core component of the multi-layer encryption system. It establishes a second layer of encryption, utilizing advanced cryptographic algorithms provided by the CSP [76]. This additional layer enhances the confidentiality of the data, making it more resistant to unauthorized access and ensuring robust data protection throughout the system. Therefore, the authors can say that the multi-layer encryption system incorporates various design elements and functions to ensure secure data processing and transfer. The user interface, data controller, pre-encryption, and cryptographic system all work in harmony to safeguard sensitive information and protect user privacy within the system [77].

4.4. The Data Workflow

The following sections provide an overview of the data flow process of Figure 2:

4.4.1. Registration Process

To access the service, users need to complete the enrollment requirements. This involves filling out a registration form with their information, which is then collected and stored in a database containing authorized users’ data. Once the registration procedure is complete, a list of authorized users is generated by the registration system to be shared with the system admin and CSP.

4.4.2. Data Storage Process

If the user is verified, the admin sends an OTP code, which the user must enter before proceeding with the storage transaction. The user then passes the plain data to the data controller service, which processes and pre-encrypts the data. Next, the data is divided into segments, and each segment is encrypted using AES as the initial encryption layer. The encrypted segments are then sent to the CSP for the next phase of the storage process. To add an extra layer of protection, the framework employs RSA encryption before delivering the data to the CSP.

4.4.3. Data Retrieval Process

Authorized users initiate a query to the admin for data retrieval. The OTP technique is used to verify the user’s identity. Once authenticated, users can proceed with the retrieval process. In the first stage, the CSP sends a query to the user requesting the desired data segments from the cloud repository. To decode the outer layer of encryption, which was applied using the RSA algorithm, users must provide their private key to the cloud service provider (CSP). This is necessary because the data was initially encrypted using a shared public key by the CSP. Once the private key is provided, the processing module within the system decrypts the encoded segments in the inner layer. A merging algorithm is then utilized to reconstruct the data into its original format. Before being directed to the user interface, the data undergoes integrity verification by the data controller, ensuring its accuracy and reliability. Throughout this process, the system administrator supervises the data flow and ensures the security of the decryption and reconstruction procedures.

4.5. Implementation Steps of Proposed Framework

To ensure the security and authenticity of user data, organizations must follow a series of crucial steps in creating and deploying a comprehensive cloud storage and privacy framework. The following outlines the process:
Step 1:
Requirement Assessment and Architecture Planning (Identify the nature of stored data, privacy requisites, and compliance needs; formulate the cloud storage architecture accordingly).
Step 2:
Infrastructure Setup and Data Encryption (Establish the cloud infrastructure and implement encryption protocols for data at rest, in transit, and during processing).
Step 3:
Access Control and Privacy Policy (Implement stringent access controls, employ identity management, and articulate explicit privacy policies governing data access).
Step 4:
Data Segregation and Redundancy (Categorize data based on sensitivity, introduce redundancy measures for data availability, and ensure systematic backup procedures).
Step 5:
Monitoring, Audit, and Incident Response (Deploy monitoring systems, conduct routine audits, and create an incident response plan to address security events effectively).
Step 6:
Security Assessments and User Training (Execute regular security audits encompassing vulnerability assessments and offer continuous user training on evolving security practices).
Step 7:
Updates and Patch Management (Keep all software components current with the latest security patches for the operating system, applications, and services).
Step 8:
Continuous Improvement and Emerging Technologies (Continually enhance the security framework based on evolving threats and integrate emerging technologies to fortify defenses).
Step 9:
Regular Audits and Compliance Checks (Conduct regular audits to ensure conformity with data protection regulations and perform checks to uphold security standards).
Step 10:
Trust and Customer Assurance (Foster trust through transparent communication, adherence to privacy commitments, and assuring customers about the robustness of data protection measures).
By adhering to these sequential implementation processes (Step 1 through Step 10), organizations can build a resilient framework for cloud storage and privacy. This framework ensures the security of user data and fosters trust among customers. Regular assessments, updates, and ongoing monitoring contribute to the continuous improvement of the framework, enabling it to adapt to emerging technologies and evolving threats.

4.6. Cloud Storage, Privacy-Preserving Components, and the Experimental Environment

Privacy-preserving technologies aim to safeguard the personally identifiable information (PII) of users while ensuring the functionality of cloud storage systems. Researchers have proposed various privacy-preserving solutions for cloud computing, employing techniques such as encryption, access rights, access control, and data/user anonymization. In this section, we will discuss existing frameworks and hardware used by researchers over time.
The algorithmic steps for ensuring privacy-preserving attributes in a multi-layer encoding framework are as follows (Step 1 to Step 12), and the corresponding source code is presented in Appendix A:
Step 1:
Receive input data containing potentially sensitive attributes, such as personally identifiable information (PII) or financial records.
Step 2:
Analyze the data schema to identify attributes that require protection to uphold privacy.
Step 3:
Initialize encryption processes by establishing cryptographic frameworks and generating encryption keys.
Step 4:
Employ a multi-layer encoding approach, utilizing various encryption techniques like symmetric or asymmetric encryption, to enhance data security.
Step 5:
Selectively apply encryption to sensitive attributes based on their level of sensitivity and privacy requirements.
Step 6:
Transform the data into an encoded format while ensuring integrity during the encoding process.
Step 7:
Manage encoding layers effectively, including tracking encryption keys and maintaining access controls to uphold data integrity.
Step 8:
Implement robust access control mechanisms to restrict unauthorized access to the encoded data.
Step 9:
Utilize secure storage and transmission methods to prevent unauthorized access and data breaches.
Step 10:
Decrypt the data selectively, allowing for the retrieval of original attributes when necessary.
Step 11:
Validate privacy preservation measures through regular assessments and audits to ensure compliance with privacy standards.
Step 12:
Continuously monitor and update encryption algorithms, access controls, and privacy policies to adapt to emerging threats and maintain effective data privacy protection.

4.7. Cloud Storage and Privacy-Preserving Software Testing Tools

Presently, safelishare.com [78] offers a privacy-preserving software-as-a-service (SaaS) solution incorporating confidential computing. This approach utilizes trusted execution environments (TEEs) to provide organizations with heightened security levels while minimizing their IT workload. By employing confidential computing techniques, customer data and transactions hosted within a cloud platform are safeguarded, granting organizations full control over access privileges and ensuring the privacy of interactions exclusively among authorized parties. Additionally, SafeLiShare, as shown in Figure 3, offers a runtime secure enclave provisioning feature specifically tailored for contemporary SaaS providers, enabling them to securely encrypt and safeguard customer assets, including applications, code, and data. By utilizing SafeLiShare’s Safelet and SafeStream, SaaS providers have the capability to transform public cloud workflows into private cloud workflows, ensuring encryption is applied and offering a premium tier of service with strong confidentiality in leading cloud environments supported by trusted execution environments (TEEs).
Similarly, another service provider, Skyflow Data Privacy Vault [79], offers security, compliance, and data residency capabilities. By deploying via VPC (virtual private cloud) and utilizing bring your own key (BYOK), Skyflow Data Privacy Vault ensures the secure storage and utilization of sensitive customer data. With a foundation built on Zero Trust principles, Skyflow simplifies compliance with privacy laws and promotes top-tier data privacy practices. Additionally, Skyflow Data Privacy Vault streamlines the SOC2 compliance audit process for customers. It includes advanced security features such as a robust data governance engine with fine-grained data access controls and comprehensive audit logging, effectively protecting customers’ sensitive data and facilitating SOC2 compliance. Furthermore, Palo Alto Networks provides an online Guide to Cloud Security Posture Management Tools, which addresses the challenges associated with multi-cloud security.

4.8. Contributions and Improvements in Existing Ideas

In 2011, Huang RuWei Xi′an [70] introduced a cloud storage framework and developed an interaction protocol among participants. The diagram in Figure 4 illustrates the functional modules of users, data owners, and storage service providers, along with their interactions. The dashed lines indicate the functional or structural correspondence between the connected components.
This privacy-preserving cloud storage framework incorporates an interactive protocol, multi-tree index, EKDA (extirpation-based key derivation algorithm) for key management, and a DWBF (double-hashed and weighted Bloom filter) to address changes in user access rights and dynamic data operations.
The proposed multi-layer encoding framework of data privacy in cloud storage is assessed using standard privacy-sensitive datasets like Adult Income, MIMIC-III, and credit card fraud transaction records, etc. To evaluate the performance of the framework, standard methods like AES-based encoding, differential privacy algorithms, and homomorphic encryption are used as the baselines. Further, the effectiveness of the framework is measured through utility accuracy, computational cost, privacy guarantees, and scalability. These assessments showcase its capability to securely encode and protect sensitive information while measuring efficiency in cloud storage systems. The framework supports interactions among multiple users, owners, and service providers, specifically catering to owner-write, user-read scenarios. Through experiments and security analysis, it has been observed that an EKDA efficiently reduces communication and storage overheads, while a DWBF enables encrypted keyword retrieval and further reduces communication, storage, and computation overhead.
The proposed framework notably lowers the risks of data privacy attacks using inference and reconstruction. It applies layered transformations to unclear sensitive attributes and achieves up to an 85% reduction in success rates. Although this method may introduce a processing overhead of around 18% to 25%, it remains efficient and scalable for cloud-IoT-based environments. The proposed design is aligned with data protection standards, e.g., CCPA, GDPR, HIPAA. Further, it promotes anonymization and controlled exposure of data.
In a subsequent study conducted by D. Chandramohan [71], the impact of preserving user secrecy and privacy awareness in the current cloud computing era after five years was carefully examined. With the growing ease of availability and flexibility, the amount of information shared and stored in the cloud environment has significantly increased. However, the sensitive nature of user information in cloud storage makes it vulnerable to attacks from various hackers. Misuse of private information not only compromises user trust but also poses a challenge for cloud providers. Therefore, in today’s internet world, effective information management and secure maintenance have become crucial tasks.
In today’s world, various sectors such as healthcare, finance, services, and government rely on the cloud for storing information. However, handling such tasks globally poses significant challenges, making it imperative to have a new framework that ensures user privacy and uninterrupted services. To address this demand, Chandramohan et al. proposed the Petri-net Privacy Preserving Framework (PPPF) to safeguard user privacy and enhance users’ trust in cloud providers. The PPPF model is presented in Figure 5, and the corresponding proposed source-to-contract (S2C) privacy-preserving cohesion technique is presented in Figure 6. The framework collaborates with PPCT (Privacy-Preserving Contact Tracing) to promote, develop, validate, and increase the importance of data privacy. The PPPF focuses on securing confidential data in storage areas, ensuring the performance of cloud services, and verifying unknown users’ legitimacy. These storage areas act as safeguards for preserving highly sensitive information. The main components of the Petri-net Privacy Preserving Framework system, as illustrated in Figure 7, include cloud service request, user request verification, cloud requestors authorization, user validation, and cloud users authentication or response.
Storage-as-a-service (STaaS) is a prominent privacy-preserving technology used in cloud computing, enabling the distributed storage of massive amounts of remote data. The advent of mass-distributed storage (MDS) has further expanded storage capacity. However, the arrangement of distributed storage can expose vulnerabilities to malicious attacks, particularly during data transmission. Yibin Li et al. introduced the Security-Aware Efficient Distributed Storage (SA-EDS) model in 2017 as an intelligent cryptographic approach to enhance privacy preservation [72]. The SA-EDS model utilizes information science to develop an efficient MDS service with robust security measures. Data encryption is employed prior to distributive storage across multiple cloud servers, ensuring minimal overhead and latency. The architecture of SA-EDS is depicted in Figure 7.
To enable data searching ability for users, named-data-packet techniques are utilized, represented by solid (S) and broken (B) arrow lines. B arrow lines indicate data retrieval operations, while S arrow lines denote data splitting and storage operations. Additionally, the Secure Efficient Data Distributions (SED2) algorithm ensures secure data splitting with minimal cost to prevent information leakage. The decryption process for sensitive data retrieval is supported by electronic data capture approaches.
In 2018, Xinbo Liu et al. [73] proposed the privacy-protecting Principal Component Analysis (PCA) framework for ensuring privacy protection to predict data and results. By keeping the key for decrypting the encrypted content in the hands of the owner instead of the cloud machine, the framework ensures that even if the cloud provider experiences a data breach, only the encrypted information is leaked, preventing the exposure of actual records. The services provided by cloud security systems are described in Figure 8.
The approach mentioned in Figure 8 involves protecting data based on its content and applying privacy protection based on the assigned importance level. This determination is made by analyzing the content of transmitted data from each individual and aligning it with the requirements defined in the “policy.” This method enables the secure and simultaneous utilization of services that involve personal data while preserving privacy. In 2019, Maribel Fernández introduced the Data Bank, a cloud-IoT architecture designed to protect users’ sensitive data [74]. The architecture allows users to control the transmission of data from their devices and provides tools for visualizing agreements and managing privacy–utility trade-offs. Fernández illustrates their work with an example in the context of a smart vehicle environment.
The proposed 4-tier architecture for cloud-IoT platforms is depicted in Figure 9. It includes the application layer, cloud layer, data pocket layer, and sensors layer (physical objects) [74]. Detailed descriptions of each layer are provided by Fernández.
In 2022, Gajraj Kuldeep et al. [75] introduced a novel privacy-preserving cloud computing solution known as Multi-Class Privacy-Preserving Cloud Computing (MPCC). This groundbreaking scheme utilized compressive sensing techniques to represent sensor data in a compact manner, ensuring efficient data encryption. The MPCC framework comprises three distinct variants, each tailored to address specific use cases: statistical decryption for smart meters, data anonymization for images, and electrocardiogram signal processing. The MPCC variants were designed to achieve two levels of secrecy. The superuser possessed access to the precise sensor data, while the semi-authorized user could only obtain statistical data or signals without compromising sensitive information, depending on the chosen MPCC variant. By enabling computationally intensive sparse signal recovery to be performed at the cloud level, the MPCC scheme effectively tackled the challenges associated with the exponential growth of IoT sensor data, including energy consumption and storage requirements, while addressing concerns regarding data privacy in cloud computing.
Compared to existing schemes, the MPCC scheme significantly reduced the computational complexity for IoT sensor devices and data end-users. Experimental results based on three datasets, namely smart meter readings, electrocardiogram data, and images, showcased the efficacy of the MPCC framework in terms of statistical decryption and data anonymization. The MPCC scheme developed by [75] emerged as a promising solution that not only addressed the challenges posed by IoT data processing and privacy in cloud computing but also demonstrated enhanced efficiency and effectiveness compared to previous approaches. The multi-class encryption architecture for multi-class data consumers with a cloud storage facility is demonstrated in Figure 10. Further, Figure 11 represents the service model for cloud-assisted storage and decompression.
The proposed approach, as seen in Figure 12, involves the advancements in Ankit K. et al.’s [76] model. This method involves the generation of secret keys through synchronization, which are then combined with model-encrypted data packets and transmitted to the cloud. These secure data packets are subsequently transmitted over a public network, with monitoring in place to prevent unauthorized data leakage. The deliberate lack of cohesion in this approach aims to prevent data storage from being outsourced to the cloud. This distribution model can significantly change the perception of authorized data owners regarding cloud storage, resulting in a significant improvement in addressing trust issues between data owners and cloud service providers. The system architecture of the cloud archive framework, illustrated in Figure 13, consists of multiple components and their corresponding relationships.
The workflow procedure can be divided into three clear stages. Initially, the first stage takes place within the client’s intranet. It is followed by the second stage, which occurs in the cloud base module. Lastly, the third stage involves monitoring. The primary objective of this approach is to guarantee the secure storage of data in the cloud by transmitting data packets generated through key generation. Furthermore, to mitigate potential risks posed by different types of hackers on the network, a monitoring system is deployed to ensure the accurate sequencing of data transmission from the sender to the receiver. This process is illustrated in Figure 14.
In this context, Gopinath proposed the BCBF (Binary Conversion, Block Reordering, and Fuzzification) framework in 2023 [77]. The proposed framework applies secure quantum key distribution to enhance data security in the cloud. The main concern addressed by the framework is the secure distribution of encryption keys among users, considering the potential threat of hackers gaining access to the secret key through advanced quantum computers. The enhanced BCBF framework, depicted in Figure 15, addresses this issue and provides a solution for secure key distribution.
To tackle specific challenges in quantum key distribution, various methods have been developed. The researcher employs preprocessing techniques such as shifting, binary conversion, and block reordering to address side-channel attacks (ASCA), a known issue in quantum key distribution algorithms. The combination of binary conversion, block reordering, and fuzzification procedures enhances the accuracy and authenticity of the data while minimizing security losses. Based on experimental results, the authors found that the mean rate of security breaches using the BCBR with the fuzzification method is 0.69, compared to a mean rate of 11.0 using conventional approaches. The corresponding standard deviations are 0.3785 and 6.055, respectively.
El-Booz (2016) et al. [10] proposed a privacy-protecting technique using OTP (one-time password) for cloud storage security. They implemented a trusted third-party audit and employed the automatic blocker protocol for authentication. The technique showed promise in privacy performance and effectiveness, but further efforts are needed to improve cryptographic approaches. Yuan (2018) et al. [11] developed a privacy-protecting approach based on ORAM (oblivious random access memory) for protecting shared data privacy in the cloud. Path-oblivious RAM and cryptographic algorithms were utilized to prevent unauthorized access patterns. However, achieving high efficiency required time-consuming storage scrambling. Kavin and Ganapathy (2019) et al. [14] provided a Chinese remainder theorem-based storage technique to address storage security and access control in IoT and the cloud. The technique showed promise in privacy protection, but determining an appropriate level of privacy could be challenging due to common key sizes.
Subha and Jayashri et al. (2017) [13] presented an approach to mitigate risks from MITM (man-in-the-middle) attacks by employing data purity analysis, digital signatures, and certificates. While digital certificates and signatures enhanced security, involving third-party audits introduced additional risks. Jin and Wang et al. (2016) [12] proposed an enhanced Lagrange interpolation approach for privacy preservation, combining service availability and data hiding. Their technique supported multi-cloud storage and reduced the overall risk of data breaches, although comprehensive user data security had limitations. Yang et al. (2018) [59] presented a privacy-protecting approach using authentication with hashed client aliases to safeguard user data. Confidentiality-based certificates defended against privacy attacks, but involving third-party audits carried potential risks. Liu et al. (2019) [27] recommended a privacy-protecting approach for a private cloud database environment, enabling SQL (structured query language) queries on encrypted data. Their triple encryption scheme allowed efficient SQL commands without compromising privacy, although performance tests on cryptographic systems could be inefficient and costly.
The following would be the possible practical implications and improvements for the above-described existing ideas after using the proposed multi-layer encoding framework:
  • Improvement 1: Dynamic Policy Adjustment (Development of adaptive frameworks that will adjust the privacy policies depending on user behavior and data sensitivity levels).
  • Improvement 2: User-Centric Encryption Models (Empowers the users with customizable encryption options adaptable to specific data sensitivity requirements).
  • Improvement 3: Decentralized Key Management(Encourages the use of distributed key management technologies for enhancing transparency and security).
  • Improvement 4: Enhanced Data Visualization(Encourages and provides instinctive tools to the users for understanding and managing their data privacy and utility trade-offs efficiently).
  • Improvement 5: Optimized Resource Allocation (Introduces resource-awareness approaches to minimize latency time and computation costs during security management).
  • Improvement 6: Cross-Domain Privacy Standards (Establishes universal privacy-preserving standards to perform interoperability across various sectors using cloud storage).

4.9. Comparison with Existing Techniques

In this section, the authors conducted a comparative analysis of the proposed multi-layer encoding framework with several other techniques to assess its effectiveness. Specifically, the techniques proposed by [2,5,6,22,36,38,41,55] were examined. Table 6 presents a comprehensive overview and comparison of the proposed privacy-protecting techniques with other techniques. Further, Table 7 presents an advantages and limitations-based comparison of the proposed approach with preceding privacy-protecting approaches.

5. Discussions

Data privacy is a critical consideration in the area of cloud storage. This study aims to address this concern by discussing privacy-protecting attributes specifically designed for cloud storage in the current context. These attributes play a crucial role in enabling the development of privacy-protecting approaches while ensuring the protection of user privacy. The paper investigates two research investigation questions (RIQ), namely the privacy-protecting attributes of cloud data storage (RIQ1) and how these attributes can be incorporated into a privacy-protecting framework (RIQ2). By answering these questions, a complete set of privacy-protecting attributes is presented, along with a proposed framework for privacy preservation in cloud data storage. Subsequent sections delve into the implications and the significance of integration and provide insights into future directions in this field.

5.1. Implications

This study conducted a comprehensive analysis of 16 privacy-preserving attributes, which were categorized into five groups. The research on privacy protection in cloud storage is an ever-evolving field, and this paper highlights certain limitations in existing techniques. These limitations include a reliance on a single cloud service provider (CSP), insufficient reporting of key management attributes, and a lack of consideration for active threats. Furthermore, significant variations were observed in key length, external assets, irregularity features, and the software and hardware components used in testing. These findings provide valuable insights for future research in the field of cloud storage privacy.
Several critical factors identified in the literature contribute to the development of efficient privacy-protecting techniques for cloud storage. It is crucial for these techniques to be adaptive and cohesive, capable of withstanding various privacy breaches. Incorporating an internal auditing procedure is recommended as it is more reliable and efficient compared to relying solely on third-party auditors, which may introduce additional risks to cloud services. Cryptographic techniques utilizing asymmetric cryptography mechanisms, which involve the use of multiple keys for data encoding and decoding, are preferred due to their reliability and dependability. Encrypting critical data at every stage of transfer is essential when utilizing cloud storage to ensure data privacy, and iterative encryption can effectively prevent CSPs from tampering with sensitive information.
Scalability is a significant attribute to consider in privacy-preserving techniques, particularly in the context of cloud computing (CC), where cloud server resources may be limited. However, using scalability features in privacy-preserving techniques can sometimes be inefficient or counterproductive due to the prevailing privacy concerns in CC. Platform as a service (PaaS), achieved through the expansion of database replicas, and infrastructure as a service (IaaS), accomplished by increasing the number of load balancing virtual machines, are two methods proposed in the literature to address scalability in CC services. Some privacy-preserving techniques, such as HASBE and MapReduce, have incorporated scalability features to enhance their effectiveness.

5.2. Impact of Coupling on the Proposed Model

Coupling in the cloud safety representation refers to the integration and interdependence of various security components and mechanisms within the cloud environment. It plays a critical role in ensuring comprehensive and effective security measures. The impact of pairing in the cloud security model can be described in the following ways:
Comprehensive Security Approach: Coupling enables the implementation of a comprehensive security approach in the cloud environment. It ensures the tight integration of diverse security measures, including access control, encryption, authentication, and intrusion detection. By coupling these components, organizations can establish a unified security framework that addresses multiple security challenges and provides a layered defense against threats.
Defense-in-Depth Strategy: Coupling facilitates the implementation of a defense-in-depth strategy, which involves the deployment of multiple layers of security controls. By coupling different security measures, organizations can create a robust and redundant security posture. This approach reduces the risk of a single point of failure and enhances the overall resilience of the cloud infrastructure.
Effective Threat Mitigation: Coupling allows for a coordinated response to potential security threats and vulnerabilities. When security components are coupled, they can share information and collaborate in real-time to detect, analyze, and respond to security incidents. This collaborative approach enhances the capabilities for threat detection, containment, and mitigation, reducing the impact of security breaches and improving incident response times.
Centralized Visibility and Control: Coupling enables centralized visibility and control over the security landscape in the cloud environment. By integrating different security components, organizations can gain a comprehensive view of security events, monitor activities across the infrastructure, and enforce security policies consistently. This centralized control enhances the ability to manage security risks, enforce compliance requirements, and maintain a secure environment.
Improved Efficiency and Scalability: Coupling security components in the cloud security model can lead to improved operational efficiency and scalability. The tight integration of security measures reduces redundancy, eliminates silos, and optimizes resource utilization. Additionally, coupling allows organizations to scale their security capabilities seamlessly as the cloud infrastructure expands, ensuring that security measures can adapt to the evolving needs and demands of the environment.
Simplified Management and Maintenance: Coupling security components simplifies the management and maintenance of the cloud security model. It enables unified configuration, monitoring, and maintenance of security controls, reducing complexity and administrative overhead. This streamlined approach to security operations enhances productivity and enables efficient resource allocation for managing the security infrastructure.
Hence, it can be said that the coupling in the cloud security model is crucial for integrating security components, implementing a comprehensive approach, facilitating a defense-in-depth strategy, mitigating threats effectively, ensuring centralized visibility and control, improving efficiency and scalability, and simplifying management and maintenance. By embracing coupling, any organization can set up a vigorous and secure cloud environment that protects its data, applications, and infrastructure from a wide range of security risks.

5.3. Broader Impacts of the Multi-Layer Encoding Framework on Privacy-Sensitive Domains

The proposed multi-layer encoding framework will enhance cloud data security, and it will offer broader applicability across domains that require strong privacy measures. Its layered structure will enable fragmentation and encryption of data to provide protection for storage and transmission after extending its usefulness to privacy-centric information systems.
In text retrieval services, existing methods like dummy query generation and keyword confusion aim to mask user interests. The proposed framework complements such approaches by encoding user queries and access patterns. Further, it protects against profiling and data leaks. For mobile reading platforms and personalized search engines, encoding metadata and user preferences across layers will significantly reduce the risks of unauthorized profiling. Hence, it enhances user anonymity.
The proposed framework is also aligned with location privacy techniques, where dummy queries obscure real movements in the cloud–IoT environment. Here, multi-layer encoding will mask the real access points and introduce uncertainty in data tracing. In health information services, layered encoding will ensure that sensitive user queries remain confidential, and it will help in meeting the legal privacy standards.
In IoT and edge-computing environments, the encoding layers are distributed across nodes to ensure that no single device holds complete data. This decentralization technique will increase resistance in localized breaches. Similarly, cloud data retrieval systems benefit from encoding to support role-based access. Further, it reveals data based on user privileges and maintains tight control over information exposure.

5.4. Various Examples of the Described Cloud Storage Privacy-Protecting Model

The following are a few examples of the proposed model:
(i)
Data Encryption: Privacy-preserving models in cloud storage commonly utilize encryption techniques to safeguard data. Encryption ensures that data remains confidential, even if unauthorized access occurs.
(ii)
Access Control: Privacy-preserving models integrate access control mechanisms to regulate and restrict data access and modification in cloud storage. This prevents unauthorized users from viewing or altering sensitive information.
(iii)
Anonymization: Some privacy-preserving models in cloud storage employ anonymization techniques to remove personally identifiable information from data. This makes it challenging to link specific individuals to their stored information.
(iv)
Differential Privacy: Differential privacy techniques add noise or randomness to data before storing it in the cloud. This ensures that individual data points cannot be accurately identified, preserving individuals’ privacy while allowing meaningful data analysis.
(v)
Secure Multi-Party Computation (MPC): MPC enables various parties to collectively perform computations on their data without revealing sensitive information to each other or the cloud storage provider. This protects data privacy during collaborative analysis.
(vi)
Homomorphic Encryption: Homomorphic encryption is a groundbreaking advancement in the field of data security and privacy. It introduces a transformative capability to perform computations on encrypted data without the need for decryption, paving the way for a multitude of opportunities in secure and privacy-preserving data processing. It maintains data privacy throughout the computation process.
(vii)
Attribute-Based Encryption (ABE): ABE is an advanced cryptographic technique designed to offer precise control over access to data stored in cloud environments. It enables data encryption with specific attributes, allowing only users with matching attributes to decrypt and access the data.
(viii)
Privacy-Preserving Auditing: Privacy-preserving models may include auditing mechanisms that enable users to verify the integrity and authenticity of their cloud-stored data without revealing the actual content. This ensures data integrity while maintaining privacy.
(ix)
Data Residency and Jurisdiction Controls: Privacy-preserving models can incorporate features that allow users to specify the geographic location where their data should be stored.
(x)
Secure Data Deletion: Privacy-preserving models address the secure deletion of data from cloud storage. This ensures that deleted data is permanently removed and cannot be recovered, protecting the privacy of individuals whose data was stored in the cloud.
These examples (example ‘i’ to example ‘x’) illustrate the various privacy-preserving models used in cloud storage. Different combinations of these techniques, along with additional methods, may be employed to ensure the privacy of user data in the cloud.

5.5. Importance of a Password Verification System in Performance Measurement of the Proposed Approach

Real-time password authentication has a profound impact on cloud storage and the preservation of security by enhancing overall security measures and minimizing the risk of unauthorized access. Here are some key implications:
Enhanced Authentication: Real-time password verification adds an additional layer of authentication for accessing cloud storage. It ensures that users provide valid and up-to-date passwords during login, thereby reducing the chances of password-based attacks like brute-force or dictionary attacks.
Instant Detection of Compromised Passwords: Real-time verification enables immediate identification of compromised or weak passwords. If a user enters a password that has been previously compromised or is considered weak, the system can prompt the user to change it, effectively preventing potential security breaches.
Swift Response to Security Incidents: Real-time password verification facilitates the prompt detection and response to suspicious login attempts or unauthorized access. Security teams can receive instant alerts and take appropriate actions to mitigate risks, such as blocking suspicious IP addresses or implementing additional security measures.
Safeguarding User Accounts: Real-time password verification strengthens user account protection by ensuring that only authorized individuals with valid credentials can access cloud storage. This prevents unauthorized users from gaining access to sensitive data or tampering with files and resources stored in the cloud.
Mitigation of Credential Stuffing Attacks: Real-time password verification helps mitigate credential stuffing attacks, where attackers exploit compromised usernames and passwords from other sources to gain unauthorized access. By validating passwords in real-time, the system can detect and block login attempts using compromised credentials, thus reducing the success rate of such attacks.
Promotion of Improved Password Hygiene: Real-time password verification encourages users to adopt robust password hygiene practices. If a password is identified as weak or easily guessable, the system can prompt users to select stronger and more complex passwords, thereby enhancing overall security.
Compliance with Security Standards: Real-time password verification aids organizations in meeting security and compliance standards by enforcing stronger authentication measures. It ensures consistent enforcement of password policies, such as minimum length, complexity, and expiration, reducing the risk of non-compliance with industry regulations and standards.
Heightened User Awareness: Real-time password verification serves as an educational tool to increase user awareness regarding the significance of strong passwords and potential security risks. Prompting users to update their passwords or providing notifications about unsuccessful login attempts can foster a better understanding of security practices among users.
Hence, the authors can say that real-time password verification significantly strengthens the security of cloud storage by bolstering authentication, detecting compromised passwords, enabling rapid incident response, protecting user accounts, mitigating credential stuffing attacks, promoting better password hygiene, ensuring compliance, and enhancing user awareness of security practices.

5.6. Integration of Multi-Factor Authentication and K-Anonymity with the Proposed Framework

Multi-factor authentication (MFA) is a security mechanism that requires users to provide multiple forms of identification before accessing a system or application. The primary purpose of MFA is to add an additional layer of security beyond traditional username and password authentication, making it more difficult for unauthorized individuals to gain access. In the proposed framework, multi-factor authentication plays a critical role. Users seeking access to cloud-stored data must provide more than one form of identification, such as a combination of something they know (e.g., password), something they have (e.g., OTP sent to their mobile device), and something they are (e.g., biometric data like fingerprints) [79,80].
K-anonymity is a privacy-preserving technique employed in data anonymization. Its aim is to prevent individuals from being re-identified in a dataset by grouping or generalizing data attributes, thereby making each individual’s data indistinguishable among at least “k” other individuals. The objective of this research paper is to improve data protection in cloud environments through the introduction of an innovative and flexible framework. This framework combines multi-factor authentication with k-anonymity, a privacy-preserving technique, to address data privacy concerns.
To integrate k-anonymity into the framework, data undergoes a k-anonymization process before being stored in the cloud. This process involves grouping or generalizing data attributes to ensure that each individual’s data remains indistinguishable among at least “k” other individuals in the dataset, thus safeguarding individuals’ privacy and preventing re-identification. The proposed work includes multi-layer encoding, multi-cloud storage, and one-time passwords (OTP) as integral components of the proposed framework.
The combination of the multi-factor authentication and k-anonymity results of the proposed work in a multi-layered approach can bolster data privacy within cloud storage. Multi-factor authentication secures access to the cloud environment, while k-anonymity protects individuals’ data privacy by making it challenging to identify specific individuals from the dataset. Overall, the proposed framework offers a comprehensive and robust solution to address data privacy concerns in cloud computing. Its components, including multi-layer encoding, multi-cloud storage, multi-factor authentication, and possibly k-anonymity, strive to advance privacy-preserving techniques and inspire further developments in the field of cloud computing [81].

6. Conclusions

CC has garnered significant attention as an area of interest for data processing and management in the online environment. Privacy techniques have been developed to safeguard users’ privacy and data privacy by offering a range of privacy-preserving attributes. To develop an effective framework, it was necessary to establish a widespread set of privacy-linked attributes tailored specifically for cloud data storage. These attributes needed to be adaptable to diverse cyber threats, making them a valuable component of any privacy-preserving framework. In this study, a thorough examination of sixteen attributes was conducted, categorizing them into five distinct categories, namely design management, threat management, key management, performance management, and test management. These categories encompassed a range of relevant attributes, ensuring a holistic approach to privacy preservation.
Building upon these privacy-preserving attributes, the proposed study proposes a novel multi-layer-based encoding framework that incorporates a multi-cloud-based storage arrangement and the OTP (one-time password) authorization mechanism. By integrating these elements, the framework aims to guarantee robust data privacy within cloud storage. The multi-layer encryption approach adds an extra layer of protection, while the multi-cloud-based storage arrangement enhances data availability and redundancy. Additionally, the OTP authorization approach provides an additional layer of security during user authentication and access control. Collectively, these components work in tandem to address the critical aspects of data privacy in cloud storage. This framework aligns with the design guidelines and incorporates the main phases to establish a trustworthy and suitable cloud privacy solution capable of addressing data storage threats. The proposed approach involves moderate computational costs. Therefore, in systems with medium or high processing power, such as mobile platforms or IoT devices, the homomorphic-encryption intensive resource requirements—such as CPU usage, memory, and response time—can improve its effectiveness. Hence, its real-world deployment in such environments is often more practical.
This research work’s findings can guide upcoming investigations, leading to a private and efficient CC environment. Moreover, these findings will aid in evaluating and enhancing existing privacy approaches, as well as in developing novel approaches to address the evolving landscape of cloud storage and associated privacy threats.
The following may be a few of the limitations of this study:
(i)
During the handling of large datasets or numerous users, the described system may bring computational delays due to multi-level cloud arrangement and multi-layer encryption.
(ii)
The advanced multi-layer architecture of cloud-storage security requires significant expertise, and hence, it may have limited accessibility for smaller organizations.
(iii)
Interruption in service may affect the data availability in a multi-layer and multi-cloud environment.
(iv)
End users may face the problem of inconvenience due to the frequent requirements of authentication and encryption processes.
Further expansion of this study could include identifying additional privacy-preserving attributes to enhance the effectiveness of the proposed approach. Furthermore, the specific algorithm for each attribute for the proposed framework may be taken as future research work.

Author Contributions

Conceptualization, K.N.M., A.M., P.N.B. and R.K.L.; Methodology, K.N.M., A.M., P.N.B. and R.K.L.; Software, K.N.M. and P.N.B.; Validation, K.N.M. and A.M.; Formal analysis, K.N.M., A.M., P.N.B. and R.K.L.; Investigation, K.N.M., A.M., P.N.B. and R.K.L.; Data curation, R.K.L.; Writing—original draft, K.N.M., A.M. and P.N.B.; Writing—review and editing, K.N.M., A.M., P.N.B. and R.K.L.; Visualization, K.N.M., P.N.B. and R.K.L.; Supervision, K.N.M. All authors have read and agreed to the published version of the manuscript.

Funding

The APC was provided by the Norwegian University of Science and Technology, Trondheim, Norway.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

The original contributions presented in the study are included in the article, further inquiries can be directed to the corresponding author.

Conflicts of Interest

Being the corresponding author, I declare that there are no conflicts of interest with any person or organization for this paper.

Appendix A

  • # Multi-Layer Encoding Framework with Privacy-Preserving Attributes
  • import numpy as np
  • from sklearn.preprocessing import OneHotEncoder
  • from diffprivlib.models import LogisticRegression
  • from sklearn.model_selection import train_test_split
  • # Sample dataset with sensitive categorical attribute
  • # Format: [ID, Gender] -- Assuming ‘Gender’ is sensitive
  • data = np.array([[1, ‘Male’],
  •         [2, ‘Female’],
  •         [3, ‘Male’],
  •         [4, ‘Female’]])
  • # Extract features (e.g., Gender)
  • features = data[:, 1].reshape(−1, 1)
  • # First Layer: One-Hot Encoding
  • encoder = OneHotEncoder(sparse = False)
  • encoded_features = encoder.fit_transform(features)
  • # Dummy labels for model fitting (required by diffprivlib models)
  • # In a real case, this could be replaced with actual prediction labels
  • labels = np.array([0, 1, 0, 1]) # Example labels for supervised model
  • # Split data (required by sklearn/diffprivlib)
  • X_train, X_test, y_train, y_test = train_test_split(encoded_features, labels, test_size = 0.5, random_state = 42)
  • # Second Layer: Apply Differential Privacy using diffprivlib Logistic Regression
  • epsilon = 1.0 # Privacy budget
  • model = LogisticRegression (epsilon = epsilon)
  • model.fit (X_train, y_train)
  • # Use model to transform input with privacy guarantee
  • encoded_data_privacy = model.predict_proba (encoded_features)
  • # Third Layer: Optional additional encoding (e.g., encryption)
  • # Placeholder for additional security mechanisms
  • # Output the final encoded data
  • print (“Encoded data with privacy-preserving attributes:”)
  • print (encoded_data_privacy)

References

  1. Akremi, A.; Rouached, M. A comprehensive and holistic knowledge model for cloud privacy protection. J. Supercomput. 2021, 77, 7956–7988. [Google Scholar] [CrossRef]
  2. Salek, M.S.; Khan, S.M.; Rahman, M.; Deng, H.-W.; Islam, M.; Khan, Z.; Chowdhury, M.; Shue, M. A Review on cyber security of cloud computing for supporting connected vehicle applications. IEEE Internet Things J. 2022, 9, 8250–8268. [Google Scholar] [CrossRef]
  3. Rashid, Z.; Noor, U.; Altmann, J. Economic model for evaluating the value creation through information sharing within the cyber security information sharing ecosystem. Future Gener. Comput. Syst. 2021, 124, 436–466. [Google Scholar] [CrossRef]
  4. Mishra, A.; Alzoubi, Y.I.; Gill, A.Q.; Anwar, M.J. Cyber security enterprises policies: A comparative study. Sensors 2022, 22, 538. [Google Scholar] [CrossRef] [PubMed]
  5. Gill, S.S.; Kumar, A.; Singh, H.; Singh, M.; Kaur, K.; Usman, M.; Buyya, R. Quantum computing: A taxonomy, systematic review and future directions. Softw. Pract. Exp. 2022, 52, 66–114. [Google Scholar] [CrossRef]
  6. Kumar; Goyal, R. On cloud security requirements, threats, vulnerabilities, and counter measures: A survey. Comput. Sci. Rev. 2019, 33, 1–48. [Google Scholar] [CrossRef]
  7. Gupta, B.B.; Agrawal, D.P.; Wang, H. Computer, and Cyber Security: Principles, Algorithm, Applications, and Perspectives; Taylor & Francis Group: Oxford shire, UK; CRC Press: Boca Raton, FL, USA, 2019. [Google Scholar]
  8. Alzahrani, A.; Alyas, T.; Alissa, K.; Abbas, Q.; Alsaawy, Y.; Tabassum, N. Hybrid approach for improving the performance of data reliability in cloud storage management. Sensors 2022, 22, 5966. [Google Scholar] [CrossRef]
  9. Pathak, M.; Mishra, K.N.; Singh, S.P. Securing data and preserving privacy in cloud IoT-based technologies an analysis of assessing threats and developing effective safeguard. Artif. Intell. Rev. 2024, 57, 269. [Google Scholar] [CrossRef]
  10. El-Booz, S.A.; Attiya, G.; El-Fishawy, N. A secure cloud storage system combining time-base done-time password and automatic blocker protocol. EURASIP J. Inf. Secur. 2015, 188–194. [Google Scholar]
  11. Yuan, D.; Song, X.; Xu, Q.; Zhao, M.; Wei, X.; Wang, H.; Jiang, H. An ORAM-based privacy preserving data sharing scheme for cloud storage. J. Inf. Secur. Appl. 2018, 39, 1–9. [Google Scholar] [CrossRef]
  12. Jin, Y.; Wang, Y. An improved scheme of privacy-preserving based on Lagrange interpolation in cloud storage. In Proceedings of the 2nd International Conference on Artificial Intelligence and Industrial Engineering (AIIE2016), Beijing, China, 20–21 November 2016; pp. 424–428. [Google Scholar]
  13. Subha, T.; Jayashri, S. Efficient privacy-preserving integrity checking model for cloud at a storage security. In Proceedings of the 8th International Conference on Advanced Computing (ICoAC), Chennai, India, 19–21 January 2017; pp. 55–60. [Google Scholar]
  14. Kavin, P.; Ganapathy, S. A secured storage and privacy-preserving model using CRT for providing security on cloud and IoT-based applications. Comput. Netw. 2019, 151, 181–190. [Google Scholar] [CrossRef]
  15. Fritze, M.; Schiller-Wurster, K. Time to Get Serious About Hardware Cyber Security. Available online: https://www.defenseone.com/ideas/2018/01/time-get-serious-about-hardware-cybersecurity/145210/ (accessed on 2 March 2022).
  16. Kalaivani, A.; Ananthi, B.; Sangeetha, S. Enhanced hierarchical attribute-based encryption with modular padding for improved public auditing in cloud computing using a semantic ontology. Clust. Comput. 2019, 22, 3783–3790. [Google Scholar] [CrossRef]
  17. Alzoubi, Y.I.; Al-Ahmad, A.; Kahtan, H. Block chain technology as a Fog computing security and privacy solution: An overview. Comput. Commun. 2022, 182, 129–152. [Google Scholar] [CrossRef]
  18. Razaque, A.; Rizvi, S.S. Privacy-preserving model: A new scheme for auditing cloud stakeholders. J. Cloud Comput. 2017, 6, 7. [Google Scholar] [CrossRef]
  19. Kuang, L.; Tu, S.; Zhang, Y.; Yang, X. Providing privacy preserving in next POI recommendation for mobile edge computing. J. Cloud Comput. 2020, 9, 10. [Google Scholar] [CrossRef]
  20. Chamikara, M.A.P.; Bertók, P.; Liu, D.; Camtepe, S.; Khalil, I. Efficient data perturbation for privacy-preserving and accurate at a stream mining. Pervasive Mob. Comput. 2018, 48, 1–19. [Google Scholar] [CrossRef]
  21. Nagaraj, J.; Kumar, P. Review on privacy-preserving in cloud computing. Int. J. Comput. Appl. 2014, 975, 23–26. [Google Scholar]
  22. Tissir, N.; ElKafhali, S.; Aboutabit, N. Cyber security management in cloud computing: Semantic literature review and conceptual frame work proposal. J. Reliab. Intell. Environ. 2021, 7, 69–84. [Google Scholar] [CrossRef]
  23. Ghantous, G.B.; Gill, A.Q. Dev Ops reference architecture for multi-cloud IoT applications. In Proceedings of the 20th Conference on Business Informatics (CBI), Vienna, Austria, 11–13 July 2018; pp. 158–167. [Google Scholar]
  24. Singh, N.; Singh, A.K. Data privacy protection mechanisms in the cloud. Data Sci. Eng. 2018, 3, 24–39. [Google Scholar] [CrossRef]
  25. Joseph, N.M.; Daniel, E.; Vasanthi, N. Survey on privacy-preserving methods for storage in cloud computing. In Proceedings of the Amrita International Conference of Women in Computing, Amrita Vishwa Vidyapeetham, India, 9–11 January 2013; pp. 1–4. [Google Scholar]
  26. Bhagyashri, S.; Gurave, Y. A survey on privacy-preserving techniques for secure cloud storage. Int. J. Comput. Sci. Mob. Comput. (IJCSMC) 2014, 3, 675–680. [Google Scholar]
  27. Liu, Y.; Sun, Y.L.; Ryoo, J.; Rizvi, S.; Vasilakos, A.V. A survey of security and privacy challenges in cloud computing: Solutions and future directions. J. Comput. Sci. Eng. 2015, 9, 119–133. [Google Scholar] [CrossRef]
  28. Li, J.; Yan, H.; Zhang, Y. Identity-based privacy-preserving remote data integrity checking for cloud storage. IEEE Syst. J. 2020, 15, 577–585. [Google Scholar] [CrossRef]
  29. Waqar, A.; Raza, A.; Abbas, H.; Khan, M.K. A frame work for the preservation of cloud users’ data privacy using dynamic reconstruction of metadata. J. Netw. Comput. Appl. 2013, 36, 235–248. [Google Scholar] [CrossRef]
  30. Gundert, L.; Shen, M.-Y.; Lee, M. Understanding Security Through Probability. Available online: https://blogs.cisco.com/security/understanding-security-through-probability (accessed on 1 March 2022).
  31. Yang, X.; Yue, C.; Zhang, W.; Liu, Y.; Ooi, B.C.; Chen, J. Secu DB: An In-Enclave Privacy-Preserving and Tamper-Resistant Relational Database. Proc. VLDB Endow. 2024, 17, 3906–3919. [Google Scholar] [CrossRef]
  32. Wang, X.; Garg, S.; Lin, H.; Hu, J.; Kaddoum, G.; Piran, M.J.; Hossain, M.S. Toward Accurate Anomaly Detection in Industrial Internet of Things Using Hierarchical Federated Learning. IEEE Internet Things J. 2022, 9, 7110–7119. [Google Scholar] [CrossRef]
  33. Wang, X.; Garg, S.; Lin, H.; Kaddoum, G.; Hu, J.; Hossain, M.S. A Secure Data Aggregation Strategy in Edge Computing and Blockchain-Empowered Internet of Things. IEEE Internet Things J. 2020, 7, 14237–14246. [Google Scholar] [CrossRef]
  34. Wang, X.; Garg, S.; Lin, H.; Kaddoum, G.; Hu, J.; Hassan, M.M. Heterogeneous Block chain and AI-Driven Hierarchical Trust Evaluation for 5G-Enabled Intelligent Transportation Systems. IEEE Trans. Intell. Transp. Syst. 2021; 22, in press. [Google Scholar] [CrossRef]
  35. Wang, X.; Hu, J.; Lin, H.; Garg, S.; Kaddoum, G.; Piran, M.J.; Hossain, M.S. QoS and Privacy- Aware Routing for 5G-Enabled Industrial Internet of Things: A Federated Reinforcement Learning Approach. IEEE Trans. Ind. Informat. 2022, 18, 4189–4197. [Google Scholar] [CrossRef]
  36. Torkura, K.A.; Sukmana, M.I.; Cheng, F.; Meinel, C. Continuous auditing and threat detection in multi-cloud infrastructure. Comput. Secur. 2021, 102, 102–124. [Google Scholar] [CrossRef]
  37. Rizvi, S.; Karpinski, K.; Kelly, B.; Walker, T. Utilizing third party auditing to managing trust in the cloud. Procedia Comput. Sci. 2015, 61, 191–197. [Google Scholar] [CrossRef]
  38. Gupta, L.; Salman, T.; Ghubaish, A.; Unal, D.; Al-Ali, A.K.; Jain, R. Cyber security of multi-cloud health care systems: A hierarchical deep learning approach. Appl. Soft Comput. 2022, 118, 108439. [Google Scholar] [CrossRef]
  39. Hamilton, T. Test Environment for Software Testing. Available online: https://www.guru99.com/test-environment-software-testing.html (accessed on 1 March 2022).
  40. Dong, B.; Chen, Z.; Wang, H.; Tang, L.-A.; Zhang, K.; Lin, Y.; Li, Z.; Chen, H. Efficient discovery of abnormal event sequences in enterprise security systems. In Proceedings of the 2017 ACMon Conference on Information and Knowledge Management, Singapore, 6–10 November 2017; pp. 707–715. [Google Scholar]
  41. Zhang, Z.; Zhang, W.; Qin, Z. A partially hidden policy CP-ABE scheme against at tribute values guessing attacks with online privacy-protective decryption testing in IoT assisted cloud computing. Future Gener. Comput. Syst. 2021, 123, 181–195. [Google Scholar] [CrossRef]
  42. Tan, J.; Liao, X.; Liu, J.; Cao, Y.; Jiang, H. Channel Attention Image Stega nography with Generative Adversarial Networks. IEEE Trans. Netw. Sci. Eng. 2022, 9, 888–903. [Google Scholar] [CrossRef]
  43. Hu, J.; Liao, X.; Wang, W.; Qin, Z. Detecting Compressed Deep fake Videos in Social Networks Using Frame-Temporality Two-Stream Convolution Network. IEEE Trans. Circuits Syst. Video Technol. 2022, 32, 1089–1102. [Google Scholar] [CrossRef]
  44. Chen, J.; Liao, X.; Wang, W.; Qian, Z.; Qin, Z.; Wang, Y. SNIS: A Signal Noise Separation-Based Network forPost-Processed Image Forgery Detection. IEEE Trans. Circuits Syst. Video Technol. 2023, 33, 935–951. [Google Scholar] [CrossRef]
  45. Kilinc, N.; Sezer, L.; Mishra, A. Cloud-based test tools: A brief comparative view. Cybern. Inf. Technol. 2018, 18, 3–14. [Google Scholar]
  46. Mishra, A.; Alzoubi, Y.I.; Anwar, M.J.; Gill, A.Q. Attributes impacting cyber security policy development: An evidence from seven nations. Comput. Secur. 2022, 120, 102820. [Google Scholar] [CrossRef]
  47. Mishra, D.; Aydin, S.; Mishra, A.; Ostrovska, S. Knowledge management in requirement elicitation: Situational methods view. Comput. Stand. Interfaces 2018, 56, 49–61. [Google Scholar] [CrossRef]
  48. D Shukla, K.; Dwivedi, V.K.; Trivedi, M.C. Encryption algorithm in cloud computing. Mater. Today Proc. 2021, 37, 1869–1875. [Google Scholar] [CrossRef]
  49. Thabit, F.; Al homdy, S.; Jagtap, S. Security analysis and performance evaluation of a new light weight cryptographic algorithm for cloud computing. Glob. Transit. Proc. 2021, 2, 100–110. [Google Scholar] [CrossRef]
  50. Thompson, M. CISOs should work closely with their IT AM colleagues. Netw. Secur. 2021, 2021, 9–12. [Google Scholar] [CrossRef]
  51. Ramalingam, C.; Mohan, P. Addressing semantics standards for cloud portability and interoperability in amulti-cloud environment. Symmetry 2021, 13, 317. [Google Scholar] [CrossRef]
  52. Alzoubi, Y.I.; Osmanaj, V.H.; Jaradat, A.; Al-Ahmad, A. Fog computing security and privacy for the Internet of Thing applications: State-of-the-art. Secur. Priv. 2021, 4, e145. [Google Scholar] [CrossRef]
  53. Lightedge. com. Why Multi-Cloud Strategy Beats Single Cloud Almost Every Time. Available online: https://lightedge.com/resources/why-multi-cloud-strategy-beats-single-cloud-almost-every-time/ (accessed on 30 June 2025).
  54. Stubbs, R. Classification of Cryptographic Keys. Available online: https://www.cryptomathic.com/news-events/blog/classification-of-cryptographic-keys-functions-and-properties (accessed on 1 March 2022).
  55. Amiruddin, A.; Ratna, A.A.P.; Sari, R.F. Construction and analysis of key generation algorithms based on modified Fibonacci and scrambling factors for privacy preservation. Int. J. Netw. Secur. 2019, 21, 250–258. [Google Scholar]
  56. Amirany, A.; Jafari, K.; Moaiyeri, M.H. True random number generator for reliable hardware security modules based on an euromorphic variation-tolerant spintronic structure. IEEE Trans. Nanotechnol. 2020, 19, 784–791. [Google Scholar] [CrossRef]
  57. Yamato, Y. Automatic verification technology of software patches for user virtual environments on IaaS cloud. J. Cloud Comput. 2015, 4, 1–14. [Google Scholar] [CrossRef]
  58. Potter, B.; McGraw, G. Software security testing. IEEE Secur. Priv. 2004, 2, 81–85. [Google Scholar] [CrossRef]
  59. Yang, X.; Wang, S.; Li, F.; Zhang, Y.; Yan, W.; Gai, F.; Yu, B.; Feng, L.; Gao, Q.; Li, Y. UbiquitousVerification in CentralizedLedger Database. In Proceedings of the 2022 IEEE 38th International Conference on Data Engineering (ICDE), Kuala Lumpur, Malaysia, 9–12 May 2022; pp. 1808–1821. [Google Scholar] [CrossRef]
  60. Cayirci, E.; De Oliveira, A.S. Modelling trust and risk for cloud services. J. Cloud Comput. 2018, 7, 14. [Google Scholar] [CrossRef]
  61. Öztayşi, B.; Kutlu, A.C. Determining the importance of performance measurement criteria based on total quality management using fuzzy analytical network process. In Practical Applications of Intelligent Systems. Advances in Intelligent and Soft Computing; Wang, Y., Li, T., Eds.; Springer: Berlin/Heidelberg, Germany, 2011; pp. 391–400. [Google Scholar]
  62. Bergh, D.D.; Ketchen, D.J., Jr.; Orlandi, I.; Heugens, P.P.; Boyd, B.K. Information asymmetry in management research: Past accomplishments and future opportunities. J. Manag. 2019, 45, 122–158. [Google Scholar] [CrossRef]
  63. Yang, E.; Joshi, G.P.; Seo, C. Improving the detection rate of rarely appearing intrusions in network-based intrusion detectionsystems. Comput. Mater. Contin. 2021, 66, 1647–1663. [Google Scholar]
  64. ŽTurk; de Soto, B.G.; Mantha, B.R.; Maciel, A.; Georgescu, A. A systemic frame work for addressing cyber security in construction. Autom. Constr. 2022, 133, 103988. [Google Scholar]
  65. Hu, F.; Qiu, M.; Li, J.; Grant, T.; Taylor, D.; McCaleb, S.; Butler, L.; Hamner, R. A review on cloud computing: Design chall enges in architecture and security. J. Comput. Inf. Technol. 2011, 19, 25–55. [Google Scholar] [CrossRef]
  66. Educative. Security on the Cloud—Design Principles. Available online: https://www.educative.io/courses/cloud-architecture-a-guide-to-design-and-architect-your-cloud/7nnxwPxALZj (accessed on 6 March 2022).
  67. Nexor. The 14 Cloud Security Principles—What Do They Mean for You? Available online: https://www.nexor.com/cloud-security-principles/ (accessed on 6 March 2022).
  68. Ahuja, R.; Mohanty, S.K.; Sakurai, K. A scalable attribute-set-based access control with both sharing andfull-fledged delegation of access privileges in cloud computing. Comput. Electr. Eng. 2017, 57, 241–256. [Google Scholar] [CrossRef]
  69. Ismail, U.M.; Islam, S. A unified frame work for cloud security transparency and audit. J. Inf. Secur. Appl. 2020, 54, 102594. [Google Scholar]
  70. Ru Wei, H.; Xiao Lin, G.; Si, Y.; Wei, Z. Study of Privacy-preserving Framework for Cloud Storage. ComSIS 2011, 8, 801–819. [Google Scholar] [CrossRef]
  71. Chandramohan, A.D.; Vengattaraman, T.; Rajaguru, D.; Dhavachelvan, P. A new privacy preserving technique for cloud service user end or segment using multi-agents. J. King Saud Univ.—Comput. Inf. Sci. 2016, 28, 37–54. [Google Scholar] [CrossRef]
  72. Li, Y.; Gai, K.; Qiu, L.; Qiu, M.; Zhao, H. Intelligent cryptography approach for secure distributed big data storage in cloud computing. Inf. Sci. 2017, 387, 103–115. [Google Scholar] [CrossRef]
  73. Liu, X.; Lin, Y.; Liu, Q.; Yao, X. A Privacy-Preserving Principal Component Analysis Outsourcing Framework. In Proceedings of the 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/ 12th IEEE International Conference on Big Data Science and Engineering, NewYork, NY, USA, 1–3 August 2018. [Google Scholar]
  74. Fern, M.; Jaimunk, J.; Thuraisingham, B. Privacy-Preserving Architecture for Cloud-IoT Platforms. In Proceedings of the 2019 IEEE International Conference on Web Services (ICWS), Milan, Italy, 8–13 July 2019. [Google Scholar] [CrossRef]
  75. Kuldeep, G.; Zhang, Q. Multi-class privacy-preserving cloud computing based on compressive sensing forIoT. J. Inf. Secur. Appl. 2022, 66, 103139. [Google Scholar]
  76. Kumar, A.; Aljrees, T.; Hsieh, S.-Y.; Singh, K.U.; Singh, T.; Raja, L.; Samriya, J.K.; Mundotiya, R.K. A Hybrid Solution for Secure Privacy-Preserving Cloud Storage & Information Retrieval. Res. Open Access Hum.-Centric Comput. Inf. Sci. 2023, 13, 11. [Google Scholar] [CrossRef]
  77. Gopinath, N. Enhancing the Cloud Security using Secured Quantum Key Distribution. Res. Sq. 2023. preprint. [Google Scholar]
  78. Safe Li Share. Available online: https://www.cybersecurityintelligence.com/safelishare-10782.html (accessed on 26 June 2025).
  79. Skyflow. Securing the Modern AI Data Stack. Data Privacy Vault for PII, PCI, and PHI. Available online: https://www.skyflow.com (accessed on 26 June 2025).
  80. Singh, A.; Satapathy, S.C.; Roy, A.; Gutub, A. Ai-based mobile edge computing for IoT: Applications, challenges, and futurescope. Arab. J. Sci. Eng. 2022, 47, 9801–9831. [Google Scholar] [CrossRef]
  81. Mishra, A.; Alzoubi, Y.I.; Gill, A.Q.; Mishra, K.N. EnhancingPrivacy-Preserving Mechanisms in Cloud Storage: A Novel Conceptual Frame work. Concurr. Comput. Pract. Exp. 2023, 35, e7831. [Google Scholar] [CrossRef]
Applsci 15 07485 g001
Figure 1. Privacy-protecting attributes taxonomy.
Figure 1. Privacy-protecting attributes taxonomy.
Applsci 15 07485 g001
Applsci 15 07485 g002
Figure 2. Privacy-preserving framework.
Figure 2. Privacy-preserving framework.
Applsci 15 07485 g002
Applsci 15 07485 g003
Figure 3. Described SafeLiShare platform.
Figure 3. Described SafeLiShare platform.
Applsci 15 07485 g003
Applsci 15 07485 g004
Figure 4. The privacy-preserving cloud storage framework.
Figure 4. The privacy-preserving cloud storage framework.
Applsci 15 07485 g004
Applsci 15 07485 g005
Figure 5. Petri-net privacy-preserving workflow in the cloud.
Figure 5. Petri-net privacy-preserving workflow in the cloud.
Applsci 15 07485 g005
Applsci 15 07485 g006
Figure 6. S2C privacy preserving cohesion technique.
Figure 6. S2C privacy preserving cohesion technique.
Applsci 15 07485 g006
Applsci 15 07485 g007
Figure 7. Architecture of the proposed SA-EDS model.
Figure 7. Architecture of the proposed SA-EDS model.
Applsci 15 07485 g007
Applsci 15 07485 g008
Figure 8. Cloud security services.
Figure 8. Cloud security services.
Applsci 15 07485 g008
Applsci 15 07485 g009
Figure 9. Architecture for privacy-preserving cloud-IoT platform.
Figure 9. Architecture for privacy-preserving cloud-IoT platform.
Applsci 15 07485 g009
Applsci 15 07485 g010
Figure 10. Multi-class encryption architecture for multi-class data consumers with a facility for cloud storage.
Figure 10. Multi-class encryption architecture for multi-class data consumers with a facility for cloud storage.
Applsci 15 07485 g010
Applsci 15 07485 g011
Figure 11. Service model for cloud-assisted storage and decompression.
Figure 11. Service model for cloud-assisted storage and decompression.
Applsci 15 07485 g011
Applsci 15 07485 g012
Figure 12. Architectural representation of multi-class encoding and outsourcing of computationally expensive end users.
Figure 12. Architectural representation of multi-class encoding and outsourcing of computationally expensive end users.
Applsci 15 07485 g012
Applsci 15 07485 g013
Figure 13. Proposed model architecture for data security.
Figure 13. Proposed model architecture for data security.
Applsci 15 07485 g013
Applsci 15 07485 g014
Figure 14. Proposed workflow chart to preserve data privacy.
Figure 14. Proposed workflow chart to preserve data privacy.
Applsci 15 07485 g014
Applsci 15 07485 g015
Figure 15. Described BCBF framework.
Figure 15. Described BCBF framework.
Applsci 15 07485 g015
Table 1. Attributes of design management.
Table 1. Attributes of design management.
Privacy-Preserving AttributeStudyCharacteristics
Design features[11,14]
  • An automatic blocker protocol is employed to authorize and validate external audits, ensuring their credibility and integrity.
  • OTP authentication is utilized to verify and authenticate cloud users, enhancing security.
  • The key generation and tag generation processes are carried out in distinct phases, ensuring the secure and efficient creation of cryptographic keys and identification tags.
Data auditing[43,46]
  • Internal and external auditing mechanisms are implemented to ensure the integrity and compliance of the system, allowing for comprehensive and trustworthy assessments of the cloud storage environment.
  • The data block address and the corresponding data are kept in a specialized data block format, optimizing the organization and retrieval of information within the cloud storage system.
  • SQL procedures and queries are utilized to facilitate efficient data management and retrieval operations, enabling seamless interaction with the cloud storage infrastructure.
Cryptographic technique[10,11,12,13,14,16,44,45,48,49]
  • Lagrange interpolation encryption is employed as a cryptographic technique to secure the data in transit or in storage, providing robust protection against unauthorized access or tampering.
  • A triple-encryption scheme is implemented to enhance the security of sensitive data stored in the cloud, utilizing multiple layers of encryption for added resilience against potential attacks.
  • The utilization of a hash function, along with advanced encryption standards and a shared key, re-ensures the confidentiality and integrity of data in the cloud storage system, safeguarding it from unauthorized manipulation or disclosure.
  • Public-key techniques, accompanied by digital certificates, are utilized to establish secure communication channels and verify the authenticity of entities accessing the cloud storage, enhancing overall data security.
  • Broadcast encryption, coupled with the SHA-1 hash function, is employed to efficiently distribute encrypted data to multiple recipients while maintaining confidentiality and ensuring that only authorized individuals can access the information.
  • The Advanced Encryption Standard (AES) is applied in conjunction with the ECB (Electronic Codebook) and randomized encryption techniques to provide a high level of confidentiality and protect the privacy of data stored in the cloud.
External assets[12,14,45,50]
  • The OTP algorithm, as specified in RFC (6238), is utilized for secure authentication and verification of cloud users, ensuring robust protection against unauthorized access.
  • The Lagrange interpolation algorithm is employed as a cryptographic technique to safeguard the confidentiality and integrity of data during transit or storage in the cloud environment.
  • The security and efficiency of data retrieval and storage for handling SQL queries effectively need to be enhanced.
  • The monotonic encryption method is utilized to provide secure and efficient computation on encrypted data while preserving the order and integrity of the underlying information.
Structure of the cloud storage[36,51]
  • Single-CC structure (cloud storage system with a single cloud service provider hosting and managing data).
  • Multi-CC structure (cloud storage system with multiple cloud service providers collaborating to host and manage data).
Table 2. The main attributes of key management.
Table 2. The main attributes of key management.
Privacy-Protecting AttributeStudyCharacteristics
Key generation technique[11,48]
  • The framework utilizes a cryptographic system that employs a pair of keys: a private key for encryption and a public key for decryption. This asymmetric encryption approach enhances data security and confidentiality.
  • The framework incorporates key generation mechanisms such as IGen, SGen, and PGen. These tools generate signing keys, symmetric keys, and public keys, respectively. This diverse set of key generation techniques enhances the overall safety of the system.
Key length[14,54]
  • The framework supports key lengths of 56, 128, 512, and 1024 bits. This flexibility allows users to choose the appropriate key length based on their specific security requirements and the sensitivity of their data.
  • In addition to fixed key lengths, the framework also supports the generation of keys with random lengths. This adds an extra layer of unpredictability and complexity to the encryption process, making it more resistant to cryptographic attacks.
Key governance[14,45]
  • The framework incorporates a governance system for managing group keys. This ensures that access to sensitive data is controlled and restricted to authorized individuals or groups, enhancing data confidentiality within a collaborative environment.
  • The framework includes a comprehensive system for governing both master keys and session keys. Master keys are used for long-term encryption purposes, while session keys are generated and used for shorter periods, ensuring secure and efficient data transmission.
Key function[49,54]
  • The framework employs various cryptographic functions to enhance data security, including authentication to verify the identity of users and encryption to protect data during transit and storage.
Table 3. Attributes used for test management.
Table 3. Attributes used for test management.
Privacy-Protecting AttributeReferenceCharacteristics
Test environment[15,39]
  • C++, Java
  • Operating system
Test applied[10,12,13,14,45]
  • Management of various sessions, SQL injection, broken authentication, forgery requests, and poor traffic are some of the common types of vulnerabilities that need to be tested.
  • The efficiency and performance of privacy-preserving techniques should be assessed through thorough testing.
  • In addition to traditional performance tests, the zero-knowledge shuffle correctness proof test can be employed to validate the effectiveness of privacy-preserving techniques.
Table 4. Threat management attributes.
Table 4. Threat management attributes.
Privacy-Protecting AttributeStudyCharacteristics
Threat type[10,59,60]
  • Passive and active threats
Threat addressed[22,60]
  • Message modification
  • Data tampering, denial of service, ciphertext, and chosen-plaintext.
Table 5. Attributes required for managing the performance.
Table 5. Attributes required for managing the performance.
Privacy-Preserving AttributeStudyProperties
Performance standards[11,12,14,61]
  • Key computation time, key recovery time, and encryption/decryption time should be assessed to understand the efficiency of the techniques.
  • Data privacy, storage space utilization, and the time required during download/upload procedures should be considered when evaluating the effectiveness of privacy-preserving techniques.
Abnormality[10,11,13,44]
  • Utilize an automated blocker protocol to certify the external authority and ensure its credibility.
  • Implement Path-ORAM that reduces the expenses associated with establishing a secure and dependable communication system.
  • Verify the authenticity of data blocks by employing the Merkle hash tree as a means of authentication.
Privacy achievements[62,63,64]
  • Guarantees the transparency and integrity of data, as well as the uninterrupted availability of services.
  • Employs advanced privacy features to maintain the integrity and consistency of cloud data.
  • Prevents unauthorized individuals from performing an action and ensures that the server cannot disclose any sensitive information without access pattern utilization.
Table 6. Performance comparison of the proposed framework with the preceding privacy-protecting approaches.
Table 6. Performance comparison of the proposed framework with the preceding privacy-protecting approaches.
Paper IDEncryptionAccess
Control		AnonymizationData IntegrityAuditabilityScalabilityThreat Detection
1.[2]
Salek et al. (2022)		Uses advanced cryptographic protocols for connected vehicles.Role-Based Access Control (RBAC).Limited focus.Blockchain-based for secure communication.Highlights monitoring mechanisms.Moderate (connected vehicle constraints).Strong focus on vehicular cybersecurity.
2.[5]
Gill et al. (2022)		Quantum-resistant cryptographic methods.Enhanced quantum-computing-aware methods.No focus.Discusses impact of quantum computing on integrity.Highlights future quantum audit tools.High (quantum approaches adapt well).Discusses potential quantum-enabled threats.
3.[6] Kumar and Goyal (2019)Broad coverage of standard encryption.Discusses fine-grained control (ABAC).Mentions pseudonymization.Comprehensive focus on hashing and blockchain.Limited, suggests general measures.High (modular approaches).Surveys cloud threat detection methods.
4.[22] Tissir et al. (2021)Semantic-based cryptographic solutions.Conceptual models for access control.Emphasizes k-anonymity.Moderate (framework proposal only).Proposes auditing framework.High (semantic adaptability).Limited focus on practical threat detection.
5.[36] Torkura et al. (2021)Encryption for multi-cloud environments.Highlights advanced access models.Limited focus.Strong, continuous validation with Merkle trees.Extensive focus on real-time auditing.Moderate (multi-cloud setup overhead).Detailed techniques for multi-cloud threats.
6.[38] Gupta et al. (2022)Encryption using hierarchical deep learning.Focus on healthcare-specific RBAC.Data obfuscation techniques discussed.Strong emphasis on healthcare data pipelines.Limited, proposes basic mechanisms.High (hierarchical model adaptability).Healthcare-specific threat detection.
7.[41] Z. Zhang et al. (2019)Advanced CP-ABE scheme to prevent guessing attacks.Fine-grained, attribute-based control.Policy hiding addresses partial anonymization.Ensures integrity via privacy-protective decryption.Limited to policy verification.Scalable for IoT-cloud integrations.Targets attribute guessing attacks.
8.[55] Amiruddin et al. (2019)Advanced cryptographic techniques for storage.Highlights encryption-integrated control.Limited focus.Emphasizes cryptographic proof mechanisms.Detailed coverage of cryptographic auditing.Moderate (storage-specific solutions).Limited focus on general cloud threats.
9.Proposed ApproachAdvanced cryptographic approaches for storage.Highlights advanced accessed model and encryption-integrated control.Emphasized k-anonymity with limited focus on pseudo-anonymity.Advanced framework with emphasis on cryptography.Descriptive coverage of cryptography-based real-time auditingAdvanced modular approach.Detailed focus on practical threat detection and multi-cloud threats.
Table 7. Advantages and limitations-based comparison of proposed approach with other preceding privacy-protecting approaches.
Table 7. Advantages and limitations-based comparison of proposed approach with other preceding privacy-protecting approaches.
Paper IDAdvantagesLimitations
1.[2] Salek et al. (2022)It provides a comprehensive review of cloud cybersecurity for connected vehicles; scalable to IoT-cloud integration.Limited focus on anonymization and auditability details; it lacks practical implementation insights.
2.[5] Gill et al. (2022)It envisions robust post-quantum cryptographic solutions; it explores scalability and future threats.Theoretical insights without immediate practical applicability; it has a limited focus on anonymization.
3.[6] Kumar and Goyal (2019)It provides a detailed survey of cloud security challenges and countermeasures. It provides further extensive coverage of access control.It has limited focus on scalability and practical applications; it lacks detailed anonymization strategies.
4.[22] Tissir et al. (2021)It provides a conceptual framework adaptable to various cloud environments and addresses management challenges.It does not focus explicitly on anonymization or encryption details; it lacks practical validation.
5.[36] Torkura et al. (2021)It provides practical and scalable solutions for multi-cloud auditing and threat detection.It has limited focus on encryption and anonymization; it is primarily targeted at auditing use cases.
6.[38] Gupta et al. (2022)It includes advanced use of hierarchical deep learning for scalable and effective threat detection. Further, it ensures healthcare data integrity.It focuses mainly on healthcare use cases; it has limited discussion on anonymization and cryptographic details.
7.[41] Z. Zhang et al. (2019)It provides an innovative CP-ABE scheme that ensures robust access control and partial anonymization. It is scalable with IoT-cloud integration.It has limited focus on auditability and broad threat landscapes; it mainly addresses attribute-guessing attacks.
8.[55] Amiruddin et al. (2019)It provides a comprehensive review of cryptographic challenges and solutions. It emphasizes data integrity.It focuses primarily on cryptographic methods; it has scalability challenges in multi-cloud contexts.
9.The proposed multi-layer encoding frameworkIncorporates various privacy-protecting attributes traced in the survey. Further, it incorporates well-designed elements to ensure data privacy and security.To ensure cloud scalability within the framework, it is imperative to establish a viable mechanism.
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Mishra, K.N.; Lal, R.K.; Barwal, P.N.; Mishra, A. Advancing Data Privacy in Cloud Storage: A Novel Multi-Layer Encoding Framework. Appl. Sci. 2025, 15, 7485. https://doi.org/10.3390/app15137485

AMA Style

Mishra KN, Lal RK, Barwal PN, Mishra A. Advancing Data Privacy in Cloud Storage: A Novel Multi-Layer Encoding Framework. Applied Sciences. 2025; 15(13):7485. https://doi.org/10.3390/app15137485

Chicago/Turabian Style

Mishra, Kamta Nath, Rajesh Kumar Lal, Paras Nath Barwal, and Alok Mishra. 2025. "Advancing Data Privacy in Cloud Storage: A Novel Multi-Layer Encoding Framework" Applied Sciences 15, no. 13: 7485. https://doi.org/10.3390/app15137485

APA Style

Mishra, K. N., Lal, R. K., Barwal, P. N., & Mishra, A. (2025). Advancing Data Privacy in Cloud Storage: A Novel Multi-Layer Encoding Framework. Applied Sciences, 15(13), 7485. https://doi.org/10.3390/app15137485

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop