The global ubiquity of cloud computing may expose consumer’s sensing personal data to significant privacy and security threats. A critical challenge for the cloud computing industry is to earn consumers’ trust by entering adequate privacy and security for sensitive consumer data. Regulating consumer privacy and security also challenges government enforcement of data protection laws that were designed with national borders in mind. In this paper, we present a hybrid cloud architecture which combines public cloud, private cloud computing and cryptography to minimize the bank’s operational costs, maximizing the flexibility, scalability, availability and reliability of the services provided by the bank and guarantees the privacy, confidentiality and safety of the client’s record. A smart card which contains a secret key is produced for each client upon creating a new account. A smart card which contains a pair of public/private keys is produced for each bank. A smart card which contains a secret key is produced for the auditor to decrypt the database of the banks’ public/private keys for auditing purposes. The secret key is used to encrypt and decrypt the client’s account data. The bank uses its public key to double encrypt the client’s data that are temporarily stored in the bank’s private cloud before being transmitted to be stored permanently in the public cloud. In order to perform any transaction on a client’s account, the client’s record must be retrieved from the public cloud and stored temporarily in the bank’s private cloud in order to be decrypted with the bank’s private key and then decrypted using the client’s secret key in order to perform the required transaction in the private cloud.

Online banking, Hybrid cloud, Cryptography, Security

[1] Jun Li, Bryan Stephenson, "GEODAC: A Data Assurance Policy Specification and Enforcement Framework for Outsourced Services", In Proceedings of IEEE Transaction in Services Compuitng, Vol. 4, No. 4, Oct 2011.
[2] Tristan Groleat and Helia Pouyllau, "Distributed Learning Algorithms for Inter-NSP SLA Negotiation Management", In Proceedings of IEEE Transaction on Network and Service management, Vol. 9, No. 4, Dec 2012.
[3] Nancy J. King, V.T. Raja, "Protecting the privacy and security of sensitive customer data in the cloud", ELSEVIER Journal of Computer law & security RE, Vol. 28, No. 3, pp.308-319, June 2012.
[4] Nir Kshetri, "Privacy and security issues in cloud computing: The role of institutions and institutional evolution", ELSEVIER journal of Telecommunication policy, Vol. 37, No. 4–5, pp. 372-386, May–June 2013.
[5] Justin L. Rice, Vir V. Phoha, "Using Mussel-Inspired Self-Organization and Account Proxies to Obfuscate Workload Ownership and Placement in Clouds", In Proceeding of IEEE Transactions on Information Forensics and Security, Vol. 8, No. 6, pp. 963-972, June 2013.
[6] Lifei Wei a, Haojin Zhu, "Security and privacy for storage and computation in cloudcomputing", ELSEVIER Journal of Information Sciences, Vol. 258, pp. 371-386, Feb 2014.
[7] Gongjun Yan, Ding Wen, "Security Challenges in Vehicular Cloud Computing", In Proceedings of IEEE Transaction on Intelligent Transaction System, Vol. 14, No. 1, pp. 284-294, Mar 2013.
[8] Farrukh Shahzad, "State-of-the-art Survey on Cloud Computing Security Challenges,
Approaches and Solutions", ELSEVIER Journal of Procedia Computer Science on Applications of Ad hoc and Sensor Networks, Vol. 37, pp. 357-362, 2014.
[9] Maha TEBAA, Said EL HAJJI, "From Single to Multi-Clouds Computing Privacy and Fault
Tolerance", In Proceedings of IEEE International Journal of Future Information Engineering, Vol. 10, , pp. 112-118, 2014.
[10] Rizwana Shaikha, Dr. M. Sasikumarb, "Trust Model for Measuring Security Strength of Cloud Computing Service", ELSEVIER Journal of Advanced Computing Technologies and Applications (ICACTA), Vol. 45, pp. 380-389, 2015.
[11] Steve Jones, "Cloud computing procurement and implementation: Lessons learnt from a United Kingdom case study", ELSEVIER Journal of Information Management, Vol. 35, No. 6, pp. 712-716, Dec 2015.
[12] Changbo Ke a, Zhiqiu Huang a, "Supporting negotiation mechanism privacy authority method in cloud computing", ELSEVIER Journal of Knowledge Based Systems, Vol. 51, pp. 48-59, October 2013.
[13] Ibrahim Arpaci, Kerem Kilicer, "Effects of security and privacy concerns on educational use of cloud services", ELSEVIER Journal of Computer in Human Behaviour, Vol. 45, pp. 93-98, April 2015.
[14]Bharath K.Samanthula, YousefElmehdwi, "A secure data sharing and query processing framework via federation of cloudcomputing ", ELSEVIER Journal of Information Systems, Vol. 48, pp. 196-212, March 2015.
[15] Khaled Salah a, Jose M. Alcaraz Calero, "Analyzing the security of Windows 7 and Linux for cloud computing", ELSEVIER Journal of Computers and Security, Vol. 34, pp. 113-122, May 2013.
[16] Salim Bitam, Abdelhamid Mellouk, "Vanet-Cloud: A Generic Cloud Computing Model For Vehicular Ad Hoc Networks", In Proceedings of IEEE Wireless Communication, Vol. 22, No. 1, pp. 96-102, Jan 2015.
[17] R. Velumadhava Raoa, K. Selvamani, "Data Security Challenges and Its Solutions in Cloud Computing", ELSEVIER Journal of Procedia Computer Science, Vol. 48, pp. 204-209, 2015.
[18] Tao Jiang, Xiaofeng Chena, "Towards secure and reliable cloud storage against data reoutsourcing", ELSEVIER Journal of Future Generation Computer Systems, Vol. 52, pp. 86-94, Nove 2015.
[19] Mehdi Sookhaka, Abdullah Gania, "Dynamic remote data auditing for securing big data storage in cloud computing", ELSEVIER Journal of Information Sciences, pp. 1-16, 2015.
[20] Vijay Varadharajan, Udaya Tupakula, "Security as a Service Model for Cloud Environment", In Proceedings of IEEE Transaction on Network and Service Management, Vol. 11, No. 1, pp. 60-75, March 2014.
[21] Jin Li, Zheli Liu, "L-EncDB: A lightweight framework for privacy-preserving data queries in cloud computing", ELSEVIER Journal of Knowledge-based Systems, Vol. 79, pp. 18-26, May 2015.
[22] Hassan Rasheed, "Data and infrastructure security auditing in cloud computing environments", Vol. 34, No. 3, pp. 364-368, June 2014.