Advances and Challenges in Cloud Data Storage Security: A Systematic Review

Before diving into the specific ideas behind this systematic review, it is important to first build a basic understanding of the cloud landscape. This foundation will help make the concepts clearer.

2.1 Cloud computing

Cloud computing is a new paradigm that provides a set of resources hosted on the Internet, users can use them with a pay as you go pricing model. The cloud paradigm enables users in the same time to exploit any service without needing to own or manage the physical infrastructure [15]. Its scalability and flexibility help organizations also to allocate resources more efficiently, and to improve performance and reduce costs [16].

1.png

Figure 1. Main categories of cloud services

Cloud computing services are typically classified into three main categories, as depicted in Figure 1, Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). These distinct models offer varying degrees of user control and management [17].

2.2 Cloud data storage

Cloud storage refers to the storage and management of data in the cloud. Each approach differs in the way it organizes and processes data to meet specific requirements. The main categories of cloud storage are as follows [18]:

• Object-based storage: Information is stored as distinct objects, which may include documents, multimedia files, or other forms of unstructured data.
• Block-level storage: Data is fragmented into separate units (blocks) and stored independently, making it ideal for structured data applications.
• File-based storage: Provides a hierarchical file system that enables data organization, storage, and retrieval through a directory structure.

Table 1. Data storage offers per cloud service provider

Cloud service providers offer tailored data storage solutions, categorized as file, block, and object storage, each category is suited to specific needs. Table 1 lists storage services from major providers [19].

2.3 Shared responsibility model

The shared responsibility model allows to separate the security perimiter of both cloud service providers (CSPs) and users. CSPs protect cloud infrastructure [20], whereas users responsible of protecting their data through encryption, access controls, adequat configuration, and vigilance against breaches and internal threats [21].

Table 2. Separation of responsabilities in the cloud

Table 2 illustrates the cooperative aspect of cloud security. A secure cloud environment can be achieved when both parties clearly understand their respective responsibilities [22].

2.4 Data storage security threats

2.4.1 Identified threats

Although cloud data storage offers flexibility and scalability, it faces threats, such as data breaches and insider attacks, where authorized individuals act maliciously or unintentionally. Malware attacks, misconfigurations, and derial of service attacks that can compromise the data integrity and availability. Additionally, risks such as data loss or corruption can lead to permanent loss or damage to information [23].

2.4.2 Mitigation techniques

To overcome the security challenges posed by storing data in the cloud, it is essential to employ effective mitigation techniques that are tailored to specific threats. Table 3 provides an overview of these techniques [24].

Table 3. Key security threats in cloud data storage

Table 4 presents a short identification of the main mitigation techniques, including the essential methods used to improve security in the cloud.

Table 4. Mitigation techniques for identified threats

4.1 General overview

Over the past four years, research on cloud data storage security has grown significantly, as shown by the increasing number of conferences, workshops, and publications focused on this topic. Following the explanation of our research method, this section presents a comprehensive review of the selected studies. It highlights key contributions, explains the main security techniques, evaluates their strengths and limitations, and outlines directions for future research.

4.png

Figure 4. Macro view of the cloud data storage workflow

As shown in Figure 4, the literature survey on cloud data storage security is systematically divided into two main areas. The first area focuses on securing the data container or context, which involves ensuring the protection of the cloud infrastructure.

5.png

Figure 5. Main cloud data-storage security techniques

The second area as shown in both Figure 4 and Figure 5, addresses the security of data content across its three critical states: data at rest, which point to stored data, data in transit, which pertains to data being transferred to the cloud storage, and data in use, which involves data actively being used or processed.

6.png

Figure 6. Number of articles per proposed technique

Figure 6 shows that encryption is the most used technique, featured in 26 studies, underscoring its critical role in securing cloud storage. Access control is highlighted in 16 studies, emphasizing its importance for managing data access. Blockchain appears in 12 papers, reflecting growing interest in decentralized security methods. Redundancy and hybrid approaches are discussed in seven studies, indicating their value in enhancing fault tolerance. Machine learning is covered in six papers, suggesting its emerging role in threats classification and detection, while Data Loss Prevention is noted in only three papers, marking it as a niche area within cloud storage protection.

The publication year trend illustrated in Figure 7 reveals a notable increase in research on cloud data protection in recent years. 2023 stands out, with 30 papers representing the peak of research activity and a significant surge in focus on this topic, followed by 2022, which saw 18 papers, demonstrating sustained interest. Publications for 2024 show 12 papers, reflecting ongoing research efforts. In contrast, 2020 and 2021 had fewer publications, with 10 and seven papers, respectively, suggesting lower levels of research activity during those years.

7.png

Figure 7. Number of articles per proposed technique

The journal distribution shown in Figure 8 highlights the focus of research on cloud storage security. IEEE Transactions on Dependable and Secure Computing leads with 18 papers, followed by IEEE Access and IEEE Transactions on Cloud Computing, each with 15 papers, reflecting significant contributions to the field from these sources. The Journal of Cloud Computing also shows notable contribution with 14 papers. In contrast, the Journal of Information Security and Applications has five papers and SN Computer Science has three papers, indicating a smaller volume of research on this topic within these journals.

8.png

Figure 8. Number of articles per journal

4.2 Related work

4.2.1 Encryption

Background. Encryption is an essential security measure that converts data into an unreadable format, thereby ensuring confidentiality and integrity by preventing access by unauthorized users.

9.png

Figure 9. Encryption techniques and algorithms

As illustrated in Figure 9 and Table 9, Encryption techniques are used to secure data through mathematical transformations. Symmetric encryption Employs the same key for encryption and decryption, expressed as $C=$ $E n c(K e y, D a t a)$ where $Enc$ is the encryption function, $Key$ represent the encryption key, $Data$ is the plaintext, and $C$ is the ciphertext. Asymmetric encryption Employs a set of two keys (one public, one private) for data encryption and decryption, described by $C=E n c\left(K_{\text {public_key}}, D a t a\right)$ and $Data$ $=$ $Dec$ $\left(K_{\text {private_key}}, C\right)$ where $K_{\text {public_key}}$ is the public key, $K_{\text {private_key}}$ is the private key, $Enc$ is the encryption function, and $Dec$ is the decryption function. Homomorphic encryption Enables processing of encrypted data without decryption, represented as $E(K, f(P 1, P 2))$ where $f$ is a function such as addition or multiplication, and $E$ is the encryption function. Hashing involves converting data into a fixed-length hash, via $Hash(P)$ where $Hash$ is the hash function and $P$ is the plaintext. Hashing is a one-way function designed to be irreversible.

Table 9. Encryption techniques and use case

Existing studies. Table 10 introduces an analysis of the suggested encryption models. Each paper is examinated based on the used method, implementation complexity, and performance impact. In addition, it highlights the advantages and disadvantages of each approach. Various encryption models have been developed, focusing on confidentiality, integrity, and access control. Attribute-Based Encryption (ABE), including both revocable and multi-authority variants, plays a key role in providing fine-grained access control, allowing for flexible management of encryption keys and user permissions. Homomorphic encryption is another critical technique, enabling secure computations on encrypted data without compromising privacy, which is particularly valuable for sensitive data storage. Advanced Encryption Standard (AES) is frequently integrated with other cryptographic methods, such as digital signatures and cryptographic hashes. Searchable encryption models, combining Ciphertext-Policy ABE with keyword-based search capabilities, address the need for secure data retrieval while maintaining confidentiality. Additionally, hybrid cryptographic approaches that combine symmetric and asymmetric encryption, alongside blockchain-based key management, further enhance the security of cloud data storage, particularly healthcare sector.

Table 10. Comparative analysis of proposed encryption models

Discussion. As shown in Figure 10, the distribution of encryption techniques reveals a clear focus on homomorphic encryption with then papers. Symmetric and asymmetric encryption methods each account for five studies, illustrating their sustained importance. Mixed encryption approaches, involving combinations of different techniques, are also notable, with six papers reflecting a trend towards hybrid solutions. This balance indicates a robust exploration of both traditional and advanced encryption methods in this study.

10.png

Figure 10. Distribution of articles per encryption type

Table 11. Comparative analysis of proposed access control models

The reviewed studies, as summarized in Table 11, showcase various encryption techniques tailored to different security needs. Attribute-Based Encryption (ABE), noted in [25, 29, 30, 37], excels in fine-grained access control and confidentiality but may impact performance due to its complexity. Advanced Encryption Standard (AES), used in [26, 28, 39, 40, 46], offers effective symmetric encryption with strong security and efficiency but lacks advanced access control features. Homomorphic Encryption, featured in [31-33, 35, 43-47, 50], supports secure computations on encrypted data but often incurs high computational costs. Hybrid Encryption methods, explored in [34, 40, 41, 44, 48], blend symmetric and asymmetric techniques to balance security and manageability but can be complex to implement. These studies highlight the importance of choosing encryption methods based on specific use cases and balancing security, efficiency, and computational demands.

4.2.2 Access control

Background. The principle of access control in cloud computing consists in controlling who may access resources, in which conditions, and what operations they may carry out. This control is crucial to ensure data protection, compliance and security.

Table 12. Articles per used technique

As illustrated in Table 12, access control models are often used in the cloud, in Role-Based Access Control, access is defined as:

$Access(U, R)=U_{i=1}^n$ Permissions $\left(R_i\right)$         (1)

where, $U$ is the user, $R$ is the resource, and $Roles (U)$ represents the roles assigned to the user. Discretionary Access Control (DAC) can be represented as:

$Access(U, R)=$$Owner$ $(R) \cup \operatorname{DelegAccess}(U, R)$          (2)

where, the resource owner or delegated users determine access. Mandatory Access Control (MAC) follows:

$Access(U, R)=\operatorname{Sec}_{\text {Level }}(U) \geq {Sec}_{\ Level (R)}$        (3)

Ensuring that access relies on security classifications. Attribute-Based Access Control (ABAC) is modeled as:

$Access(U, R)=f\left(A_U, A_R, A_E\right)$           (4)

where, $A_U, A_R$ and $A_E$ are attributes of the user, resource, and environment, respectively, and $f$ is a policy function determining access.

Existing studies. Table 13 offers a comparative analysis of various access control models proposed for cloud data-storage security. Xiong et al. [51] introduced SEM-ACSIT, a multi-authority framework using attribute-based encryption (ABE) for IoT cloud storage. Ning et al. [52] combined role-based access control (RBAC) with attribute-based policies to enhance flexibility and security. Li et al. [53] developed a multi-keyword ranked search mechanism with access control through searchable encryption. Panchal et al. [54] used biometric authentication, including fingerprint and facial recognition, for securing cloud services. Gill et al. [55] applied least-privilege access control in AWS with granular policies. Xue et al. [56] proposed a secure attribute-based model with hybrid encryption. Hou et al. [57] created a fine-grained model with editability features using cryptographic proofs. Nasiraee and Ashouri-Talouki [58] focused on privacy-preserving distributed access control with advanced encryption standards. Susilo et al. [59] developed a sanitizable access control system to guard against data tampering. Butt et al. [60] optimized RBAC in e-health with trust mechanisms. Liu et al. [36] introduced an oblivious random data access scheme for privacy. Chen et al. [61] developed a secure remote file sharing system with attribute-based control. Paulraj et al. [62] designed an anonymous identity-based admission control policy. Bera et al. [63] integrated integrity verification into attribute-based encryption for verifiable data storage. Miao et al. [64] introduced REKS, a role-based encrypted keyword search model with enhanced control. Pavithra et al. [65] proposed a privacy-preserving model with data duplication for maintaining confidentiality.

Table 13. Comparative analysis of proposed data redundancy models

Discussion. The reviewed studies revealed a diverse range of access control models, each addressing specific security and performance needs. Multi-Authority Access Control (MAAC) [51] offers scalable management but is complex to implement. Dual-Access Control [52] combines role-based and attribute-based policies to enhance security, though it may involve configuration challenges. The Multi-Keyword Ranked Search model [53] provides precise data retrieval but demands high computational resources. Biometric-Based Access Mechanisms [54] deliver strong authentication but require specialized hardware. The Least-Privilege Model [55] simplifies permissions but can be complex to manage. Attribute-Based Access Control (ABAC) [56, 57] supports dynamic policies but may struggle with policy consistency. Techniques like Fine-Grained Access Control with Editability [58] and Privacy-Preserving Access Control [59] improve data handling but may affect performance. These models highlight the need to balance security needs with implementation and performance considerations.

4.2.3 Data redundancy

Background. In cloud storage, maintaining multiple copies of data across multiple regions and availability zones is a crucial security strategy known as data redundancy.

11.png

Figure 11. Cloud region concept

As shown in Figure 11, a cloud region is a specific geographic area with multiple datacenters, while availability zones are isolated locations within a region. Distributing data across these regions and zones enhances redundancy and helps to prevent data loss. Let $R(C)$ be the set of regions for a CSP $C$ .

$R(C)=\left\{R_i, R_2, R_3, \ldots, R_n\right\}$ with $i \in N, i \geq 1$          (5)

Each region $R_i$ contains a set of availability zones, denoted as $A Z\left(R_i\right)$, where each AZ has a minimum of 2 data centers.

$A Z\left(R_i\right)=\left\{A Z_{i j} \mid j=1, \ldots, m_i\right\}, m_i \in N, m_i \geq 2$        (6)

Each availability zone $A Z_{i j}$ contains a set of data centers $D C\left(A Z_{i j}\right)$ with at least 1 data center per AZ.

$D C\left(A Z_{i j}\right)=\left\{D C_{i j k} \mid k=1,2, \ldots, k_{i j}\right\} \text { with } k_{i j} \in N$          (7)

For a given region $R_i$, the set of services $S\left(R_i\right)$ available in that region is a subset of all services offered by the CSP. Thus, if a CSP $C$ offers a variety of services, the specific set of services available in each region $R_i$ might differ. Let $S(C)$ denote the set of all services provided by CSP $C$, For each region $R_i$, the set of available services $S\left(R_i\right)$ is a subset of $S(C)$.

12.png

Figure 12. Data redundancy over cloud models

Data redundancy in cloud storage is often represented by the replication factor $R$, which denotes the number of copies of data stored across different regions or availability zones as shown in Figure 12, if data is replicated in three regions, $R=$ 3. The overall availability of the data $P_{\text {total }}$, can be calculated by considering the availability $P_i$ of each individual copy. Assuming independent failure events, the availability is given by:

$P_{\text {total }}=1-\prod_{i=1}^R\left(1-P_i\right)$          (8)

Eq. (8) highlights how increasing the replication factor enhances the data availability and reliability in cloud environments.

Existing studies. Table 14 summarizes recent approaches to data redundancy and distribution in cloud storage systems. Li and Li [66] proposed a demand-aware erasure coding scheme to optimize redundancy and fault tolerance. Ren et al. [67] explored secure distributed storage in adversarial networks. Li et al. [68] introduced a cryptographic mechanism for verifying data redundancy in multi-cloud environments. Kontodimas et al. [69] developed a framework for managing data distribution across cloud-edge infrastructures. Shithil and Adnan [70] proposed a strategy for replica selection to improve data retrieval in geo-distributed systems. Du et al. [71] presented a consistency model for maintaining data replication across geographically diverse nodes. Aldailamy et al. [72] focused on dynamic replication in multi-cloud environments for online social networks.

Table 14. Access control models used in the cloud

Discussion. The reviewed studies reveal several critical challenges in managing data redundancy and distribution.

13.png

Figure 13. Distribution of papers per cloud model

This section examines various approaches related to data redundancy and distribution in cloud storage systems, and hightlights several challenges. Li and Li [66] proposed a Demand-Aware Erasure Coding method that optimizes redundancy, though its deployment can be complex. Ren et al. [67] addressed secure data storage in adversarial networks, with the challenge of maintaining consistency across nodes. Li et al. [68] introduced an Identity-Based Multi-Copy Data Possession mechanism that ensures data integrity but requires significant computational resources. Kontodimas et al. [69] developed a framework for secure distributed storage, enhancing data distribution while being resource-intensive. Shithil and Adnan [70] presented a Prediction-Based Replica Selection strategy to improve retrieval efficiency, although it depends on predictive models that may not always be accurate. Du et al. [71] proposed a Cost-Effective Consistency Model, which may face performance issues due to the complexities of replication. Aldailamy et al. [72] focused on Dynamic Replication and Placement in multi-cloud environments, increasing complexity in dynamic scenarios. Figure 13 illustrates the distribution of these studies between single- and multi-cloud environments.

4.2.4 Data loss prevention

Background. Data Loss Prevention models are playing a key role in ensuring sensitive information detection and protection. It utilizes content-based techniques, such as pattern recognition and keyword matching, to identify sensitive data. Additionally, context-based methods assess data sensitivity by analyzing usage patterns and user roles. These combined techniques enhance data security and ensure compliance with regulatory standards in the cloud storage.

14.png

Figure 14. Concept of cloud DLP

Figure 14 categorizes data protection approaches into content-based and context-based methods. Content-based techniques, like keyword matching and regular expressions, detect sensitive information directly within the data. Context-based methods, such as contextual analysis and behavioral monitoring, evaluate data sensitivity based on its environment and usage patterns. In keyword matching, the detection score $S_D$ is calculated as:

$S_D=\sum_{i=1}^n w_i \cdot K_i$           (9)

where, $K_i$ indicates the presence of keyword $k_i$ and $w_i$ represents its weight. In regular expressions, the score is given by:

$S_D=\sum_{i=1}^m w_i \cdot P_i(D)$          (10)

where, $P_i(D)$ is 1 if pattern $p_i$ matches data $D$. Context-based analysis integrates content with contextual factors to assess sensitivity using:

$S=\alpha . \text { ContentScore }(D)+\beta . \text { ContextScore }(C)$           (11)

where, $\alpha$ and $\beta$ are weights. Behavioral analysis involves calculating an anomaly score $A$ as:

$S=\frac{B_i-\mu}{\sigma}$           (12)

where, $B_i$ represents behavioral metrics, the average and standard deviation of typical behavior are represented by $\mu$ and $\sigma$, respectively.

Existing studies. Table 15 reviews recent data loss prevention approaches for cloud storage. Han et al. [73] developed CloudDLP, which sanitizes data during transfers to prevent leakage but may affect user experience. Tian et al. [74] introduced Loco-Store, which hides access patterns to protect data but may slow performance due to frequent data reshuffling. Zhang et al. [75] proposed a security detection framework for multi-cloud environments that uses process mining to detect anomalies, though its high computational demands may limit real-time threat detection.

Table 15. Comparative analysis of proposed DLP models

Discussion. Preventing data loss and leakage in cloud storage is complex, as shown by recent studies. Han et al. [73] developed CloudDLP, a data sanitization tool that reduces leakage risks but may complicate user experience in shared settings. Tian et al. [74] introduced Loco-Store, which hides access patterns but suffers from performance issues due to frequent data reshuffling. Zhang et al. [75] created a process mining-based framework for multi-cloud environments to improve data loss prevention, though it faces challenges with high computational demands that can affect real-time detection. These studies underscore the trade-offs between security, usability, and performance in cloud storage solutions.

4.2.5 Machine learning

Background. Machine learning (ML) has significantly advanced data protection in cloud storage by utilizing algorithms that analyze both data context and content. As shown in Figure 15, ML can detect anomalies by examining user behavior and access patterns, identifying potential security issues like unauthorized access or data breaches. Figure 15 illustrates that while each ML model addresses specific security problems independently, their combined use enhances overall performance.

15.png

Figure 15. Distribution of papers per cloud model

Table 16. Comparative analysis of proposed machine learning models

Machine learning enhances cloud data protection through the various techniques listed in Table 16, each of which utilizes specific mathematical models. Supervised learning classifies data using models like decision trees, where the classification function $f(x)$ is trained with labeled data $(x, y)$ optimizing the objective function.

$\min \sum_{i=1}^n L\left(y_i, f\left(x_i\right)\right)$          (13)

where, $L$ is a loss function. Unsupervised learning detects anomalies by learning data distribution. Reinforcement learning optimizes security policies based on a cumulative reward function, where represents the reward at each step and is the discount factor.

Existing studies. Table 17 reviews recent machine learning approaches for cloud data storage security. Khan and Haroon [76] developed a network intrusion detection system that uses ensemble learning to improve accuracy but may increase computational demands. Kumar et al. [77] proposed a cloud-based classification method for secure data storage in smart cities, effective for large-scale data but potentially affected by cloud dependency. Al-Ghuwairi et al. [78] created an intrusion detection system that identifies time-series anomalies, though it relies heavily on historical data, which might limit its adaptability. Wang et al. [79] introduced a privacy-preserving retrieval framework that combines cryptographic techniques with machine learning, ensuring data confidentiality and efficient retrieval. Zhou et al. [80] developed a proactive drive failure prediction system using semi-supervised learning, improving accuracy and reliability. Sajid et al. [81] presented a hybrid machine and deep learning approach to enhance intrusion detection.

Table 17. Machine learning applied in cloud security

Discussion. Recent machine learning-based approaches have demonstrated both advancements and limitations. Khan and Haroon's [76] network intrusion detection system (NIDS) offers high accuracy but suffers from high computational complexity, impacting real-time performance. Kumar et al.'s [77] cloud-supported classification method effectively safeguards data in smart cities but faces scalability and latency issues due to its reliance on cloud infrastructure. Al-Ghuwairi et al.'s [78] time-series anomaly detection system enhances data protection but is limited by its dependence on historical data, affecting its adaptability to new threats. Wang et al.'s [79] privacy-preserving retrieval framework maintains data confidentiality but may encounter efficiency challenges across diverse data types. Zhou et al.'s [80] proactive drive failure prediction system improves prediction accuracy but may struggle with hardware generalization. Sajid et al.'s [81] hybrid machine and deep learning approach improves intrusion detection but involves higher computational costs and integration complexities.

4.2.6 Blockchain

Background. Blockchain has emerged as a valuable promising option in the age of cloud security. Its decentralized structure helps reduce key risks in traditional cloud systems by storing data transactions across multiple nodes, making unauthorized changes more difficult. The immutable ledger of blockchain ensures that transation records cannot be altered once logged, which provide a strong protection against data breaches and fraud.

16.png

Figure 16. Usage of blockchain in cloud storage

As shown in Figure 16, blockchain technology operates based on the principle of decentralized consensus and cryptographic security. At its core, blockchain uses hash functions such as SHA-256, where a given input $M$ is transformed into a fixed-size output $H$ via:

$H=S H A-256(M)$           (14)

To ensure data integrity and enable efficient verification, blockchain employs Merkle trees, where each parent node hash $H_{\text {parent}}$ is computed as:

$H_{\text {parent }}=\operatorname{Hash}\left(H_{\text {left }} \| H_{\text {right}}\right)$           (15)

Digital signatures, created using asymmetric cryptography, secure transactions with equations such as:

$Signature$=$Sign$$\left(H_{\text {transaction }}\right.$, $PrivateKey$$)$           (16)

which can be verified with:

$Verify$ $\left(\right.$Signature,$H_{\text {transaction }}$, $PublicKey$$) \quad$           (17)

In cloud data storage, blockchain can be used to track who accessed data, check if data have been changed, and create a secure record of storage activities. This is especially helpful in environments where accountability is important, such as healthcare or financial contexts. However, using blockchain in cloud systems also has some challenges. These include high computing costs and difficulty connecting with existing cloud service providers.

Existing studies. Table 18 provides a comparative overview of recent models that implements blockchain. Each study is assessed based on the used method, implementation complexity, and performance impact. Blockchain technology is increasingly utilized to address security concerns in cloud storage by offering decentralized and immutable data protection solutions. Huang et al. [82] developed a collaborative auditing framework leveraging blockchain and smart contracts for automated audit processes. Yang et al. [83] introduced a public audit scheme for multi-cloud environments, incorporating blockchain to ensure data synchronization and verification. Miao et al. [84] created a privacy-preserving auditing approach using blockchain and Zero-Knowledge Proofs to maintain data confidentiality. Yang et al. [85] proposed AuthPrivacyChain, combining blockchain with decentralized identity management for enhanced access control. Other studies, such as those by Sifah et al. [86], Zhang et al. [87], and Shu et al. [88], focused on improving data integrity, transparency, and deduplication in cloud storage using blockchain technologies. These advancements reflect a growing emphasis on integrating blockchain to bolster cloud data security, balancing enhanced protection with the challenges of implementation and performance.

Table 18. Comparative analysis of proposed blockchain models

Discussion. Recent studies have explored the use of blockchain to improve cloud data storage security, showing both promising outcomes and notable challenges. Huang et al. [82] and Yang et al. [83] used blockchain and Zero-Knowledge Proofs to enhance data integrity and privacy auditing, though their methods face integration and performance issues. Miao et al. [84] and Yang et al. [85] applied Proof-of-Replication for data resilience but introduced added complexity. Sifah et al. [86] and Zhang et al. [87] improved transparency with decentralized auditing, yet scalability remains a concern. Shu et al. [88] and Tian et al. [89] used blockchain for access control and identity management, but their models may reduce efficiency. Du et al. [90] and Du et al. [91] combined encryption with blockchain for secure sharing and deduplication, facing trade-offs in processing speed. Song et al. [92] and Huang and Yi [93] proposed decentralized auditing and key management, but these also increased implementation complexity.

4.2.7 Hybrid models

Existing studies. Table 19 highlights papers proposing hybrid and mixed- approaches for cloud data security. Yang et al. [94] proposed an Identity-Based Encryption (IBE) system with access control for secure data sharing. Franklin et al. [95] combined Machine Learning with blockchain for improved trust management. Sultan et al. [96] developed an RBAC scheme with keyword search to enhance data retrieval. Geetha [97] introduced an Adaptive Artificial Bee Colony Algorithm for dynamic encryption strengthening. Yan et al. [98] integrated Attribute-Based Encryption (ABE) with blockchain for fine-grained access control. Yi [99] proposed a Digital Twin-Based Security framework for improved security and privacy. Shakor et al. [46] created a Dynamic AES Encryption method with blockchain key management for robust encryption. These models blend advanced technologies to enhance data security while considering practical implementation challenges.

Table 19. Comparative analysis of proposed hybrid models

Discussion. Yang et al. [94] and Franklin et al. [95] proposed an advanced identity-based encryption and machine learning-based trust management, integrating these with blockchain for enhanced security. However, both face issues with complex key management and high computational demands. Sultan et al. [96] and Geetha [97] introduced role-based access control with keyword search and adaptive algorithms, respectively, which improve security but may struggle with scalability and implementation complexities. Yan et al. [98] and Yi [99] proposed attribute-based encryption and digital twin-based frameworks for robust access control and privacy, but they face challenges in managing extensive attributes and integrating with cloud environments. Shakor et al. [46] developed dynamic AES encryption with blockchain key management, enhancing encryption and key security while potentially increasing latency and resource consumption.

This systematic review of cloud data storage security techniques acknowledges several inherent limitations. These include potential biases in literature selection and the fast-paced evolution of technology, which may affect the applicability and relevance of the findings. The following section details these key constraints to consider when interpreting the review's conclusions.

Table 21 summarizes the key constraints of this study, clarifying the limitations discussed in the systematic review. It categorizes these limitations, highlights their potential impacts on the findings, and provides insights into how they might affect the interpretation and generalizability of the results.

Table 21. Limitations of the review