Clouds are widely used for storing, backing up and sharing information. Data confidentiality and privacy issues are important and topical issues in the evolving cloud technology. In this paper we describe a system that addresses the issues of securely accessing and storing data in cloud repositories. This paper will describe a two factor encryption architecture for cloud storage that incorporates the use of a hardware token. We have validated experimentally this architecture by developing a middleware that can be used with any cloud storage provider that makes use of the OAuth 2.0 protocol for authentication and authorization. The middleware enables the use of two-factor authentication and encryption mechanisms to ensure the privacy of the data, in this paper the YubiKey USB cryptographic token is used as the external two-factor module.
[1]
Hugo Krawczyk,et al.
HMAC: Keyed-Hashing for Message Authentication
,
1997,
RFC.
[2]
Burton S. Kaliski,et al.
PKCS #5: Password-Based Cryptography Specification Version 2.1
,
2017,
RFC.
[3]
Dick Hardt,et al.
The OAuth 2.0 Authorization Framework
,
2012,
RFC.
[4]
Colin Percival.
STRONGER KEY DERIVATION VIA SEQUENTIAL MEMORY-HARD FUNCTIONS
,
2009
.
[5]
Graham Steel,et al.
YubiSecure? Formal Security Analysis Results for the Yubikey and YubiHSM
,
2012,
STM.
[6]
David M'Raïhi,et al.
HOTP: An HMAC-Based One-Time Password Algorithm
,
2005,
RFC.