Cloud computing is a paradigm that is redrawing the information technology landscape by outsourcing the computation and data storage services to public cloud service providers. Over the last years, cloud storage services revealed an unprecedented opportunity for Internet users to profit from online storage services. Thanks to their enriched toolbox for file sharing and syncing, cloud storage platforms provide organizations and individuals with a reliable and cost-effective collaborative workspace. However, in addition to the traditional security issues, cloud storage services introduce new security concerns that are mainly related to the insecure state in which the files are while being synchronized. Recent publications highlighted the significant impact of the security flaws that exist in the syncing protocols used by the most popular cloud storage application. In this paper, we consider the Man in the Cloud (MitC) attack demonstrated in 2015 which allows accessing the files stored in a private repository without the possession of the authentication and authorization credentials. To address this issue, we propose a biometric-based framework for cloud storage services aiming to impede intruders from launching MitC attacks. Our framework is based on our previously published technique to combine chaotic maps and fuzzy extractors. The experiments performed on real biometric features confirm the potential brought by our framework to implement strong authentication in cloud storage applications.
[1]
Sugata Sanyal,et al.
A Survey on Security Issues in Cloud Computing
,
2011,
1109.5388.
[2]
Mohamed Hamdi.
Security of cloud computing, storage, and networking
,
2012,
2012 International Conference on Collaboration Technologies and Systems (CTS).
[3]
Parag Pruthi,et al.
Chaotic Maps As Models of Packet Traffic
,
1994
.
[4]
Francisco Herrera,et al.
A survey on fingerprint minutiae-based local matching for verification and identification: Taxonomy and experimental evaluation
,
2015,
Inf. Sci..
[5]
Omar Alfandi,et al.
Analysis of cloud computing attacks and countermeasures
,
2016,
2016 18th International Conference on Advanced Communication Technology (ICACT).
[6]
C. Chui,et al.
A symmetric image encryption scheme based on 3D chaotic cat maps
,
2004
.
[7]
Mohamed Hamdi,et al.
Chaotic construction of cryptographic keys based on biometric data
,
2016,
2016 International Conference on High Performance Computing & Simulation (HPCS).
[8]
Suela Kodra.
Fuzzy extractors : How to generate strong keys from biometrics and other noisy data
,
2015
.
[9]
Loris Nanni,et al.
State of the art in Biometrics
,
2011
.
[10]
Young-Sik Jeong,et al.
A survey on cloud computing security: Issues, threats, and solutions
,
2016,
J. Netw. Comput. Appl..