Multi-factor Authentication Framework for Cloud Computing

Cloud computing is a new paradigm to deliver services over the Internet. Data Security is the most critical issues in a cloud computing environment. Authentication is a key technology for information security, which is a mechanism to establish proof of identities to get access of information in the system. Traditional password authentication does not provide enough security for information in cloud computing environment to the most modern means of attacks. In this paper, we propose a new multi-factor authentication framework for cloud computing. The proposed framework provides a feasible and a most efficient mechanism which can closely integrate with the traditional authentication system.The proposed framework is verified by developing Cloud Access Management (CAM) system which authenticates the user based on multiple factors. Also using secret-splitting and encrypted value of arithmetic captcha is innovative factor for user authentication for cloud computing environment. Prototype model for cloud computing own cloud server is implemented using open sources technology. The proposed framework shows the close agreement with the standard criteria for security.

[1]  Rajkumar Buyya,et al.  Market-Oriented Cloud Computing: Vision, Hype, and Reality for Delivering IT Services as Computing Utilities , 2008, 2008 10th IEEE International Conference on High Performance Computing and Communications.

[2]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[3]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[4]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[5]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[6]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[7]  Hyotaek Lim,et al.  Two Factor Authentication for Cloud Computing , 2010, J. Inform. and Commun. Convergence Engineering.

[8]  Amir M. Sharif,et al.  It's written in the cloud: the hype and promise of cloud computing , 2010, J. Enterp. Inf. Manag..

[9]  Victor Shoup,et al.  Session Key Distribution Using Smart Cards , 1996, EUROCRYPT.

[10]  Xiaotie Deng,et al.  Two-factor mutual authentication based on smart cards and passwords , 2008, J. Comput. Syst. Sci..

[11]  Idit Keidar,et al.  Trusting the cloud , 2009, SIGA.

[12]  Cheng-Chi Lee,et al.  A password authentication scheme over insecure networks , 2006, J. Comput. Syst. Sci..

[13]  Chris Rose,et al.  A Break in the Clouds: Towards a Cloud Definition , 2011 .

[14]  Nevenko Zunic,et al.  Methods for Protecting Password Transmission , 2000, Comput. Secur..

[15]  Luis Rodero-Merino,et al.  A break in the clouds: towards a cloud definition , 2008, CCRV.

[16]  Min-Shiang Hwang,et al.  Security of Improvement on Methods for Protecting Password Transmission , 2003, Informatica.

[17]  Chun-Li Lin,et al.  A password authentication scheme with secure password updating , 2003, Comput. Secur..

[18]  Cong Wang,et al.  Ensuring data storage security in Cloud Computing , 2009, 2009 17th International Workshop on Quality of Service.

[19]  Yong Zhao,et al.  Cloud Computing and Grid Computing 360-Degree Compared , 2008, GCE 2008.

[20]  Daniel Mouly Strong User Authentication , 2002, Inf. Secur. J. A Glob. Perspect..

[21]  Eun-Jun Yoon,et al.  New Authentication Scheme Based on a One-Way Hash Function and Diffie-Hellman Key Exchange , 2005, CANS.

[22]  Rajkumar Buyya,et al.  Article in Press Future Generation Computer Systems ( ) – Future Generation Computer Systems Cloud Computing and Emerging It Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility , 2022 .

[23]  John Viega,et al.  Cloud Computing and the Common Man , 2009, Computer.

[24]  Michael E. Whitman,et al.  In defense of the realm: understanding the threats to information security , 2004, Int. J. Inf. Manag..

[25]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[26]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[27]  Eun-Jun Yoon,et al.  Efficient remote user authentication scheme based on generalized ElGamal signature scheme , 2004, IEEE Transactions on Consumer Electronics.

[28]  Martín Abadi,et al.  Authentication in distributed systems: theory and practice , 1991, SOSP '91.