Identity and access management in cloud environment: Mechanisms and challenges

Abstract Cloud computing is a complex system with combination of diverse networked devices that supports demanded services. The architecture of cloud computing consists of different kinds of configurable distributed systems with a wide variety of connectivity and usage. The organizations are adapting to cloud networks at a rapid pace due to the benefits like cost-effectiveness, scalability, reliability and flexibility. Though the primary merits of cloud computing are promising facts, cloud networks are vulnerable to various kinds of network attacks and privacy issues. The features like multi tenancy and the third party managed infrastructure in cloud environment necessitates the requirement of identity and access management mechanism. The problems involved in secure access to cloud resources have been addressed by many academicians and industry personnel. In this paper, the issues related to authentication, access management, security and services in cloud environment are surveyed along with the techniques proposed to overcome the same. A detailed comparative study of the existing techniques in the perspective of cloud service providers and cloud users that include identity and access management, security issues and services in the cloud environment are highlighted.

[1]  Issa M. Khalil,et al.  Consolidated Identity Management System for secure mobile cloud computing , 2014, Comput. Networks.

[2]  Vijay Varadharajan,et al.  Trust Enhanced Cryptographic Role-Based Access Control for Secure Cloud Data Storage , 2015, IEEE Transactions on Information Forensics and Security.

[3]  Danai Chasaki,et al.  Security challenges in the internet of things , 2015, Int. J. Space Based Situated Comput..

[4]  Muaz A. Niazi,et al.  Cloud identity management security issues & solutions: a taxonomy , 2014, Complex Adapt. Syst. Model..

[5]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[6]  Bernd Grobauer,et al.  Understanding Cloud Computing Vulnerabilities , 2011, IEEE Security & Privacy.

[7]  Burak Kantarci,et al.  Cloud-centric multi-level authentication as a service for secure public safety device networks , 2016, IEEE Communications Magazine.

[8]  Jin Li,et al.  Securely Outsourcing Attribute-Based Encryption with Checkability , 2014, IEEE Transactions on Parallel and Distributed Systems.

[9]  Bharat K. Bhargava,et al.  SDSS-MAC: Secure data sharing scheme in multi-authority cloud storage systems , 2016, Comput. Secur..

[10]  Jin Li,et al.  Online/offline unbounded multi-authority attribute-based encryption for data sharing in mobile cloud computing , 2016, Secur. Commun. Networks.

[11]  Deepak H. Sharma,et al.  Identity and Access Management as Security-as-a-Service from Clouds , 2016 .

[12]  Xuan Wang,et al.  Resource provision algorithms in cloud computing: A survey , 2016, J. Netw. Comput. Appl..

[13]  Huaqun Wang,et al.  Identity-Based Proxy-Oriented Data Uploading and Remote Data Integrity Checking in Public Cloud , 2016, IEEE Transactions on Information Forensics and Security.

[14]  I. Indu,et al.  Secure File Sharing Mechanism and Key Management for Mobile Cloud Computing Environment , 2017 .

[15]  Vidhyacharan Bhaskar,et al.  A unified trust management strategy for content sharing in Peer-to-Peer networks , 2013 .

[16]  Weixin Xie,et al.  An Efficient File Hierarchy Attribute-Based Encryption Scheme in Cloud Computing , 2016, IEEE Transactions on Information Forensics and Security.

[17]  Shahaboddin Shamshirband,et al.  Sustainable Cloud Data Centers: A survey of enabling techniques and technologies , 2016 .

[18]  Christoph Ruland,et al.  Secure and Robust Two-Phase Image Authentication , 2015, IEEE Transactions on Multimedia.

[19]  Joshua A. Calahan,et al.  Secure Web-Based Access for Productive Supercomputing , 2016, Computing in Science & Engineering.

[20]  Mohammad Masdari,et al.  Towards workflow scheduling in cloud computing: A comprehensive analysis , 2016, J. Netw. Comput. Appl..

[21]  Samaher Al-Janabi,et al.  Survey of main challenges (security and privacy) in wireless body area networks for healthcare applications , 2017 .

[22]  Rui Jiang,et al.  A Secure Anti-Collusion Data Sharing Scheme for Dynamic Groups in the Cloud , 2016, IEEE Transactions on Parallel and Distributed Systems.

[23]  Jiming Chen,et al.  Dynamic Authentication with Sensory Information for the Access Control Systems , 2014, IEEE Transactions on Parallel and Distributed Systems.

[24]  Craig A. Lee,et al.  Cloud Federation Management and Beyond: Requirements, Relevant Standards, and Gaps , 2016, IEEE Cloud Computing.

[25]  Lingling Xu,et al.  A fine-grained attribute-based authentication for sensitive data stored in cloud computing , 2016 .

[26]  Tao Xiang,et al.  Secure cloud storage meets with secure network coding , 2016, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[27]  Shahaboddin Shamshirband,et al.  BSS: block-based sharing scheme for secure data storage services in mobile cloud environment , 2014, The Journal of Supercomputing.

[28]  Dijiang Huang,et al.  Efficient Attribute-Based Comparable Data Access Control , 2015, IEEE Transactions on Computers.

[29]  Vidhyacharan Bhaskar,et al.  Encrypted token based authentication with adapted SAML technology for cloud web services , 2017, J. Netw. Comput. Appl..

[30]  I. Indu,et al.  Identity and access management for cloud web services , 2015, 2015 IEEE Recent Advances in Intelligent Computational Systems (RAICS).

[31]  Yuanyuan Zhang,et al.  Privacy-preserving data sharing scheme over cloud for social applications , 2016, J. Netw. Comput. Appl..

[32]  Florin Pop,et al.  Cyber Defence Capabilities in Complex Networks , 2018, Internet of Everything.

[33]  Hao Wang,et al.  Cloud-aided online/offline ciphertext-policy attribute-based encryption in the standard model , 2017, Int. J. Grid Util. Comput..

[34]  Kai Hwang,et al.  Skyline Discovery and Composition of Multi-Cloud Mashup Services , 2016, IEEE Transactions on Services Computing.

[35]  Huaqun Wang,et al.  Identity-Based Distributed Provable Data Possession in Multicloud Storage , 2015, IEEE Transactions on Services Computing.

[36]  Luis E. Anido-Rifón,et al.  Reverse OAuth: A solution to achieve delegated authorizations in single sign-on e-learning systems , 2009, Comput. Secur..

[37]  Yiwei Thomas Hou,et al.  Protecting Your Right: Verifiable Attribute-Based Keyword Search with Fine-Grained Owner-Enforced Search Authorization in the Cloud , 2016, IEEE Transactions on Parallel and Distributed Systems.

[38]  Zheng Yan,et al.  Encrypted Data Management with Deduplication in Cloud Computing , 2016, IEEE Cloud Computing.

[39]  Laurence T. Yang,et al.  Anonymous Credential-Based Access Control Scheme for Clouds , 2015, IEEE Cloud Computing.

[40]  Joseph K. Liu,et al.  Fine-Grained Two-Factor Access Control for Web-Based Cloud Computing Services , 2016, IEEE Transactions on Information Forensics and Security.

[41]  Haider Abbas,et al.  A framework for preservation of cloud users' data privacy using dynamic reconstruction of metadata , 2013, J. Netw. Comput. Appl..

[42]  Shahaboddin Shamshirband,et al.  Incremental proxy re-encryption scheme for mobile cloud computing environment , 2013, The Journal of Supercomputing.

[43]  Carla Merkle Westphall,et al.  A framework and risk assessment approaches for risk-based access control in the cloud , 2016, J. Netw. Comput. Appl..

[44]  Kim-Kwang Raymond Choo,et al.  On cloud security attacks: A taxonomy and intrusion detection and prevention as a service , 2016, J. Netw. Comput. Appl..

[45]  Ibrar Yaqoob,et al.  A survey of big data management: Taxonomy and state-of-the-art , 2016, J. Netw. Comput. Appl..

[46]  Muthu Ramachandran,et al.  Towards Achieving Data Security with the Cloud Computing Adoption Framework , 2016, IEEE Transactions on Services Computing.

[47]  Ruixuan Li,et al.  Secure, Efficient and Fine-Grained Data Access Control Mechanism for P2P Storage Cloud , 2014, IEEE Transactions on Cloud Computing.

[48]  Rongxing Lu,et al.  Authentication and Authorization Scheme for Various User Roles and Devices in Smart Grid , 2016, IEEE Transactions on Information Forensics and Security.

[49]  Zhen Liu,et al.  Time-Domain Attribute-Based Access Control for Cloud-Based Video Content Sharing: A Cryptographic Approach , 2016, IEEE Transactions on Multimedia.

[50]  Rui Zhang,et al.  A Blockchain based Access Control System for Cloud Storage , 2019 .

[51]  Victor C. M. Leung,et al.  Efficient Authentication and Key Management Mechanisms for Smart Grid Communications , 2014, IEEE Systems Journal.

[52]  Jie Wu,et al.  Secure and privacy preserving keyword searching for cloud storage services , 2012, J. Netw. Comput. Appl..

[53]  Sunilkumar S. Manvi,et al.  Resource management for Infrastructure as a Service (IaaS) in cloud computing: A survey , 2014, J. Netw. Comput. Appl..

[54]  Seema Bawa,et al.  Comparative analysis of cloud data integrity auditing protocols , 2016, J. Netw. Comput. Appl..

[55]  Qinghua Zheng,et al.  An optimized approach for storing and accessing small files on cloud storage , 2012, J. Netw. Comput. Appl..

[56]  Shahaboddin Shamshirband,et al.  A Cloud-Manager-Based Re-Encryption Scheme for Mobile Users in Cloud Environment: a Hybrid Approach , 2015, Journal of Grid Computing.

[57]  Clement E. Onime,et al.  A User Identity Management Protocol for Cloud Computing Paradigm , 2011, Int. J. Commun. Netw. Syst. Sci..

[58]  Ilsun You,et al.  New order preserving encryption model for outsourced databases in cloud environments , 2016, J. Netw. Comput. Appl..

[59]  Gabriel López Millán,et al.  Providing efficient SSO to cloud service access in AAA-based identity federations , 2016, Future Gener. Comput. Syst..

[60]  Jin Li,et al.  Secure Deduplication with Efficient and Reliable Convergent Key Management , 2014, IEEE Transactions on Parallel and Distributed Systems.

[61]  Luca Veltri,et al.  IoT-OAS: An OAuth-Based Authorization Service Architecture for Secure Services in IoT Scenarios , 2015, IEEE Sensors Journal.

[62]  Sandeep K. Sood,et al.  A combined approach to ensure data security in cloud computing , 2012, J. Netw. Comput. Appl..

[63]  Mojtaba Alizadeh,et al.  Authentication in mobile cloud computing: A survey , 2016, J. Netw. Comput. Appl..

[64]  Jian Shen,et al.  Anonymous and Traceable Group Data Sharing in Cloud Computing , 2018, IEEE Transactions on Information Forensics and Security.

[65]  Steven Furnell,et al.  Continuous user authentication using multi-modal biometrics , 2015, Comput. Secur..

[66]  Young-Sik Jeong,et al.  A survey on cloud computing security: Issues, threats, and solutions , 2016, J. Netw. Comput. Appl..

[67]  Laurence T. Yang,et al.  Shared Authority Based Privacy-Preserving Authentication Protocol in Cloud Computing , 2015, IEEE Transactions on Parallel and Distributed Systems.

[68]  Xin Wang,et al.  From RBAC to ABAC: Constructing Flexible Data Access Control for Cloud Storage Services , 2015, IEEE Transactions on Services Computing.

[69]  Jin Li,et al.  Hierarchical and Shared Access Control , 2016, IEEE Transactions on Information Forensics and Security.

[70]  Minhaj Ahmad Khan,et al.  A survey of security issues for cloud computing , 2016, J. Netw. Comput. Appl..

[71]  Mário M. Freire,et al.  Security issues in cloud environments: a survey , 2014, International Journal of Information Security.

[72]  Abdullah Gani,et al.  A survey on indexing techniques for big data: taxonomy and performance evaluation , 2016, Knowledge and Information Systems.

[73]  Arif Ghafoor,et al.  Risk-Aware Virtual Resource Management for Multitenant Cloud Datacenters , 2014, IEEE Cloud Computing.

[74]  Qiaoyan Wen,et al.  Circuit Ciphertext-Policy Attribute-Based Hybrid Encryption with Verifiable Delegation in Cloud Computing , 2016, IEEE Transactions on Parallel and Distributed Systems.