Abstract
Cloud computing an emerging computing model having its roots in grid and utility computing is gaining increasing attention of both the industry and laymen. The ready availability of storage, compute, and infrastructure services provides a potentially attractive option for business enterprises to process and store data without investing on computing infrastructure. The attractions of Cloud are accompanied by many concerns among which Data Security is the one that requires immediate attention. Strong user authentication mechanisms which prevent illegal access to Cloud services and resources are one of the core requirements to ensure secure access. This paper proposes a user authentication framework for Cloud which facilitates authentication by individual service providers as well as by a third party identity provider. The proposed two-factor authentication protocols uses password as the first factor and a Smart card or Mobile Phone as the second factor. The protocols are resistant to various known security attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: Above the clouds: a berkely view of cloud computing. Technical report no. UCB/EECS-2009-28. http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.pdf
Amlan, J.C., Pradeep, K., Mangal, S., Hyota, E.L., Hoon-Jue-Lee: A strong user authentication framework for cloud computing. IEEE Asia-Pacific Services Computing Conference (2011)
Chakraborty, R., Ramireddy, S., Raghu, T.S., Rao, H.R.: The information assurance practices of cloud computing vendors. IT Prof. 12, 29–37 (2010)
Miller, H.G., Veiga, J.: Cloud computing: will commodity services benefit users long term? IT Prof. 11, 29–39 (2010)
Blumenthal, M.S.: Hide and seek in the cloud. IEEE Secur. Priv. 8, 29–37 (2010)
Ponemon, P.L.: Security of cloud computing users. Ponemon institute, research report. http://www.ca.com/files/industryresearch/security-cloud-computing-users_235659.pdf (May 2010)
Gens, F.: New IDC IT cloud services survey: top benefits and challenges. IDC exchange. http://blogs.idc.com/ie/?p=730 (2009)
Almulla, S.A., Yeun, C.Y.: Cloud computing security management. II International Conference on Engineering Systems Management and its Applications (ICESMA) (2010)
Celesti, A., Tusa, F., Villari, M., Puliafito, A.: Security and cloud computing: inter cloud identity management infrastructure. 19th IEEE International workshop on Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE), 2010, pp. 263–265
Rui, J.: Advanced secure authentication framework for cloud computing. Int. J. Smart Sens. Intell. Syst. 6(4), (2013)
Jeremy, K.: One of the most convincing phishing attacks yet tricks you with Dropbox sharing. PCWorld. http://www.pcworld.com/article/2835892/dropbox-used-for-convincing-phishing-attack.html (Oct, 20 2014)
Robert, M., Oops! amazon web services customer unleashes ‘denial of money’ attack—on himself. WIRED. http://www.wired.com/2012/04/aws-bill-in-minutes/ (April, 2012)
CRM Provider Salesforce Hit With Malware Attack: Entrust. http://www.entrust.com/crm-provider-salesforce-hit-malware-attack/ (September, 2014)
Darreni, P.: Google app engine has thirty flaws, says researcher. The register. http://www.theregister.co.uk/2014/12/09/google_app_engine_has_thirty_flaws_says_researcher/ (December 2014)
Jiang, R.: Advanced secure user authentication framework for cloud computing. Int. J. Smart Sens. Intell. Syst. 6(4), (2013)
Nayak, S.K., Mohapatra, S., Majhi, B.: An improved mutual authentication framework for cloud computing. IJCA 52(5), (2012)
Takabi, H., Joshi, J.B.D., Ahn, G.: SecureCloud: towards a comprehensive security framework for cloud computing environments. Proceedings of IEEE 34th Annual Computer Software and Application Conference Workshops, pp. 393–398, 19–23 July 2010
Falas, T., Kashani, H.: Two-dimensional bar-code decoding with camera-equipped mobile phones. Proceedings of the Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops, pp. 597–600, 19–23 March, 2007
OASIS: Security assertion mark up language, V2.0, Technical overview. http://docs.Oasis-open.org/Security/Saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.html
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer India
About this chapter
Cite this chapter
Sumitra, B., Raj, P., Misbahuddin, M. (2016). Safe Cloud: Secure and Usable Authentication Framework for Cloud Environment. In: Chaki, R., Cortesi, A., Saeed, K., Chaki, N. (eds) Advanced Computing and Systems for Security. Advances in Intelligent Systems and Computing, vol 395. Springer, New Delhi. https://doi.org/10.1007/978-81-322-2650-5_12
Download citation
DOI: https://doi.org/10.1007/978-81-322-2650-5_12
Published:
Publisher Name: Springer, New Delhi
Print ISBN: 978-81-322-2648-2
Online ISBN: 978-81-322-2650-5
eBook Packages: EngineeringEngineering (R0)