Skip to main content
SpringerLink
Log in

DAuth—Delegated Authorization Framework for Secured Serverless Cloud Computing

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Serverless computing which is known as Function as a service becomes a new form of cloud computing. In recent days it enables the components of cloud applications to run on multiple servers in order to provide various functionalities. However, the performance of such applications depends on various modules including the control mechanism of the application. There is a significant reduction in the response time and the ensuing operating costs as the functions are consumed based on need. The most common authorization standards used in Cloud Computing Services nowadays are Open Authorization (commonly referred to as OAuth), OpenID and Security Assertion Markup language. But, the above identity management mechanisms cause additional security vulnerabilities because of their open nature of identity federation. In order to eliminate such vulnerabilities, we have proposed in this paper a novel access named D-Auth which provides both authentication and authorization for serverless computing by introducing Server based with OTP and token authentication in serverless platform by generating D-Auth Tokens and cross sectional Comparative analysis is done between existing and proposed solution to validate the improvement in the protection of Identity management. It considerably reduces security threads by offloading the Identity management to in-premise servers. It enables the organization to implement their own security policies depending on their requirements.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Data availability

The paper has referenced datasets from multiple sources to base our assumptions, hypothesize our proposed solution and perform comparisons. For each of the sections, the corresponding data sources have been outlined below: For information, ensuing data points and any subsequent analysis considerations with respect to attacks, reference was taken from “OWASP—2017 Top 10 Web Application Security Risks”(https://owasp.org/www-project-top-ten/) For information, ensuing data points and any subsequent analysis considerations with respect to OAuth related implementation, the reference was taken from the following resources “A Provisioning Model towards OAuth 2.0 Optimization”, IEEE 2011 Conference on Cybernetic Intelligence Systems. (https://repository.uel.ac.uk/item/8617z, https://ieeexplore.ieee.org/document/6169138) “Evaluation of OAuth 2.0 Protocol Implementation for Web Applications”, IEEE 2015 Conference on Computing and Communication (https://ieeexplore.ieee.org/document/7344461) For information, ensuing data points and any subsequent analysis considerations with respect to Serverless Computation, the reference was taken from the following resources “Infrastructure Cost Comparison of Running Web Applications in the Cloud using AWS Lambda and Monolithic and Microservice Architectures”, IEEE 2016 International Symposium on Cluster, Cloud, and Grid Computing (https://sci-hub.se/10.1109/ccgrid.2016.37) “Serverless Computation with Open Lambda”, University of Wisconsin Publication (https://research.cs.wisc.edu/wind/Publications/scott-hotcloud16.pdf) For information, ensuing data points and any subsequent analysis considerations with respect to Encryption mechanism, the reference was taken from “Encrypted token based authentication with adapted SAML technology for cloud web services”, 2017 Journal of Network and Computer Applications (https://www.sciencedirect.com/science/article/abs/pii/S1084804517303156) We hereby declare that data that is restricted for usage or has commercial restrictions to it has not been used, documented or represented as part of this work. During the course of this proposed work and the implementation, no significant datasets were generated for documentation or data sharing.

Code Availability

The code implemented as part of the Proposed work has been uploaded in the below Git paths as open source and the authors hereby, do not place any restriction on use of this data for research purposes and non-commercial purposes. JWT authentication with database and flask server (https://github.com/blacksector/PythonJWTAuth). JWT generation (https://github.com/GehirnInc/python-jwt). JWT generation. (https://github.com/jpadilla/pyjwt). Generating and verifying JWT. (https://github.com/davedoesdev/python-jwt).

References

  1. Varghese, B., & Buyya, R. (2017). Next generation cloud computing: New trends and research directions. Future Generation Computer Systems.

  2. Malawski, M., Gajek, A., Zima, A., Balis, B., & Figiela, K. (2017). Serverless execution of Scientific workflows: Experiment with Hyperflow, AWS lambda and Google Cloud Functions. Future Generation Computer System.

  3. McGrath, G., & Brenner, P.R. (2017). Serverless Computing: Design, Implementation, and Performance. In IEEE 37th international conference on distributed computing systems workshops.

  4. Indu, I., Anand, P. R., & Bhaskar, V. (2018) Identity access management in cloud enviroinment: Mechanism and challenges. Engineering Science and Technology.

  5. N. Yuvaraj, T. Karthikeyan, & K. Praghash, (2020). An improved task allocation scheme in serverless computing using gray wolf optimization (GWO) based reinforcement learning (RIL) Approach. Wireless Personal Communications.

  6. Eludiora, S. (2011). A User Identity Management protocol for cloud computing paradigm. International Journal of Communication, Network and System Science.

  7. Singh, S., Jeong, Y.S., Park, J.H., (2016). A survey on cloud computing Security: Issues,threats and solutions. Journal of Network and Computer Application.

  8. Indu, I., Anand, P.R., & Bhaskar, V. (2017).Encrypted token based authentication with adapted SAML Technology for cloud web services. Journal of Network and Computer Applications.

  9. J. Spillner, Snafu (2017). Function-as-a-Service (FaaS) Runtime Design and Implementation. CoRR abs/1703.07562.

  10. Younis, Y.A., Kifayat, K., & Merabti, M. (2014). An access control model for cloud computing. Jounral of Information Security and Applications.

  11. Haque, M.F., Miah, M.B.A., & Al Masud, F. (2017). Enhancement of web security against external attack. European Scientific Journal.

  12. Bherde, G.P., & Pund, M.A. (2016) Recent attack prevention techniques in web service applications. In International Conference on Automatic Control and Dynamic Optimization Techniques (ICACDOT).

  13. Luo, X., Zhang, S., & Litvinov, E. (2021). Serverless computing for cloud-based power grid emergency generation dispatch. Electric Power and Energy Systems, 124.

  14. Anggorojati, B., Mahalle, P.N., Prasad, N.R., & Prasad, R. (2017). Capability-based access control with ECC key management for M2M local cloud platform. Wireless Personal Communications

  15. Fu, C.H. (2013).A study on adaptive time token priority-based queuing scheme. Wireless Personal Communications.

  16. Bairwa, A.K., & Joshi, S. (2021). Mutual authentication of nodes using session token with fingerprint and MAC address validation. Egyptian Informatics Journal

  17. Wang, W., Huang, H., Yin, Z., Reddy Gadekallu, T., Alazab, M., & Su, C. (2022). Smart contract token-based privacy-preserving access control system for industrial Internet of Things. Digital Communications and Networks.

  18. Hemanth Kumar, N.P., & Prabhudeva, S. (2021). Layers based optimal privacy preservation of the on-premise data supported by the dual authentication and lightweight on fly encryption in cloud system. Wireless Personal Communications

  19. Pallavi, K.N., & Ravikumar, V., (2020). Authentication‐based access control and data exchanging mechanism of IoT devices in fog computing environment. Wireless Personal Communications.

  20. Mohamed, M.I.B., Hassan, M.F., Safdar, S., & Saleem, M.Q. (2019). Adaptive security architectural model for protecting identity federation in service oriented computing. Journal of King Saud University-Computer and Information Science.

  21. Werner, J., Westphall, C.M., & Westphall, C.B. (2017).Cloud identity Management: A survey on privacy strategies. Computer Networks.

  22. J.F., Gonza´lez, M.C., Rodrı´guez, M.L., Nistal, & L.A., Rifon (2009). Reverse OAuth: A solution to achieve delegated authorizations in single sign-on e-learning systems. Computer & Security.

  23. Navas, J., & Beltrán, M. (2019).Understanding and mitigating OpenID connect threats. Computers & Security

  24. Xie, M., Huang, W., Yang, L., & Yang, Y. (2016). VOAuth: A solution to Protect OAuth against Phishing Computers in Industry.

  25. Puresec: https://www.puresec.io.

  26. Kelly, D., Glavin, F.G., & Barrett, E., (2021). Denial of wallet—defining a looming threat to serverless computing. Journal of Information Security and Applications.

Download references

Funding

Funding (information that explains whether and by whom the research was supported This Project did not receive support from any organization for the submitted work. No funding was received from any organization for the submitted work. No funding was received for conducting this work. No funds, grants or other support was received.

Author information

Authors and Affiliations

  1. Department of Information Technology, Sri Sai Ram Engineering College, Chennai, India

    P. Padma

  2. Department of Computer Science Engineering, R.M.D. Engineering College, Kavarapettai, India

    S. Srinivasan

Authors
  1. P. Padma
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. S. Srinivasan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to P. Padma.

Ethics declarations

Conflict of interest

The authors have no relevant financial or non-financial interest to disclose. The authors have no conflicts of interest to declare that are relevant to the content of this article. All authors certify that they have no affiliations with or involvement in any organization or entity with any financial interest or non-financial interest in the subject matter or materials discussed in this manuscript. The authors have no financial or proprietary interest in any material discussed in this article.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Padma, P., Srinivasan, S. DAuth—Delegated Authorization Framework for Secured Serverless Cloud Computing. Wireless Pers Commun 129, 1563–1583 (2023). https://doi.org/10.1007/s11277-023-10189-7

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-023-10189-7

Keywords

Search

Navigation