Abstract
Serverless computing which is known as Function as a service becomes a new form of cloud computing. In recent days it enables the components of cloud applications to run on multiple servers in order to provide various functionalities. However, the performance of such applications depends on various modules including the control mechanism of the application. There is a significant reduction in the response time and the ensuing operating costs as the functions are consumed based on need. The most common authorization standards used in Cloud Computing Services nowadays are Open Authorization (commonly referred to as OAuth), OpenID and Security Assertion Markup language. But, the above identity management mechanisms cause additional security vulnerabilities because of their open nature of identity federation. In order to eliminate such vulnerabilities, we have proposed in this paper a novel access named D-Auth which provides both authentication and authorization for serverless computing by introducing Server based with OTP and token authentication in serverless platform by generating D-Auth Tokens and cross sectional Comparative analysis is done between existing and proposed solution to validate the improvement in the protection of Identity management. It considerably reduces security threads by offloading the Identity management to in-premise servers. It enables the organization to implement their own security policies depending on their requirements.
Similar content being viewed by others
Data availability
The paper has referenced datasets from multiple sources to base our assumptions, hypothesize our proposed solution and perform comparisons. For each of the sections, the corresponding data sources have been outlined below: For information, ensuing data points and any subsequent analysis considerations with respect to attacks, reference was taken from “OWASP—2017 Top 10 Web Application Security Risks”(https://owasp.org/www-project-top-ten/) For information, ensuing data points and any subsequent analysis considerations with respect to OAuth related implementation, the reference was taken from the following resources “A Provisioning Model towards OAuth 2.0 Optimization”, IEEE 2011 Conference on Cybernetic Intelligence Systems. (https://repository.uel.ac.uk/item/8617z, https://ieeexplore.ieee.org/document/6169138) “Evaluation of OAuth 2.0 Protocol Implementation for Web Applications”, IEEE 2015 Conference on Computing and Communication (https://ieeexplore.ieee.org/document/7344461) For information, ensuing data points and any subsequent analysis considerations with respect to Serverless Computation, the reference was taken from the following resources “Infrastructure Cost Comparison of Running Web Applications in the Cloud using AWS Lambda and Monolithic and Microservice Architectures”, IEEE 2016 International Symposium on Cluster, Cloud, and Grid Computing (https://sci-hub.se/10.1109/ccgrid.2016.37) “Serverless Computation with Open Lambda”, University of Wisconsin Publication (https://research.cs.wisc.edu/wind/Publications/scott-hotcloud16.pdf) For information, ensuing data points and any subsequent analysis considerations with respect to Encryption mechanism, the reference was taken from “Encrypted token based authentication with adapted SAML technology for cloud web services”, 2017 Journal of Network and Computer Applications (https://www.sciencedirect.com/science/article/abs/pii/S1084804517303156) We hereby declare that data that is restricted for usage or has commercial restrictions to it has not been used, documented or represented as part of this work. During the course of this proposed work and the implementation, no significant datasets were generated for documentation or data sharing.
Code Availability
The code implemented as part of the Proposed work has been uploaded in the below Git paths as open source and the authors hereby, do not place any restriction on use of this data for research purposes and non-commercial purposes. JWT authentication with database and flask server (https://github.com/blacksector/PythonJWTAuth). JWT generation (https://github.com/GehirnInc/python-jwt). JWT generation. (https://github.com/jpadilla/pyjwt). Generating and verifying JWT. (https://github.com/davedoesdev/python-jwt).
References
Varghese, B., & Buyya, R. (2017). Next generation cloud computing: New trends and research directions. Future Generation Computer Systems.
Malawski, M., Gajek, A., Zima, A., Balis, B., & Figiela, K. (2017). Serverless execution of Scientific workflows: Experiment with Hyperflow, AWS lambda and Google Cloud Functions. Future Generation Computer System.
McGrath, G., & Brenner, P.R. (2017). Serverless Computing: Design, Implementation, and Performance. In IEEE 37th international conference on distributed computing systems workshops.
Indu, I., Anand, P. R., & Bhaskar, V. (2018) Identity access management in cloud enviroinment: Mechanism and challenges. Engineering Science and Technology.
N. Yuvaraj, T. Karthikeyan, & K. Praghash, (2020). An improved task allocation scheme in serverless computing using gray wolf optimization (GWO) based reinforcement learning (RIL) Approach. Wireless Personal Communications.
Eludiora, S. (2011). A User Identity Management protocol for cloud computing paradigm. International Journal of Communication, Network and System Science.
Singh, S., Jeong, Y.S., Park, J.H., (2016). A survey on cloud computing Security: Issues,threats and solutions. Journal of Network and Computer Application.
Indu, I., Anand, P.R., & Bhaskar, V. (2017).Encrypted token based authentication with adapted SAML Technology for cloud web services. Journal of Network and Computer Applications.
J. Spillner, Snafu (2017). Function-as-a-Service (FaaS) Runtime Design and Implementation. CoRR abs/1703.07562.
Younis, Y.A., Kifayat, K., & Merabti, M. (2014). An access control model for cloud computing. Jounral of Information Security and Applications.
Haque, M.F., Miah, M.B.A., & Al Masud, F. (2017). Enhancement of web security against external attack. European Scientific Journal.
Bherde, G.P., & Pund, M.A. (2016) Recent attack prevention techniques in web service applications. In International Conference on Automatic Control and Dynamic Optimization Techniques (ICACDOT).
Luo, X., Zhang, S., & Litvinov, E. (2021). Serverless computing for cloud-based power grid emergency generation dispatch. Electric Power and Energy Systems, 124.
Anggorojati, B., Mahalle, P.N., Prasad, N.R., & Prasad, R. (2017). Capability-based access control with ECC key management for M2M local cloud platform. Wireless Personal Communications
Fu, C.H. (2013).A study on adaptive time token priority-based queuing scheme. Wireless Personal Communications.
Bairwa, A.K., & Joshi, S. (2021). Mutual authentication of nodes using session token with fingerprint and MAC address validation. Egyptian Informatics Journal
Wang, W., Huang, H., Yin, Z., Reddy Gadekallu, T., Alazab, M., & Su, C. (2022). Smart contract token-based privacy-preserving access control system for industrial Internet of Things. Digital Communications and Networks.
Hemanth Kumar, N.P., & Prabhudeva, S. (2021). Layers based optimal privacy preservation of the on-premise data supported by the dual authentication and lightweight on fly encryption in cloud system. Wireless Personal Communications
Pallavi, K.N., & Ravikumar, V., (2020). Authentication‐based access control and data exchanging mechanism of IoT devices in fog computing environment. Wireless Personal Communications.
Mohamed, M.I.B., Hassan, M.F., Safdar, S., & Saleem, M.Q. (2019). Adaptive security architectural model for protecting identity federation in service oriented computing. Journal of King Saud University-Computer and Information Science.
Werner, J., Westphall, C.M., & Westphall, C.B. (2017).Cloud identity Management: A survey on privacy strategies. Computer Networks.
J.F., Gonza´lez, M.C., Rodrı´guez, M.L., Nistal, & L.A., Rifon (2009). Reverse OAuth: A solution to achieve delegated authorizations in single sign-on e-learning systems. Computer & Security.
Navas, J., & Beltrán, M. (2019).Understanding and mitigating OpenID connect threats. Computers & Security
Xie, M., Huang, W., Yang, L., & Yang, Y. (2016). VOAuth: A solution to Protect OAuth against Phishing Computers in Industry.
Puresec: https://www.puresec.io.
Kelly, D., Glavin, F.G., & Barrett, E., (2021). Denial of wallet—defining a looming threat to serverless computing. Journal of Information Security and Applications.
Funding
Funding (information that explains whether and by whom the research was supported This Project did not receive support from any organization for the submitted work. No funding was received from any organization for the submitted work. No funding was received for conducting this work. No funds, grants or other support was received.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors have no relevant financial or non-financial interest to disclose. The authors have no conflicts of interest to declare that are relevant to the content of this article. All authors certify that they have no affiliations with or involvement in any organization or entity with any financial interest or non-financial interest in the subject matter or materials discussed in this manuscript. The authors have no financial or proprietary interest in any material discussed in this article.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Padma, P., Srinivasan, S. DAuth—Delegated Authorization Framework for Secured Serverless Cloud Computing. Wireless Pers Commun 129, 1563–1583 (2023). https://doi.org/10.1007/s11277-023-10189-7
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-023-10189-7