[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/2791405.2791487acmotherconferencesArticle/Chapter ViewAbstractPublication PageswciConference Proceedingsconference-collections
research-article

A Mobile Based Remote User Authentication Scheme without Verifier Table for Cloud Based Services

Published: 10 August 2015 Publication History

Abstract

The emerging Cloud computing technology, offering computing resources as a service is gaining increasing attention of both the public and private sector. For the whole hearted adoption of Cloud, the service providers need to ensure that only valid users gain access to the services and data residing within the provider's premises. Ensuring secure access to sensitive resources within the Cloud requires a strong user authentication mechanism using multiple authentication factors. The mechanisms should also consider the increasing needs of Internet access through smart phones and other mobile devices and facilitate access through a variety of devices.
Traditionally, a user needs to maintain separate user accounts for each Service Provider whose service he/she desires to use and this may cause inconvenience to users. Single Sign on (SSO) addresses this issue by permitting users to create one login credential and access multiple services hosted in different domains. In this scenario, a compromise of the single credential can result in account take over at many other sites. This points out to the requirement of strengthening the authentication mechanism by using more than one factor. This paper proposes a SSO based remote user authentication scheme for a Cloud environment. The proposed protocol uses password and mobile token and does not require the server to maintain a verifier table. The protocol is verified using automated security Protocol verification tool, Scyther and the results prove that the protocol provides protection against man-in-the-middle attack, replay attack and secrecy of the user's credentials.

References

[1]
M. Armbrust, A.Fox, R.Griffith, A.D. Joseph, R.Katz, A. Konwinski, G.Lee, D.Patterson, A. Rabkin, I.Stoica and M.Zaharia, "Above the Clouds: A Berkely View of Cloud Computing, "Technical Report No. UCB/EECS-2009-28. http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.pdf
[2]
J. C. Amlan, K. Pradeep, S. Mangal, E. L. Hyota, Hoon-Jue-Lee, "A Strong User Authentication Framework for Cloud Computing," IEEE Asia-Pacific services Computing Conference, 2011
[3]
R. Chakraborty, S.Ramireddy, T.S. Raghu, H.R. Rao, "The Information Assurance Practices of Cloud Computing Vendors," IT Professional, vol. 12, 2010, pp. 29--37
[4]
K. Jeremy, "One of the most convincing phishing attacks yet tricks you with Dropbox sharing," PCWorld, Oct 20, 2014, http://www.pcworld.com/article/2835892/dropbox-used-for-convincing-phishing-attack.html
[5]
M. Robert, "Oops! Amazon Web Services Customer Unleashes 'Denial of Money' Attack -- on Himself," WIRED, April, 2012, http://www.wired.com/2012/04/aws-bill-in-minutes/
[6]
L. Ponemon, "Security of Cloud Computing Users," Ponemon Institute, research report, May 2010. http://www.ca.com/files/industryresearch/security-cloud-computing-users_235659.pdf
[7]
F. Gens, "New IDC IT Cloud Services Survey: Top Benefits and Challenges," IDC Exchange, 2009, http://blogs.idc.com/ie/?p=730
[8]
R. Dhamija and L. Dusseault, "The Seven Flaws of ldentity Management: Usability and Security Challenges," Security & Privacy, IEEE, vol. 6, pp. 24--29, 2008.
[9]
OASIS, Security Assertion Mark Up Language, V2.0, Technical Overview, http://docs.Oasis-open.org/Security/Saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.html
[10]
Rui Jiang, "Advanced Secure User Authentication framework for Cloud Computing", International Journal of Smart
[11]
Sanjeet Kumar Nayak, Subasish Mohapatra, Bansidhar Majhi, "An improved Mutual Authentication Framework for Cloud Computing", IJCA, vol. 52-No. 5, Aug. 2012
[12]
C. Cremers, "Scyther Semantics and Verification of Security Protocols," Ph.D dissertation: Eindhoven University of Technology, 2006
[13]
D. Dolev and A. C. Yao, "On the Security of Public-key Protocols," IEEE Transactions on Information Theory, 2(29): pp. 18--208, 1983
[14]
Cremers, C: "The Scyther Tool: Verication, Falsication, and Analysis of Security Protocols?" Department of Computer Science, ETH Zurich, Switzerland Proceedings of the 20th International Conference on Computer Aided Verification (CAV 2008), Princeton, USA, 2008.

Cited By

View all
  • (2023)A Performant and Secure Single Sign-On System Using MicroservicesProceedings of the 38th ACM/SIGAPP Symposium on Applied Computing10.1145/3555776.3577869(1516-1519)Online publication date: 27-Mar-2023
  • (2021)The Cross-Domain Identity Authentication Scheme Has no Trusted Authentication Center in the Cloud EnvironmentAdvances in Artificial Intelligence and Security10.1007/978-3-030-78621-2_60(726-738)Online publication date: 29-Jun-2021
  • (2018)ID Authentication in PTPM and Public Key Cryptography in Cloud Environment2018 5th International Conference on Information Science and Control Engineering (ICISCE)10.1109/ICISCE.2018.00061(256-260)Online publication date: Jul-2018
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences
WCI '15: Proceedings of the Third International Symposium on Women in Computing and Informatics
August 2015
763 pages
ISBN:9781450333610
DOI:10.1145/2791405
© 2015 Association for Computing Machinery. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of a national government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 August 2015

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Cloud
  2. Mobile Token
  3. No-Verifier-table
  4. SAML
  5. Single Sign-On
  6. Two-Factor Authentication

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

WCI '15

Acceptance Rates

WCI '15 Paper Acceptance Rate 98 of 452 submissions, 22%;
Overall Acceptance Rate 98 of 452 submissions, 22%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)3
  • Downloads (Last 6 weeks)0
Reflects downloads up to 19 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2023)A Performant and Secure Single Sign-On System Using MicroservicesProceedings of the 38th ACM/SIGAPP Symposium on Applied Computing10.1145/3555776.3577869(1516-1519)Online publication date: 27-Mar-2023
  • (2021)The Cross-Domain Identity Authentication Scheme Has no Trusted Authentication Center in the Cloud EnvironmentAdvances in Artificial Intelligence and Security10.1007/978-3-030-78621-2_60(726-738)Online publication date: 29-Jun-2021
  • (2018)ID Authentication in PTPM and Public Key Cryptography in Cloud Environment2018 5th International Conference on Information Science and Control Engineering (ICISCE)10.1109/ICISCE.2018.00061(256-260)Online publication date: Jul-2018
  • (2016)Dual factor authentication to procure cloud services2016 Fourth International Conference on Parallel, Distributed and Grid Computing (PDGC)10.1109/PDGC.2016.7913252(533-537)Online publication date: 2016
  • (2016)Cloud service orchestration based architecture of OpenStack Nova and Swift2016 International Conference on Advances in Computing, Communications and Informatics (ICACCI)10.1109/ICACCI.2016.7732425(2453-2459)Online publication date: Sep-2016

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media