Token-Based Authentication Techniques on Open Source Cloud Platforms

Autores

  • Amit Banerjee South Asian University
  • Mahamudul Hasan

Palavras-chave:

Mobile cloud computing; open source cloud; authentication; accountability; confidentiality; integrity

Resumo

Cloud computing is a service-oriented computational platform that allows on-demand  resource provisioning for low-cost application deployment.   However, security and privacy of the users is a major concern for the cloud service provider, particularly  for applications handling users personal information (health record, GPS location) or performing financial transactions. Authentication is an important security  measure  for establishing accountability and authorization of the users, is often a prerequisite for accessing cloud-based services. In this paper, we mainly focus on the token-based authentication techniques, supported by popular open source cloud platforms [OSCPs], like  Cloudstack, OpenStack, Eucalyptus and OpenNebula. In general, most OSCPs support the basic text-based user authentication. Other techniques,  such as biometrics, gesture and image, can also be implemented on OSCPs. However, in this paper, we choose to discuss the token-based authentication, as it allows users to gain access to multiple cloud services with a single sign-on (SSO). Moreover, token’s can be shared among multiple users for accessing cloud-based services.

Biografia do Autor

  • Amit Banerjee, South Asian University

    Associated with South Asian University (New Delhi, India) as an assistant professor in the Department of Computer Science, since 2011. He received Ph.D. degree from the Department of Computer Science at National Tsing Hua University (Taiwan) in 2009. He served as an engineer in the Industrial Technology Research Institute (ITRI) in Taiwan between 2009 to 2011. His research interest include: cloud computing, IoT, network security, mobile ad-hoc and sensor networks. He is a member of IEEE.

  • Mahamudul Hasan

    Received his master’s degree in computer science from the Department of Computer Science of the South Asian University [SAU] (New Delhi, India) in 2013. Currently, he is a PhD student in the same department in SAU. Earlier, he received B.Sc. (Engineering) in Computer Science and Telecommunication Engineering from Noakhali Science and Technology University [NSTU] (Bangladesh). His research interest includes mobile computing, cloud computing, IoT, network security. He is also serving as a Lecturer in the Department of Computer Science and Telecommunication Engineering of NSTU. He received prestigious ICT and Bangabandhu fellowship from the Bangladesh Government for PhD and master’s studies, respectively.

Referências

Alizadeh, M. & Hassan, W. (2013). Challenges and opportunities of mobile cloud computing. In: Wireless Communications and Mobile Computing Conference (IWCMC), 2013 9th International, (pp. 660-666). IEEE.

Al-Janabi, S. T. F. and s. Rasheed, M. A. (2011). Public-key cryptography enabled Kerberos authentication. In: Developments in E-systems Engineering (DeSE), 2011,

(pp. 209-214). IEEE.

Arifeen, F. U., Siddiqui, R. A., Ashraf, S., & Waheed, S. (2015). Inter-cloud authentication through x.509 for defense organization. In: Applied Sciences and Technology (IBCAST), 2015 12th International Bhurban Conference on, (pp. 299-306). IEEE.

Aull, K., Kerr, T., Freeman, W. & Bellmore, M. (2003). US Patent App. 10/027,607 [Public key infrastructure token issuance and binding]. Washington, DC: US Patent and Trademark office.

Banerjee, A., Hasan, M., Rahman, M. A. & Chapagain, R. (2017). Cloak: A stream cipher based encryption protocol for mobile cloud computing. IEEE Access, 5, 17678-17691.

Bauer, C. (2012). X.509 identity certificates with local verification. In: Communications (ICC), 2012 IEEE International Conference on, (pp. 6727-6732). IEEE.

Blum, M. & Micali, S. (1984). How to generate cryptographically strong sequences of pseudorandom bits. SIAM Journal on Computing, 13(4), 850-864.

Cantor, S., Kemp, I. J., Philpott, N. R. & Maler, E. (2005, March). Assertions and protocols for the oasis security assertion markup language [OASIS standard]. Retrieved from: https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

Chaabane, A., Ding, Y., Dey, R., Kaafar, M. A., & Ross, K. W. (2014). A closer look at third-party OSN applications: Are they leaking your personal information? In: International Conference on Passive and Active Network Measurement, (pp. 235-246). Basel, Swizerland: Springer.

Chen, X., Liu, J., Han, J. & Xu, H. (2010). Primary exploration of mobile learning mode under a cloud computing environment. In: E-Health Net- working, Digital Ecosystems and Technologies (EDT), 2010 International Conference on, (Vol. 2, pp. 484-487. IEEE.

Chiang, J., Yen, E.-W., & Chen, Y.-H. (2013). Authentication, authorization and file synchronization in hybrid cloud: On case of Google Docs, Hadoop and Linux local hosts. In: Biometrics and Security Technologies (IS- BAST), 2013 International Symposium on, (pp. 116-123). IEEE.

Cirani, S., Picone, M., Gonizzi, P., Veltri, L. & Ferrari, G. (2015). IoT-OAS: An OAuth-based authorization service architecture for secure services in IoT scenarios. IEEE Sensors Journal, 15(2), 1224-1234.

Apache CloudStack: Open source cloud computing [Website]. (2017). Retrieved from: http://cloudstack.apache.org/.

Doukas, C., Pliakas, T. & Maglogiannis, I. (2010). Mobile healthcare information management utilizing cloud computing and Android OS. In: Engineering in Medicine and Biology Society (EMBC), 2010 Annual International Conference of the IEEE, (pp. 1037-1040). IEEE.

Endo, P. T., Goncalves, G. E., Kelner, J. & Sadok, D. (2010). A survey on open-source cloud computing solutions. In: Brazilian Symposium on Computer Networks and Distributed Systems. SBC-LARC.

Eucalyptus cloud platform. (2018). Retrieved from: https://github.com/eucalyptus/eucalyptus

Garera, S., Provos, N., Chew, M., & Rubin, A. D. (2007). A framework for detection and measurement of phishing attacks. In: Proceedings of the 2007 ACM Workshop on Recurring Malcode, (pp. 1-8). New York, NY: ACM. doi:10.1145/1314389.1314391

Grzonkowski, S., Corcoran, P., & Coughlin, T. (2011). Security analysis of authentication protocols for next-generation mobile and CE cloud services. In: Consumer Electronics - Berlin (ICCE-Berlin), 2011 IEEE International Conference on, (pp. 83-87). IEEE.

Guo, M.-H., Liaw, H.-T., Hsiao, L.-L., Huang, C.-Y., & Yen, C.-T. (2012). Authentication using graphical password in cloud. In: Wireless Personal Multimedia Communications (WPMC), 2012, 15th International Symposium on, (pp. 177-181). IEEE.

Hammer-Lahav, E. (2010). The OAuth 1.0 protocol [IETF technical report]. Retrieved from: https://tools.ietf.org/html/rfc5849

Hani, Q. B. & Dichter, J. P. (2016). Secure and strong mobile cloud authentication. In: 2016 SAI Computing Conference (SAI), (pp. 562–565). IEEE.

Hardt, D. (2012). The OAuth 2.0 authorization framework [IETF proposed standard]. Retrieved from: https://tools.ietf.org/html/rfc6749?

Hoang, D. & Chen, L. (2010). Mobile cloud for assistive healthcare (mocash). In: Services Computing Conference (APSCC), 2010 IEEE Asia-Pacific, (pp. 325-332). IEEE.

Ismaeel, S., Miri, A., Chourishi, D. & Dibaj, S. M. R. (2015). Open source cloud management platforms: A review. In: Cyber Security and Cloud Computing (CSCloud), 2015 IEEE 2nd International Conference on, (pp. 470-475). IEEE.

Joshi, R. & Lau, W. (2018). US Patent 9,973,491 [Determining an identity of a third-party user in an SAML implementation of a web-service]. Washington, DC: US Patent and Trademark office.

Kang, L. & Zhang, X. (2010). Identity-based authentication in cloud storage sharing. In: Multimedia Information Networking and Security (MINES),2010 International Conference on, (pp. 851-855. IEEE.

Khan, R., Ylitalo, J. & Ahmed, A. (2011). OpenID authentication as a service in OpenStack. In: Information Assurance and Security (IAS), 2011, 7th International Conference on, (pp. 372-377). IEEE.

Khandelwal, N. S. & Kamboj, P. (2015). Two factor authentication using visual cryptography and digital envelope in Kerberos. In: Electrical, Electronics, Signals, Communication and Optimization (EESCO), 2015 International Conference on. IEEE. doi:10.1109/EESCO.2015.7253638

Kim, H. & Timm, S. C. (2014). X.509 authentication and authorization in Fermi Cloud. In: Utility and Cloud Computing (UCC), 2014 IEEE/ACM 7th International Conference on, (pp. 732-737). IEEE.

Le, H. Q., Truong, H. P., Van, H. T. & Le, T. H. (2015). A new pre-authentication protocol in Kerberos 5: Biometric authentication. In: Computing Communication Technologies - Research, Innovation, and Vision for the Future (RIVF), 2015 IEEE RIVF International Conference on, (pp. 157-162). IEEE.

Lecuyer, P. (1999). Tables of linear congruential generators of different sizes and good lattice structure. Mathematics of Computation of the American Mathematical Society, 68(225), 249-260.

Li, J. (2010). Study on the development of mobile learning promoted by cloud computing. In: Information Engineering and Computer Science (ICIECS), 2010 2nd International Conference on, (pp. 1-4). IEEE. doi: 10.1109/ICIECS.2010.5678245

Mainka, C., Mladenov, V., Schwenk, J. & Wich, T. (2017). SoK: Single sign-on security: an evaluation of openID connect. In: Security and Privacy (EuroS&P), 2017 IEEE European Symposium on, (pp. 251-266. IEEE.

Neuman, C., Yu, T., Hartman, S. & Raeburn, K. (2005). RFC 4120: The Kerberos network authentication service (v5) [IETF proposed standard]. Retrieved from: https://tools.ietf.org/html/rfc4120.html

von Neumann, J. (1951). Various techniques used in connection with random digits “Monte Carlo Method”. In: A. S. Householder; G. E. Forsythe; and H. H. Germond (Eds.). National Bureau of Standards Applied Mathematics Series, 12, (pp. 36-38). Washington, D.C.: U.S. Government Printing Office.

Nkosi, M. & Mekuria, F. (2010). Cloud computing for enhanced mobile health applications. In: Cloud Computing Technology and Science (Cloud-Com), 2010 IEEE Second International Conference on, (pp. 629-633). IEEE.

OpenNebula.org [Website]. (2018). Retrieved from: http://opennebula.org/

OpenStack [Website]. (2018). Retrieved from: http://www.openstack.org/

Hong-qing, G. & Yan-jie, Z. (2010). System design of cloud computing based on mobile learning. In: Knowledge Acquisition and Modeling (KAM), 2010 3rd International Symposium on, (pp. 239-242). IEEE. doi:10.1109/KAM.2010.5646248

Recordon, D. & Reed, D. (2006). Openid 2.0: A platform for user-centric identity management. In: Proceedings of the Second ACM workshop on Digital Identity Management, (pp. 11-16). New York, NY: ACM.

Richer, J. & Sanso, A. (2017). OAuth 2 in Action. Shelter Island, NY: Manning Publications.

Ristov, S. & Gusev, M. (2013). Security evaluation of open source clouds. In: EUROCON, 2013 (pp. 73-80). IEEE.

Ruj, S., Stojmenovic, M., & Nayak, A. (2014). Decentralized access control with anonymous authentication of data stored in clouds. Parallel and Distributed Systems, IEEE Transactions on, 25(2), 384-394.

Sabharwal, N. & Shankar, R. (2013). Apache CloudStack cloud computing. Packt Publishing.

Sarvabhatla, M. & Vorugunti, C. (2015). A robust mutual authentication scheme for data security in cloud architecture. In: Communication Systems and Networks (COMSNETS), 2015 7th International Conference on, (pp. 1-6). IEEE.

Tan, W., Hsu, J., & Pinn, F. (2001). US Patent App. 09/792,785 [Method and system for token-based authentication]. Washington, DC: U.S. Patent and Trademark Office.

Tang, W.-T., Hu, C.-M. & Hsu, C.-Y. (2010). A mobile phone based home-care management system on the cloud. In: Biomedical Engineering and Informatics (BMEI), 2010 3rd International Conference on, (Vol. 6, pp. 2442-2445). IEEE.

Thota, C., Sundarasekar, R., Manogaran, G., Varatharajan, R. & Priyan, M. (2018). Centralized fog computing security platform for IoT and cloud in healthcare system. In: Exploring the convergence of big data and the Internet of things, (pp. 141-154). IGI Global.

Wichmann, B. A. & Hill, I. D. (1982). Algorithm as 183: An efficient and portable pseudo-random number generator. Journal of the Royal Statistical Society. Series C (Applied Statistics) 31(2): 188-190.

Wright, B. (1996). Eggs in baskets: Distributing the risks of electronic signatures, J. Marshall J. Computer & Info. 15(2), 189. Retrieved from: https://repository.jmls.edu/jitpl/vol15/iss2/1/

Xiao, Z. & Xiao, Y. (2013). Security and privacy in cloud computing. IEEE Communications Surveys & Tutorials, 15(2): 843-859.

Yang, X., Pan, T. & Shen, J. (2010). On 3g mobile e-commerce platform based on cloud computing. In: Ubimedia Computing (U-Media), 2010 3rd IEEE International Conference on, (pp. 198-201). IEEE.

Yesudas, M., Gupta, S., & Ramamurthy, H. (2014). Cloud-based mobile commerce for grocery purchasing in developing countries. IBM Journal of Research and Development, 58(5/6): 16:1-16:7.

Zwattendorfer, B. & Tauber, A. (2012). Secure cloud authentication using eIDs. In: Cloud Computing and Intelligent Systems (CCIS), 2012 IEEE 2nd International Conference on, (Vol.1, pp. 397-401). IEEE.

Downloads

Publicado

2018-10-29