User Authentication Platform using Provisioning in Cloud Computing Environment



Similar documents
A Study on User Access Control Method using Multi-Factor Authentication for EDMS

A Survey on Security Threats and Security Technology Analysis for Secured Cloud Services

Dynamic Query Updation for User Authentication in cloud Environment

API-Security Gateway Dirk Krafzig

Enhancing Web Application Security

IDENTITY MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

Access Control of Cloud Service Based on UCON

Security Considerations for Public Mobile Cloud Computing

A Survey on Cloud Security Issues and Techniques

Context Model Based on Ontology in Mobile Cloud Computing

White Paper. Authentication and Access Control - The Cornerstone of Information Security. Vinay Purohit September Trianz 2008 White Paper Page 1

Development of Integrated Management System based on Mobile and Cloud Service for Preventing Various Hazards

State of Michigan Single Sign-On Registration Instructions for First Time Users

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services

IMAV: An Intelligent Multi-Agent Model Based on Cloud Computing for Resource Virtualization

Design and Implementation of Automatic Attendance Check System Using BLE Beacon

Improving Online Security with Strong, Personalized User Authentication

Keywords Mobile Cloud Operating System (MCOS), Distributed Cloud Operating System, Garbage mobile phone, Cloud Operating System

A Study of Key management Protocol for Secure Communication in Personal Cloud Environment

Chapter 1: Introduction

Biometric SSO Authentication Using Java Enterprise System

An Innovative Two Factor Authentication Method: The QRLogin System

Mobile Cloud Computing Security Considerations

Advanced Authentication

Security Model for VM in Cloud

Multi Factor Authentication API

Development of Integrated Management System based on Mobile and Cloud service for preventing various dangerous situations

How To Secure Cloud Computing

Cloud Database Storage Model by Using Key-as-a-Service (KaaS)

MULTI-DIMENSIONAL PASSWORD GENERATION TECHNIQUE FOR ACCESSING CLOUD SERVICES

Data Integrity Check using Hash Functions in Cloud environment

Introduction to SAML

Public Auditing & Automatic Protocol Blocking with 3-D Password Authentication for Secure Cloud Storage

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

Cloud Computing Security Issues and Access Control Solutions

The Top 5 Federated Single Sign-On Scenarios

Mobile Hybrid Cloud Computing Issues and Solutions

Studying Security Weaknesses of Android System

Evaluation of different Open Source Identity management Systems

Contents. The Genesis of i-pin. The Concept of i-pin & Integrated IDM. The Trust Foundation of i-pin. The Function of i-pin. The Future of i-pin

One-Time Password Contingency Access Process

Alaa Hussein Al-Hamami, Jalal Yousef AL-Juneidi Department of Computer Sciences and Informatics Amman Arab University Amman, Jordan

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Educational Requirement Analysis for Information Security Professionals in Korea

A Study on Service Oriented Network Virtualization convergence of Cloud Computing

WIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES

OPENIAM ACCESS MANAGER. Web Access Management made Easy

QR-SSO : Towards a QR-Code based Single Sign-On system

How Secure is Authentication?

Implementing Identity Provider on Mobile Phone

SECURITY MODELS FOR CLOUD Kurtis E. Minder, CISSP

International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May ISSN

TrustedX: eidas Platform

An Anti-Phishing mechanism for Single Sign-On based on QR-Code

How To Manage A Plethora Of Identities In A Cloud System (Saas)

SECUREAUTH IDP AND OFFICE 365

PortWise Access Management Suite

Data Protection: From PKI to Virtualization & Cloud

Introduction of Information Security Research Division

Case Study: SSO for All: SSOCircle Makes Single Sign-On Available to Everyone

AVG Business SSO Partner Getting Started Guide

BM482E Introduction to Computer Security

FIDO Modern Authentication Rolf Lindemann, Nok Nok Labs

The increasing popularity of mobile devices is rapidly changing how and where we

CHAPTER 1 INTRODUCTION

PortWise Access Management Suite

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 7 Access Control Fundamentals

Adding Stronger Authentication to your Portal and Cloud Apps

Cloud-based Identity and Access Control for Diagnostic Imaging Systems

Secure Semantic Web Service Using SAML

More effective protection for your access control system with end-to-end security

APPLICATION OF CLOUD COMPUTING IN ACADEMIC INSTITUTION

PRIVACY, SECURITY AND THE VOLLY SERVICE

Two-Factor Authentication: Tailor-Made for SMS

Application Based Access Control on Cloud Networks for Data Security

Data Integrity for Secure Dynamic Cloud Storage System Using TPA

Cloud Computing and Business Intelligence

Security Measures of Personal Information of Smart Home PC

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES

Development of a User Management Module for Internet TV Systems

INCREASING THE CLOUD PERFORMANCE WITH LOCAL AUTHENTICATION

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

Groupware / mail / Messenger / Cloud Disk

Transcription:

User Authentication Platform using Provisioning in Cloud Computing Environment Hyosik Ahn, Hyokyung Chang, Changbok Jang, Euiin Choi Dept. Of Computer Engineering, Hannam University, Daejeon, Korea {hsahn, hkjang, chbjang}@dblab.hannam.ac.kr, eichoi@hnu.kr Abstract. Cloud computing is a computing environment centered on users and can use programs or documents stored respectivily in servers by operating an applied software such as Web browser through diverse devices on where users can access Internet as an on-demand outsourcing service of IT resources using Internet. In order to use these cloud computing service, a user authentication is needed. This paper proposed the platform for user authentication using provisioning in Cloud computing environment. Keywords: Cloud Computing, User Authentication, Provisioning, Security 1 Introduction Gartner announced Top 10 of IT strategy technologies of the year of 2010 in 2009, October. Strategy technologies Gartner mentioned are the technologies which importantly affect enterprises for the next 3 years and have a powerful effect on IT and business. They may affect long-term plans, programs, and major projects of enterprises and help enterprises get strategic advantages if enterprises adopt them a head start. Cloud Computing got the top rank (2nd rank in 2009)[1][2]. Cloud Computing is a model of performance business and also infrastructure management methodology. It lets users use hardware, software and network resources as much as possible so as to provide innovative services through Web in these business performance models and also enables to provision a server according to needs of the logical by using automated advanced tools[3][4]. Also, Cloud Computing models offer both users and IT managers user interface which helps manage provisioned resources easy through the entire life cycle of a service request[5][6]. When resources requested by the user arrives through Cloud, the user can track the order consisted of a certain number of servers and software and operate jobs such as checking the state of the resources provided, adding a server, changing the installed software, removing a server, increasing or decreasing allocated processing power and memory or storage, even starting, aborting, and restarting server[7]. Corresponding Author

However, the diffusion of cloud computing incites users desires for more improved, faster and more secure service delivery. Hence, security issues in the Cloud Computing environment are constantly emerging and authentication and access control has been studying. A user in the Cloud Computing environment has to complete the personal authentication process required by the service provider whenever using a new Cloud service. In this process, in the case that the characteristic and safety have been invaded by any attack, there will be a severe damage because personal information stored in the database and business processing service have been exposed or information related to individuals or organizations will be exposed as well. Therefore, this paper designs a platform for user authentication using provisioning in the Cloud Computing environment. 2 Related Works 2.1 Definition of Cloud computing and the Appearance Background Cloud Computing is a kind of on-demand computing method that lets users use IT resources such as network, server, storage, service, application, and so on via Internet when needing them rather than owning them[5]. Cloud Computing can be considered as a sum of SaaS (Software as a Service) and utility computing and Figure 1 shows the roles of users or providers in the Cloud Computing under the concept[9]. Figure 1. Users and Providers of Cloud Computing 2.2 Provisioning Provisioning is a procedure and behavior that prepares required knowledge in advance and provides by requests in order to find the best thing. That is, it allocates, deploys,

and distributes infrastructure resources to meet the needs of users or business and helps use the resources in the system[9]. Server Resources Provisioning: prepares resources like the CPU of the server and memory by allocating and placing the resources appropriately OS Provisioning: prepares OS operative by installing OS in the server and configuring tasks Software Provisioning: prepares to operate by installing/distributing Software(WAS, DBMS, Application, etc.) in the system and doing configuration settings needed Storage Provisioning: enables to identify wasted or unused storage and put it into a common pool. If there is a request of storage since then, the administrator gets one out of the pool and uses. Possible to construct infrastructure to heighten the efficiency of storage Account Provisioning: the process that HR manager and IT manager take the appropriate approval process and then generate accounts needed for various applications such as e-mail. groupware, ERP, etc. or change the access authorities when the category of the resources that users access changes[10] Figure 2 shows such a provisioning service. Figure 2. Provisioning Service 2.3 Security Technology in the Cloud computing Environment There are no concrete security technologies in Cloud Computing, however, if we regard Cloud Computing as an extension of the existing IT technologies, it is possible to divide some of them by each component of Cloud Computing and apply to[12]. Access control and user authentication are representative as security technologies used for platforms. Access control is the technology that controls a process in the operating system not to approach the area of another process. There are DAC

(Discretionary Access Control), MAC (Media Access Control), and RBAC (Role- Based Access Control). DAC helps a user establish the access authority to the resources that he/she owns as he/she pleases. MAC establishes the vertical/horizontal access rules in the system at the standard of security level and area for the resources and uses them. RBAC gives an access authority to a user group based on the role the user group plays in the organization, not to a user. RBAC is widely used because it is fit for the commercial organizations. Technologies used to authenticate a user are Id/password, Public Key Infrastructure, multi-factor authentication, SSO (Single Sign On), MTM (Mobile Trusted Module), and i-pin[11]. 3 User Authentication in the Cloud computing Environment 3.1 User Authentication Technology in the Cloud computing Environment Users in the Cloud Computing environment have to complete the user authentication process required by the service provider whenever they use new Cloud service. Generally a user registers with offering personal information and a service provider provides a user s own ID (identification) and an authentication method for user authentication after a registration is done. Then the user uses the ID and the authentication method to operate the user authentication when the user accesses to use a Cloud Computing service[13]. Unfortunately, there is a possibility that the characteristics and safety of authentication method can be invaded by an attack during the process of authentication, and then it could cause severe damages. Hence, there must be not only security but also interoperability for user authentication of Cloud Computing. 3.2 Weakness of User Authentication Technology in Cloud computing The representative user authentication security technologies described above have some weaknesses[11][12]. Id/password: the representative user authentication method. It is simple and easy to use, but it has to have a certain level of complication and regular renewal to keep the security. PKI(Public Key Infrastructure): an authentication means using a public-key cryptography. It enables to authenticate the other party based on the certificate without shared secret information. In PKI structure, it is impossible to manage and inspect the process of client side. Multi-factor: a method to heighten the security intensity by combining a few means of authentication. Id, password, biometrics like fingerprint and iris, certificate, OTP (One Tome Pad), etc. are used. OTP information as well as Id/password can be disclosed to an attacker.

SSO (Single Sign On): a kind of passport if it gets authentication from a site, then it can go through to other sites with assertion and has no authentication process. The representative standard of assertion is SAML. MTM (Mobile Trusted Module): a hardware-based security module. It is a proposed standard by TCG (Trusted Computing Group) which Nokia, Samsung, France Telecom, Ericson, etc. take part in. It is mainly applied to authenticate terminals from telecommunications, however, it is being considered as a Cloud Computing authentication method with SIM (Subscriber Identity Module) because of generalization of smartphone[15]. i-pin: a technique to use to confirm a user s identification when the user uses Internet in Korea now. It operates in a way that the organization which itself performed the identification of the user issues the assertion. 4 Platform Design for user authentication using Provisioning in Cloud Computing Environment 4.1 User Authentication using Provisioning User authentication platform using provisioning first authenticates by using ID/Password, PKI, SSO, etc. which a user input. Second, it authenticates with Authentication Manager through the user profile and patterns and stores the changes of the state via Monitor. When using Cloud Computing services, to solve the inconvenience of user authentication, user s information is stored in the User Information. Figure 3 shows a conceptual architecture. Figure 3. Conceptual Architecture

For user authentication, Authentication Module has the previous user profile and log data record by Provisioning strategy. 4.2 Design of User Authentication Platform Using Provisioning Figure 4 shows the composition of User authentication platform using provisioning proposed in this paper. Figure 4. Authentication Platform To authenticate a user first, Analyzer analyzes information such as ID/Password, Time, Position, Place, etc. it analyzes user pattern by using Rules for user authentication. To analyze user pattern, it authenticates a user by analyzing with current status and Rules of Profile DB. Profile DB stores user profile like existing user login time, location, position, etc. Also, it monitors the changes of user s status and situations via Status Monitor, records them in the database, and puts user information into User Information. That is how the user authentication process which the service provider asks to users whenever they use Cloud Computing services. 5 Conclusions In this paper, user authentication platform using Provisioning in Cloud Computing environment was proposed and the features of this proposal are as follows. There is some troublesome for users to get user authentication in the existing Cloud Computing environment because they have to go through the user authentication process to use the service every single time by using an ID and authentication method that the service provider provided. So, user authentication platform using Provisioning solves the existing inconvenience and helps use Cloud Computing services easily.

The proposed platform architecture analyzes user information and authenticates a user through user profile. Also, it has user information stored through user monitoring and there is an advantage that the user authentication process required by the service provider can be omitted when using other Cloud Computing services. As further study, there should be a study on protection of user information, which is profile and log data in the platform proposed by this paper. Acknowledgments. This work was supported by the Security Engineering Research Center, granted by the Korea Ministry of Knowledge Economy References 1. Lee, T.: Features of Cloud Computing and Offered Service State by Individual Vender. In: Broadcasting and Communication Policy, vol. 22, pp. 18 22 (2000) 2. http://www.gartner.com/technology/symposium/2009/sym19/about.jsp 3. Lee, J., Choi, D.: New trend of IT led by Cloud Computing. In: LG Economic Research Institute, (2010) 4. Lee, H., Chung, M.: Context-Aware Security for Cloud Computing Environment. In: IEEK, vol. 47, pp. 561 568 (2010) 5. Kim, J., Kim, H.: Cloud Computing Industry Trend and Introduction Effect. In: IT Insight, National IT Industry promotion Agency (2010) 6. http://en.wikipedia.org/wiki/cloud_computing#history 7. Dikaiakos, M.D., et al.: Cloud Computing Distributed Internet Computing for IT and Scientific Research. In: IEEEInternet Computing, pp. 10-13, September/October (2009) 8. Harauz, J., et al.: Data Security in the World of Cloud Computing. In: IEEE Security & Privacy, pp. 61-64 (2009) 9. Lee, J.: Cloud Compting, Changes IT Industry Paradigm. In: LG Business Insight, pp. 40-46 (2009) 10. Kim, H., Park, C.: Cloud Computing and Personal Authentication Service. In: KIISC, vol. 20, pp. 11-19 (2010) 11. Armbust, M., et al.: Above the Clouds: A Berkeley View of Cloud Computing. In: Technical Report. http://www.eeec.berkeley.edu/pubs/techrpts/2009/eeec-2009-28.html (2009) 12. Un, S., et al.: Cloud Computing Security Technology. In: ETRI, vol. 24, no. 4, pp. 79-88 (2009)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information