Abstract
With the widespread use of computer networks, the challenge of distributed systems is to support multiple security policies. Notably, the cloud computing that represents a revolution in computer system, with its hype today, the services providers migrate to the integration of the said systems in different areas. Despite his advantages such speed, Qos and performance, actually, the cloud does not present a solution to address the problems of computer systems which stay more complex, namely security. In practice, cloud computing defines several security limitations because of the problem of virtualization and segmentation of data, therefore, several approaches have been proposed to address security issues, including authentication. In this paper we implement cloud authentication issues while emphasizing the different principles namely the Trusted Third Party (TTP) and the Third Party Auditor (TPA) as well as the authentication techniques based on these two principles in order to define the specific security requirements for the cloud.
Supported by organization x.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Ahmad, S., Ehsan, B.: The cloud computing security secure user authentication technique (multi level authentication). IJSER 4(12), 2166–2171 (2013)
El Balmany, C., Asimi, A., Tbatou, Z.: IaaS cloud model security issues on behalf cloud provider and user security behaviors. Procedia Comput. Sci. 134, 328–333 (2018). Elsevier
Bhadauria, R., Chaki, R., Chaki, N., Sanyal, S.: A survey on security issues in cloud computing, pp. 1–15 . arXiv preprint arXiv:1109.5388 (2011)
Celesti, A., Tusa, F., Villari, M., Puliafito, A.: Three-phase cross-cloud federation model: the cloud SSO authentication. In: 2010 Second International Conference on Advances in Future Internet, pp. 94–101. IEEE (2010)
Chari, S., Jutla, C.S., Roy, A.: Universally composable security analysis of OAuth v2.0. IACR Cryptology ePrint Archive 2011, p. 526 (2011)
Chatterjee, S., Hankerson, D., Knapp, E., Menezes, A.: Comparing two pairing-based aggregate signature schemes. Designs Codes Crypt. 55(2–3), 141–167 (2010)
Diffie, W., Van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Designs Codes Crypt. 2(2), 107–125 (1992)
Fan, C.I., Lin, Y.H.: Provably secure remote truly three-factor authentication scheme with privacy protection on biometrics. IEEE Trans. Inf. Forensics Secur. 4(4), 933–945 (2009)
Fong, P.W.: Relationship-based access control: protection model and policy language. In: Proceedings of the First ACM Conference on Data and Application Security and Privacy, pp. 191–202. ACM (2011)
Groß, T.: Security analysis of the SAML single sign-on browser/artifact profile. In: 19th Annual Computer Security Applications Conference, Proceedings, pp. 298–307. IEEE (2003)
He, D., Chan, S., Chen, C., Bu, J., Fan, R.: Design and validation of an efficient authentication scheme with anonymity for roaming service in global mobility networks. Wireless Pers. Commun. 61(2), 465–476 (2011)
Joshi, M., Moudgil, Y.S., et al.: Secure cloud storage. Int. J. Comput. Sci. Commun. Netw. 1(2), 171–175 (2011)
Kumar, R., Pandey, A.: A survey on security issues in cloud computing. Int. J. Sci. Res. Sci. Eng. Technol. (IJSRSET) 2(3), 506–517 (2016)
Li, X.Y., Zhou, L.T., Shi, Y., Guo, Y.: A trusted computing environment model in cloud architecture. In: 2010 International Conference on Machine Learning and Cybernetics, vol. 6, pp. 2843–2848. IEEE (2010)
Li, X., Niu, J., Kumari, S., Liao, J., Liang, W.: An enhancement of a smart card authentication scheme for multi-server architecture. Wireless Pers. Commun. 80(1), 175–192 (2015)
Naik, N., Jenkins, P.: An analysis of open standard identity protocols in cloud computing security paradigm, pp. 428–431. IEEE (2016)
Oswald, E.: Enhancing simple power-analysis attacks on elliptic curve cryptosystems. In: International Workshop on Cryptographic Hardware and Embedded Systems, pp. 82–97. Springer (2002)
Ranchal, R., Vijayachandra, J., Sagarika, P., Prathusha, B.: Protection of identity information in cloud computing without trusted third party. In: 2010 29th IEEE Symposium on Reliable Distributed Systems, pp. 368–372. IEEE (2010)
Ranjith, G., Vijayachandra, J., Sagarika, P., Prathusha, B.: Intelligence based authentication-authorization and auditing for secured data storage. Int. J. Adv. Eng. Technol. 8(4), 628 (2015)
Rizvi, S., Razaque, A., Cover, K.: Third-party auditor (TPA): a potential solution for securing a cloud environment. In: 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing, pp. 31–36. IEEE (2015)
Sarr, A.: Authenticated key agreement protocols: security models, analyses, and designs. Ph.D. thesis, Université Joseph-Fourier-Grenoble I (2010)
Sharma, G.K., Hon, L.K.-M., Burjoski, J.D., Schneider, K.C.: Method and system for third party client authentication. Google Patents. US Patent 8,918,848, 23 December 2014
Sun, S.T., Beznosov, K.: The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems. In: Proceedings of the 2012 ACM conference on Computer and Communications Security, pp. 378–390. ACM (2012)
Tbatou, Z., Asimi, A., Asimi, Y., Sadqi, Y.: Kerberos v5: Vulnerabilities and perspectives. In: 2015 Third World Conference on Complex Systems (WCCS), pp. 1–5. IEEE (2015)
Tbatou, Z., Asimi, A., Asimi, Y., Sadqi, Y., Guezzaz, A.: A new mutuel kerberos authentication protocol for distributed systems. IJ Netw. Secur. 19(6), 889–898 (2017)
Tianfield, H.: Security issues in cloud computing. In: 2012 IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 1082–1089. IEEE (2012)
Wang, B., Li, B., Li, H.: Oruta: privacy-preserving public auditing for shared data in the cloud. IEEE Trans. Cloud Comput. 2(1), 43–56 (2014)
Wang, C., Ren, K., Lou, W., Li, J.: Toward publicly auditable secure cloud data storage services. IEEE Network 24(4), 19–24 (2010)
Wang, D., He, D., Wang, P., Chu, C.H.: Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans. Dependable Secure Comput. 12(4), 428–442 (2015)
Wang, G., Yu, J., Xie, Q.: Security analysis of a single sign-on mechanism for distributed computer networks. IEEE Trans. Industr. Inf. 9(1), 294–302 (2013)
Wang, Q., Wang, C., Ren, K., Lou, W., Li, J.: Enabling public auditability and data dynamics for storage security in cloud computing. IEEE Trans. Parallel Distrib. Syst. 22(5), 847–859 (2011)
Wang, Z.: Security and privacy issues within the cloud computing. In: 2011 International Conference on Computational and Information Sciences, pp. 175–178. IEEE (2011)
Yang, F., Manoharan, S.: A security analysis of the OAuth protocol. In: 2013 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM), pp. 271–276. IEEE (2013)
Yang, G., Wong, D.S., Wang, H., Deng, X.: Formal analysis and systematic construction of two-factor authentication scheme (short paper). In: International Conference on Information and Communications Security, pp. 82–91. Springer (2006)
Yang, G., Wong, D.S., Wang, H., Deng, X.: Two-factor mutual authentication based on smart cards and passwords. J. Comput. Syst. Sci. 74(7), 1160–1172 (2008)
Yang, H., Zhang, Y., Zhou, Y., Fu, X., Liu, H., Vasilakos, A.V.: Provably secure three-party authenticated key agreement protocol using smart cards. Comput. Netw. 58, 29–38 (2014)
Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Future Gener. Comput. Syst. 28(3), 583–592 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Tbatou, Z., Asimi, A., El Balmany, C. (2020). Trust in Cloud Computing Challenges: A Recent Survey. In: Farhaoui, Y. (eds) Big Data and Networks Technologies. BDNT 2019. Lecture Notes in Networks and Systems, vol 81. Springer, Cham. https://doi.org/10.1007/978-3-030-23672-4_25
Download citation
DOI: https://doi.org/10.1007/978-3-030-23672-4_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-23671-7
Online ISBN: 978-3-030-23672-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)