Abstract
Cloud computing is an emerging computing paradigm that offers computational facilities and storage as services dynamically on demand basis via the Internet. The ability to scale resources and the pay-as-you-go usage model has contributed to its growth. However, cloud computing inevitably poses various security challenges and majority of prospective customers are worried about unauthorized access to their data. Service providers need to ensure that only authorized users access the resources, and for this they need to adopt strong user authentication mechanisms. The mechanism should provide users with the flexibility to access multiple services without repeated registration and authentication at each provider. Considering these requirements, this chapter deliberates a Single Sign-on based two-factor authentication protocol for cloud based services. The proposed scheme uses password and a mobile token as authentication factors and does not require a verifier table. The formal verification of the protocol is done using Scyther.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
CSA. (2009). Security guidance for critical areas of focus in Cloud Computing V2.1, Prepared by the Cloud Security Alliance.
Weins, K. (2017). Cloud computing trends: State of the cloud survey [Online], Available: http://www.rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2017-state-cloud-survey
Smith, D. M., Natis, Y. V., Petri, G., Bittman, T. J., Knipp, E., Malinverno, P., et al. (2011). Predicts 2012: Cloud computing is becoming a reality (Technical report, as G00226103). Gartner.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., et al. (2009). Above the clouds: A Berkeley view of cloud computing (Technical report UCB/EECS-2009-28). Electrical Engineering and Computer Sciences, University of California.
NIST. (2012). NIST cloud computing program [Online], Available: http://www.nist.gov/itl/cloud/
Gens, F. (2009). New IDC IT cloud services survey: Top benefits and challenges, IDC Exchange [Online]. Available: http://blogs.idc.com/ie/?p=730
Gens, F. (2008). IT cloud services user survey, pt.2: Top benefits and challenges, IDC [Online]. Available: http://blogs.idc.com/ie/?p=210
Mell, P., & Grance, T. (2011). The NIST definition of cloud computing (NIST special publication 800-145) [Online]. Available: http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
Barker, E., Barker, W., Burr, W., Polk, W., & Smid, M. (2012). NIST special publication 800-57, Recommendation for key management-part 1: General (revision 3) [Online]. Available: http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf
Meyer, R. (2007). Secure authentication on the Internet, SANS Institute Infosec Reading Room [Online]. Available: https://www.sans.org/reading-room/whitepapers/securecode/secure-authentication-internet-2084
Ponemon, L. (2009). Security of cloud computing users (Ponemon Institute Research Report May 2010). Challenges, IDC Exchange, http://www.ca.com/files/industryresearch/security-cloud-computing-users_235659.pdf
Fujitsu. (2010). Personal data in the cloud: A global survey of consumer attitudes (Technical report). Fujitsu research Institute.
Liang, C. (2011). The five major authentication issues in the current cloud computing environment [Online]. Available: https://chenliangblog.wordpress.com/tag/e-commerce/
Granneman, J. (2012, August). Password-based authentication: A weak link in cloud authentication [Online]. Available: http://searchcloudsecurity.techtarget.com/tip/Password-based-authentication-A-weak-link-in-cloud-authentication
Misbahuddin, M. (2010). Secure image based multi-factor authentication (SIMFA): A novel approach for web based services. PhD thesis, Jawaharlal Nehru Technological University [Online]. Available: http://shodhganga.inflibnet.ac.in/handle/10603/3473
Stallings, W. (2011). Cryptography and network security, principles and practices (5th ed.). Upper Saddle River, NJ: Pearson Publications.
NIST. (2006, April). Verifier impersonation attack, electronic authentication guideline (NIST special publication 800-63, Version 1.0.2).
Raza, M., Iqbal, M., Sharif, M., & Haider, W. (2012). A survey of password attacks and comparative analysis on methods for secure authentication. World Applied Sciences Journal, 19(4), 439–444.
Cristofaro, C. E., Hongle, D., Freudiger, J. F., & Norcie, G. (2014). A comparative study of two factor authentication. In Proceedings on the workshop on usable security USEC’14, San Diego, CA, USA.
Password Cracking. Wikipedia [Online]. Available: https://en.wikipedia.org/wiki/Password_cracking
Dictionary Attack. Wikipedia [Online]. Available: https://en.wikipedia.org/wiki/Dictionary_attack
Lee, C., Lin, T., & Chang, R. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38, 13863–13870.
Misbahuddin, M., Aijaz, A. M., & Shastri, M. H. (2006). A simple and efficient solution to remote user authentication using smart cards. In Proceedings of IEEE innovations in information technology conference (IIT 06), Dubai.
Rainbow Table. Wikipedia [Online]. Available: https://en.wikipedia.org/wiki/Rainbow_table
Kulshrestha, A, & Dubey, S. K. (2014). A literature review on sniffing attacks in computer networks. International Journal of Advanced Engineering Research and Science, 1(2), 32–37.
Ku, W. C., & Chen, S. M. (2004). Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions Consumer Electronics, 50(1), 204–207.
Chen, Y. C., & Yeh, L. Y. (2005). An efficient nonce-based authentication scheme with key agreement. Applied Mathematics and Computation, 169(2), 982–994.
Kocher, P., Jaffe, J., & Jun, B. (2010). Differential power analysis. In M. Wiener (Ed.) CRYPTO 1999. LNCS: Vol. 1666 (pp. 388–397). Heidelberg: Springer.
Messerges, T. S., dabbish, E. A., & Sloan, R. H. (2002). Examining smart card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.
Hao, Z., Zhong, S., & Yu, N. (2011). A time-bound ticket based mutual authentication scheme for cloud computing. International Journal of Computers, Communications & Control, 6(2), 227–235.
Jaidhar, C. D. (2013). Enhance mutual authentication scheme for cloud architecture. In: Proceeding 3rd IEEE International advanced computing conference (IACC).
Choudhary, A. J., Kumar, P., Sain, M., Lim, H., & Lee, H. J. (2011). A strong user authentication framework for cloud computing. In IEEE Asia Pacific services computing conference.
Jiang, R. (2013). Advanced secure user authentication framework for cloud computing. International Journal of Smart Sensing and Intelligent Systems, 6(4), 1700–1724.
Sanjeet, K. N., Subashish, M., & Bansidhar, M. (2012). An improved mutual authentication framework for cloud computing. IJCA, 52(5), 36–41.
OASIS. (2005, February). Security Assertion Mark Up Language (SAML) 2.0 Technical overview, working draft 03. Available: https://www.oasis-open.org/committees/download.php/27819/sstc-saml-tect-overview-2.0-cd-02.pdf
Hillenbrand, M., Gotze, J., Muller, J., & Muller, P. (2005). A single sign-on framework for web-services-based distributed applications. In Proceedings of 8th international conference on telecommunications, ConTEL 2005 (pp. 273–279).
Trosch, J. (2008). Identity federation with SAML 2.0 [Online]. Available http://security.hsr.ch/theses/DA_2008_IdentityFederation_with_SAML_20.pdf
Cremers, C., & Casimier, J. F. (2006). Scyther - Semantics and verification of security protocols. PhD thesis [Online]. Available: http://alexandria.tue.nl/extra2/200612074.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this chapter
Cite this chapter
Binu, S., Misbahuddin, M., Raj, P. (2018). A Strong Single Sign-on User Authentication Scheme Using Mobile Token Without Verifier Table for Cloud Based Services. In: Daimi, K. (eds) Computer and Network Security Essentials. Springer, Cham. https://doi.org/10.1007/978-3-319-58424-9_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-58424-9_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-58423-2
Online ISBN: 978-3-319-58424-9
eBook Packages: EngineeringEngineering (R0)