An Hybrid Text-Image Based Authentication for Cloud Services

Daniela Elena Popescu, Alina Madalina Lonea

Abstract


The problem of securing access to the online information is acute today when access to bank accounts, health records, intellectual property and business or politically sensitive information are made by only a few clicks, regardless of geographic location. At the same time, more and more of these accesses are made from handsets. Cloud Computing is eminently suitable for addressing problems related to limited client resources, as it offloads computation from clients and offers dynamic provisioning of compute resources. Authentication of the companys users to the cloud service is mandatory because in this way it is eliminated the attacks risks to enter into the Cloud services. A suitable authentication is required for organizations that want to access the Cloud services. Our solution regards increasing security at the Security Access Point level of Cloud Computing and it is in fact a strong hybrid user authentication solution based on using image combined with text in order to avoid the weakness of simple user and password solution for authentication. A two factor password image based authentication method is proposed in this paper for cloud services. This authentication approach is used without additional hardware involved and presents the advantages of utilization in terms of security and usability. Every time when the user will be asked to provide his/her identity, a form for each image included in the photo will be listed. The user will have to remember the secret code for each image and to carefully introduce them in the forms. The global cloud access solution will be based on our hybrid proposed text-image based solution, and will be completed by the X.509 certificates.

Keywords


authentication, multi factor password authentification, strong authentification, image based, cloud services, IaaS, PaaS, SaaS.

Full Text:

PDF

References


PARC.R.C., et al.,Authentication in the Clouds: A Framework and its Application to Mobile Users, ACM Cloud Computing Security Workshop (CCSW); 2010 October 8; Chicago, IL, 2011.

CSA, 2010. Domain 12: Guidance for Identity & Access Management V2.1., Cloud Security Alliance. Available at: http://www.cloudsecurityalliance.org/guidance/csaguide-dom12-v2.10.pdf, 2010.

Metri P. and Sarote G., Privacy Issues and Challenges in Cloud computing, International Journal of Advanced Engineering Sciences and Technologies, 5(1): 5-6, 2011.

Tianfield H., Cloud Computing Architectures, Proc. of 2011 IEEE Int. Conf. on Systems, Man and Cybernetics (SMC11), Anchorage, Alaska, USA, 2011.

Lonea A.M., Tianfield H., Popescu D.E., Identity management for cloud computing, In New Concepts and Applications in Soft Computing, Studies in Computational Intelligence Series, Volume 417, May 2012.

SETECS Inc, Security Architecture, for Cloud Computing Environments, White Paper, February 1, Available at: http://security.setecs.com/Documents/5SETECSCloudSecurityArchitecture.pdf, 2011.

Kay, R., Biometric authentication, Available at: http://www.computerworld.com/securitytopics/security/story/2006.

Tari, F., Ant Ozok, A., Holdon, H.S, A Comparison of Percieved and Real Shoulder-surfing Risks Between Alphanumeric and Graphical Passwords, retrieved June 10 2006 Available at: http://cups.cs.cmu.edu/soups/2006/proceedings/p56tari.pdf, 2006.

Dhamija R., et al, DĂŠjĂ Vu: a user study using images for authentication, Proc. of the 9th conference on USENIX Security Symposium - Vol. 9, USENIX Association Berkeley, CA, USA 2000, Available at: http://sparrow.ece.cmu.edu/adrian/projects/usenix2000/usenix.pdf, 2000.

Jackson L., Analysis of Image-Based Authentication and its Role in Security Systems of the Future, Available at: http://www.soc.napier.ac.uk/bill/lee2006.pdf, 2006.

Nitin, Vivek Kumar Sehgal, et al., Image Based Authentication System with Sign-In Seal, Proc. of the World Congress on Engineering and Computer Science, WCECS 2008, San Francisco, USA, 2008.

Newman R.E. HarshP., and Jayaraman P, Security Analysis of and Proposal for Image Based Authentication, IEEE Carnahan, 2005.

Confident Technologies Inc., Confident ImageShieldTM, Available at: http://www.confidenttechnologies.com/products/confident-imageshield, 2011.

Renaud K., Just M., Pictures or Questions? Examining User Responses to Association- Based Authentication, ACM Proceedings of the British HCI Conference 2010, Dundee, Scotland, 6-10 September 2010.

Just M. and Aspinall D., Personal choice and challenge questions: A security and usability assessment. In L. Cranor, editor, SOUPS, ACM International Conference Proceeding Series. ACM, 2009.

Micallef N., Just M., Using Avatars for Improved Authentication with Challenge Questions, Proc. of the The Fifth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2011), August 2011.




DOI: https://doi.org/10.15837/ijccc.2013.2.307



Copyright (c) 2017 Daniela Elena Popescu, Alina Madalina Lonea

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

CC-BY-NC  License for Website User

Articles published in IJCCC user license are protected by copyright.

Users can access, download, copy, translate the IJCCC articles for non-commercial purposes provided that users, but cannot redistribute, display or adapt:

  • Cite the article using an appropriate bibliographic citation: author(s), article title, journal, volume, issue, page numbers, year of publication, DOI, and the link to the definitive published version on IJCCC website;
  • Maintain the integrity of the IJCCC article;
  • Retain the copyright notices and links to these terms and conditions so it is clear to other users what can and what cannot be done with the  article;
  • Ensure that, for any content in the IJCCC article that is identified as belonging to a third party, any re-use complies with the copyright policies of that third party;
  • Any translations must prominently display the statement: "This is an unofficial translation of an article that appeared in IJCCC. Agora University  has not endorsed this translation."

This is a non commercial license where the use of published articles for commercial purposes is forbiden. 

Commercial purposes include: 

  • Copying or downloading IJCCC articles, or linking to such postings, for further redistribution, sale or licensing, for a fee;
  • Copying, downloading or posting by a site or service that incorporates advertising with such content;
  • The inclusion or incorporation of article content in other works or services (other than normal quotations with an appropriate citation) that is then available for sale or licensing, for a fee;
  • Use of IJCCC articles or article content (other than normal quotations with appropriate citation) by for-profit organizations for promotional purposes, whether for a fee or otherwise;
  • Use for the purposes of monetary reward by means of sale, resale, license, loan, transfer or other form of commercial exploitation;

    The licensor cannot revoke these freedoms as long as you follow the license terms.

[End of CC-BY-NC  License for Website User]


INTERNATIONAL JOURNAL OF COMPUTERS COMMUNICATIONS & CONTROL (IJCCC), With Emphasis on the Integration of Three Technologies (C & C & C),  ISSN 1841-9836.

IJCCC was founded in 2006,  at Agora University, by  Ioan DZITAC (Editor-in-Chief),  Florin Gheorghe FILIP (Editor-in-Chief), and  Misu-Jan MANOLESCU (Managing Editor).

Ethics: This journal is a member of, and subscribes to the principles of, the Committee on Publication Ethics (COPE).

Ioan  DZITAC (Editor-in-Chief) at COPE European Seminar, Bruxelles, 2015:

IJCCC is covered/indexed/abstracted in Science Citation Index Expanded (since vol.1(S),  2006); JCR2018: IF=1.585..

IJCCC is indexed in Scopus from 2008 (CiteScore2018 = 1.56):

Nomination by Elsevier for Journal Excellence Award Romania 2015 (SNIP2014 = 1.029): Elsevier/ Scopus

IJCCC was nominated by Elsevier for Journal Excellence Award - "Scopus Awards Romania 2015" (SNIP2014 = 1.029).

IJCCC is in Top 3 of 157 Romanian journals indexed by Scopus (in all fields) and No.1 in Computer Science field by Elsevier/ Scopus.

 

 Impact Factor in JCR2018 (Clarivate Analytics/SCI Expanded/ISI Web of Science): IF=1.585 (Q3). Scopus: CiteScore2018=1.56 (Q2);

SCImago Journal & Country Rank

Editors-in-Chief: Ioan DZITAC & Florin Gheorghe FILIP.