An Hybrid Text-Image Based Authentication for Cloud Services

Authors

  • Daniela Elena Popescu Faculty of Electrical Engineering and Information Technology, University of Oradea Romania, 410087 Oradea, 1, Armatei Romane Str.
  • Alina Madalina Lonea Faculty of Electrical Engineering and Information Technology, University of Oradea Romania, 410087 Oradea, 1, Armatei Romane Str.

Keywords:

authentication, multi factor password authentification, strong authentification, image based, cloud services, IaaS, PaaS, SaaS.

Abstract

The problem of securing access to the online information is acute today when access to bank accounts, health records, intellectual property and business or politically sensitive information are made by only a few clicks, regardless of geographic location. At the same time, more and more of these accesses are made from handsets. Cloud Computing is eminently suitable for addressing problems related to limited client resources, as it offloads computation from clients and offers dynamic provisioning of compute resources. Authentication of the companys users to the cloud service is mandatory because in this way it is eliminated the attacks risks to enter into the Cloud services. A suitable authentication is required for organizations that want to access the Cloud services. Our solution regards increasing security at the Security Access Point level of Cloud Computing and it is in fact a strong hybrid user authentication solution based on using image combined with text in order to avoid the weakness of simple user and password solution for authentication. A two factor password image based authentication method is proposed in this paper for cloud services. This authentication approach is used without additional hardware involved and presents the advantages of utilization in terms of security and usability. Every time when the user will be asked to provide his/her identity, a form for each image included in the photo will be listed. The user will have to remember the secret code for each image and to carefully introduce them in the forms. The global cloud access solution will be based on our hybrid proposed text-image based solution, and will be completed by the X.509 certificates.

References

PARC.R.C., et al.,Authentication in the Clouds: A Framework and its Application to Mobile Users, ACM Cloud Computing Security Workshop (CCSW); 2010 October 8; Chicago, IL, 2011.

CSA, 2010. Domain 12: Guidance for Identity & Access Management V2.1., Cloud Security Alliance. Available at: http://www.cloudsecurityalliance.org/guidance/csaguide-dom12-v2.10.pdf, 2010.

Metri P. and Sarote G., Privacy Issues and Challenges in Cloud computing, International Journal of Advanced Engineering Sciences and Technologies, 5(1): 5-6, 2011.

Tianfield H., Cloud Computing Architectures, Proc. of 2011 IEEE Int. Conf. on Systems, Man and Cybernetics (SMC11), Anchorage, Alaska, USA, 2011.

Lonea A.M., Tianfield H., Popescu D.E., Identity management for cloud computing, In New Concepts and Applications in Soft Computing, Studies in Computational Intelligence Series, Volume 417, May 2012.

SETECS Inc, Security Architecture, for Cloud Computing Environments, White Paper, February 1, Available at: http://security.setecs.com/Documents/5SETECSCloudSecurityArchitecture.pdf, 2011.

Kay, R., Biometric authentication, Available at: http://www.computerworld.com/securitytopics/security/story/2006.

Tari, F., Ant Ozok, A., Holdon, H.S, A Comparison of Percieved and Real Shoulder-surfing Risks Between Alphanumeric and Graphical Passwords, retrieved June 10 2006 Available at: http://cups.cs.cmu.edu/soups/2006/proceedings/p56tari.pdf, 2006.

Dhamija R., et al, DĂŠjĂ Vu: a user study using images for authentication, Proc. of the 9th conference on USENIX Security Symposium - Vol. 9, USENIX Association Berkeley, CA, USA 2000, Available at: http://sparrow.ece.cmu.edu/adrian/projects/usenix2000/usenix.pdf, 2000.

Jackson L., Analysis of Image-Based Authentication and its Role in Security Systems of the Future, Available at: http://www.soc.napier.ac.uk/bill/lee2006.pdf, 2006.

Nitin, Vivek Kumar Sehgal, et al., Image Based Authentication System with Sign-In Seal, Proc. of the World Congress on Engineering and Computer Science, WCECS 2008, San Francisco, USA, 2008.

Newman R.E. HarshP., and Jayaraman P, Security Analysis of and Proposal for Image Based Authentication, IEEE Carnahan, 2005.

Confident Technologies Inc., Confident ImageShieldTM, Available at: http://www.confidenttechnologies.com/products/confident-imageshield, 2011.

Renaud K., Just M., Pictures or Questions? Examining User Responses to Association- Based Authentication, ACM Proceedings of the British HCI Conference 2010, Dundee, Scotland, 6-10 September 2010.

Just M. and Aspinall D., Personal choice and challenge questions: A security and usability assessment. In L. Cranor, editor, SOUPS, ACM International Conference Proceeding Series. ACM, 2009.

Micallef N., Just M., Using Avatars for Improved Authentication with Challenge Questions, Proc. of the The Fifth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2011), August 2011.

Published

2013-02-18

Most read articles by the same author(s)

Obs.: This plugin requires at least one statistics/report plugin to be enabled. If your statistics plugins provide more than one metric then please also select a main metric on the admin's site settings page and/or on the journal manager's settings pages.