An Hybrid Text-Image Based Authentication for Cloud Services
Keywords:authentication, multi factor password authentification, strong authentification, image based, cloud services, IaaS, PaaS, SaaS.
AbstractThe problem of securing access to the online information is acute today when access to bank accounts, health records, intellectual property and business or politically sensitive information are made by only a few clicks, regardless of geographic location. At the same time, more and more of these accesses are made from handsets. Cloud Computing is eminently suitable for addressing problems related to limited client resources, as it offloads computation from clients and offers dynamic provisioning of compute resources. Authentication of the companys users to the cloud service is mandatory because in this way it is eliminated the attacks risks to enter into the Cloud services. A suitable authentication is required for organizations that want to access the Cloud services. Our solution regards increasing security at the Security Access Point level of Cloud Computing and it is in fact a strong hybrid user authentication solution based on using image combined with text in order to avoid the weakness of simple user and password solution for authentication. A two factor password image based authentication method is proposed in this paper for cloud services. This authentication approach is used without additional hardware involved and presents the advantages of utilization in terms of security and usability. Every time when the user will be asked to provide his/her identity, a form for each image included in the photo will be listed. The user will have to remember the secret code for each image and to carefully introduce them in the forms. The global cloud access solution will be based on our hybrid proposed text-image based solution, and will be completed by the X.509 certificates.
PARC.R.C., et al.,Authentication in the Clouds: A Framework and its Application to Mobile Users, ACM Cloud Computing Security Workshop (CCSW); 2010 October 8; Chicago, IL, 2011.
CSA, 2010. Domain 12: Guidance for Identity & Access Management V2.1., Cloud Security Alliance. Available at: http://www.cloudsecurityalliance.org/guidance/csaguide-dom12-v2.10.pdf, 2010.
Metri P. and Sarote G., Privacy Issues and Challenges in Cloud computing, International Journal of Advanced Engineering Sciences and Technologies, 5(1): 5-6, 2011.
Tianfield H., Cloud Computing Architectures, Proc. of 2011 IEEE Int. Conf. on Systems, Man and Cybernetics (SMC11), Anchorage, Alaska, USA, 2011.
Lonea A.M., Tianfield H., Popescu D.E., Identity management for cloud computing, In New Concepts and Applications in Soft Computing, Studies in Computational Intelligence Series, Volume 417, May 2012.
SETECS Inc, Security Architecture, for Cloud Computing Environments, White Paper, February 1, Available at: http://security.setecs.com/Documents/5SETECSCloudSecurityArchitecture.pdf, 2011.
Kay, R., Biometric authentication, Available at: http://www.computerworld.com/securitytopics/security/story/2006.
Tari, F., Ant Ozok, A., Holdon, H.S, A Comparison of Percieved and Real Shoulder-surfing Risks Between Alphanumeric and Graphical Passwords, retrieved June 10 2006 Available at: http://cups.cs.cmu.edu/soups/2006/proceedings/p56tari.pdf, 2006.
Dhamija R., et al, DÄ‚Å jÄ‚ Vu: a user study using images for authentication, Proc. of the 9th conference on USENIX Security Symposium - Vol. 9, USENIX Association Berkeley, CA, USA 2000, Available at: http://sparrow.ece.cmu.edu/adrian/projects/usenix2000/usenix.pdf, 2000.
Jackson L., Analysis of Image-Based Authentication and its Role in Security Systems of the Future, Available at: http://www.soc.napier.ac.uk/bill/lee2006.pdf, 2006.
Nitin, Vivek Kumar Sehgal, et al., Image Based Authentication System with Sign-In Seal, Proc. of the World Congress on Engineering and Computer Science, WCECS 2008, San Francisco, USA, 2008.
Newman R.E. HarshP., and Jayaraman P, Security Analysis of and Proposal for Image Based Authentication, IEEE Carnahan, 2005.
Confident Technologies Inc., Confident ImageShieldTM, Available at: http://www.confidenttechnologies.com/products/confident-imageshield, 2011.
Renaud K., Just M., Pictures or Questions? Examining User Responses to Association- Based Authentication, ACM Proceedings of the British HCI Conference 2010, Dundee, Scotland, 6-10 September 2010.
Just M. and Aspinall D., Personal choice and challenge questions: A security and usability assessment. In L. Cranor, editor, SOUPS, ACM International Conference Proceeding Series. ACM, 2009.
Micallef N., Just M., Using Avatars for Improved Authentication with Challenge Questions, Proc. of the The Fifth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2011), August 2011.
ONLINE OPEN ACCES: Acces to full text of each article and each issue are allowed for free in respect of Attribution-NonCommercial 4.0 International (CC BY-NC 4.0.
You are free to:
-Share: copy and redistribute the material in any medium or format;
-Adapt: remix, transform, and build upon the material.
The licensor cannot revoke these freedoms as long as you follow the license terms.
DISCLAIMER: The author(s) of each article appearing in International Journal of Computers Communications & Control is/are solely responsible for the content thereof; the publication of an article shall not constitute or be deemed to constitute any representation by the Editors or Agora University Press that the data presented therein are original, correct or sufficient to support the conclusions reached or that the experiment design or methodology is adequate.