Browse > Article
http://dx.doi.org/10.6109/jicce.2010.8.4.427

Two Factor Authentication for Cloud Computing  

Lee, Shirly (Department of General, Dongseo University)
Ong, Ivy (Department of General, Dongseo University)
Lim, Hyo-Taek (Department of Computer & Information Engineering, Dongseo University)
Lee, Hoon-Jae (Department of Computer & Information Engineering, Dongseo University)
Publication Information
Journal of information and communication convergence engineering / v.8, no.4, 2010 , pp. 427-432 More about this Journal
Abstract
The fast-emerging of cloud computing technology today has sufficiently benefited its wide range of users from individuals to large organizations. It carries an attractive characteristic by renting myriad virtual storages, computing resources and platform for users to manipulate their data or utilize the processing resources conveniently over Internet without the need to know the exact underlying infrastructure which is resided remotely at cloud servers. However due to the loss of direct control over the systems/applications, users are concerned about the risks of cloud services if it is truly secured. In the literature, there are cases where attackers masquerade as cloud users, illegally access to their accounts, by stealing the static login password or breaking the poor authentication gate. In this paper, we propose a two-factor authentication framework to enforce cloud services' authentication process, which are Public Key Infrastructure (PKI) authentication and mobile out-of-band (OOB) authentication. We discuss the framework's security analysis in later session and conclude that it is robust to phishing and replay attacks, prohibiting fraud users from accessing to the cloud services.
Keywords
Cloud Computing; Mobile OOB Authentication; PKI Authentication; Stream Cipher; Two-Factor Authentication;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Daniele Catteddu and Giles Hogben, "Cloud computing: benefits, risks and recommendations for information security," in European Network and Information Security Agency (ENISA) 2009 Report, [Online] Nov 2009, [2010 May 27] Available: http://www.enisa.europa.eu/
2 M. R. Pamidi, "Cloud Computing: A Status Report," in IT Newsletter of IT Newswire, [Online] Dec 2009, [2010 May 27] Available: http://www.itnewswire.us/Newsletter_December-28-2009.pdf
3 Dai Yuefa, Wu Bo, Gu Yaqiang, Zhang Quan, and Tang Chaojing, "Data Security Model for Cloud Computing," in Proceedings of International Workshop on Information Security and Application (IWISA), pp. 141-144, Nov 2009.
4 Ali Al-Qayedi, Wael Adi, Ahmed Zahro, and Ali Mabrouk "Combined Web/Mobile Authentication for Secure Web Access Control" in Proceedings of Wireless Communications and Networking Conference, 2004 [2010 May 29] Available: http://ieeexplore.ieee.org/stampPDF/getPDF.jsp?tp=&arnumber=1311267
5 T. Chang, B. Park, and Y. H. Kim, "An Efficient Inplementation of the D-Homomorphism for Generation of de Bruijn Sequences," in IEEE Transactions on Information Theory, vol. 45, pp. 1280-1283, May 1999.   DOI   ScienceOn
6 T. Chang and I. Song, "Cross-Joins in de Bruijn Sequences and Maximum Length Linear Sequences", in IEICE Transactions Fundamentals, vol. E76-A, pp.1494-1501, September 1993.
7 HoonJae Lee, SangMin Sung, and HyeongRag Kim, "NLM-128, An Improved LM-type Summation Generator with 2-bit memories," in Proceedings of 4th International Conference on Computer Sciences and Convergence Information Technology (ICCIT), pp. 577-582, Nov 2009.
8 Min Wu,Simson Garfinked, and Rob Mille, "Secure Web Authentication with Mobile Phones," in DIMACS Workshop on Usable Privacy and Security Software, 2004, [2010 May 29] Available: http://dimacs.rutgers.edu/Workshops/Tools/abstract-wu-garfinkel-miller.pdf
9 Kandukuri, B.R., Paturi, V.R., and Rakshit, A, "Cloud Security Issues", in Preceedings of International Conference on Services Computing (SCC), pp. 517-520, Sept 2009.
10 Cloud Security Alliance, "Top Threats to Cloud Computing V1.0," in Cloud Security Alliance Report, [Online] Mar 2010, [2010 May 27] Available: http://www.cloudsecurityalliance.org/topthreats.html
11 Fujisawa, S., Otani, M., and Watanabe, K., "Implementation of PKI Authentication Functions for Network User Authentication System "Opengate"," in International Symposium on Applications and the Internet (SAINT), pp. 297-300, Jul 2008.
12 Barney Beal, "Salesforce.com, customers hit with phishing attack," in SearchCRM.com, [Online] Nov 2007, [2010 May 29] Available: http://searchcrm.techtarget.com/news/1281107/Salesforce-com-customers-hit-with-phishing-attack
13 Toorani, M. and Shirazi, A.A.B., "LPKI - a Lightweight Public Key Infrastructure for the mobile environments," in 11th IEEE Singapore International Conference on Communication Systems (ICCS), pp. 162-166, Nov 2008.
14 W. Stallings, Cryptography and Network Security, 4th ed., Pearson Education, 2005.
15 David Chou,"Strong User Authentication on Web," in Microsoft: The Architecture Journal, [Online] August 2008, [2010 May 29] Available: http://msdn.microsoft.com/en-us/library/cc838351.aspx
16 Seny Kamara and Kristin Lauter, "Cryptographic cloud storage," in Proceedings of Financial Cryptography Workshop on Real-Life Cryptographic Protocols and Standardization, [Online] Jan 2010, [2010 May 29] Available: http://research.microsoft.com/pubs/112576/crypto-cloud.pdf
17 Kaufman, L.M., "Data Security in the World of Cloud Computing," in Magazines of IEEE Security & Privacy, vol. 7, pp. 61-64, Jul 2009.
18 Hoon Jae Lee and Sang Jae Moon, "On an improved summation generator with 2-bit memory," in ACM of Signal Processing, vol. 80, pp.211-217, Jan 2000.   DOI   ScienceOn
19 Felician Alecu, "Security Benefits of Cloud Computing," in International Conference on Security for Information Technoloy and Communication, ISBN 978-606-505-137-9, pp. 71-76, Nov 2008.
20 John W.Rittinghouse and James F.Randsome, "Cloud Computing Implementation,Management and Security " in CRC Press, pp. 153-154, [Online] 2010, [2010 May 29].
21 Frank Gens, "New IDC IT Cloud Services Survey: Top Benefits and Challenges in cloud computing," [Online] Dec 2009, [2010 May 29] Available: http://blogs.idc.com/ie/?p=730