MULTI – TIER AUTHENTICATION FOR CLOUD SECURITY

INTRODUCTION: One of the most recent fields of Computer Science Engineering in which a huge amount of Research is going on is Cloud Computing. Cloud Computing provides a Flexible and Heterogeneous Platform from where a User / a number of Users can get the desired Services as per their Requirements. It provides a type of Distributed Network from where a number of Users can access the Services directly without intervention to others.

The most striking feature of Cloud Systems is that it provides the Services on Pay per Use basis, i.e., the Customer will have to pay the Amount only for the Services that it had utilized. Another important feature is that it is totally based on Internet. By this, Sharing of Information, Data & Resources has also been possible between Users in a Network, thus Utilization / Efficiency of the Network / Systems has also been improved.

Another important benefit is that Cloud environment is Heterogeneous, i.e., all the Systems that are present in a Network can be of same type or different type. We can consider Cloud Computing as “XAAS” where ‘X’ is a Service provided by the Cloud System and ‘AAS’ means “As a Service”.

CLOUD DELIVERY MODELS: The Services of Cloud Systems are provided to its Users in the form of Models. The Cloud Models are classified into Two Categories, as “SPI Model” and “Cloud Deployment Models”.

1. SPI MODEL: It is the basic Cloud Model in which we classify the Services provided by the Cloud Systems into three broad categories, as Software (SaaS), Platform (PaaS) and Infrastructure (IaaS).
2. SaaS: “Software as a Service” or the SaaS Model deals with providing various Software / Applications to the Users of the Cloud Systems. These Applications are already deployed on the Cloud Systems.
3. PaaS: “Platform as a Service” or the PaaS Model provides the facility to the Cloud Users to access the Cloud Infrastructure for Deployment of the Software / Applications developed by them. By this, Users can get the Domain where they can register their Applications, which can be used by others in future.

iii) IaaS: “Infrastructure as a Service” or the IaaS Model allows the Users to use the Cloud System Resources like Servers to carry out the desired operation. The Cloud Infrastructure is accessible to the User and the User can use it to store its Data / Information.

1. CLOUD DEPLOYMENT MODELS: The Cloud Deployment Models are mainly classified into four categories, as Private Cloud, Community Cloud, Public Cloud and Hybrid Cloud.
2. Private Cloud: The Cloud Infrastructure can be used solely by an Individual or a Single Organization. It can be handled by the Person / Member of the Organization to which it belongs.
3. Community Cloud: The Cloud Infrastructure can be shared by a specific group of People or by a specific group of Organizations. It can be managed by these Organizations or by any Third Party.

iii) Public Cloud: The Cloud Infrastructure and its Services are made available to a large group of People or a number of different Organizations. It can be managed by the Cloud Service Providers.

iv) Hybrid Cloud: This type of Cloud Infrastructure is a composition of two or more different Cloud Models (Private, Community or Public Clouds).

SECURITY FOR CLOUD SYSTEMS: Security is the branch of Computer Science that deals with keeping the Data / Information of the User inside the System or in the network during Transmission intact. It also makes sure that the Sensitive Data of the Users can not be accessed by others or by those who are not authorized for it.  By this, we can divide the Security into Two broad areas, viz. System Security or Computer Security and Network Security / Web Security.

1. System Security: The set of all the Tools and Technologies employed to keep the Data inside the System intact and hidden from unauthorized access is called System Security.
2. Network Security: The set of all the Tools and Technologies that are used to keep the Data to be transmitted across the Network from Source to Destination intact, so that it can be kept secure from unauthorized access by any third party during transmission is called Network Security.

Both the System Security and the Network Security are important in context of the Cloud Systems.

SECURITY PARAMETERS

1. Authentication: To check whether the User is correct or some fake User is pretending to be an Authorized User.
2. Authorization: The User is accessing the Service for which it has proper privileges.
3. Secrecy / Privacy: User Data has been kept Secure and hidden from others.
4. Confidentiality: The Communication between the two parties cannot be penetrated by any third party.

SECURITY THREATS

1. Interruption: The Communication between the two parties can be monitored by any third party.
2. Interception: The Third Party can act as a Receiver (Unauthorized Access) and hijack the Message.
3. Modification: The Third Party can access the Message, modifies / alters it and then sends it to the intended Recipient.
4. Fabrication: The Third Party can create a Message by itself and sends it to the receiver, pretending it to be the Sender (Unauthorized Access).

For Cloud Systems, it is important to maintain the proper secrecy of User Data and the Users of the System must be properly authenticated before granting access to the Systems and also they can be checked about the Services to be provided to them. This is because of the Pay per Use concept.

If a Third Party (Unauthorized User) can access the System by representing it as an Authorized User (Fake Identity) then it can get access over all the Resources and Services for which that User has proper Rights. But what happens when the Bill Amount of the Cloud Service will be generated for that User. For him, it becomes havoc.

SECURITY MEASURES: In normal situations, Passwords, Artifacts and Biometrics are used to keep the Systems / Computers / Workstations / Servers secure so that Data / Information stored in them should remain intact. These techniques can also be employed in Cloud Environments to keep the Information stored in a System secure and free from Unauthorized Access of outsiders. To keep Data to be transmitted across the Network secure, we can use Cryptography (Encryption & Decryption Techniques).

ALGORITHM: A Multi Tier Authentication Technique is suitable for achieving better Security, Data Preservation, Authentication, Authorization and Confidentiality in Cloud Systems.

It works as follows:

STEP I: In this step, the Customer has to provide his Credentials (LOG IN ID and Password) to the System. The System then validates the Credentials. If the Credentials are correct, then the Customer successfully completes the First Level of Authentication.

STEP II: In this Step, the Customer has to select / design a Graphic. This is basically a Graphical Based Authentication Level. Here, the Customer has to select 2 Images that he / she had already selected during the Registration Phase. We can also categorize the Images or all the Images are available as a single pool.

STEP III: The third step or the final step is basically a Dynamic step as each time a new Key has been used to access the System. This is called One Time Password (OTP).

After the second step is completed successfully, the Cloud Server generates a Key and sends it to the User on its Mobile Phone. The User then has to provide this Key to the System. The System then verifies the Key. If the Key is correct, then the Third Level of Authentication is completed successfully by the User. By this, Mutual Authentication between the Client and the Server has been achieved.

                                                            FLOW CHART OF THE ALGORITHM

There is another option in this level that in spite of selecting images, the Customer has to draw a Pattern in a 5 X 5 Grid. If the drawn Pattern is correct then the Customer successfully completes the Second Level of Authentication. The first (Image Selection) Graphics Systems are called Recognition Based Graphical Passwords, while the second (Draw a Pattern or Draw a Secret or DAS) are called Recall Based Graphical Passwords.

The basic modules in the System are:

1. Registration Module: The User has to specify his Credentials (USER ID and Password) and Graphical Password to be used in later phases for Authentication.
2. Change Password Module: In this, the User has the flexibility to change his Password, as well as Graphical Password as per his / her needs.
3. LOG IN Module: The User accesses his System with the User ID and Password. If credentials are correct, then the User will have to provide the Graphical Password. If it is also correct, then the User finally provides the Dynamic Key to access the System.
4. Authentication Module: In the first step, it validates the Credentials provided by the User. If correct, User goes to second level of Authentication. In the second step, it validates the Graphical Password provided by t he User. If correct, the User successfully completes the second level of Authentication. It then generates a Dynamic Key and sends it to User.

The User then provides this Key to the Server. It then validates the Dynamic Key. If it is correct, then the User is Authenticated and now he / she can utilize the System’s Services and Resources for which he / she is Authorized to carry out his / her operations.

                                                                      MODULES OF THE SYSTEM

CONCLUSION: Cloud Computing is a very interesting and efficient platform from where number of Users can get the Service that they require. Also, it is very easy to access as almost everyone in this world is using Internet now a day. But everything thing in this world has some positives as well as some negatives. The major advantage is that it is Flexible, Scalable, Heterogeneous, Distributed and Architecture Neutral.

But we have to make sure that it can be accessed only by the Authorized / Authenticated Users. Otherwise, it can create serious troubles for its Users as they have to reimburse the Bills about the Utilization of System and its Resources by Unauthorized People pretending as authorized ones. There has to be a proper verification of Identities of all the Users who want to access the Cloud and also their privileges should also be verified before providing any Service to them.

By this approach, the chances of Unauthorized Access by the Users to the Cloud Resources and Services are nearly reduced to 0%. Yes, the Complexity of the Proposed Algorithm is high, but if we can ignore this, then it is a good solution for implementing Trust and achieving Identity Management in Cloud Systems.

REFERENCES

[1] Hashizume, Rosado, Medina & Fernandez “An Analysis of Security Issues for Cloud Computing”, Springer Journal of Internet Services & Applications.

[2] Eludiora, Abiona, Oluwatope, Oluwaranti, Onime & Kehinde “A User Identity Management Protocol for Cloud Computing”, Scientific Research International Journal of Communications, Networks & System Sciences.

[3] Gunjan, Sahoo & Tiwari “Identity Management in Cloud Computing – A Review”, International Journal of Engineering, Research & Technology.

[4] Horrow & Sardana “Identity Management Framework for Cloud Based Internet of Things”, Secur IT Conference, India, ACM Journal.

[5] Karunanithi, Kiruthika & Sajeer “Different Patterns of Identity Management implemented in Cloud Computing”, ICAIT, IPCSIT.

[6] Govinda & Ravitheja “Identity Anonymization & Secure Data Storage using Group Signature in Private Cloud”, ICACCI, Chennai.

[7] Angin, Bhargava, Ranchal, Singh, Othmane & Lilien “An Entity Centric Approach for Privacy & Identity Management in Cloud Computing”.

[8] Ronald L. Krutz & Russell Dean Vines “Cloud Security – A Comprehensive Guide to Secure Cloud Computing”, Wiley India Publications.

Best Private Engineering Colleges In Bhopal MP | Engineering Colleges In Bhopal MP