Técnicas de autenticación basadas en tokens en plataformas de código abierto en la nube

Cloud computing is a service-oriented computational platform that allows on-demand  resource provisioning for low-cost application deployment.   However, security and privacy of the users is a major concern for the cloud service provider, particularly  for applications handling users personal information (health record, GPS location) or performing financial transactions. Authentication is an important security  measure  for establishing accountability and authorization of the users, is often a prerequisite for accessing cloud-based services. In this paper, we mainly focus on the token-based authentication techniques, supported by popular open source cloud platforms [OSCPs], like  Cloudstack, OpenStack, Eucalyptus and OpenNebula. In general, most OSCPs support the basic text-based user authentication. Other techniques,  such as biometrics, gesture and image, can also be implemented on OSCPs. However, in this paper, we choose to discuss the token-based authentication, as it allows users to gain access to multiple cloud services with a single sign-on (SSO). Moreover, token’s can be shared among multiple users for accessing cloud-based services.El concepto de computación en la nube hace referencia al uso de una plataforma computacional externa, orientada a servicios, que permite suministrar recursos bajo demanda, a bajo costo, para el desarrollo de aplicaciones. La seguridad y privacidad de los usuarios son preocupaciones centrales de los proveedores de este tipo de servicios, particularmente cuando las aplicaciones manejan información personal reservada (como historias clínicas o ubicación geográfica) o cuando realizan transacciones financieras. La autenticación es una importante medida de seguridad para establecer cuentas y autorizar usuarios, por ellos, es un prerrequisito para el acceso a servicios basados en la nube. Este artículo se ha enfocado en las técnicas de autenticación basadas en tokens, las cuales están soportadas por plataformas en nube de código abierto muy comunes, tales como CloudStack, OpenStack, Eucalyptus y OpenNebula. Aunque la mayoría de ellas plataformas soporta la autenticación básica de usuario basada en texto, también admiten otras técnicas, tales como el uso de características biométricas, gestos e imágenes. Se selección a las técnicas de autenticación basadas en tokens para la discusión, porque ellas le permiten a los usuarios el acceso a múltiples servicios en la nube con un único inicio de sesión, y porque los tokens pueden ser compartidos entre múltiples usuarios para el acceso a servicios basados en la nube

A Scheme for improving data confidentiality in the cloud computing environment

Thesis submitted in partial fulfillment of the requirements for the Degree of Master of Science in Computer-Based Information Systems (MSIS) at Strathmore UniversityCloud computing has ushered in an era whereby small and medium sized companies enjoy computing power which was usually a preserve for big corporations. Despite these benefits, the present cloud data confidentiality techniques are still evolving, and as they evolve so are the threats, hence posing security and privacy challenges, thus becoming an impediment to cloud adoption. Currently, cases have been cited where hackers have stolen stored cloud data, later to appear in social media embarrassing the firms. Among the key vulnerabilities attributed to loss of cloud data include: account hijacking, malicious insider breaches, data breaches attributed to weak Identity and access management, phishing, SQL injection, among others. Several research articles have been reviewed with some proposed solutions but these solutions have fallen short of addressing account hijacking and malicious insider threats. In addition, the online survey conducted highlighted that insider breaches are among the main form of vulnerability to cloud data. These challenges within the cloud storage informed the basis for the design of a scheme for improving data confidentiality in the cloud computing environment. The data confidentiality is achieved by implementing authentication login which triggers a six digit code to be sent to a client mobile or e-mail for further authentication, thus, enabling situational awareness of data breaches in real-time. This approach will enhance reliability and trust of cloud services enabling users to maximize on potential benefits offered by the cloud environment