A JSON Token-Based Authentication and Access Management Schema for Cloud SaaS Applications

Cloud computing is significantly reshaping the computing industry built around core concepts such as virtualization, processing power, connectivity and elasticity to store and share IT resources via a broad network. It has emerged as the key technology that unleashes the potency of Big Data, Internet of Things, Mobile and Web Applications, and other related technologies, but it also comes with its challenges - such as governance, security, and privacy. This paper is focused on the security and privacy challenges of cloud computing with specific reference to user authentication and access management for cloud SaaS applications. The suggested model uses a framework that harnesses the stateless and secure nature of JWT for client authentication and session management. Furthermore, authorized access to protected cloud SaaS resources have been efficiently managed. Accordingly, a Policy Match Gate (PMG) component and a Policy Activity Monitor (PAM) component have been introduced. In addition, other subcomponents such as a Policy Validation Unit (PVU) and a Policy Proxy DB (PPDB) have also been established for optimized service delivery. A theoretical analysis of the proposed model portrays a system that is secure, lightweight and highly scalable for improved cloud resource security and management.Comment: 6 Page

An Efficient Anonymous Authentication Scheme for Internet of Vehicles

Internet of Vehicles (IoV) is an intelligent application of IoT in smart transportation, which can make intelligent decisions for passengers. It has drawn extensive attention to improve traffic safety and efficiency and create a more comfortable driving and riding environment. Vehicular cloud computing is a variant of mobile cloud computing, which can process local information quickly. The cooperation of the Internet and vehicular cloud can make the communication more efficient in IoV. In this paper, we mainly focus on the secure communication between vehicles and roadside units. We first propose a new certificateless short signature scheme (CLSS) and prove the unforgeability of it in random oracle model. Then, by combining CLSS and a regional management strategy we design an efficient anonymous mutual quick authentication scheme for IoV. Additionally, the quantitative performance analysis shows that the proposed scheme achieves higher efficiency in terms of interaction between vehicles and roadside units compared with other existing schemes

Secure Cloud Communication for Effective Cost Management System through MSBE

In Cloud Computing Architecture, Brokers are responsible to provide services to the end users. An Effective Cost Management System (ECMS) which works over Secure Cloud Communication Paradigm (SCCP) helps in finding a communication link with overall minimum cost of links. We propose an improved Broker Cloud Communication Paradigm (BCCP) with integration of security issues. Two algorithms are included, first is Secure Optimized Route Cost Finder (S-ORCF) to find optimum route between broker and cloud on the behalf of cost factor and second is Secure Optimized Route Management (S-ORM) to maintain optimum route. These algorithms proposed with cryptographic integrity of the secure route discovery process in efficient routing approaches between broker and cloud. There is lack in Dynamic Source Routing Approach to verify whether any intermediate node has been deleted, inserted or modified with no valid authentication. We use symmetric cryptographic primitives, which is made possible due to multisource broadcast encryption scheme. This paper outlines the use of secure route discovery protocol (SRDP)that employs such a security paradigm in cloud computing.Comment: 12 pages, 3 figures, International Journal on Cloud Computing: Services and Architecture(IJCCSA),Vol.2, No.3, June 201

Internet of Cloud: Security and Privacy issues

The synergy between the cloud and the IoT has emerged largely due to the cloud having attributes which directly benefit the IoT and enable its continued growth. IoT adopting Cloud services has brought new security challenges. In this book chapter, we pursue two main goals: 1) to analyse the different components of Cloud computing and the IoT and 2) to present security and privacy problems that these systems face. We thoroughly investigate current security and privacy preservation solutions that exist in this area, with an eye on the Industrial Internet of Things, discuss open issues and propose future directionsComment: 27 pages, 4 figure

Discrete model for cloud computing: Analysis of data security and data loss

Cloud computing is recognized as one of the most promising solutions to information technology, e.g., for storing and sharing data in the web service which is sustained by a company or third party instead of storing data in a hard drive or other devices. It is essentially a physical storage system which provides large storage of data and faster computing to users over the Internet. In this cloud system, the third party allows to preserve data of clients or users only for business purpose and also for a limited period of time. The users are used to share data confidentially among themselves and to store data virtually to save the cost of physical devices as well as the time. In this paper, we propose a discrete dynamical system for cloud computing and data management of the storage service between a third party and users. A framework, comprised of different techniques and procedures for distribution of storage and their implementation with users and the third party is given. For illustration purpose, the model is considered for two users and a third party, and its dynamical properties are briefly analyzed and discussed. It is shown that the discrete system exhibits periodic, quasiperiodic and chaotic states. The latter discerns that the cloud computing system with distribution of data and storage between users and the third party may be secured. Some issues of data security are discussed and a random replication scheme is proposed to ensure that the data loss can be highly reduced compared to the existing schemes in the literature.Comment: 12 pages, 3 tables, 6 figure

Auditing for Distributed Storage Systems

Distributed storage codes have recently received a lot of attention in the community. Independently, another body of work has proposed integrity checking schemes for cloud storage, none of which, however, is customized for coding-based storage or can efficiently support repair. In this work, we bridge the gap between these two currently disconnected bodies of work. We propose NC-Audit, a novel cryptography-based remote data integrity checking scheme, designed specifically for network coding-based distributed storage systems. NC-Audit combines, for the first time, the following desired properties: (i) efficient checking of data integrity, (ii) efficient support for repairing failed nodes, and (iii) protection against information leakage when checking is performed by a third party. The key ingredient of the design of NC-Audit is a novel combination of SpaceMac, a homomorphic message authentication code (MAC) scheme for network coding, and NCrypt, a novel chosen-plaintext attack (CPA) secure encryption scheme that is compatible with SpaceMac. Our evaluation of a Java implementation of NC-Audit shows that an audit costs the storage node and the auditor a modest amount computation time and lower bandwidth than prior work.Comment: ToN 2014 Submission with Data Dynamic

Hands-Free One-Time and Continuous Authentication Using Glass Wearable Devices

Users with limited use of their hands, such as people suffering from disabilities of the arm, shoulder, and hand (DASH), face challenges when authenticating with computer terminals, specially with publicly accessible terminals such as ATMs. A new glass wearable device was recently introduced by Google and it was immediately welcomed by groups of users, such as the ones described above, as Google Glass allows them to perform actions, like taking a photo, using only verbal commands. This paper investigates whether glass wearable devices can be used to authenticate users, both to grant access (one-time) and to maintain access (continuous), in similar hands-free fashion. We do so by designing and implementing Gauth, a system that enables users to authenticate with a service simply by issuing a voice command, while facing the computer terminal they are going to use to access the service. To achieve this goal, we create a physical communication channel from the terminal to the device using machine readable visual codes, like QR codes, and utilize the device's network adapter to communicate directly with a service. More importantly, we continuously authenticate the user accessing the terminal, exploiting the fact that a user operating a terminal is most likely facing it most of the time. We periodically issue authentication challenges, which are displayed as a QR code on the terminal, that cause the glass device to re-authenticate the user with an appropriate response. We evaluate our system to determine the technical limits of our approach

Auditing for Distributed Storage Systems

Distributed storage codes have recently received a lot of attention in the community. Independently, another body of work has proposed integrity-checking schemes for cloud storage, none of which, however, is customized for coding-based storage or can efficiently support repair. In this work, we bridge the gap between these two currently disconnected bodies of work. We propose NC-Audit, a novel cryptography-based remote data integrity-checking scheme, designed specifically for network-coding-based distributed storage systems. NC-Audit combines, for the first time, the following desired properties: 1) efficient checking of data integrity; 2) efficient support for repairing failed nodes; and 3) protection against information leakage when checking is performed by a third party. The key ingredient of the design of NC-Audit is a novel combination of SpaceMac, a homomorphic message authentication code (MAC) scheme for network coding, and NCrypt, a novel chosen-plaintext attack (CPA) secure encryption scheme that preserves the correctness of SpaceMac. Our evaluation of NC-Audit based on a real Java implementation shows that the proposed scheme has significantly lower overhead compared to the state-of-the-art schemes for both auditing and repairing of failed nodes

SFAMSS: a secure framework for atm machines via secret sharing

As ATM applications deploy for a banking system, the need to secure communications will become critical. However, multicast protocols do not fit the point-to-point model of most network security protocols which were designed with unicast communications in mind. In recent years, we have seen the emergence and the growing of ATMs (Automatic Teller Machines) in banking systems. Many banks are extending their activity and increasing transactions by using ATMs. ATM will allow them to reach more customers in a cost effective way and to make their transactions fast and efficient. However, communicating in the network must satisfy integrity, privacy, confidentiality, authentication and non-repudiation. Many frameworks have been implemented to provide security in communication and transactions. In this paper, we analyze ATM communication protocol and propose a novel framework for ATM systems that allows entities communicate in a secure way without using a lot of storage. We describe the architecture and operation of SFAMSS in detail. Our framework is implemented with Java and the software architecture, and its components are studied in detailed

EPDA: Enhancing Privacy-Preserving Data Authentication for Mobile Crowd Sensing

As a popular application, mobile crowd sensing systems aim at providing more convenient service via the swarm intelligence. With the popularity of sensor-embedded smart phones and intelligent wearable devices, mobile crowd sensing is becoming an efficient way to obtain various types of sensing data from individuals, which will make people's life more convenient. However, mobile crowd sensing systems today are facing a critical challenge, namely the privacy leakage of the sensitive information and valuable data, which can raise grave concerns among the participants. To address this issue, we propose an enhanced secure certificateless privacy-preserving verifiable data authentication scheme for mobile crowd sensing, named EPDA. The proposed scheme provides unconditional anonymous data authentication service for mobile crowd sensing, by deploying an improved certificateless ring signature as the cryptogram essential, in which the big sensing data should be signed by one of legitimate members in a specific group and could be verified without exposing the actual identity of the participant. The formal security proof demonstrates that EPDA is secure against existential forgery under adaptive chosen message and identity attacks in random oracle model. Finally, extensive simulations are conducted. The results show that the proposed EPDA efficiently decreases computational cost and time consumption in the sensing data authentication process