6,797 research outputs found
A JSON Token-Based Authentication and Access Management Schema for Cloud SaaS Applications
Cloud computing is significantly reshaping the computing industry built
around core concepts such as virtualization, processing power, connectivity and
elasticity to store and share IT resources via a broad network. It has emerged
as the key technology that unleashes the potency of Big Data, Internet of
Things, Mobile and Web Applications, and other related technologies, but it
also comes with its challenges - such as governance, security, and privacy.
This paper is focused on the security and privacy challenges of cloud computing
with specific reference to user authentication and access management for cloud
SaaS applications. The suggested model uses a framework that harnesses the
stateless and secure nature of JWT for client authentication and session
management. Furthermore, authorized access to protected cloud SaaS resources
have been efficiently managed. Accordingly, a Policy Match Gate (PMG) component
and a Policy Activity Monitor (PAM) component have been introduced. In
addition, other subcomponents such as a Policy Validation Unit (PVU) and a
Policy Proxy DB (PPDB) have also been established for optimized service
delivery. A theoretical analysis of the proposed model portrays a system that
is secure, lightweight and highly scalable for improved cloud resource security
and management.Comment: 6 Page
An Efficient Anonymous Authentication Scheme for Internet of Vehicles
Internet of Vehicles (IoV) is an intelligent application of IoT in smart
transportation, which can make intelligent decisions for passengers. It has
drawn extensive attention to improve traffic safety and efficiency and create a
more comfortable driving and riding environment. Vehicular cloud computing is a
variant of mobile cloud computing, which can process local information quickly.
The cooperation of the Internet and vehicular cloud can make the communication
more efficient in IoV. In this paper, we mainly focus on the secure
communication between vehicles and roadside units. We first propose a new
certificateless short signature scheme (CLSS) and prove the unforgeability of
it in random oracle model. Then, by combining CLSS and a regional management
strategy we design an efficient anonymous mutual quick authentication scheme
for IoV. Additionally, the quantitative performance analysis shows that the
proposed scheme achieves higher efficiency in terms of interaction between
vehicles and roadside units compared with other existing schemes
Secure Cloud Communication for Effective Cost Management System through MSBE
In Cloud Computing Architecture, Brokers are responsible to provide services
to the end users. An Effective Cost Management System (ECMS) which works over
Secure Cloud Communication Paradigm (SCCP) helps in finding a communication
link with overall minimum cost of links. We propose an improved Broker Cloud
Communication Paradigm (BCCP) with integration of security issues. Two
algorithms are included, first is Secure Optimized Route Cost Finder (S-ORCF)
to find optimum route between broker and cloud on the behalf of cost factor and
second is Secure Optimized Route Management (S-ORM) to maintain optimum route.
These algorithms proposed with cryptographic integrity of the secure route
discovery process in efficient routing approaches between broker and cloud.
There is lack in Dynamic Source Routing Approach to verify whether any
intermediate node has been deleted, inserted or modified with no valid
authentication. We use symmetric cryptographic primitives, which is made
possible due to multisource broadcast encryption scheme. This paper outlines
the use of secure route discovery protocol (SRDP)that employs such a security
paradigm in cloud computing.Comment: 12 pages, 3 figures, International Journal on Cloud Computing:
Services and Architecture(IJCCSA),Vol.2, No.3, June 201
Internet of Cloud: Security and Privacy issues
The synergy between the cloud and the IoT has emerged largely due to the
cloud having attributes which directly benefit the IoT and enable its continued
growth. IoT adopting Cloud services has brought new security challenges. In
this book chapter, we pursue two main goals: 1) to analyse the different
components of Cloud computing and the IoT and 2) to present security and
privacy problems that these systems face. We thoroughly investigate current
security and privacy preservation solutions that exist in this area, with an
eye on the Industrial Internet of Things, discuss open issues and propose
future directionsComment: 27 pages, 4 figure
Discrete model for cloud computing: Analysis of data security and data loss
Cloud computing is recognized as one of the most promising solutions to
information technology, e.g., for storing and sharing data in the web service
which is sustained by a company or third party instead of storing data in a
hard drive or other devices. It is essentially a physical storage system which
provides large storage of data and faster computing to users over the Internet.
In this cloud system, the third party allows to preserve data of clients or
users only for business purpose and also for a limited period of time. The
users are used to share data confidentially among themselves and to store data
virtually to save the cost of physical devices as well as the time. In this
paper, we propose a discrete dynamical system for cloud computing and data
management of the storage service between a third party and users. A framework,
comprised of different techniques and procedures for distribution of storage
and their implementation with users and the third party is given. For
illustration purpose, the model is considered for two users and a third party,
and its dynamical properties are briefly analyzed and discussed. It is shown
that the discrete system exhibits periodic, quasiperiodic and chaotic states.
The latter discerns that the cloud computing system with distribution of data
and storage between users and the third party may be secured. Some issues of
data security are discussed and a random replication scheme is proposed to
ensure that the data loss can be highly reduced compared to the existing
schemes in the literature.Comment: 12 pages, 3 tables, 6 figure
Auditing for Distributed Storage Systems
Distributed storage codes have recently received a lot of attention in the
community. Independently, another body of work has proposed integrity checking
schemes for cloud storage, none of which, however, is customized for
coding-based storage or can efficiently support repair. In this work, we bridge
the gap between these two currently disconnected bodies of work. We propose
NC-Audit, a novel cryptography-based remote data integrity checking scheme,
designed specifically for network coding-based distributed storage systems.
NC-Audit combines, for the first time, the following desired properties: (i)
efficient checking of data integrity, (ii) efficient support for repairing
failed nodes, and (iii) protection against information leakage when checking is
performed by a third party. The key ingredient of the design of NC-Audit is a
novel combination of SpaceMac, a homomorphic message authentication code (MAC)
scheme for network coding, and NCrypt, a novel chosen-plaintext attack (CPA)
secure encryption scheme that is compatible with SpaceMac. Our evaluation of a
Java implementation of NC-Audit shows that an audit costs the storage node and
the auditor a modest amount computation time and lower bandwidth than prior
work.Comment: ToN 2014 Submission with Data Dynamic
Hands-Free One-Time and Continuous Authentication Using Glass Wearable Devices
Users with limited use of their hands, such as people suffering from
disabilities of the arm, shoulder, and hand (DASH), face challenges when
authenticating with computer terminals, specially with publicly accessible
terminals such as ATMs. A new glass wearable device was recently introduced by
Google and it was immediately welcomed by groups of users, such as the ones
described above, as Google Glass allows them to perform actions, like taking a
photo, using only verbal commands. This paper investigates whether glass
wearable devices can be used to authenticate users, both to grant access
(one-time) and to maintain access (continuous), in similar hands-free fashion.
We do so by designing and implementing Gauth, a system that enables users to
authenticate with a service simply by issuing a voice command, while facing the
computer terminal they are going to use to access the service. To achieve this
goal, we create a physical communication channel from the terminal to the
device using machine readable visual codes, like QR codes, and utilize the
device's network adapter to communicate directly with a service. More
importantly, we continuously authenticate the user accessing the terminal,
exploiting the fact that a user operating a terminal is most likely facing it
most of the time. We periodically issue authentication challenges, which are
displayed as a QR code on the terminal, that cause the glass device to
re-authenticate the user with an appropriate response. We evaluate our system
to determine the technical limits of our approach
Recommended from our members
Auditing for Distributed Storage Systems
Distributed storage codes have recently received a lot of attention in the community. Independently, another body of work has proposed integrity-checking schemes for cloud storage, none of which, however, is customized for coding-based storage or can efficiently support repair. In this work, we bridge the gap between these two currently disconnected bodies of work. We propose NC-Audit, a novel cryptography-based remote data integrity-checking scheme, designed specifically for network-coding-based distributed storage systems. NC-Audit combines, for the first time, the following desired properties: 1) efficient checking of data integrity; 2) efficient support for repairing failed nodes; and 3) protection against information leakage when checking is performed by a third party. The key ingredient of the design of NC-Audit is a novel combination of SpaceMac, a homomorphic message authentication code (MAC) scheme for network coding, and NCrypt, a novel chosen-plaintext attack (CPA) secure encryption scheme that preserves the correctness of SpaceMac. Our evaluation of NC-Audit based on a real Java implementation shows that the proposed scheme has significantly lower overhead compared to the state-of-the-art schemes for both auditing and repairing of failed nodes
SFAMSS: a secure framework for atm machines via secret sharing
As ATM applications deploy for a banking system, the need to secure
communications will become critical. However, multicast protocols do not fit
the point-to-point model of most network security protocols which were designed
with unicast communications in mind. In recent years, we have seen the
emergence and the growing of ATMs (Automatic Teller Machines) in banking
systems. Many banks are extending their activity and increasing transactions by
using ATMs. ATM will allow them to reach more customers in a cost effective way
and to make their transactions fast and efficient. However, communicating in
the network must satisfy integrity, privacy, confidentiality, authentication
and non-repudiation. Many frameworks have been implemented to provide security
in communication and transactions. In this paper, we analyze ATM communication
protocol and propose a novel framework for ATM systems that allows entities
communicate in a secure way without using a lot of storage. We describe the
architecture and operation of SFAMSS in detail. Our framework is implemented
with Java and the software architecture, and its components are studied in
detailed
EPDA: Enhancing Privacy-Preserving Data Authentication for Mobile Crowd Sensing
As a popular application, mobile crowd sensing systems aim at providing more
convenient service via the swarm intelligence. With the popularity of
sensor-embedded smart phones and intelligent wearable devices, mobile crowd
sensing is becoming an efficient way to obtain various types of sensing data
from individuals, which will make people's life more convenient. However,
mobile crowd sensing systems today are facing a critical challenge, namely the
privacy leakage of the sensitive information and valuable data, which can raise
grave concerns among the participants. To address this issue, we propose an
enhanced secure certificateless privacy-preserving verifiable data
authentication scheme for mobile crowd sensing, named EPDA. The proposed scheme
provides unconditional anonymous data authentication service for mobile crowd
sensing, by deploying an improved certificateless ring signature as the
cryptogram essential, in which the big sensing data should be signed by one of
legitimate members in a specific group and could be verified without exposing
the actual identity of the participant. The formal security proof demonstrates
that EPDA is secure against existential forgery under adaptive chosen message
and identity attacks in random oracle model. Finally, extensive simulations are
conducted. The results show that the proposed EPDA efficiently decreases
computational cost and time consumption in the sensing data authentication
process
- …