A JSON Token-Based Authentication and Access Management Schema for Cloud SaaS Applications

Cloud computing is significantly reshaping the computing industry built around core concepts such as virtualization, processing power, connectivity and elasticity to store and share IT resources via a broad network. It has emerged as the key technology that unleashes the potency of Big Data, Internet of Things, Mobile and Web Applications, and other related technologies, but it also comes with its challenges - such as governance, security, and privacy. This paper is focused on the security and privacy challenges of cloud computing with specific reference to user authentication and access management for cloud SaaS applications. The suggested model uses a framework that harnesses the stateless and secure nature of JWT for client authentication and session management. Furthermore, authorized access to protected cloud SaaS resources have been efficiently managed. Accordingly, a Policy Match Gate (PMG) component and a Policy Activity Monitor (PAM) component have been introduced. In addition, other subcomponents such as a Policy Validation Unit (PVU) and a Policy Proxy DB (PPDB) have also been established for optimized service delivery. A theoretical analysis of the proposed model portrays a system that is secure, lightweight and highly scalable for improved cloud resource security and management.Comment: 6 Page

Review of an Enhanced Authentication Strategy for Multiservice Authorization over Mobile Cloud

Cloud computing has changed the corporate as well as educational industry since it was introduced. The cloud computing is basically cost effective, convenient and on demand service offered to the end users. For instance it lead to cost reserve funds as well as better resource usage and removing the need of specialized technical skill for the users. There exists a huge security concern when utilizing cloud services. The security is extremely vital in cloud computing since individuals and organizations store private information in the cloud and it should likewise be not difficult to utilize the services provided to users. Since the control of services and information required for the regular run of a organization is handled by third party service providers, End user needs to believe the third party cloud service providers and trust that they handle their information in a right way and resources are available as and when needed. There are many approaches proposed for authentication in cloud services. They are intricate, insecure or highly exclusive. In this Paper we have carried of the comparative study of different authentication schemes in cloud computing finally summarize on the basis of different evaluation criteria

A Secure Mobile Cloud Identity: Criteria for Effective Identity and Access Management Standards

Managing digital identities and access control for cloud users and applications remains one of the greatest challenges facing cloud computing today. This led to a new cloud security service paradigm called identity and access management (IAM) service, IDentity-as-a-Service (IDaaS). Many IAM standards have been proposed in the last two decades: Lightweight Directory Access Protocol (LDAP), Central Authentication Service (CAS), OZ Protocol, Security Assertion Markup Language (SAML), CoSign Protocol, Open Authentication (OAuth), and OpenID Connect (OIDC). However, Mobile Cloud Computing (MCC) IAM requirements are somewhat different due to its resource limitations and mobile communication. It may not be necessary that the same IAM standards are equally effective for MCC. To determine the appropriateness of these IAM standards for MCC requires some IAM performance evaluation criteria. Therefore, this paper proposes several evaluation criteria for an effective IAM standard for MCC

Identity management in cloud platforms using VOMS and SPID

Cloud computing is being adopted more and more in recent years. It offers several benefits, such as high elasticity, availability and cost reduction, but yet presents some issues. Among the most important, the potential lack of security can affect the spreading of this technology. As cloud computing is pushing forward to the digital era, where users can have their own digital identity to access restricted resources or services, a reliable authentication and authorization system would attract more users to get involved in such process. This paper proposes an integration of the VOMS (Virtual Organization Membership Service) system for authorization and SPID (Sistema Pubblico per la gestione dell'Identità Digitale) system for authentication, within Cloud Foundry PaaS (Platform as a Service) model. Considerations, differences and interoperability matters will be addressed in order to provide a comprehensive scheme

Comparative study on encryption algorithms in cloud environment

Cloud computing is the Internet based development and used in computer technology where end users are provided with on demand shared resources, software and information. Security is being a major issue in the cloud computing, and it arise attention for Cloud Service Providers (CSP) and end users. Cloud computing security problem raises suspicions and makes many organizations refuse the idea of using the cloud in storing certain data within the cloud computing, especially data with high confidentiality. In addition, cloud users try to avoid being controlled by the CSPs. To avoid the data and data transmission from attackers, appropriate key management is necessary. Besides that, all the data is virtual and cloud is an open service and using a public network such as the Internet for application and services, which has security issues like authentication data loss. Encryption algorithm is a technique that is used to make data on the cloud secured. The aim of the study is to propose the authentication model using Kerberos technique for cloud environment to provides more security. This model can benefit by filtering the unauthorized access and also to reduce the memory usage of cloud provider against authentication checks for each user. It also acts as the third party between cloud server and users to allow authorized access to the cloud services. In this research, the performance of the algorithm is measured based on the computational and communication time. The performance is compared with three algorithms which are RSA, DSA and AES. Result experiment shows that RSA is performing much better than DSA and AES in terms of computational time

Cloud Computing Security for Organizations using Live Signature – TPALM Printing Client Service

Cloud is taking over the computing environment in both public as well as private sector. This has increased the use of service-oriented architecture (SOA) for the development of services later deployed in the Cloud. This paper presents a Cloud Security algorithm using SOA 3.0 for secured transactions on the data, which usually governments of countries like USA International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR) requires to be utilized and distributed only within United States by security cleared personal only. In this paper, we describe a novel algorithm and corresponding cloud service as Cloud Monitoring Gateway (CMG). The current service prototype simulates the behavior of actual Cloud Security Gateway Application (CSGA) using the algorithm called as TPALM (The Privacy Authentication Latency Management). This simulation is coarse-grained, but is capable of measuring the privacy authentication on the given variables of a legit user. We also present an evaluation of this service utilization on actual data

Security Protocol Suite for Preventing Cloud-based Denial-of-Service Attacks

Cloud systems, also known as cloud services, are among the primary solutions of the information technology domain. Cloud services are accessed through an identity authentication process. These authentication processes have become increasingly vulnerable to adversaries who may perform denial-of-service (DoS) attacks to make cloud services inaccessible. Several strong authentication protocols have been employed to protect conventional network systems. Nevertheless, they can cause a DoS threat when implemented in the cloud-computing system. This is because the comprehensive verification process may exhaust the cloud resources and shut down cloud’s services. This thesis proposes a novel cloud-based secure authentication (CSA) protocol suite that provides a smart authentication approach not only for verifying the users’ identities but also for building a strong line of defense against the DoS attacks. CSA protocol suite offers two modules, CSAM-1 and CSAM-2. The decision of which module of CSA to be utilized depends on the deployment nature of the cloud computing. CSAM-1 is designed to prevent external risks of DoS attacks in private and community cloud computing. CSAM-1 utilizes multiple techniques that include the client puzzle problem and utilization of unique encrypted text (UET). Therefore, these techniques can distinguish between a legitimate user’s request and an attacker’s attempt. CSAM-2 is designed to prevent internal risks of DoS attacks in public and hybrid cloud computing. CSAM-2 combines an extended unique encrypted text (EUET) application, client puzzle problem, and deadlock avoidance algorithm to prevent DoS risks that occur from inside cloud computing systems. The authentication process in both modules is designed so that the cloud-based servers become footprint-free and fully able to detect the signs of DoS attacks. The reliability and scalability of these two modules have been measured through a number of experiments using the GreenCloud simulation tool. The experiments’ results have shown that the CSA protocol suite is practically applicable as a lightweight authentication protocol. These experiments have verified the ability of the CSA to protect the cloud-based system against DoS attacks with an acceptable mean time to failure while still having the spare capacity to handle a large number of user requests

Authentication in SaaS by implementing double security measures

Growing trends of services offered in the field of Cloud Computing are increasing on daily basis. These services are divided into three models: Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). Despite this, much interest is shown to the usage of Software as a Service (SaaS) model. This model offers the usage of software’s that are hosted in Cloud that can be accessed by using web browsers or through “thin client”. Security and privacy are two most important problems that can occur in this model. Authentication through password is one of the best methods known as authentication through a parameter. However this is not a safe technique because the password can be easily broken through man-in-the-middle method and other attacks. Being aware of this problem we come to the need of using another technique for authentication known as authentication through two parameters that offers better solution to this problem. This technique allows users to ensure two parameters during the phase of authentication, parameters that are combined together to create a high security. This authentication technique should be used to secure all services and software’s that are offered in Cloud

Secure Cloud Computing Based On Mobile Agents

In this paper, we provide protection to the service requested to the cloud from user. Cloud computing is a examine sloping system that launch services to the client at low cost. According to various researches user verification is the most significant security concern and demanding issue in cloud-based environment. As cloud computing provides different advantages it also brings some of the concern about the security and privacy of information. Cloud computing requests to concentrate on three main security issues : privacy, reliability and accessibility. In this paper, we propose a new approach that provides confidentiality for the services request by the user by using mobile agents for communication between user and cloud layer; we provide security at each layer in cloud computing with Kerberos. We provide security to service which will be request to the cloud with authentication server and TGS system. DOI: 10.17762/ijritcc2321-8169.150318