Manel Medhioub,Mohamed Hamdi,Tai-Hoon Kim

DOI: https://doi.org/10.1145/2947626.2951963

2016-01-01

Abstract:Recent technological advances have given rise to the popularity and success of cloud. This new paradigm is gaining an expanding interest, since it provides cost efficient architectures that support the transmission, storage, and intensive computing of data. However, the prospect of outsourcing an increasing amount of data storage and management, the abstract nature of the cloud and the diversity of the delivered services increase their vulnerability to security incidents and attacks. The objective of this paper is to provide a comprehensive review of the existing security requirements in cloud storage environments. In addition, it explores ID-based Cryptography power to address the protection of cloud storage infrastructures. As a main contribution, a new authentication scheme for Cloud-based Storage applications is proposed.

Zaid Ameen Abduljabbar,Hai Jin,Zaid Alaa Hussien,Ali A. Yassin,Mohammed Abdulridha Hussain,Salah H. Abbdal,Deqing Zou

DOI: https://doi.org/10.1109/bigdatasecurity-hpsc-ids.2016.25

2016-01-01

Abstract:Recently, security issues are obstructing the development and using of cloud computing services. Authentication plays an important role in the cloud security, and numerous concerns have been raised to prevent an unauthorized users to access the entities' resources (sender and receiver) within the cloud environment. Existing solutions are based on one-time authentication scheme, in which a user's password is applicable only for one login session. However, none of the proposed schemes are sufficiently secure to prevent known forms of attack. In addition, these schemes often suffer from significant overhead in the key management.For this reason, we propose a robust one-time authentication scheme based on a non-interactive one-time biometric key to generate one-time login request message. The key used in our scheme has two strong building blocks; that is, it is biometrically based on the extraction of features from the entities' irises, and cryptographically based on the strong key-based message authentication code MAC-SHA-512 and Rivest Cipher 4. The proposed scheme exhibits several important security attributes, such as key agreement, biometric key management, a single authentication request for each user's login, mutual authentication, invulnerability, and efficiency.

Jasmine, R. Megiba

DOI: https://doi.org/10.1007/s11276-024-03780-8

IF: 2.701

2024-06-11

Wireless Networks

Abstract:Today, cloud computing has received greater attention for storing and processing huge amounts of data over the internet. Security concerns are one of the most challenging issues that have affected the growth of cloud computing services. Data storage in the cloud is unsecured using a password system that can be easily stolen by intruders. Hence, there is a need to achieve cloud data security using multimodal biometric cryptosystem-based authentication and encryption systems and to mitigate the risk of attackers, especially in the case of accessing the data from unauthorized users. In this paper, we propose a Secure Multimodal Cloud Authentication and Authorization Scheme (SMCAAS) framework that brings additional security to both encryption and authentication for user biometric identification against different attacks in the cloud environment. In the SMCAAS framework, we presented an improved encryption system using the Biometric Identity Based Encryption Method (BIBE) to facilitate the exchange of the trapdoor between the user's Biometric Identity Record (BIR) and the cloud server with additional security measures in cloud computing environments. Then a trusted cryptographic hash function uses the Secure Hash Algorithm-512 (SHA-512) to authenticate the biometric user who intends to access the system. Based on the derived two steps, the Multimodal Biometric Authentication Module (MBAM) module performs multimodal biometric features to provide additional security and is designed to verify the user's biometric identity in a cloud environment. Informal security analysis proves that the SMCAAS approach is secure against different attacks. Numerical results demonstrate that the SMCAAS approach obtains high security in terms of error rate (ERR) and biometric quality metrics, and also that the performance measures of the encryption and decryption time for the message file achieve less average time than other methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Vishruti Kakkad,Meshwa Patel,Manan Shah

DOI: https://doi.org/10.1007/s41939-019-00049-y

2019-05-10

Abstract:Cloud computing is a major blooming technology which has numerous applications in today’s market and is rightly so hyped. Images are a major part of today’s internet data traffic, especially due to widespread social media, and hence, its security is crucial. However, in the present scenario, the images in cloud are a major issue in terms of security. Since the user who has uploaded the image has no control over the security of images, the cloud provider has to ensure maximum security in terms of authentication and prevention from attacks. The main objective of this paper is to provide a method to enhance the safety of images on cloud. This paper presents an idea of securing images on cloud platform using biometric authentication. Different steps involved in biometric authentication and secure upload and access of images are explained, and integration of all the steps is done at the end as a case study which puts light on the whole process in which methods are best-regarding results and compatibility. The proposed algorithm in this paper presents the idea of authentication of images in two basic steps of image compression using standard discrete wavelet transform method followed by image encryption using the hybrid method of SHA and blowfish. This image is then stored into the database of cloud and accessed whenever the user requests it. A structured and comprehensive view of encryption methods, types of biometrics and to secure data as well as images is provided in this paper.

Vinoth Kumar M,K Venkatachalam,Prabu P,Abdulwahab Almutairi,Mohamed Abouhawwash

DOI: https://doi.org/10.7717/peerj-cs.569

2021-07-30

PeerJ Computer Science

Abstract:Cloud computing is one of the evolving fields of technology, which allows storage, access of data, programs, and their execution over the internet with offering a variety of information related services. With cloud information services, it is essential for information to be saved securely and to be distributed safely across numerous users. Cloud information storage has suffered from issues related to information integrity, data security, and information access by unauthenticated users. The distribution and storage of data among several users are highly scalable and cost-efficient but results in data redundancy and security issues. In this article, a biometric authentication scheme is proposed for the requested users to give access permission in a cloud-distributed environment and, at the same time, alleviate data redundancy. To achieve this, a cryptographic technique is used by service providers to generate the bio-key for authentication, which will be accessible only to authenticated users. A Gabor filter with distributed security and encryption using XOR operations is used to generate the proposed bio-key (biometric generated key) and avoid data deduplication in the cloud, ensuring avoidance of data redundancy and security. The proposed method is compared with existing algorithms, such as convergent encryption (CE), leakage resilient (LR), randomized convergent encryption (RCE), secure de-duplication scheme (SDS), to evaluate the de-duplication performance. Our comparative analysis shows that our proposed scheme results in smaller computation and communication costs than existing schemes.

computer science, information systems, artificial intelligence, theory & methods

Guoyou Chen,Jiajia Miao,Feng Xie,Handong Mao

DOI: https://doi.org/10.4028/www.scientific.net/amm.278-280.1767

2013-01-01

Applied Mechanics and Materials

Abstract:Cloud computing has been a hot researching area of computer network technology, since it was proposed in 2007. Cloud computing also has been envisioned as the next-generation architecture of IT Enterprise [1]. Cloud computing infrastructures enable companies to cut costs by outsourcing computations on-demand. It moves the application software and database to the large data centers, where the management of the data and services may not be fully trustworthy [2]. This poses many new security challenges. In this paper, we just focus on data storage security in the cloud, which has been the most important aspect of quality of service. To ensure the confidentiality and integrity of user's data in the cloud, and support of data dynamic operations, such as modification, insertion and deletion, we propose a framework for storage security, which includes cryptographic storage scheme and data structure. With our framework, the untrusted server cannot learn anything about the plaintext, and the dynamic operation can be finished in short time. The encryption algorithm and data storage structure is simple, and it's easy to maintain. Hence, our framework is practical to use today.

Mohammad Wazid,Ashok Kumar Das,Saru Kumari,Xiong Li,Fan Wu

DOI: https://doi.org/10.1002/sec.1591

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Cloud computing, the conjoin of many types of computing, has made a great impact on the life of everyone. People from anywhere can access the different cloud-based services by using the Internet. A user, who wants to access some cloud-based service, needs to register himself/herself to an authority (service provider), and after that, he/she can use the service. To access the service, each user needs to authenticate to that particular cloud server. Several user authentication schemes for cloud computing have been presented but mostly have limitations/drawbacks as they are prone to various known attacks, such as privileged insider, user and server impersonation, and strong reply attacks, and they also have lack of functionality features. Moreover, these schemes do not provide efficient password change phase. In order to overcome these drawbacks, we propose a new provably secure biometric-based user authentication and key agreement scheme for cloud computing. The proposed scheme overcomes the weaknesses of the existing schemes and supports extra functionality features including user anonymity and efficient password and biometric update phase for multi-server environment. The careful formal security analysis under standard model and informal security analysis and the simulation results for formal security verification using the most acceptable AVISPA tool show that the proposed scheme is secure against various known possible attacks. The analysis of computation and communication overheads of our scheme depicts its efficiency over other related existing schemes, and thus, the proposed scheme is suitable for the cloud computing environment. Copyright (C) 2016 John Wiley & Sons, Ltd.

Chang Xu,Lvhan Zhang,Liehuang Zhu,Chuan Zhang,Kashif Sharif

DOI: https://doi.org/10.1109/trustcom53373.2021.00063

2021-01-01

Abstract:Biometrics identification has been used in a growing number of fields in recent years, since it is more secure, classified and convenient. With the development of cloud computing, database systems are able to upload large amounts of biometric data to cloud server for storage and identification to save local memory and improve computational efficiency. However, this involves potential privacy concerns because of the introduction of third-party platforms. In this paper, we achieve computational and communication efficiency in biometric identification, while preserving the privacy of data. Specifically, the database system firstly encrypts all biometric data and query data. Then, it sends the ciphertext to a cloud server to carry out matching tasks. Finally, the cloud server returns the index of final matches to the system so that it can check whether the biometric vector is legal or not. Detailed security analysis indicates that the proposed scheme can resist powerful attacks. Beyond that, Experiments show that the scheme is more efficient in computation and communication than stat of art biometric identification schemes.

Xiong Li,Saru Kumari,Jian Shen,Fan Wu,Caisen Chen,SK Hafizul Islam

DOI: https://doi.org/10.1007/s11277-016-3742-6

IF: 2.017

2016-01-01

Wireless Personal Communications

Abstract:Cloud storage is a new storage mode emerged along with the development of cloud computing paradigm. By migrating the data to cloud storage, the consumers can be liberated from building and maintaining the private storage infrastructure, and they can enjoy the data storage service at anywhere and anytime with high reliability and a relatively low cost. However, the security and privacy risks, especially the confidentiality and integrity of data seem to be the biggest hurdle to the adoption of the cloud storage applications. In this paper, we consider the secure data access and sharing issues for cloud storage services. Based on the intractability of the discrete logarithm problem, we design a secure data access and data sharing scheme for cloud storage, where we utilize the user authentication scheme to deal with the data access problem. According to our analysis, through our scheme, only valid user with the correct password and biometric can access to the cloud storage provider. Besides, the authorized users can access the rightful resources and verify the validity of the shared data, but cannot transfer the permission to any other party. At the same time, the confidentiality and integrity of data can be guaranteed.

Shiraz Ahmad,Zhe-Ming Lu

DOI: https://doi.org/10.1109/cisw.2007.4425586

2007-01-01

Abstract:In this paper we present a novel framework employing biometric recognition and robust water- marking technique to achieve a number of media privacy and security objectives. Scheme description and presented test results support and prove the claims of practicability and effectiveness of the model for a number of privacy and security related applications.

Kao Zhao,Hai Jin,Deqing Zou,Gang Chen,Weiqi Dai

DOI: https://doi.org/10.1109/ChinaGrid.2013.10

2013-01-01

Abstract:Biometric Encryption (BE) is a new issue in the information security field which is based on biometric identification and cryptosystems and it will be a key research subject in the future. At the same time the development of cloud computing is not restricted to PC anymore, some cloud computing services for mobile terminals such as cell phones have already appeared due to the booming of mobile internet. However, security problems still exists in mobile cloud computing (MCC) inherited from cloud computing and mechanisms are needed to cope with these problems. In this paper, we examine various aspects of using BE in MCC to solve security problems: first, we describe the background and related work of BE and MCC, and second we demonstrate several scenarios of deploying BE in MCC. Specifically, we analyze the new critical issues in these situations that can be used by an adversary to disable the operation of cloud computing environment. We then discuss different BE methods that applying in MCC, and explore scenarios where each method shows its strengths and weaknesses. In particular, we address the problem of using BE to protect privacy for users in MCC. Further, we propose an advanced protocol that employ BE for transferring private data in cloud computing environment, and design a conceptual cloud platform supporting biometric authentication to serve as future data center.

Cheng Hongbing,Rong Chunming,Tan Zhenghua,Zeng Qingkai

2012-01-01

Abstract:Cloud computing will be a main information infrastructure in the future; it consists of many large datacenters which are usually geographically distributed and heterogeneous. How to design a secure data access for cloud computing platform is a big challenge. In this paper, we propose a secure data access scheme based on identity-based encryption and biometric authentication for cloud computing. Firstly, we describe the security concern of cloud computing and then propose an integrated data access scheme for cloud computing, the procedure of the proposed scheme include parameter setup, key distribution, feature template creation, cloud data processing and secure data access control. Finally, we compare the proposed scheme with other schemes through comprehensive analysis and simulation. The results show that the proposed data access scheme is feasible and secure for cloud computing.

Ali A. Yassin,Hai Jin,Ayad Ibrahim,Deqing Zou

DOI: https://doi.org/10.1109/CGC.2012.91

2012-01-01

Abstract:Cloud security represents a main hindrance that causes to retard its widespread adoption. Authentication considers a significance element of security in cloud environment, aiming to verify a user's identity when a user wishes to request services from cloud. There are many authentication schemes that depend on username/password, but they are considered weak techniques of cloud authentication. A more secure scheme is the two-factor authentication that does not only verify the username/password pair, but also needs a second factor such as a token device, biometric. However, the feasibility of second-factor authentication is limited by the deployment complexity, high cost and the cloud security is compromised when the token is missing or purloined. Furthermore, these schemes are failed to resist well-known attacks such as replay attacks, reflection attacks. This paper proposes two-factor authentication scheme based on Schnorr digital signature and feature extraction from fingerprint to overcome above aforementioned issues. Security analysis and experimental results illustrate that our proposed scheme can withstand the common security attacks as well, and has a good performance of password authentication.

Eman S. Alkhalifah

DOI: https://doi.org/10.1007/s11042-024-19044-8

IF: 2.577

2024-04-21

Multimedia Tools and Applications

Abstract:In the global environment privacy and security issues were critical to handle the huge number of participants. Many security-based research works have been undertaken in the cloud, including multi-factor authentication using Elliptic Curve Computation Diffie-Hellman Problem, Multi-model Biometric, Signatures, Graphical One-time Passwords and more. In this paper, we propose a multi-level multi-factor authentication procedure that is comprised of three significant entities: Users, Trusted Third Parties and Cloud. This authentication procedure is segregated into three phases: In the first phase, the HMAC-SHA 256 algorithm, watermarking algorithm and logical OR operation are applied which includes user ID, password, and fingerprint. Then in the second phase, three-level authentications are involved to permit users to view, upload and download files from the cloud. On validating each constraint, the user is permitted to participate in the cloud within the limit. Finally, the third phase is for user convenience to modify the prior password with a new one for security purposes. Overall, our main goal is to validate the user's legitimacy for accessing the cloud through multi-factors: ID, password, fingerprint and graphical one-time password. Here, our work is implemented in a Java environment; our technique improves performance indicators such as successful login rates (94.4%), mean login time (10 ms), authentication efficiency, and overall user experience. In conclusion, our suggested MFA-MLS system provides a strong answer to the difficulty of safe authentication in cloud environments, prioritizing user ease and experience while also improving security measures.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Kai Huang,Ming Xu,Shaojing Fu,Yuchuan Luo

DOI: https://doi.org/10.1587/transfun.e99.a.1891

2016-01-01

Abstract:In a previous work [1], Wang et al. proposed a privacy-preserving outsourcing scheme for biometric identification in cloud computing, namely CloudBI. The author claimed that it can resist against various known attacks. However, there exist serious security flaws in their scheme, and it can be completely broken through a small number of constructed identification requests. In this letter, we modify the encryption scheme and propose an improved version of the privacy-preserving biometric identification design which can resist such attack and can provide a much higher level of security.

Hosam El-Sofany,Belgacem Bouallegue,Yasser M Abd El-Latif

DOI: https://doi.org/10.1016/j.heliyon.2024.e36390

IF: 3.776

2024-08-16

Heliyon

Abstract:Biometric systems have gained attention as a more secure alternative to traditional authentication methods. However, these systems are not without their technical limitations. This paper presents a hybrid approach that combines edge detection and segmentation techniques to enhance the security of cloud systems. The proposed method uses iris recognition as a biometric paradigm, taking advantage of the iris' unique patterns. We performed feature extraction and classification using hamming distance (HD) and convolutional neural networks (CNN). We validated the experimental findings using various datasets, such as MMU, IITD, and CASIA Iris Interval V4. We compared the proposed method's results to previous research, demonstrating recognition rates of 99.50 % on MMU using CNN, 97.18 % on IITD using CNN, and 95.07 % on CASIA using HD. These results indicate that the proposed method outperforms other classifiers used in previous research, showcasing its effectiveness in improving cloud security services.

Shahnawaz Ahmad,Shabana Mehfuz,Shabana Urooj,Najah Alsubaie

DOI: https://doi.org/10.1007/s10586-024-04288-8

2024-02-19

Cluster Computing

Abstract:Ensuring the confidentiality, integrity, and availability of sensitive data in cloud environments relies heavily on the robust management of cryptographic keys. With the expansion of cloud usage and the increase in data volumes, ensuring the security and reliability of key management services is becoming an essential aspect of overall cloud security. These policies encompass various aspects, such as the lifecycle management of keys, controlling access, encryption protocols, and safeguarding keys, all of which collectively contribute to enhanced security and compliance with regulatory requirements. Two case studies demonstrate the application of existing frameworks in a financial institution and a healthcare organization. The paper concludes by highlighting potential applications and use cases across different industries. This study introduces a secure application management framework within the realm of cloud security called the secure policies of cloud security framework (SPCSF). SPCSF is built around the idea of implementing precise control over application permissions and encrypting REST API communications to enhance protection against malicious attacks. The framework is made up of two main parts: (i) a permission detection engine that determines whether an application's permissions are legitimate. By looking at permission manifests, byte codes, and cross-referencing permissions against a well-defined list of sensitive APIs, it accomplishes this. (ii) Registration Authorization Engine: this engine makes it easier for applications to register securely with the controller. It makes use of a suggested technique for safe authentication, allowing or denying applications access to requested REST APIs based on the level of danger they pose. With this strategy, approved and secure access to vital resources is guaranteed.

computer science, information systems, theory & methods

Shiju Rawther,S Sathyalakshmi

DOI: https://doi.org/10.2174/1872212118666230905141926

2023-09-05

Recent Patents on Engineering

Abstract:Introduction: Cloud computing has become an essential technology for data storage and sharing, but security concerns remain significant challenges. Authentication is one of the critical components of cloud security. Various authentication schemes have been proposed to ensure the confidentiality and integrity of cloud data. Method: This research paper reviews the state-of-the-art three-factor authentication schemes based on smart cards, biometric authentication, and elliptic curve cryptography. The paper also presents a comprehensive overview of DNA cryptography algorithms, which have recently gained popularity due to their unique features in cloud data security. The paper further compares the DNA cryptography algorithms and discusses their advantages and disadvantages in terms of security and performance. Results: Finally, the paper proposes an efficient and secure DNA-based authentication scheme for cloud computing. This scheme is validated using all these types of data, and its performance is evaluated in terms of encryption and decryption times. Decryption takes 60 seconds on average and encryption 40 seconds on average. Conclusion: As a final evaluation, it establishes that the proposed system can provide secure cloud services.

Xuefei Chen,Xiao Liu,Frank Jiang,Aiting Yao,Jia Xu,Hui Zhang,Xiang Wu,Xuejun Li

DOI: https://doi.org/10.1109/icws62655.2024.00102

2024-01-01

Abstract:Biometric technology has driven the rise of Biometrics as a Service (BaaS) due to its unique security and convenience. However, in the traditional cloud-based BaaS systems, raw biometric data leakage and biometric efficiency issues are still concerns, which may reduce user trust and engagement in biometric services. In this paper, we propose an innovative BaaS system named Bio-CEC in a Cloud-Edge Cooperative environment. Bio-CEC features a novel biometric template transformation scheme, rooted in multivariate polynomial transformation and random virtual feature replacement. This innovative scheme enables the revocation and regeneration of biometric templates, enhancing security in case of system breaches. For the biometric template protect scheme, a template matching algorithm using filtering operations is proposed, aiming to facilitate secure and accurate authentication within the transformation domain. Our comprehensive experiments and in-depth safety analysis verify the superiority of Bio-CEC. The results clearly demonstrate that Bio-CEC outperforms traditional cloud-based biometric system and provides a safer and more efficient solution for practical biometric system applications.

Saru Kumari,Xiong Li,Fan Wu,Ashok Kumar Das,Kim-Kwang Raymond Choo,Jian Shen

DOI: https://doi.org/10.1016/j.future.2016.10.004

IF: 7.307

2017-01-01

Future Generation Computer Systems

Abstract:Big Data and Cloud of Things (CoT) are two inter-related research trends in our data-driven society, and one research challenge is to design efficient security solution that enables access to resources, services and data out-sourced to the cloud without compromising the user’s privacy. A viable solution is user authentication set-up for multi-cloud-server designed to function as an expert system permitting its users to obtain the desired services and resources (e.g. accessing data stored in a cloud storage account) from a cloud-server up on registration with a registration authority. Biometrics is a widely used authentication mechanism (e.g. in biometric passport); thus, in this paper, we devise a biometrics-based authentication scheme for multi-cloud-server environment deployment. To improve the accuracy of biometric pattern matching, we make use of bio-hashing. We then analyse the performance and efficiency of our scheme to demonstrate its utility.