Zhi-Yu Peng,Shan-Ping Li

DOI: https://doi.org/10.1109/icmlc.2008.4620616

2008-01-01

Abstract:As pervasive computing leading to an increased collection of information in the computational world as well as the real world, privacy leaking becomes a serious issue. Although privacy protection has drawn great attention in recent years, the privacy-preserving trust management has not been brought forward. Credential chain discovery problem is the key issue in trust management, and traditionally credentials are full open in the whole system. This could expose users' access control policies as well as other private information, and leads to a great risk of being cheated by malicious users. This paper advocates a privacy-preserving credential chain discovery mechanism, in which credentials are no longer available to everyone. By merely learning credentials of one's logic neighbors, this mechanism still achieves good results. The simulations show that this mechanism is practical.

Wenjuan Li,Lingdi Ping,Xuezeng Pan

DOI: https://doi.org/10.1109/iceie.2010.5559829

2010-01-01

Abstract:Security and interoperability is the biggest challenge to promote cloud computing currently. Trust has proved to be one of the most important and effective alternative means to construct security in distributed systems. In order to efficiently and safely construct entities' trust relationship in cloud and cross-clouds environment, this paper proposed a novel cloud trust model and a new cloud security framework. The propose trust model is domain-based. It divides one cloud provider's resource nodes into the same trust domain. It designs different trust strategies for different roles. Trust recommendation is treated as one type of cloud services just like computation or storage. Based on the proposed trust model, it introduced a novel cloud security framework with an independent trust management module. Using the proposed security model, it introduced some trust-based security mechanisms. Results of simulation experiments show that the proposed security model can achieve high transaction success rate with high trust accuracy.

,Vijaya Saradhi Nanduri

DOI: https://doi.org/10.55041/ijsrem37063

2024-08-13

INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT

Abstract:Today's digital landscape needs robust security measures to safeguard sensitive information and maintain trust with users. Multi-Factor Authentication (MFA) stands as a critical technology in this journey, by offering an additional layer of defense beyond the traditional single-layer security. This white paper explores what is MFA, MFA Architecture, MFA Methods, Benefits of using MFA, current MFA Market providers and future trends. It outlines how MFA addresses the vulnerabilities of single-factor authentication by requiring users to verify their identity through multiple independent credentials. These factors typically include something the user knows (like a password), something they have (such as a smartphone or hardware token), and something they are (like biometric data). This white paper addresses key aspects of MFA as mentioned below: • Enhanced Security - MFA significantly reduces the risk of unauthorized access, protecting against common threats such as phishing, credential theft, and brute-force attacks. • User Experience - The MFA solution can be designed to streamline user interactions while maintaining security standards. Compliance requirements - Industries mandate the use of MFA to comply with data protection regulations. Implementing MFA ensures adherence to legal requirements.. Key Words: Authentication, Multi-Factor Authentication, security journals

Eman S. Alkhalifah

DOI: https://doi.org/10.1007/s11042-024-19044-8

IF: 2.577

2024-04-21

Multimedia Tools and Applications

Abstract:In the global environment privacy and security issues were critical to handle the huge number of participants. Many security-based research works have been undertaken in the cloud, including multi-factor authentication using Elliptic Curve Computation Diffie-Hellman Problem, Multi-model Biometric, Signatures, Graphical One-time Passwords and more. In this paper, we propose a multi-level multi-factor authentication procedure that is comprised of three significant entities: Users, Trusted Third Parties and Cloud. This authentication procedure is segregated into three phases: In the first phase, the HMAC-SHA 256 algorithm, watermarking algorithm and logical OR operation are applied which includes user ID, password, and fingerprint. Then in the second phase, three-level authentications are involved to permit users to view, upload and download files from the cloud. On validating each constraint, the user is permitted to participate in the cloud within the limit. Finally, the third phase is for user convenience to modify the prior password with a new one for security purposes. Overall, our main goal is to validate the user's legitimacy for accessing the cloud through multi-factors: ID, password, fingerprint and graphical one-time password. Here, our work is implemented in a Java environment; our technique improves performance indicators such as successful login rates (94.4%), mean login time (10 ms), authentication efficiency, and overall user experience. In conclusion, our suggested MFA-MLS system provides a strong answer to the difficulty of safe authentication in cloud environments, prioritizing user ease and experience while also improving security measures.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Xiao Chen,BaoCheng Wang,Haibin Li

DOI: https://doi.org/10.1016/j.jisa.2024.103708

IF: 4.96

2024-01-25

Journal of Information Security and Applications

Abstract:The Internet of Medical Things (IoMT) has found widespread application in the healthcare system, leveraging the integration of wireless communication and cloud computing to revolutionize modern healthcare practices. This paradigm, however, poses security vulnerabilities since malicious actors might exploit the public channel to impersonate legitimate devices or services and steal sensitive data. Before transmitting sensitive information , it is critical to build authentication between wearable devices and servers. Despite various proposed solutions, present approaches suffer from constraints like as sensitivity to quantum attacks and high computation overhead, necessitating additional advancement. To address these challenges, this article presents a privacy-preserving multi-factor authentication scheme with post-quantum security to enhance the security of cloud-enable IoMT. The proposed scheme utilizes hash operations and error reconciliation technology to provide highly secure and flexible authentication suitable for the cloud environment. The scheme's security is provable under the Real-Or-Random (ROR) model, meeting common security requirements in wireless network. This article also presents a thorough comparison of our proposed scheme with state-of-the-art methods, showcasing a well-balanced trade-off between security and overhead.

computer science, information systems

Reetu Gupta,Priyesh Kanungo,Nirmal Dagdee,Golla Madhu,Kshira Sagar Sahoo,N Z Jhanjhi,Mehedi Masud,Nabil Sharaf Almalki,Mohammed A AlZain

DOI: https://doi.org/10.3390/s23052617

2023-02-27

Abstract:With continuous advancements in Internet technology and the increased use of cryptographic techniques, the cloud has become the obvious choice for data sharing. Generally, the data are outsourced to cloud storage servers in encrypted form. Access control methods can be used on encrypted outsourced data to facilitate and regulate access. Multi-authority attribute-based encryption is a propitious technique to control who can access encrypted data in inter-domain applications such as sharing data between organizations, sharing data in healthcare, etc. The data owner may require the flexibility to share the data with known and unknown users. The known or closed-domain users may be internal employees of the organization, and unknown or open-domain users may be outside agencies, third-party users, etc. In the case of closed-domain users, the data owner becomes the key issuing authority, and in the case of open-domain users, various established attribute authorities perform the task of key issuance. Privacy preservation is also a crucial requirement in cloud-based data-sharing systems. This work proposes the SP-MAACS scheme, a secure and privacy-preserving multi-authority access control system for cloud-based healthcare data sharing. Both open and closed domain users are considered, and policy privacy is ensured by only disclosing the names of policy attributes. The values of the attributes are kept hidden. Characteristic comparison with similar existing schemes shows that our scheme simultaneously provides features such as multi-authority setting, expressive and flexible access policy structure, privacy preservation, and scalability. The performance analysis carried out by us shows that the decryption cost is reasonable enough. Furthermore, the scheme is demonstrated to be adaptively secure under the standard model.

Jiawei Zhang,Teng Li,Zuobin Ying,Jianfeng Ma

DOI: https://doi.org/10.1109/tcc.2022.3147226

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:Cloud-Fog-Assisted Internet-of-Things (IoT) is a convincing paradigm to provide users with on-demand and low-latency services through Fog nodes in the edge of multiple clouds (Multi-Cloud). Multi-Cloud is a scalable multi-domain service-oriented net-centric system and can respond to complicated user requirements leveraging Multi-Cloud Service Composition (MCSC). However, in MCSC, user security can be easily compromised by untrusted and curious cloud service providers that may collect and violate the privacy and other essential assets of cloud users. Although many trust-based MCSC solutions have been proposed to seek a trustworthy composite service with highest trust level, most of them are vulnerable to malicious users intending to break through the clouds and inflict serious data leakage or asset damage. Considering these security concerns on both malicious users and untrusted service providers, in this article, we present a trust-based secure multi-cloud collaboration framework for Cloud-Fog-Assisted IoT systems. Specifically, to guarantee the security of users, we develop a role-based trust evaluation method to enhance the trustworthiness of MCSC. To preserve the security of services, we design an efficient user authentication scheme and a secure collaboration scheme to provide collaborative user authentication and access control mechanism for MCSC. We develop a proof of concept implementation for our framework and demonstrate its practicability by performance evaluation with extensive experiments.

computer science, information systems, theory & methods

Shiju Rawther,S Sathyalakshmi

DOI: https://doi.org/10.2174/1872212118666230905141926

2023-09-05

Recent Patents on Engineering

Abstract:Introduction: Cloud computing has become an essential technology for data storage and sharing, but security concerns remain significant challenges. Authentication is one of the critical components of cloud security. Various authentication schemes have been proposed to ensure the confidentiality and integrity of cloud data. Method: This research paper reviews the state-of-the-art three-factor authentication schemes based on smart cards, biometric authentication, and elliptic curve cryptography. The paper also presents a comprehensive overview of DNA cryptography algorithms, which have recently gained popularity due to their unique features in cloud data security. The paper further compares the DNA cryptography algorithms and discusses their advantages and disadvantages in terms of security and performance. Results: Finally, the paper proposes an efficient and secure DNA-based authentication scheme for cloud computing. This scheme is validated using all these types of data, and its performance is evaluated in terms of encryption and decryption times. Decryption takes 60 seconds on average and encryption 40 seconds on average. Conclusion: As a final evaluation, it establishes that the proposed system can provide secure cloud services.

Sunitha Pachala,Ch. Rupa,L. Sumalatha

DOI: https://doi.org/10.1007/s12065-020-00555-w

2021-02-10

Evolutionary Intelligence

Abstract:Storing and accessing the information in the multi-cloud hosting environment becomes popular these days. It offers benefits like the assurance of data protection, preventing information corruption, unethical issues from vendors. In this paper, a hybrid approach with the multi-cloud hosting environment is designed and implemented for improved security and privacy of cloud data. The hybrid method consists of three modules (a) Byzantine protocol to tolerant security breaches to server failures cloud, which is independent. (b) DepSky architecture enhances the reliability and secrecy of data preserved in the cloud using encoding and decoding techniques (c) Shamir secret sharing procedure to improve trustiness & privacy of data storage without affecting the performance. The privacy and security issues of the hybrid approach are implemented and compared with the protocols like SAML with proxy re-encryption and Kerberos for different user service requests. The performance of the hybrid approach in terms of memory utilization, encryption/decryption time, total authentication time is improved compared to that of protocol environments SAML, SAML with proxy re-encryption and Kerberos. The results were encouraging in the Hybrid Approach in terms of encryption time/decryption time, Memory utilization and average precision values.

Mang SU,Guozhen SHI,Anmin FU,Yan YU,Wei JIN

2018-01-01

Abstract:Cloud computing is one of the space-ground integration information network applications.Users can access data and retrieve service easily and quickly in cloud.The confidentiality and integrity of the data cloud have a direct correspondence to data security of the space-ground integration information network.Thus the data in cloud is transferred with encrypted form to protect the information.As an important technology of cloud security,access control should take account of multi-factor and cipher text to satisfy the complex requirement for cloud data protection.Based on this,a proxy re-encryption based multi-factor access control (PRE-MFAC) scheme was proposed.Firstly,the aims and assumptions of PRE-MFAC were given.Secondly,the system model and algorithm was defined.Finally,the security and properties of PRE-MFAC were analyzed.The proposed scheme has combined the PRE and multi-factor access control together and realized the multi-factor permission management of cipher text in cloud.Meanwhile,it can make the best possible use of cloud in computing and storing,then reduce the difficulty of personal user in cryptographic computing and key managing.

Saeed Bamashmos,Naveen Chilamkurti,Ahmad Salehi Shahraki

DOI: https://doi.org/10.3390/s24113575

IF: 3.9

2024-06-02

Sensors

Abstract:Internet of Things (IoT) technology is evolving over the peak of smart infrastructure with the participation of IoT devices in a wide range of applications. Traditional IoT authentication methods are vulnerable to threats due to wireless data transmission. However, IoT devices are resource- and energy-constrained, so building lightweight security that provides stronger authentication is essential. This paper proposes a novel, two-layered multi-factor authentication (2L-MFA) framework using blockchain to enhance IoT devices and user security. The first level of authentication is for IoT devices, one that considers secret keys, geographical location, and physically unclonable function (PUF). Proof-of-authentication (PoAh) and elliptic curve Diffie–Hellman are followed for lightweight and low latency support. Second-level authentication for IoT users, which are sub-categorized into four levels, each defined by specific factors such as identity, password, and biometrics. The first level involves a matrix-based password; the second level utilizes the elliptic curve digital signature algorithm (ECDSA); and levels 3 and 4 are secured with iris and finger vein, providing comprehensive and robust authentication. We deployed fuzzy logic to validate the authentication and make the system more robust. The 2L-MFA model significantly improves performance, reducing registration, login, and authentication times by up to 25%, 50%, and 25%, respectively, facilitating quicker cloud access post-authentication and enhancing overall efficiency.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yunxia Han,Chunxiang Xu,Shanshan Li,Jingjie Lu

DOI: https://doi.org/10.1109/ICCCS61882.2024.10602986

2024-01-01

Abstract:Distributed authentication plays a crucial role in cloud storage, requiring users to authenticate their identity to a set of key management servers. This process guarantees that only authenticated users gain access to cryptographic keys stored in these servers for decrypting outsourced data. How-ever, existing distributed authentication schemes rely solely on passwords, posing a critical weakness due to the recent surge in password-based attacks. Once passwords are compromised, adversaries can impersonate users, gaining unauthorized access to key management servers and acquiring cryptographic keys. To address this vulnerability, a recent multi-factor scheme has been proposed that introduces a distributed authentication mechanism for each popular factor such as passwords, Universal 2nd Factor (U2F), and email. Users could select multiple factors and utilize their corresponding mechanisms when authenticating to servers. Nevertheless, a simple combination of these authentication mechanisms incurs substantial overheads. In this paper, we propose a combined verification mechanism for passwords and U2F, allowing servers to efficiently verify both factors. Based on the mechanism, we present a two-factor distributed authentication for cloud storage, dubbed TDAC. In TDAC, users could authenticate to key management servers through a single password entry and a touch on their U2F. Experiments show that TDAC is efficient in terms of computation and communication overhead.

Selvarani PandiyanVeera KeerthikaSathish SurendranSundar Ravia Department of CSE,Vel tech Hightech Dr Rangarajan Dr Sakunthala Engineering College,Avadi,Indiab Department of CSE Alliance school of Engineering and Design,Alliance University,Bangalore,Indiac Department of Computer Science and Engineering,Tagore Engineering College,Chennai,Indiad Department of Marine Engineering,AMET Deemed to be University,Chennai,India

DOI: https://doi.org/10.1080/0954898x.2024.2304707

2024-01-31

Network Computation in Neural Systems

Abstract:This research introduces an innovative solution addressing the challenge of user authentication in cloud-based systems, emphasizing heightened security and privacy. The proposed system integrates multimodal biometrics, deep learning (Instance-based learning-based DetectNet–(IL-DN), privacy-preserving techniques, and blockchain technology. Motivated by the escalating need for robust authentication methods in the face of evolving cyber threats, the research aims to overcome the struggle between accuracy and user privacy inherent in current authentication methods. The proposed system swiftly and accurately identifies users using multimodal biometric data through IL-DN. To address privacy concerns, advanced techniques are employed to encode biometric data, ensuring user privacy. Additionally, the system utilizes blockchain technology to establish a decentralized, tamper-proof, and transparent authentication system. This is reinforced by smart contracts and an enhanced Proof of Work (PoW) mechanism. The research rigorously evaluates performance metrics, encompassing authentication accuracy, privacy preservation, security, and resource utilization, offering a comprehensive solution for secure and privacy-enhanced user authentication in cloud-based environments. This work significantly contributes to filling the existing research gap in this critical domain.

computer science, artificial intelligence,engineering, electrical & electronic,neurosciences

Lucas Augusto Meyer,Sergio Romero,Gabriele Bertoli,Tom Burt,Alex Weinert,Juan Lavista Ferres

2023-05-02

Abstract:This study investigates the effectiveness of multifactor authentication (MFA) in protecting commercial accounts from unauthorized access, with an additional focus on accounts with known credential leaks. We employ the benchmark-multiplier method, coupled with manual account review, to evaluate the security performance of various MFA methods in a large dataset of Microsoft Azure Active Directory users exhibiting suspicious activity. Our findings reveal that MFA implementation offers outstanding protection, with over 99.99% of MFA-enabled accounts remaining secure during the investigation period. Moreover, MFA reduces the risk of compromise by 99.22% across the entire population and by 98.56% in cases of leaked credentials. We further demonstrate that dedicated MFA applications, such as Microsoft Authenticator, outperform SMS-based authentication, though both methods provide significantly enhanced security compared to not using MFA. Based on these results, we strongly advocate for the default implementation of MFA in commercial accounts to increase security and mitigate unauthorized access risks.

Cryptography and Security

Sneha Shukla,Gaurav Varshney,Shreya Singh,Swati Goel

2024-06-13

Abstract:Despite being more secure and strongly promoted, two-factor (2FA) or multi-factor (MFA) schemes either fail to protect against recent phishing threats such as real-time MITM, controls/relay MITM, malicious browser extension-based phishing attacks, and/or need the users to purchase and carry other hardware for additional account protection. Leveraging the unprecedented popularity of NFC and BLE-enabled smartphones, we explore a new horizon for designing an MFA scheme. This paper introduces an advanced authentication method for user verification that utilizes the user's real-time facial biometric identity, which serves as an inherent factor, together with BLE- NFC-enabled mobile devices, which operate as an ownership factor. We have implemented a prototype authentication system on a BLE-NFC-enabled Android device, and initial threat modeling suggests that it is safe against known phishing attacks. The scheme has been compared with other popular schemes using the Bonneau et al. assessment framework in terms of usability, deployability, and security.

Cryptography and Security

Aisha Kanwal Junejo,Nikos Komninos,Mithileysh Sathiyanarayanan,Bhawani Shankar Chowdhry

DOI: https://doi.org/10.1109/tetc.2019.2957394

2021-10-01

IEEE Transactions on Emerging Topics in Computing

Abstract:In this paper, we propose a lightweight trust management system (TMS) for fog-enabled cyber physical systems (Fog-CPS). Trust computation is based on multi-factor and multi-dimensional parameters, and formulated as a statistical regression problem which is solved by employing random forest regression model. Additionally, as the Fog-CPS systems could be deployed in open and unprotected environments, the CPS devices and fog nodes are vulnerable to numerous attacks namely, collusion, self-promotion, bad-mouthing, ballot-stuffing, and opportunistic service. The compromised entities can impact the accuracy of trust computation model by increasing/decreasing the trust of other nodes. These challenges are addressed by designing a generic trust credibility model which can countermeasure the compromise of both CPS devices and fog nodes. The credibility of each newly computed trust value is evaluated and subsequently adjusted by correlating it with a standard deviation threshold. The standard deviation is quantified by computing the trust in two configurations of hostile environments and subsequently comparing it with the trust value in a legitimate/normal environment. Our results demonstrate that credibility model successfully countermeasures the malicious behaviour of all Fog-CPS entities i.e., CPS devices and fog nodes. The multi-factor trust assessment and credibility evaluation enable accurate and precise trust computation and guarantee a dependable Fog-CPS system.

computer science, information systems,telecommunications

Kai Chen,Weifeng Chen,Zhen Xu,Dongdai Lin,Yazhe Wang

DOI: https://doi.org/10.12720/jcm.10.6.366-379

2015-01-01

Journal of Communications

Abstract:Multi-factor authentication (MFA) has been widely used in various scenarios. By combining multiple forms of authentication, MFA effectively provides security assurance. Due to the rapid developments of mobile devices, especially smart phones, more and more sensitive information is now stored or accessible on smart phones. How to protect smart phones' security is now more important than ever. Unfortunately, because of the special features of smart phones such as computational limitations and input constraints, existing MFA schemes could not be directly used on smart phones. In this paper, we propose a new concept of Variable-Factor Authentication (VFA) for smart phones. VFA dynamically adjusts the number of authentication factors based on whether a user is suspicious or not. We implement a prototype to exam the performance. The experiment results show that, compared to MFA, VFA provides significant convenience to legitimate users whereas maintain the security protection to suspicious users. Index Terms—Multi-factor authentication, variable authentication factors, local outlier probabilities

Fei Liu,Jing Wang,Hongtao Bai,Huiping Sun

DOI: https://doi.org/10.1109/ITNG.2015.34

2015-01-01

Abstract:As cloud computing technology develops rapidly, more convenience has been brought to users by various cloud providers with various cloud services. However, difficulty of management, especially when different access control protocols and personal information involved, has become one of barriers that inhibit the development process of cloud technology. In this paper, a user-centered ID MaaS (Identity Management as a Service) is proposed combined with a novel access control model based on trust and risk evaluation. Besides, a format-preserving encryption (FPE) method is proposed as an auxiliary scheme guaranteeing the effectiveness of access control. ID MaaS offers a solution that effectively alleviates the difficulty of realizing unified management of users' identity and information among diverse cloud service providers.

Jasmine, R. Megiba

DOI: https://doi.org/10.1007/s11276-024-03780-8

IF: 2.701

2024-06-11

Wireless Networks

Abstract:Today, cloud computing has received greater attention for storing and processing huge amounts of data over the internet. Security concerns are one of the most challenging issues that have affected the growth of cloud computing services. Data storage in the cloud is unsecured using a password system that can be easily stolen by intruders. Hence, there is a need to achieve cloud data security using multimodal biometric cryptosystem-based authentication and encryption systems and to mitigate the risk of attackers, especially in the case of accessing the data from unauthorized users. In this paper, we propose a Secure Multimodal Cloud Authentication and Authorization Scheme (SMCAAS) framework that brings additional security to both encryption and authentication for user biometric identification against different attacks in the cloud environment. In the SMCAAS framework, we presented an improved encryption system using the Biometric Identity Based Encryption Method (BIBE) to facilitate the exchange of the trapdoor between the user's Biometric Identity Record (BIR) and the cloud server with additional security measures in cloud computing environments. Then a trusted cryptographic hash function uses the Secure Hash Algorithm-512 (SHA-512) to authenticate the biometric user who intends to access the system. Based on the derived two steps, the Multimodal Biometric Authentication Module (MBAM) module performs multimodal biometric features to provide additional security and is designed to verify the user's biometric identity in a cloud environment. Informal security analysis proves that the SMCAAS approach is secure against different attacks. Numerical results demonstrate that the SMCAAS approach obtains high security in terms of error rate (ERR) and biometric quality metrics, and also that the performance measures of the encryption and decryption time for the message file achieve less average time than other methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

E. Ghazizadeh,Z. S. Shams Dolatabadi,R. Khaleghparast,M. Zamani,A. A. Manaf,M. S. Abdullah

DOI: https://doi.org/10.1155/2014/561487

2014-01-01

Abstract and Applied Analysis

Abstract:The growth of Internet online services has been very quick in recent years. Each online service requires Internet users to create a new account to use the service. The problem can be seen when each user usually needs more than one service and, consequently, has numerous accounts. These numerous accounts have to be managed in a secure and simple way to be protected against identity theft. Single sign-on (SSO) and OpenID have been used to decrease the complexity of managing numerous accounts required in the Internet identity environment. Trusted Platform Module (TPM) and Trust Multitenancy are great trusted computing-based technologies to solve security concerns in the Internet identity environment. Since trust is one of the pillars of security in the cloud, this paper analyzes the existing cloud identity techniques in order to investigate their strengths and weaknesses. This paper proposes a model in which One Time Password (OTP), TPM, and OpenID are used to provide a solution against phishing as a common identity theft in cloud environment.