Abstract: CloudComputing is a new technology that allows access to applications as utilitiesover the internet. Cloud computing environment provides a great flexibility andavailability of computing resources at a lower cost. However, it brings newsecurity concerns mainly when users understand exactly how a process isrunning. One of the main important challenges in cloud computing is datasecurity, as users need to access data they share securely. So the main problemis how to employ an effective authentication procedure for ensuring datasecurity and preventing unauthorized users to access the authorized user’sdata. This paper identifies the security issues of single level authenticationand the problem of single password. This study proposed a new securitymechanism for cloud computing based on multilevel authentication.
The proposedscheme aimed to enhance the security and authentication process in cloudcomputing. The proposed scheme consists of three level of authentication, andthe data will be splitting on this level depending on the sensitivity toconfidential (C), secret (S), and top secret (TS). Data at level (C) have thelowest sensitivity. The user at this level has single textual password toaccess this level data.
The user at level (S) has two passwords, textual andbiometrics password to access this level and the lower level. User at level(TS) has three password textual, biometrics password and image sequencingpassword. The data at this level is the more sensitive data so it is encryptedusing RSA algorithm before storing in cloud database. The results of theproposed multilevel authentication for cloud computing were promising.Keywords: : Authentication,Cloud Computing, Multilevel, Security. ——————————————————————————————————– I INTRODUCTIONCloud computing is a new technology that move thecomputation process from desktop computers to cloud providers through theinternet1. Cloud computing provides computer infrastructures, platforms andsoftware as services.
This model decreases the computation cost and makeorganizations focus on their businesses. Three types of services are offered bycloud providers. These types are Software as a Service (SaaS), Platform as aService (PaaS), and Infrastructure as a Service (IaaS).
In Software as a Service(SaaS), cloud providers provide software applications as services for clients.In Platform as a Service (PaaS) cloud providers provide platforms for clientsso clients can develop their own applications on those platforms. InInfrastructure as a Service (IaaS), cloud clients request computer hardwaresuch as processing unit, storage devices and network components as services2,3.One of the main benefits of cloud computing isreleasing cloud clients from the concerns about processing details and how datawill be handled. However, moving to cloud brings new challenges and concernsregarding security and privacy 4-6. Authentication of cloud users representsa critical issue in cloud computing security. Several cloud providers usesingle level authentication scheme as shown in Figure 1, such as simple textpassword for clients to access cloud services.Figure1.
Single Level of Authentication for Cloud ComputingOther cloud providers employ graphical passwordthird party authentication and biometric authentication. However, most of thesemodels have limitations and do not work well if they used in single levelauthentication scheme. So the main problem challenge in cloud computing is howto perform a proper authentication procedures for ensuring data security andpreventing unauthorized users to access the confidential data.
The objective ofthis research is to propose a new model for cloud security that enhancesauthentication system based on multilevel authentication. This paper has six sections. Section two describesthe related works. Section three illustrates the multilevel security.
Sectionfour describes the proposed scheme. Section five presents the results anddiscussions and we concluded in section six. IIRELATEDWORKSYassin, A. A., H. Jin, et al in 7 developed a new a scheme for cloudauthentication that depends on One-Time Password (OTP), AsymmetricScalar-product Preserving Encryption (ASPE) and RSA digital signature as twofactors. The model proposed in 8 is based on strict authentication system byintroducing multi-level authentication technique which generates andauthenticates the password in multiple levels to access the cloud services.
Thelimitation of these methods is they use the same password at different level ofauthentication. The researchers in 9 apply a new framework for secure cloudauthentication using tenant’s identification model. To overcomeDenial-of-Service attack and to insecure password change Jaidhar C. D proposedan enhanced mutual authentication scheme for cloud architecture 10. Bo Wang, HongYu Xing 4, he mainly focused on the research of theapplication of cloud computing in education informatization. Firstly, thetraditional computer technologies, including the virtualization, network storagetechnology, distributed computing, parallel computing technology, networktechnology and automation techniques etc. have made a tremendous development.
The concept of cloud computing was jointly proposed by Google and IBM in 2007.Secondly, cloud computing is of significant importance to adapt to thedevelopment of information technology in education. Furthermore, it plays animportant role in creating a flexible, unified and open platform for educationinformation, sharing of educational resources, and alleviating the informationgap between different areas of education. Finally, after the analysis of theeducational information technology in today’s China, through the study of thebasic concepts of cloud computing technology, core technology and systemarchitecture, they discusses cloud computing applying in education information.Cavoukian 7, implemented security as a service in the Cloud using adiscretion algorithm and also implementing an intrusion detection system forthe Cloud. To protect and mitigate the privacy and security attacks on theCloud. Currently, there is on-going research on how to protect theconfidentiality and security of data stored in the Cloud.
IIIMULTILEVEL SECURITY Multilevel security is a security discipline inwhich more than one security control is used to protect system security.Mandatory access control (MAC) is a scheme that prevents unauthorized clientsfrom accessing objects that have sensitive information 11.3.
1 Multilevel Database Security One of the main applicationsfor mandatory access control is multilevel security (MLS), which has been builtmainly for network, database and computer systems that have highly sensitiveinformation 12.Each item in multilevelsecurity is defined as an object and has a security class level. Moreover, eachuser is considered as a subject and also has a security class level.
Inmultilevel security a label is the class level of an object or a subject X andis denoted as L(X). Different access control are available for multi levelsecurity, Bell–LaPadula is a main one 11. Bell–LaPadula model has threerules. The first one is: a user x is granted a read access to an object o onlyif L (x) is higher than or equal to L (o). The second rule is: a user x isgranted a write access to an object o only if L(x) is less than or equal toL(o). The third rule is: a user x is granted a write access to an object o onlyif L(x) is equal to L (o).
Bell–LaPadula model aims to prevent a subject withlower level from accessing a higher level object and this called no read-updiscipline. 3.2Multilevel Authentication System Cloud providers offerinternet based on-demand data storage services to clients or tenants. In thisscheme, client’s databases are stored remotely in the cloud provider datacenters. The security of client’s databases is based on the security controlsemployed by the cloud providers 13.
Cloud providers use single levelauthentication to allow clients access their data securely. Simple textpassword, biometric authentication, third party authentication, and graphicalpassword are the main single level authentication used in cloud computing 14.Each single level authentication scheme has limitations and drawbacks if schemeis used alone. Textual password authentication model is easy to break andvulnerable to dictionary and brute force attacks.
For small cloud services,third party authentication is not recommended. Graphical passwords are based onthe idea that users can recall and recognize pictures better than words.Nevertheless, some graphical password mechanism is time and memory consuming.Bio-metric authentications scheme such as, fingerprints, hand geometry, facerecognition, and voice recognition has been used for cloud servicesauthentication. One of the key challenge and disadvantage of applyingbiometrics is its intrusiveness upon a client’s personal characteristic.Furthermore, biometric scheme require a special scanning device to validateusers characteristic, which is not appropriate for internet users 14. Inexperiment done by Klein, after he collected passwords of nearly 15000 accountsthat had alphanumerical passwords and he reached the following observation: 25%of the passwords were guessed using a small yet well-formed dictionary of 3 ×106 words. Furthermore, 21% of the passwords were guessed in the first week and368 passwords were guessed within the first 15 min 15.
Single level passwordbased authentication are not secure enough and are suspected to various attacksuch as dictionary attack, brute force attacked and shoulder surfing attack.Once malicious user logs into account he has full access to all services ofregistered user. Currently no cloud service provider has implemented furthersecurity measures with these models to protect services available forregistered user once user has logged in. There is serious issue in sharing scheme.Security measure applied to protect shared file are not up to the mark. Oncethe file is shared with the other user, it sends a link to other user so thathe can access the file but this link is universal.
IVTHE PROPOSED MULTIVEL AUTHENTICATION MODEL FOR CLOUD COMPUTING 4.The Proposed Multilevel Authentication Model for Cloud Computing The aim of this research is to propose a new schemethat provides higher security level for cloud services. The proposed scheme isbased on a combination of the concept of multilevel security (MLS) and themultilevel authentication. The proposed scheme consists of three levels ofsecurity and three level of authentication from lowest to highest. While usersin the lowest level have one password, textual password, the users in thesecond level have two passwords, textual and biometrics password. When thedegree of sensitivity of data increased the need for protection is becomingmore crucial.
In this scheme the important data exists at the third level withthree passwords for users to login and retrieve their data as described in Figure2. Figure 2. The Proposed Scheme based on Multilevel ofAuthentication In the proposed scheme multilevel security meanslocating the data at different levels of secrecy, the data may exist in oneinstitution but it varies in the degree of confidentiality and its importance.The multilevel security hierarchy in the proposed scheme has three levels ofincreasing sensitivity. These levels, from lowest to highest, are confidential(C), secret (S) and top secret (TS) as shown in Figure 3. Users who need toaccess data should have the appropriate security access correspond to theclassification level. VI CONCLUSION Cloud computing provides various internet-based, ondemand services like software, hardware, server, infrastructure and data storage.
To provide privacy services to the intended customer, it is a better option touse multi-level password generation and authentication technique. Single levelauthentication has many problems mainly with sensitive data, as passwords areeasy to break. The proposed scheme provided additional layer of security andrepresents a solution for enhancing authentication system based on multilevelauthentication.REFERENCES1 J.
W. Rittinghouse and J. F. Ransome,Cloud computing: implementation, management, and security: CRC press, 2016.2 A.
Yousif, M. Farouk, and M. B. Bashir,”A Cloud Based Framework for Platform as a Service,” in CloudComputing (ICCC), 2015 International Conference on, 2015, pp. 1-5. 3 P. Mell and T.
Grance, “The NISTdefinition of cloud computing,” 2011. 4 Bo Wang, HongYu Xing, “The Applicationof Cloud Computing in Education Informatization”, IEEE Modern Educational Tech.center.
4 N. Kshetri, “Privacy and securityissues in cloud computing: The role of institutions and institutionalevolution,” Telecommunications Policy, vol. 37, pp. 372-386, 2013.
5 W. Jansen and T. Grance,”Guidelines on security and privacy in public cloud computing,” NISTspecial publication, vol. 800, pp. 10-11, 2011. 6 A. A. Yassin, H.
Jin, A. Ibrahim, W.Qiang, and D. Zou, “Cloud authentication based on anonymous one-timepassword,” in Ubiquitous Information Technologies and Applications, ed:Springer, 2013, pp. 423-431. 7 Cavoukian ” Privacy in the clouds”,Identity Inf Soc 1(1):89-108, 2008 8 B. Zwattendorfer and A.
Tauber,”Secure cloud authentication using eIDs,” in 2012 IEEE 2ndInternational Conference on Cloud Computing and Intelligence Systems, 2012, pp.397-401. 9 C. Jaidhar, “Enhanced mutualauthentication scheme for cloud architecture,” in Advance ComputingConference (IACC), 2013 IEEE 3rd International, 2013, pp. 70-75.
10O. S. Faragallah, E.-S.
M. El-Rabaie, F.E. A. El-Samie, A. I. Sallam, and H. S.
El-Sayed, Multilevel Security forRelational Databases: CRC Press, 2014. 11H. Zhao, M. Xing, J. Zhao, and H. Li,”Design and Implementation of Multilevel Secure Database Management AccessControl,” Journal of Applied Science and Engineering Innovation, vol. 2,pp. 223-225, 2015.
12S. Sudha and V. M.
Viswanatham,”Addressing security and privacy issues in cloud computing,” Journalof Theoretical and Applied Information Technology, vol. 48, pp. 708-719, 2013. 13Y.
Patel and N. Sethi, “EnhancingSecurity in Cloud Computing Using Multilevel Authentication,”International Journal of Electrical Electronics & Computer ScienceEngineering, vol. 1, 2014. 14F. A.
Alsulaiman and A. El Saddik,”Three-dimensional password for more secure authentication,” IEEETransactions on Instrumentation and measurement, vol. 57, pp.
1929-1938, 2008. 15Z. Hao, S. Zhong, and N.
Yu, “Atime-bound ticket-based mutual authentication scheme for cloud computing,”International Journal of Computers Communications & Control, vol. 6, pp.227-235, 2011.