DOI QR코드

DOI QR Code

An Interactive Multi-Factor User Authentication Framework in Cloud Computing

  • Elsayed Mostafa (Faculty of Computers and Informatics, Zagazig University) ;
  • M.M. Hassan (Faculty of Computers and Informatics, Zagazig University) ;
  • Wael Said (Faculty of Computers and Informatics, Zagazig University)
  • Received : 2023.08.05
  • Published : 2023.08.30

Abstract

Identity and access management in cloud computing is one of the leading significant issues that require various security countermeasures to preserve user privacy. An authentication mechanism is a leading solution to authenticate and verify the identities of cloud users while accessing cloud applications. Building a secured and flexible authentication mechanism in a cloud computing platform is challenging. Authentication techniques can be combined with other security techniques such as intrusion detection systems to maintain a verifiable layer of security. In this paper, we provide an interactive, flexible, and reliable multi-factor authentication mechanisms that are primarily based on a proposed Authentication Method Selector (AMS) technique. The basic idea of AMS is to rely on the user's previous authentication information and user behavior which can be embedded with additional authentication methods according to the organization's requirements. In AMS, the administrator has the ability to add the appropriate authentication method based on the requirements of the organization. Based on these requirements, the administrator will activate and initialize the authentication method that has been added to the authentication pool. An intrusion detection component has been added to apply the users' location and users' default web browser feature. The AMS and intrusion detection components provide a security enhancement to increase the accuracy and efficiency of cloud user identity verification.

Keywords

References

  1. H. Tabrizchi and M. Kuchaki Rafsanjani, "A Survey on Security Challenges in Cloud Computing: Issues, Threats, and Solutions," The Journal of Supercomputing, vol. 76, no. 12, pp. 9493-9532, 2020, doi: https://doi.org/10.1007/s11227-020-03213-1. 
  2. P. K. Yeng, S. D. Wulthusen, and B. Yang, "Comparative Analysis of Threat Modeling Methods for Cloud Computing towards Healthcare Security Practice," International Journal of Advanced Computer Science and Applications (IJACSA), vol. 11, no. 11, pp. 772-784, 2020, doi: http://dx.doi.org/10.14569/IJACSA.2020.0111194. 
  3. D. R. Panda, S. K. Behera, and D. Jena, "A Survey on Cloud Computing Security Issues, Attacks and Countermeasures," in Advances in Machine Learning and Computational Intelligence, Singapore, S. Patnaik, X.-S. Yang, and I. K. Sethi, Eds., 2021: Springer Singapore, pp. 513-524, doi: https://doi.org/10.1007/978-981-15-5243-4_47. 
  4. B. Sumitra, C. Pethuru, and M. Misbahuddin, "A Survey of Cloud Authentication Attacks and Solution Approaches," International Journal of Innovative Research in Computer and Communication Engineering (IJIRCCE), vol. 2, no. 10, pp. 6245-6253, 2014. 
  5. V. V. S. S. S. BALARAM, "Cloud Computing Authentication Techniques: A Survey," International Journal of Scientific Engineering and Technology Research (IJSETR), vol. 6, no. 3, pp. 458-464, 2017. 
  6. S. Sudha and S. S. Manikandasaran, "A Survey on Different Authentication Schemes in Cloud Computing Environment," International Journal of Management, IT and Engineering, vol. 9, no. 1, pp. 359-375, 2019. 
  7. A. Ometov, S. Bezzateev, N. Makitalo, S. Andreev, T. Mikkonen, and Y. Koucheryavy, "Multi-Factor Authentication: A Survey," Cryptography, vol. 2, no. 1, 2018, doi: https://doi.org/10.3390/cryptography2010001. 
  8. B. O. ALSaleem and A. I. Alshoshan, "Multi-Factor Authentication to Systems Login," in 2021 National Computing Colleges Conference (NCCC), 27-28 March 2021 2021, pp. 1-4, doi: https://doi.org/10.1109/NCCC49330.2021.9428806. 
  9. A. A. S. AlQahtani, Z. El-Awadi, and M. Min, "A Survey on User Authentication Factors," in 2021 IEEE 12th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), Vancouver, BC, Canada, 27-30 Oct 2021, pp. 0323-0328, doi: https://doi.org/10.1109/IEMCON53756.2021.9623159. 
  10. D. Dasgupta, A. Roy, and A. Nag, "Multi-Factor Authentication," in Advances in User Authentication, D. Dasgupta, A. Roy, and A. Nag Eds., (Infosys Science Foundation. Cham: Springer International Publishing, 2017, pp. 185-233. 
  11. W. Said, E. Mostafa, M. M. Hassan, and A. M. Mostafa, "A Multi-Factor Authentication-Based Framework for Identity Management in Cloud Applications," Computers, Materials & Continua, vol. 71, no. 2, pp. 3193--3209, 2022, doi: https://doi.org/10.32604/cmc.2022.023554 
  12. S. Andres, "Zero Factor Authentication: A Four-Year Study of Simple Password-less Website Security via One-Time Emailed Tokens," Journal of Information Security and Applications, 2015. 
  13. N. Gunson, D. Marshall, H. Morton, and M. Jack, "User Perceptions of Security and Usability of Single-Factor and Two-Factor Authentication in Automated Telephone Banking," Computers & Security, vol. 30, no. 4, pp. 208-220, 2011, doi: https://doi.org/10.1016/j.cose.2010.12.001. 
  14. A. Bruun, K. Jensen, and D. Kristensen, "Usability of Single-and Multi-factor Authentication Methods on Tabletops: A Comparative Study," in Human-Centered Software Engineering, Berlin, Heidelberg, S. Sauer, C. Bogdan, P. Forbrig, R. Bernhaupt, and M. Winckler, Eds., 2014, vol. 8742: Springer Berlin Heidelberg, in Lecture Notes in Computer Science, pp. 299-306. 
  15. F. K. Mupila and H. Gupta, "A Multi-factor Approach for Cloud Security," in Innovations in Computer Science and Engineering, Singapore, H. S. Saini, R. Sayal, A. Govardhan, and R. Buyya, Eds., 2021, vol. 171: Springer Singapore, in Lecture Notes in Networks and Systems, pp. 437-445. 
  16. R. Neware, U. Shrawankar, P. Mangulkar, and S. Khune, "Review on Multi-Factor Authentication (MFA) Sources and Operation Challenges," International Journal of Smart Security Technologies (IJSST), vol. 7, no. 2, 2020, doi: https://doi.org/10.4018/IJSST.2020070104. 
  17. S. Boonkrong, "Multi-Factor Authentication," in Authentication and Access Control: Practical Cryptography Methods and Tools, S. Boonkrong Ed. Berkeley, Apress, 2021, ch. 6, pp. 133-162. 
  18. D. Tirfe and V. K. Anand, "A Survey on Trends of Two-Factor Authentication," in Contemporary Issues in Communication, Cloud and Big Data Analytics, Singapore, H. K. D. Sarma, V. E. Balas, B. Bhuyan, and N. Dutta, Eds., 2022, vol. 281: Springer Singapore, in Lecture Notes in Networks and Systems, pp. 285-296, doi: https://doi.org/10.1007/978-981-16-4244-9_23. 
  19. P. Wang and R. Baskerville, "The Case for Two-Factor Authentication- Evidence from a Systematic Literature Review," in Pacific Asia Conference on Information Systems (PACIS 2019) Proceedings, X'ian, China, D. Xu, J. Jiang, and H.-W. Kim, Eds., 8-12 July 2019 
  20. B. S. Archana, A. Chandrashekar, A. G. Bangi, B. M. Sanjana, and S. Akram, "Survey on Usable and Secure Two-Factor Authentication," in 2017 2nd IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT), 19-20 May 2017, pp. 842-846, doi: https://doi.org/10.1109/RTEICT.2017.8256716. 
  21. H. Lee, D. Kang, Y. Lee, and D. Won, "Secure Three-Factor Anonymous User Authentication Scheme for Cloud Computing Environment," Wireless Communications and Mobile Computing, vol. 2021, pp. 1-20, 2021, doi: https://doi.org/10.1155/2021/2098530. 
  22. S. Jain, R. Gautam, S. Sharma, R. Tomar, and T. Choudhury, "Four-Factor Authentication with Emerging Cybersecurity for Mobile Transactions," in Innovations in Cyber Physical Systems, Singapore, J. Singh, S. Kumar, and U. Choudhury, Eds., 2021, vol. 788: Springer Singapore, in Lecture Notes in Electrical Engineering, pp. 391-399, doi: https://doi.org/10.1007/978-981-16-4149-7_35. 
  23. J. Brainard, A. Juels, R. L. Rivest, M. Szydlo, and M. Yung, "Fourth-Factor Authentication: Somebody You Know," presented at the Proceedings of the 13th ACM conference on Computer and communications security, Alexandria, Virginia, USA, 2006. [Online]. Available: https://doi.org/10.1145/1180405.1180427. 
  24. K. Sharmila and V. Janaki, "Necessity of Fourth Factor Authentication with Multiple Variations as Enhanced User Authentication Technique," in Proceedings of the Third International Conference on Computational Intelligence and Informatics, Singapore, K. S. Raju, A. Govardhan, B. P. Rani, R. Sridevi, and M. R. Murty, Eds., 2020, vol. 1090: Springer Singapore, in Advances in Intelligent Systems and Computing, pp. 491-500, doi: https://doi.org/10.1007/978-981-15-1480-7_41. 
  25. S. Hemamalini and M. L. A. E. Manuel, "A Fuzzy Implementation of Biometrics With Five Factor Authentication System For Secured Banking," International Journal of Smart Sensor and Adhoc Network, vol. 1, no. 4, pp. 238-242, 2012, doi: https://doi.org/10.47893/IJSSAN.2012.1070. 
  26. R. M. Saqib et al., "Analysis and Intellectual Structure of the Multi-Factor Authentication in Information Security," Intelligent Automation & Soft Computing, vol. 32, no. 3, pp. 1633-1647, 2022, doi: https://doi.org/10.32604/iasc.2022.021786. 
  27. D. H. Patil, V. S. Asbe, M. S. Chavan, P. L. Birajdar, and G. A. Joshi, "A Survey on Private Cloud Storage Security using Multifactor Authentication," Journal of Architecture & Technology, vol. XI, no. VIII, pp. 7-11, 2019. 
  28. M. I. Hussain et al., "AAAA: SSO and MFA Implementation in Multi-Cloud to Mitigate Rising Threats and Concerns Related to User Metadata," Applied Sciences, vol. 11, no. 7, 2021, doi: https://doi.org/10.3390/app11073012. 
  29. Meena.S and V.Gayathri, "Securing Personal Health Records using Advanced Multi-Factor Authentication in Cloud Computing," International Journal of Recent Technology and Engineering (IJRTE), vol. 8, no. 6, pp. 5133-5140, 2020, doi: https://doi.org/10.35940/ijrte.F9724.038620. 
  30. S. Dhanasekaran, B. S. Murugan, and V. Vasudevan, "A Reliable Agent System for Cloud Service Discovery using MFA Technique," International Journal of Recent Technology and Engineering (IJRTE), vol. 8, no. 4S2, pp. 682-685, doi: https://doi.org/10.35940/ijrte.D1110.1284S219. 
  31. S. R. Monaswarnalakshmi and C. P. Sai Aravindhan, "Multifactor Authentication in IoT Devices for Ensuring Secure Cloud Storage in Smart Banking," International Research Journal of Engineering and Technology (IRJET), vol. 5, no. 3, pp. 1307-1311, 2018. 
  32. K. D. Priya and L. Sumalatha, "Trusted Hybrid Multifactor Authentication for Cloud Users," i-manager's Journal on Cloud Computing, vol. 7, no. 1, pp. 12-20, 2020, doi: https://doi.org/10.26634/jcc.7.1.16670. 
  33. C. Singh and T. D. Singh, "A 3-Level Multifactor Authentication Scheme for Cloud Computing," International Journal of Computer Engineering & Technology (IJCET), vol. 10, no. 1, pp. 184-195, 2019.  https://doi.org/10.34218/IJCET.10.1.2019.020
  34. S. C. Patel, S. Jaiswal, R. S. Singh, and J. Chauhan, "Access Control Framework Using Multi-Factor Authentication in Cloud Computing," International Journal of Green Computing (IJGC) vol. 9, no. 2, 2018, doi: https://doi.org/10.4018/IJGC.2018070101. 
  35. M. Kaleem and M. J. Arshad, "A Customizable Client Authentication Framework (CCAF) Based on Multi-Factor for Cloud Computing Application," International Journal of Computer Science and Telecommunications (IJCST), vol. 8, no. 3, pp. 18-25, 2017. 
  36. R. K. Banyal, P. Jain, and V. K. Jain, "Multi-Factor Authentication Framework for Cloud Computing," in 2013 Fifth International Conference on Computational Intelligence, Modelling and Simulation (CSSIM), Seoul, Korea (South), 24-25 Sept. 2013, pp. 105-110, doi: https://doi.org/10.1109/CIMSim.2013.25. 
  37. Z. E. Karabulut and M. C. Kasapbasi, "Cloud Computing Integrated Multi-Factor Authentication Framework Application in Logistics Information Systems," Journal of International Trade, Logistics and Law (JITAL), vol. 3, no. 2, pp. 50-57, 2018. [Online]. Available: http://www.jital.org/index.php/jital/article/view/66. 
  38. R. Nikam and M. Potey, "Cloud storage security using Multi-Factor Authentication," in 2016 International Conference on Recent Advances and Innovations in Engineering (ICRAIE), 23-25 Dec. 2016, pp. 1-7, doi: https://doi.org/10.1109/ICRAIE.2016.7939528. 
  39. E. Erdem and M. T. Sandikkaya, "OTPaaS-One Time Password as a Service," IEEE Transactions on Information Forensics and Security, vol. 14, no. 3, pp. 743-756, 2019, doi: https://doi.org/10.1109/TIFS.2018.2866025. 
  40. K. A. Taher, T. Nahar, and S. A. Hossain, "Enhanced Cryptocurrency Security by Time-Based Token Multi-Factor Authentication Algorithm," in 2019 International Conference on Robotics,Electrical and Signal Processing Techniques (ICREST), 10-12 Jan. 2019, pp. 308-312, doi: https://doi.org/10.1109/ICREST.2019.8644084. 
  41. I. Gordin, A. Graur, and A. Potorac, "Two-Factor Authentication Framework for Private Cloud," in 2019 23rd International Conference on System Theory, Control and Computing (ICSTCC), 9-11 Oct. 2019, pp. 255-259, doi: https://doi.org/10.1109/ICSTCC.2019.8885460. 
  42. S. Kambou and A. Bouabdallah, "A Strong Authentication Method for Web/Mobile Services," in 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom), Paris, France, 21-23 June 2019, pp. 124-129, doi: https://doi.org/10.1109/CSCloud/EdgeCom.2019.000-8. 
  43. W. Kennedy and A. Olmsted, "Three Factor Authentication," in 2017 12th International Conference for Internet Technology and Secured Transactions (ICITST), Cambridge, UK, 11-14 Dec. 2017, pp. 212-213, doi: https://doi.org/10.23919/ICITST.2017.8356384. 
  44. M. A. Hassan and Z. Shukur, "A Secure Multi Factor User Authentication Framework for Electronic Payment System," in 2021 3rd International Cyber Resilience Conference (CRC), Langkawi Island, Malaysia, 29-31 Jan. 2021, pp. 1-6, doi: https://doi.org/10.1109/CRC50527.2021.9392564. 
  45. M. A. Hassan, Z. Shukur, and M. K. Hasan, "Enhancing Multi-Factor User Authentication for Electronic Payments," in Inventive Computation and Information Technologies, Singapore, S. Smys, V. E. Balas, K. A. Kamel, and P. Lafata, Eds., 2021, vol. 173: Springer Singapore, in Lecture Notes in Networks and Systems, pp. 869-882, doi: https://doi.org/10.1007/978-981-33-4305-4_63. 
  46. B. A. Oke, O. M. Olaniyi, A. A. Aboaba, and O. T. Arulogun, "Multifactor Authentication Technique for a Secure Electronic Voting System," Electronic Government, an International Journal (EG), vol. 17, no. 3, pp. 312-338, 2021, doi: https://doi.org/10.1504/EG.2021.115999. 
  47. B. A. Oke, O. M. Olaniyi, A. A. Aboaba, and O. T. Arulogun, "Developing Multifactor Authentication Technique for Secure Electronic Voting System," in 2017 International Conference on Computing Networking and Informatics (ICCNI), Lagos, Nigeria, 29-31 Oct. 2017, pp. 1-6, doi: https://doi.org/10.1109/ICCNI.2017.8123773. 
  48. O. M. Olaniyi, E. M. Dogo, B. K. Nuhu, H. Treiblmaier, Y. S. Abdulsalam, and Z. Folawiyo, "A Secure Electronic Voting System Using Multifactor Authentication and Blockchain Technologies," in Blockchain Applications in the Smart Era, S. Misra and A. Kumar Tyagi Eds., (EAI/Springer Innovations in Communication and Computing. Cham: Springer, 2022, pp. 41-63. 
  49. O. M. Olaniyi, O. T. Arulogun, E. O. Omidiora, and A. Oludotun, "Design of Secure Electronic Voting System using Multifactor Authentication and Cryptographic Hash Functions," International Journal of Computer and Information Technology, vol. 2, no. 6, pp. 1122-1130, 2013. [Online]. Available: http://www.ijcit.com/archives/volume2/issue6/Paper020618.pdf. 
  50. T. P. Abayomi-Zannu, I. A. Odun-Ayo, and T. F. Barka, "A Proposed Mobile Voting Framework Utilizing Blockchain Technology and Multi-Factor Authentication," Journal of Physics: Conference Series (JPCS), vol. 1378, no. 3, p. 032104, 2019, doi: https://doi.org/10.1088/1742-6596/1378/3/032104. 
  51. M. Rusdan and D. T. Manurung, "Designing of User Authentication Based on Multi-factor Authentication on Wireless Networks," Journal of Advanced Research in Dynamical and Control Systems (JARDCS), vol. 12, no. 1, 2020, doi: https://doi.org/10.5373/JARDCS/V12I1/20201030. 
  52. A. Kinai, F. Otieno, N. Bore, and K. Weldemariam, "Multi-Factor Authentication for Users of Non-Internet based Applications of Blockchain-based Platforms," in 2020 IEEE International Conference on Blockchain (Blockchain), Rhodes, Greece, 2-6 Nov. 2020, pp. 525-531, doi: https://doi.org/10.1109/Blockchain50366.2020.00076. 
  53. K. Lee, "A Study on User Access Control Method using Multi-Factor Authentication for EDMS," International Journal of Security and Its Applications (IJSIA), vol. 7, no. 6, pp. 327-334, 2013, doi: http://dx.doi.org/10.14257/ijsia.2013.7.6.33. 
  54. S. G. Santhi and M. Kameswara Rao, "Multifactor User Authentication Mechanism Using Internet of Things," in Second International Conference on Computer Networks and Communication Technologies, Cham, S. Smys, T. Senjyu, and P. Lafata, Eds., 2020, vol. 44: Springer International Publishing, in Lecture Notes on Data Engineering and Communications Technologies, pp. 496-502, doi: https://doi.org/10.1007/978-3-030-37051-0_56. 
  55. M. K. Rao, S. G. Santhi, and M. A. Hussain, "Multi Factor User Authentication Mechanism using Internet of Things," presented at the Proceedings of the Third International Conference on Advanc ed Informatics for Computing Research, Shimla, India, 2019. 
  56. J. Liu, X. Zou, J. Han, F. Lin, and K. Ren, "BioDraw: Reliable Multi-Factor User Authentication with One Single Finger Swipe," in 2020 IEEE/ACM 28th International Symposium on Quality of Service (IWQoS), Hang Zhou, China, 15-17 June 2020, pp. 1-10, doi: https://doi.org/10.1109/IWQoS49365.2020.9212855. 
  57. D. Lu, D. Huang, Y. Deng, and A. Alshamrani, "Multifactor User Authentication with In-Air-Handwriting and Hand Geometry," in 2018 International Conference on Biometrics (ICB), 20-23 Feb. 2018, pp. 255-262, doi: https://doi.org/10.1109/ICB2018.2018.00046. 
  58. N. A. K. Abiew, M. D. Jnr., and S. O. Banning, "Design and Implementation of Cost Effective Multi-factor Authentication Framework for ATM Systems," Asian Journal of Research in Computer Science (AJRCoS), vol. 5, no. 3, pp. 7-20, 2020, doi: https://doi.org/10.9734/ajrcos/2020/v5i330135. 
  59. D. Bouck-Standen and J. Kipke, "Multi-Factor Authentication for Public Displays using the Semantic Ambient Media Framework," in ADVCOMP 2019 : the Thirteenth International Conference on Advanced Engineering Computing and Applications in Sciences, Porto, Portugal, C.-P. Ruckemann and W.-U. Munster, Eds., 22-26 Sep 2019: International Academy, Research and Industry Association (IARIA), pp. 30-35. 
  60. S. Sahan, A. F. Ekici, and S. Bahtiyar, "A Multi-Factor Authentication Framework for Secure Access to Blockchain," presented at the Proceedings of the 2019 5th International Conference on Computer and Technology Applications (ICCTA 2019), Istanbul, Turkey, 16-17 April, 2019. 
  61. M. Z. M. Zin, R. M. Saidi, F. Sappar, and M. A. Arshad, "Multi-factor Authentication to Authorizing Access to an Application: A Conceptual Framework," Journal of Advanced Research in Computing and Applications, vol. 16, no. 1, pp. 1-9, 2019. 
  62. E. R. M. Aleluya and C. T. Vicente, "Faceture ID: Face and Hand Gesture Multi-Factor Authentication Using Deep Learning," Procedia Computer Science, vol. 135, pp. 147-154, 2018, doi: https://doi.org/10.1016/j.procs.2018.08.160. 
  63. E. O. Asani, O. B. Longe, A. J. Balla, R. O. Ogundokun, and E. A. Adeniyi, "Secure Human-Computer Interaction: A Multi-Factor Authentication CAPTCHA Scheme," in Handbook of Research on the Role of Human Factors in IT Project Management, S. Misra and A. Adewumi Eds. Hershey, PA, USA: IGI Global, 2020, pp. 149-163. 
  64. O. G. Lala, H. O. Aworinde, and S. I. Ekpe, "Towards A Secured Financial Transaction: A Multi-Factor Authentication Model," in Proceedings of the 25th iSTEAMS Trans-Atlantic Multidisciplinary Virtual Conference, Laboratoire Jean Kuntzmann, Universite Laboratoire Jean Kuntzmann, Universite Grenoble, Alpes, France, 2020, pp. 139-146. 
  65. A. A. Alghamdi, "A Verification System for Multi-Factor Authentication for E-Healthcare Architectures," Arab Journal for Scientific Publishing (AJSP), vol. 31, 2021. 
  66. G. J. W. Kathrine, "A Secure Framework for Enhancing User Authentication in Cloud Environment using Biometrics," in 2017 International Conference on Signal Processing and Communication (ICSPC), Coimbatore, India, 28-29 July 2017, pp. 283-287, doi: https://doi.org/10.1109/CSPC.2017.8305854.