Professional Documents
Culture Documents
Secure Network Authentication
Secure Network Authentication
Computing
Case Study: Cloud computing is a way of providing different computing services along with
servers, remote storage and databases, networking software , intelligence and analytics software.
It is widely used by business organizations and individuals due to its dynamic scalability. It has
different models and services that users can consume by paying according to the amount and
volume of services used. Cloud computing provides services through internet in the form of
virtualized resources. Although it has a lot of benefits for users, there are security risks involved
with resource sharing and access. In this paper, we investigated security and authentication in
Cloud Computing and several proposed mechanisms for Network Authentication. We proposed a
new solution based on Elliptic Curves Digital Signature Algorithm to improve and enhance user
authentication in Cloud Computing. On the other hand, network security includes variety of
technologies along with devices, processes and procedures with a specific set of rules, policies
and configurations in order to protect the integrity, confidentiality and availability of networks
and information. Network security uses both hardware and software technologies. The research
questions arises here are: 1. Are the existing network authentication schemes provide strong and
unbreakable authentication in case of cloud computing? What are the specific processes that
should be implemented while developing a secure network authentication scheme? What are the
other factors that makes network authentication very crucial in cloud computing?
1
1. INTRODUCTION
1.1 Cloud Computing
Cloud computing is universal stint for distributing hosted services over the network. It
enables organizations and also individuals to consume variety of computing resources which
includes Virtual machines, storage and utilities such as applications. Over the time, its usage
increased due to its crowning benefits. The central benefits of cloud computing includes self-
service provisioning, elasticity, pay-per-use, workload resilience, and migration flexibility. It is
an advanced technology that enables its users to access configurable resources like servers,
databases, networks and applications along with the concept of virtualization. Cloud computing
allows its users to use the services provided without worrying about the technology and
infrastructure by which those services are provided. The complexity in today's business
organizations is that the need of hardware's and software's increases very fast. So every time,
whenever there is a need of any new hardware of software within any organization, it requires
personnel's to first buy that resource and then further it needs experts to install them properly.
With the use of cloud computing, the client does not have to manage all these resources and thus
burden is reduced on client side. In general, cloud is like a "resource pool", that provides
economical and on-request services to its users. In cloud, the services and resources are
provided to consumers by three different service models "Infrastructure as a service (IaaS),
Platform as a service(PaaS), and Software as a service (SaaS)" . Besides these service models,
cloud computing has three deployment models that represents specific cloud environment
essentially elevated by ownership, size and access. These deployment models are "Private
Cloud, Public Cloud, and Hybrid Cloud". With the growing popularity and advancement of
cloud computing in market, the alerts of its security are also raised.
2
injection attack" [1]. Whereas the core security issues of Cloud Computing are "authentication,
data Integrity, data confidentiality and access control" [4].
One of the core security issue related to Cloud Computing is Authentication. It hinders the
illegitimate access of any unauthorized user to cloud resources. So before accessing any cloud
service, authentication is required to check whether a user is a legitimate or not. It divulges a
pivotal role in the security of many computing applications, for yielding and disavowing
application access to users, programs and API'S. Being distributed in architecture, Cloud
Computing is confronting complications in administering user’s identity, and its authentication
and authorization. The most frequent authentication attacks are brute force, insufficient
authentication and weak password recovery validation. Most of the authentication protocols are
designed by using cryptographic schemes. In 2016 Zarad et al[1] introduced an authentication
scheme for securely accessing cloud services. They introduced key agreement protocol for
authentication based upon elliptic curve cryptography and diffie-hellman key exchange. Their
scheme authenticates the user in multiple steps. They used elliptic curve with diffie-hellman key
exchange due to short key size in elliptic curve. After analyzing their scheme, we have identified
problems in their scheme. As, diffie-hellman is a non-authenticated protocol and provides us no
encryption and it is for only a key exchange over non-secure channel which means that we have
to use any symmetric scheme too for encryption and decryption of messages. This will increase
cost and computational time. The diffie-hellman protocol has three basic versions Anonymous
diffie-dellman, Fixed diffie-hellman and Ephemeral diffie-hellman. Although they did not
specify which version they are using, the anonymous version is vulnerable to Man in the Middle
Attacks due to unsigned values. Here, the attacker eavesdrop between communicating parties and
changes the values with its own values. In Ephemeral diffie-hellman, the domain parameters are
changed with every session and values are also signed in order to prevent Man in the Middle
Attacks. But the issue is, signature also changes every time with signed message so how can the
second communication party verify the signature authenticity? This problem can be solved in
Fixed diffie-hellman and Ephemeral diffie-hellman by adding Certification Authority or
Certificates for verifying the authenticity of signatures. The communicating parties use random
number generators, if in case outputs are not completely random and predictable to certain
extent, then eavesdropper's task will become much easier.
3
The above discussion indicates the need of secure and efficient authentication mechanism for
Cloud Computing overcoming all of the above limitations. To fulfill this requirement, we
propose a newer and more secure user authentication mechanism for Cloud Computing. This
study aims at analyzing the basic requirements for network and user authentication in Cloud
Computing while answering the research questions raised in the case study and propose a
solution based on "Elliptic Curve Digital Signature Algorithm(ECDSA)".
The rest of the paper is organized as following: Section 2 gives the details of some proposed
authentication schemes for Cloud Computing. Section 3 provides the brief details of Elliptic
Curve Digital Signature Algorithm. Section 4 presents our scheme for Secure and Enhanced
Authentication. Section 5 gives security analysis for using Elliptic Curve Digital Signature
Algorithm. Section 6 gives conclusion of this study.
4
successful log in. "In 2018 Jihad Qaddou et al[8]" proposed multifactor biometric authentication
mechanism for cloud computing. This mechanism is based on two layers with additional five
phases. First two phases are registration phase and login phase where user registers his/her self
and then logged into the system. In third phase, a true random number is generated and used to
identify the user after providing his/her biometric identity in fourth phase. In last phase, the
biometric identity of user is matched with stored record on the server to give full access to user.
5
compared to "RSA and Diffie-Hellman" with much larger key sizes. Table 3.1 shows the key
comparison of three public key cryptography schemes in terms of security provided:
Table 3.1
In most of the cases, symmetric cryptography fails and the reason is both communicating parties
do not trust each other as they both can be malicious. This issue can be resolved by using public
key cryptography with digital signatures. Digital signatures are mainly used for verifying the
authenticity of messages. Digital signatures provides us different security services. The core
security services are "Confidentiality, Integrity, Message Authentication and Non-Repudiation"
while other security services includes "Identification, Access Control, Availability, Auditing,
Physical Security and Anonymity". Elliptic curves along with ECDSA are typically used in
security of systems and messaging. Although ECDSA provides much more security with smaller
key sizes as compared to RSA and Diffie-Hellman protocols, it is also much more efficient in
computations. It also reduces the storage requirement for storing keys and algorithm parameters.
[1]
6
equation for generating keys instead of large primes. The selection of equation gives us an
advantage in terms of computation. We select curve25519 for generating keys. It is one of the
fastest elliptic curve and provides security of 128bits. The computations over this curve are
extremely fast and also it is not covered by any attacks yet. The main phases of ECDSA are
following:
1) In first step, the domain parameters are chosen and keys are generated on the user's
side by using ECDSA. The user keeps his/her private key and sends corresponding public key to
the server. The server stores public key for signature verification at later stage.
7
2) In second step, the user computes the hash of his/her password by using secure hash
algorithm SHA-256. SHA-256 hash function computes the hash of message taken as input and
produce 256-bit (32-byte) unique signature of message.
3) In third step, the signature is computed by using private key and hash of password at
user's side by using ECDSA.
4) The signature computed at user's side is then sent to server along with hash of
password for verification and authentication.
5) At server side, the server first get user's password from database and computes the
hash of password by using SHA-256 hash function. The server then use public key and other
parameters sent by the user to verify the signature by using signature verification process.
6) The server also compare Hash received from user by its locally computed hash to
check whether both values are equal or not. If both values are equal, the server authenticates user
successfully otherwise not.
1) Fast and Efficient Computations- Curve 25519 provides extremely fast computations
of domain parameters and keys with key size of 128bits. It also reduces the requirement of high
storage for keys due to shorter key sizes.
8
2) Message Confidentiality and Privacy- Message confidentiality and integrity is
achieved by using SHA-256 hashing algorithm by along with digital signatures algorithm.
4) Protection against Replay Attacks- The value of ephemeral key Ke is random and
it is generated with a new value each time with every new session that prevents replay attacks to
happen.
6. CONCLUSION
With the rapid advancement and development of Cloud Computing, challenges are also
increasing for secure, efficient and reliable Authentication. By keeping foremost parameters like
computation time, efficiency and security upfront, an improved and enhanced authentication
scheme is proposed for Network and users Authentication in Cloud Computing. The proposed
scheme is based on Elliptic Curve Digital Signature Algorithm. Elliptic curve will provide more
security with much shorter keys as compared to other protocols like RSA and Diffie-Hellman.
The shorter keys will reduce the requirement of more storage for keys and algorithm parameters.
The use of underlying curve25519 will make computations extremely fast and prevent timing
attacks due to its constant computational time. Sha-256 secure hash algorithm will provide
message integrity during transit. All these parameters makes the proposed scheme efficient,
secure and reliable protocol for Authentication in Cloud Computing.
9
7. REFERENCES
[1] "Mohamed M. Zarad, Ahmed A. Abdel-Hafez, Ahmed H. Hassanein ,Secure and Efficient
Authentication Scheme for Cloud Computing, International Journal of Computer Applications,
May 2016 [Java]."
[2] "Faraz Fatemi , Shiva Gerayeli Moghaddam A scalable and efficient user authentication
scheme for cloud computing environments, IEEE 2014 Region10 Symposlum."
[3] "Shorab Rouzbeh,Iman Ghavam, A client -based user authentication and encryption
algorithm for secure accessing to cloud servers, 2013 IEEE Student Conference on Research and
Development 16-17 December 2013, putrajaya, Malaysia."
[4] "Aniesh Krishna K, Balagopalaln A S , Authentication Model For Cloud Computing Using
Single Sign-On, Department of Computer Science and Engineering, Sri Ramakrishna
engineering College, Coimbatore"
[5] "Hyosik Ahn, Hyokyung Chang, Changbok Jang, Euiin Choi User Authentication Platform
using Provisioning in Cloud Computing Environment Dept. Of Computer Engineering, Hannam
University, Daejeon, Korea"
[6] " Nan Chen, Rui Jiang Analysis and Improvement of User Authentication Framework for
Cloud Computing School of Information Science and Engineering, Southeast University,
Nanjing, China"
[7] "Shu Yun Lim, M. L Mat Kiah, Tan Fong Ang Security Issues and Future Challenges of
Cloud Service Authentication Faculty of Business Technology and Accounting, Unitar
International University, 47301 Selangor Darul Ehsan, Malaysia; lim_sy@unitar.my"
[8] "Ricardo Carvalho Cloud Computing Authentication Security with Diversity and
RedundancyINESC-ID, Instituto Superior T´ecnico, Universidade de Lisboa"
[9] " Gawade. Shreya, Bharti. Anand, Raj. Ashish, Madane, Shweta Biometric Authentication
using Software as a Service in Cloud Computing "
[10] " Thakkar. Jaydip An Encryption and Decryption More Secure Elgamal Cryptosystem
Department of Computer Science and Engineering Narnarayan Shastri Institute of Technology,
Jetalpur"
10