Secure authentication framework for cloud

Abstract

The growing popularity of cloud based services is prompting organizations to consider shifting applications and data onto cloud. However, organizations dealing with highly sensitive information are apprehensive of moving its applications and data to public cloud owing to concern about security of its information. It is hence incumbent on service providers that only legitimate Users will access its services and resources in cloud. newlineVerifying authenticity of remote users is a necessary pre-requisite in a cloud environment before allowing access to secure resources/services/ applications. The simplest and most commonly used user authentication mechanism is password based authentication. However, Users tend to choose easy to remember password, and many a times use same password for multiple accounts, which makes it often the weakest link in security. Furthermore, service providers authenticating Users on the basis of password, stores password verification information in their databases and such authentication schemes with verification table are known to be vulnerable to various attacks. newlineFrom the perspective of authentication requirements, service providers in a cloud environment can be broadly categorized into two. Those service providers dealing with highly sensitive information and working in a regulated environment can be grouped into category one as in those offering services for sectors like health care, finance. These providers require a strong and secure authentication mechanism to authenticate its users, without any additional functionality. Similarly, there is a second category of service providers dealing with secure information but operate in a collaborative environment as providers providing their applications bundled through a web portal. To provide the Users with a seamless authentication experience, while accessing multiple services during a session, the second category of service providers prefer to have Single Sign-on functionality.