Fine grained two-factor access control for web-based cloud computing services
0 likes293 views
This paper presents a fine-grained two-factor authentication (2FA) access control system tailored for web-based cloud computing services, enhancing security by requiring both a user secret key and a lightweight, tamper-resistant security device. The proposed system addresses weaknesses of traditional password-based systems, such as lack of privacy and vulnerability to malware, while enabling access control based on user attributes. A simulation demonstrates the effectiveness and practicality of this 2FA approach, which aims to ensure user privacy without compromising access in shared computing environments.
Fine grained two-factor access control for web-based cloud computing services
- 1. #13/ 19, 1st Floor, Municipal Colony, Kangayanellore Road, Gandhi Nagar, Vellore – 6. Off: 0416-2247353 / 6066663 Mo: +91 9500218218 Website: www.shakastech.com, Email - id: shakastech@gmail.com, info@shakastech.com FINE-GRAINED TWO-FACTOR ACCESS CONTROL FOR WEB-BASED CLOUD COMPUTING SERVICES ABSTRACT In this paper, we introduce a new fine-grained two-factor authentication (2FA) access control system for web-based cloud computing services. Specifically, in our proposed 2FA access control system, an attribute-based access control mechanism is implemented with the necessity of both a user secret key and a lightweight security device. As a user cannot access the system if they do not hold both, the mechanism can enhance the security of the system, especially in those scenarios where many users share the same computer for web-based cloud services. In addition, attribute-based control in the system also enables the cloud server to restrict the access to those users with the same set of attributes while preserving user privacy, i.e., the cloud server only knows that the user fulfills the required predicate, but has no idea on the exact identity of the user. Finally, we also carry out a simulation to demonstrate the practicability of our proposed 2FA system. EXISTING SYSTEM Though the new paradigm of cloud computing provides great advantages, there are meanwhile also concerns about security and privacy especially for web-based cloud services. As sensitive data may be stored in the cloud for sharing purpose or convenient access; and eligible users may also access the cloud system for various applications and services, user authentication has become a critical component for any cloud system. A user is required to login before using the cloud services or accessing the sensitive data stored in the cloud. There are two problems for the traditional account/password based system.
- 2. #13/ 19, 1st Floor, Municipal Colony, Kangayanellore Road, Gandhi Nagar, Vellore – 6. Off: 0416-2247353 / 6066663 Mo: +91 9500218218 Website: www.shakastech.com, Email - id: shakastech@gmail.com, info@shakastech.com DISADVANTAGES OF EXISTING SYSTEM: 1. First, the traditional account/password-based authentication is not privacy-preserving. However, it is well acknowledged that privacy is an essential feature that must be considered in cloud computing systems. 2. Second, it is common to share a computer among different people. It may be easy for hackers to install some spyware to learn the login password from the web-browser. 3. In existing, Even though the computer may be locked by a password, it can still be possibly guessed or stolen by undetected malwares. PROPOSED SYSTEM In this paper, we propose a fine-grained two-factor access control protocol for web-based cloud computing services, using a lightweight security device. The device has the following properties: (1) it can compute some lightweight algorithms, e.g. hashing and exponentiation; and (2) it is tamper resistant, i.e., it is assumed that no one can break into it to get the secret information stored inside. ADVANTAGES OF PROPOSED SYSTEM: 1. Our protocol provides a 2FA security 2. Our protocol supports fine-grained attribute-based access which provides a great flexibility for the system to set different access policies according to different scenarios. At the same time, the privacy of the user is also preserved.
- 3. #13/ 19, 1st Floor, Municipal Colony, Kangayanellore Road, Gandhi Nagar, Vellore – 6. Off: 0416-2247353 / 6066663 Mo: +91 9500218218 Website: www.shakastech.com, Email - id: shakastech@gmail.com, info@shakastech.com SYSTEM ARCHITECTURE MODULES 1. Trustee Module 2. Attribute-Issuing Authority Module 3. User Module 4. Cloud Service Provider Module MODULE DESCRIPTION: Trustee: It is responsible for generating all system parameters and initializes the security device. Attribute-issuing Authority: It is responsible to generate user secret key for each user according to their attributes.
- 4. #13/ 19, 1st Floor, Municipal Colony, Kangayanellore Road, Gandhi Nagar, Vellore – 6. Off: 0416-2247353 / 6066663 Mo: +91 9500218218 Website: www.shakastech.com, Email - id: shakastech@gmail.com, info@shakastech.com User: It is the player that makes authentication with the cloud server. Each user has a secret key issued by the attribute-issuing authority and a security device initialized by the trustee. Cloud Service Provider: It provides services to anonymous authorized users. It interacts with the user during the authentication process. SYSTEM CONFIGURATION HARDWARE CONFIGURATION Processor - Pentium –IV Speed - 1.1 Ghz RAM - 256 MB(min) Hard Disk - 20 GB Key Board - Standard Windows Keyboard Mouse - Two or Three Button Mouse Monitor - SVGA SOFTWARE CONFIGURATION Operating System - Windows XP Programming Language - JAVA