Secure Session Control in Education Cloud Using One Time Password (OTP)

SECURE SESSION CONTROL IN
EDU-CLOUD USING OTP
by
S. EDEL JOSEPHINE
RAJAKUMARI
12MCS107
2012-2013

CONTENTS
• Introduction
• Literature Review
• Security Issues and Solutions in Cloud Computing - A
Survey
• Secure Session Control in Edu-Cloud using OTP
• Conclusion
18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 2

OBJECTIVE
The objective of the Dissertation is
 To Analyze the existing security issues in Cloud Computing
 To Develop a Secure Edu-Cloud Architecture
 To Provide a Secure Session Control for Edu-Cloud using
OTP

DISSERTATION OVERVIEW
• Chapter 1- Introduction to Cloud Computing, E-Learning and Cloud
based E-Learning
• Chapter 2- A review of related work previously done regarding this
dissertation
• Chapter 3- An overview of existing security issues in Cloud Computing
• Chapter 4- Proposed architecture and a model
• Chapter 5- Conclusion with suggestions for future enhancements

INTRODUCTION
Computing
Computing is any goal-oriented activity requiring, benefiting
from, or creating computers. For example, computing includes designing,
developing and building hardware and software systems; processing,
structuring, and managing various kinds of information; doing scientific
research on and with computers; making computer systems behave
intelligently; creating and using communications and entertainment media
etc.

INTRODUCTION…
Cloud Computing
• Cloud Computing is a subscription based service using
which IT resources are delivered as services to users.
• Internet based computing
• Principle- “Pay as you go”

INTRODUCTION…
Cloud Clients
Web browser, mobile app, thin client, terminal emulator …
SaaS
CRM, Email, virtual desktop, communication, games …
PaaS
Execution runtime, database, web server, development tools …
IaaS
Virtual machines, servers, storage, load balancers, network …Infrastructure
Platform
Application
Basic Cloud Services

INTRODUCTION…
Deployment Models
• Private Cloud
• Community Cloud
• Public Cloud
• Hybrid Cloud

E-LEARNING
E-learning refers to the use of electronic
media and Information and Communication
Technologies (ICT) in education.

E-LEARNING SOLUTIONS
E-Learning
Asynchronous
E-Learning
Synchronous
E-Learning
Development
and
Management

CLOUD BASED E-LEARNING
The goals and requirements of Cloud based E-Learning are:
 Location shifting
 Time shifting
 Interaction tools
 Learning management tools
 Courseware
 Cloud Infrastructure

LITERATURE REVIEW
• According to Nabendu Chaki et al. [Roh 11]
 In Cloud, virtual machines connected to the host system constantly to
be monitored in a virtualized environment.
 A virtual machine monitor (VMM) can be placed in a virtual
environment which will keep track of all the traffic flowing in and out
of a virtual machine network.
 If any suspicious activity found, the corresponding virtual machine
will be disconnected from the virtualized network.

LITERATURE REVIEW…
• According to Pankaj Arora et al. [Pan 12]
Proposed Model – SMI (Security Model for IaaS)
 Secure Configuration Policy (SCP)
 Secure Resources Management Policy (SRMP)
 Security Policy Monitoring and Auditing (SPMA)

• According to Sunil Sanka et al. [Sun 10]
 Modified Diffie-Hellman key exchange protocol for addressing data
confidentiality, integrity and authentication issues.
 According to this protocol, a symmetric key is shared secretly
between the Cloud Service Provider and the user.
 The D-H key exchange protocol is proposed for the users to access
the outsourced data efficiently and securely from cloud service
providers’ infrastructure.

• According to Shahid Al Noor et al. [Sha 10]
Cloud Central System Internal Architecture
Two Sublayers
Upper Sublayer Lower Sublayer

• According to Gunasekar Kumar et al. [Gun 11]
Security measures for Cloud based E-Learning:
 SMS Security mechanism
 Biometric mechanism
 Security Token
 ACL mechanism

• According to M.Okuhara et al. [Mas 10]
Security architectures based on access control, authentication and identity
management, and security visualization. The results of the architectures are
 Logical separation of cloud service layers by virtualization presents
in the same level of security as physical separation of computing
environments.
 One time password provides a powerful authentication mechanism
that precludes password leak.
 Dashboard and information-security services enable the users to
visualize the efficiency and cost-effectiveness of information-
security measures.

• According to D.Kasi Viswanath et al. [Kas 12]
Benefits of Cloud based E-Learning are:
 Lower costs
 Improved performance
 Instant software updates
 Improved document format compatibility
 Benefits for students
 Benefits for teachers.
Cloud Computing challenges:
 Security
 Privacy
 Reliability
 Legal issues
 Open standard
 Compliance
 Freedom
 Long-term viability.

• According to Paul Pocatilu [Pau 10]
E-Learning systems usually require many hardware and software
resources. There are many educational institutions that cannot afford such
investments, and Cloud Computing is the best solution. E-learning systems can use
benefit from Cloud Computing using:
 Infrastructure: use an e-learning solution on the provider's infrastructure
 Platform: use and develop an e-learning solution based on the provider's
development interface
 Services: use the e-learning solution given by the provider.

• According to A.P.Nirmala and Dr. R.Sridaran [Nir 12]
A survey on Cloud Computing issues at design and implementation levels. At
design level, architectural issues and platform related issues are discussed. At
implementation level, business related issues and technical issues are discussed. The
paper mainly focused on security and performance based issues in Cloud Computing.
• According to Danimir Mandic et al. [Dan]
A preview of possible risks that Cloud Computing can bring to the area of
E-Learning, with a preview of possible risk of intellectual property.

• According to MD. Anwar Hossain Masud and Xiaodi Huang [Anw 12]
Cloud based E-Learning Challenges:
 bandwidth
 security
 authentication
 management
 resource development
 role of teachers
 user data
 charging
The proposed framework has an open structure, can interoperate with external
content and social service (such as twitter, g-mail, YouTube, etc...) at the data level and
it is subdivided into management subsystem and service subsystem.

• According to Sanjeet Kumar Nayak et al. [San 12]
A framework which provides mutual authentication and session key
agreement in Cloud Computing environment. The scheme executes in three
phases such as server initialization phase, registration phase, and
authentication phase. The architecture satisfied the following security
features: mutual authentication, session key agreement, password change,
non-reply attack, identity management, and scalability. They assured that the
proposed protocol can resist many popular attacks such as replay attack,
password stolen attack, etc...

• According to Alok Kumar Vishwakarma and A. E. Narayanan [Alo 12]
 Introduced a service additionally with the basic Cloud services SaaS, PaaS, and IaaS
which is called E-Learning as a Service (EaaS).
 Benefits of E-Learning:
o Reduced cost of learning materials
o Increased participation of academic institutes
o Greater accessibility and better learning outcome
o Flexibility
 Benefits of proposed scheme over existing methods:
o cost reduction
o smarter classroom
o data portability
o smart administration
o innovation in research.

SECURITY ISSUES AND SOLUTIONS IN
CLOUD COMPUTING – A SURVEY
• Threats in Cloud Computing
 Denial of Service (DoS)
 Distributed Denial of Service (DDoS)
 Side Channel Attack
 Authentication Attack
 Man-In-The-Middle (MITM) Attack
 SQL-Injection Attack
 Guest-Hopping Attack
 Packet Sniffing
 Country or Jurisdiction
 Multitenant Risks
 Malicious Insiders
 Vendor Lock-in
 Risk of the Cloud-based Provider Failing

• Security Concerns of Cloud Computing
 Residence of data
 Lack of Access Control
 Security of Data
 SLA
 Long-term Viability
 Data Breach
 Data Leakage
 Disaster Recovery

• Security Principles for Information Security in Cloud
 Key Protection
 Captcha Technique
 Keep the cloud secret

SECURE SESSION CONTROL IN EDU-CLOUD
USING OTP
• Challenges of Cloud based E-Learning
Challenges
Bandwidth
Security
Authentication
Management
Resource
Development
Role of
Teachers
User Data
Payment

USING OTP
• Secure Edu-Cloud Architecture
EDU-CLOUD
ACL A/C Balance Service
Authentication (OTP)
Student Teacher Others
Cloud Service Provider

USING OTP
• Secure Session Control Mechanism
EDU-CLOUD
(SJCEDU)
Session 1
OTP
Username
(12MCS107)
OTP
Username
(12MCS107)
Access
Denied
Authorized User Hacker

USING OTP
• Implementation in ASP.NET
Online-Quiz Home Page

USING OTP
Implementation in ASP.NET…
Creating First Session

USING OTP
OTP Generation

USING OTP
Login with OTP

USING OTP
Creating Second Session

USING OTP
Denial of Session

CONCLUSION
• The dissertation satisfies the objective by providing a Secure Session Control in Edu-
Cloud so that multiple sessions of the same user is forbidden.
Future Enhancements
• In case, the session stopped unexpectedly due to some reasons except hacking such as
power cut, device failure or user’s inconvenience, the current session will be expired. It
would be appreciable if the session can be resumed with some authentication features.
• When conducting tests in educational clouds it is to be taken care of that a student has to
attend the test only once.
• The authentication mechanism can be extended to biometric authentication or some
advanced authentication methods.

REFERENCES
[Akr 07]
Akram Alkouz and Samir A. EI-Seoud, “Web Services Based Authentication System for E-Learning”,
International Journal of Computing & Information Sciences, Volume5, No.2, August 2007.
[Ale 05] Alex Koohang and Keith Harman, “Open Source: A Metaphor for E-Learning”, Informing Science Journal,
Volume8, 2005.
[Alo 12]
Alok Kumar Vishwakarma, A. E. Narayanan, “E-Iearning as a Service: A New Era for Academic Cloud
Approach”, 1st International Conference on Recent Advances in Information Technology (RAIT), 2012.
[Anj 12] Anjali Jindia, Sonal Chawla, “E-learning and Cloud Computing”, IJAIR 2012, Department of Computer
Science and Applications, Punjab University, India.
[Anw 12]
MD. Anwar Hossain Masud, Xiaodi Huang, “A Novel Approach for Adopting Cloud-based E-learning
System”, 2012 IEEE/ACIS 11th International Conference on Computer and Information Science.
[Chr] Christopher Mallow, “Authentication Methods and Techniques”.
[Dan] Danimir Mandic, Vladimir Urosevic, Mihajlo Tijanic, “E-learning and Security Problems in Cloud Computing
Environment”, Selected Topics in Education and Educational Technology, ISBN: 978-960-474-232-5, ISSN:
1792-5061.
[Far 11] Farzad Sabahi, “Cloud Computing Security Threats and Responses”, 2011. Available at
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?&arnumber=6014715.
[Fer 12] A.Fernandez, D.Peralta, F.Herrera, and J.M.Benitez, “An Overview of E-Learning in Cloud Computing”,
Springer-Verlag Berlin Heidelberg 2012.
[Gun 11]
Gunasekar Kumar, Anirudh Chelikani, “Analysis of security issues in cloud based E-Learning”, 2011.

REFERENCES
[Haf] Hafiz Zahid Ullah Khan, “Comparative Study of Authentication Techniques”, International Journal of
Video & Image Processing and Network Security, Volume10, No.04.
[Ham 13] S.Hameetha Begum, T.Sheeba, and S.N.Nisha Rani, “Security in Cloud based E-learning”, International Journal of
Advanced Research in Computer Science and Software Engineering, Volume3, Issue 1, January 2013, ISSN:2277
128X.
[Kas 12] D.Kasi Viswanath, S.Kusuma, and Saroj Kumar Gupta, “Cloud Computing Issues and Benefits Modern
Education”, Global Journal of Computer Science and Technology, Cloud & Distributed, Volume12, Issue 10,
Version 1.0, July 2012, Double Blind Peer Reviewed International Research Journal, Global Journals Inc. (USA).
[Kaw 12] Kawser Wazed Nafi, Tonny Shekha Kar, Sayed Anisul Hoque, Dr. M. M. A Hashem, “A Newer User
Authentication, File encryption and Distributed Server Based Cloud Computing security architecture”, International
Journal of Advanced Computer Science and Applications, Volume 3, No. 10, 2012.
[Man 12] Maninder Singh and Sarbjeet Singh, “Design and Implementation of Multi-tier Authentication Scheme in Cloud”,
IJCSI International Journal of Computer Science Issues, Volume9, Issue 5, No.2, September 2012.
[Mar 07] Maria Nickolova, Eugene Nickolov, “Threat Model for User Security in E-Learning Systems”, International
Journal "Information Technologies and Knowledge", Volume1, 2007.
[Mas 10] Masayuki Okuhara, Tetsuo Shiozaki, Takuya Suzuki, “Security Architectures for Cloud Computing”, FUJITSU
Sci. Tech. J., Volume46, No.4, October 2010.
[Nir 12] A.P.Nirmala and Dr. R.Sridaran, “Cloud Computing Issues at Design and Implementation Levels – A Survey”,
Volume03, Issue 06, Pages: 1444-1449 (2012), Int. J. Advanced Networking and Applications.
[Nun 13] Nungki Selviandro, Zainal Arifin Hasibuan “Cloud-Based E-Learning: A Proposed Model and Benefits by Using
E-Learning Based on Cloud Computing for Educational Institution”, International Federation for Information
Processing (IFIP), 2013.

REFERENCES
[Pan 10] Pance Ribarski, Ljupcho Antovski, “Implementing Strong Authentication with OTP: Integrated System”,
ICT Innovations 2010 Web Proceedings ISSN 1857-7288.
[Pan 12] Pankaj Arora, Rubal Chaudhry Wadhawn, Er. Satinder Pal Ahuja, “Cloud Computing Security Issues in
Infrastructure as a Service”, Volume 2, Issue 1, January 2012, ISSN 128X, International Journal of Advanced
Research in Computer Science and Software Engineering.
[Pau 10] Paul Pocatilu, “Cloud Computing Benefits for E-learning Solutions”, Oeconomics of Knowledge, Volume2, Issue
1, 1Q 2010.
[Roh 11] Rohit Bhadauria, Rituparna Chaki, Nabendu Chaki, Suganta Sanyal, “A Survey on Security Issues in Cloud
Computing”, 2011.
[SAN 01] “An Overview of Different Authentication Methods and Protocols”, SANS Institute InfoSec Reading Room,
2001.
[San 12] Sanjeet Kumar Nayak, Subasish Mohapatra, Banshidhar Majhi, “An Improved Mutual Authentication
Framework for Cloud Computing”, International Journal of Computer Applications (0975 – 8887) Volume 52–
No.5, August 2012.
[Sha 10] Shahid Al Noor, Golam Mustafa, Shaiful Alam Chowdry, Md. Zakir Hossain, Fariha Tasmin Jaigirdar, “A
Proposed Architecture of Cloud Computing for Education System in Bangladesh and the Impact on Current
Education System”, International Journal of Computer Science and Network Security, Volume 10, No.10,
October 2010.
[Sun 10] Sunil Sanka, Chittaranjan Hota, Muttukrishnan Rajarajan, “Secure Data Access in Cloud Computing”, Internet
Multimedia Services Architecture and Application (IMSAA), IEEE 4th International Conference, 2010.

REFERENCES
[Sur 12] K.S.Suresh, and Prof.K.V.Prasad, “Security Issues and Security Algorithms in Cloud Computing”, IJARCSSE,
Volume2, Issue 10, October 2012.
[Vis 13]
Vishal Paranjape, Vimmi Pandey, “An Improved Authentication Technique with OTP in Cloud Computing”,
International Journal of Scientific Research in Computer Science and Engineering Research Paper Volume 1, Issue-3 E-
ISSN: 2320-7639.
[You] Young Sil Lee, HyoTaek Lirn, HoonJae Lee, “A Study on Efficient OTP Generation using Stream Cipher with Random
Digit”, Division of Computer and Information Engineering, Dongseo University.
Reference Book
 Kris, “Cloud Computing”, Jones & Bartlett Learning, 2011.

PUBLICATIONS
• Presented a Paper on “Security Issues and Solutions in Cloud
Computing – A Survey” at a National Conference NCAC 2013 at
Jamal Mohamed College.

Secure Session Control in Education Cloud Using One Time Password (OTP)

More Related Content

Similar to Secure Session Control in Education Cloud Using One Time Password (OTP) (20)

Recently uploaded (20)

Secure Session Control in Education Cloud Using One Time Password (OTP)