Multi Factor Hash Based Authentication in Cloud

Computing

Supervisor Mentor Research scholar

L. Sumalatha M. Swarnkar K DeviPriya
CSE CSE CSE
JNTUK Bennett University AEC
Outline
• Introduction
• Literature Survey
• Proposed work
• Experimental Setup
• Security Analysis
• Conclusion
 Introduction
• Cloud computing, one of the emerging topic in the field of information technology,
is the development of parallel computing, distributed computing and grid computing.
• By using the internet and central remote services it maintains the data, applications
etc which offers much more efficient computing by centralizing storage, memory,
processing, bandwidth and so on.
Architecture of Cloud Computing
Cloud Providers
 Advantages of Cloud Computing
• Decreased Capital costs
• Decreased IT operating costs
• Low maintenance cost
• Scalability and flexibility
• Speed of deployment
• Manageability
Biggest Challenges in Cloud Computing
 Why Security Problem in Cloud?
• The new concepts that clouds introduce, such as multi-tenancy, resource sharing and
outsourcing, create new challenges to the security community.
• Addressing these challenges requires, in addition to the ability to tune the security
measures developed for traditional computing systems, proposing new security
policies, models, and protocols to address the unique cloud security challenges.
 Literature work
• Cloud security is one of the active research areas and extensive research work has
been carried out in recent years. A number of effective techniques have been
proposed by various authors to provide security to cloud data and information. In
this, discusses several works done by various researchers that deal with cloud data
centric security.
H. Takabi, J. B. D. Joshi and G. Ahn, "Security and Privacy Challenges in Cloud Computing
Environments," in IEEE Security & Privacy, vol. 8, no. 6, pp. 24-31, Nov.-Dec. 2010.
doi: 10.1109/MSP.2010.186

• In this paper , explores the roadblocks and solutions to providing a trustworthy cloud
computing environment. Basically there are six fields of software security
vulnerabilities in Cloud computing: (a) data at end-to-end points, (b) data in the
communication channel, (c) authentication, (d) separation between clients, (e) legal
issues, and (f) incident response and authors discuss various approaches to cope with
the mentioned challenges, existing solutions, and the work needed to provide a
trustworthy cloud computing environment. The approaches address security and
privacy requirements of cloud service providers, service integrators, and cloud
environments in general.
Aljawarneh, Shadi A. et "A Conceptual Security Framework for Cloud Computing
Issues." IJIIT 12.2 (2016): 12-24. doi:10.4018/IJIIT.2016040102

• In this article, perspectives from Cloud computing practitioners are shown in order to address
clients concerns and bring about awareness of the measures that put in place to ensure software
security of the client services running in the Cloud. The authors discussed 7 levels(Application
security, Application server security, Remote system security, Hypervisor security, storage
security, data centre security, data transmission security, Internet service provider security) of
the cloud software security that should be considered in the current and future solutions. This
paper includes case study of LINKING THE MEDICAL CENTERS BETWEEN JORDAN
AND AUSTRALIA and implementation of confidentiality and integrity through hash password
and SHA-256 message digest.
Khalil, Issa, Abdallah Khreishah, and Muhammad Azeem. "Cloud computing security: A
survey." Computers 3.1 (2014): 1-35.
In this paper, a cloud security framework in which the various lines of
defense and identify the dependency levels among them are presented . Here,
identifies 28 cloud security threats which we classify into five categories
shown in below table1. They also present nine general cloud attacks along
with various attack incidents, and provide effectiveness analysis of the
proposed countermeasures.
Ziyad, S., and S. Rehman. "Critical review of authentication mechanisms in cloud
computing." International Journal of Computer Science Issues (IJCSI) 11.3 (2014): 145.
Ziyad, S., and S. Rehman. "Critical review of authentication mechanisms in cloud
computing." International Journal of Computer Science Issues (IJCSI) 11.3 (2014): 145.
S. Dey, S. Sampalli, Q. Ye, "MDA: message digest-based authentication for mobile cloud
computing", J. Cloud Comput., vol. 5, no. 1, pp. 18, 2016.

• Saurabh Dey et al. [26]proposed message digest based authentication for mobile cloud
computing .In this ,the authors explained security problems from the perspective of cloud
computing and mobile cloud computing. In this, the proposed scheme contains hash user id
and hash password at the client side and send these details to the cloud server through the
secure channel .The mobile authenticates whether the cloud server is genuine or not and the
cloud server authenticates whether the mobile is device valid or not through secured hash
values and encryption mechanism. The problem associated with this mechanism is Tk.
• The Calculation of Tk is based on only two parameters hash user id and hash password and
transferred through SSL environment . It is possible to easily perform brute force attack and
guessing attacks on this scheme and several attacks performed on the SSL environment
 
Registration Phase of MDA Scheme
Jegadeesan et , An Efficient Anonymous Mutual Authentication Technique For Providing
Secure Communication In Mobile Cloud Computing For Smart City Applications,
Sustainable Cities and Society (2019), https://doi.org/10.1016/j.scs.2019.101522

• The proposed scheme allows a mobile user to access lot of services from various
service providers through a single private key. The proposed method also supports
mutual authentication, key sharing, user secrecy, and user untraceability with the
hash based and bilinear pairing technique.
 Motivation
• According to recent survey by International Data Group (IDG) enterprise, the top
three challenges to implementing a successful cloud strategy in enterprise vary
significantly between IT and line-of-business (LOB). For IT, concerns regarding
security is (66%) and 42% of cloud-based projects are eventually brought back in-
house, with security concerns (65%).
 Motivation
• Security is a key concern when adopting cloud technology. Cloud solutions include
not only issues inherited from related technologies, such as virtualization and
distributed computing, but also new concerns associated to complexity of the cloud
ecosystem, composed by the cloud entities and their interactions.

• One of the concerns is related to authentication and authorization in the cloud in

order to provide robust mechanisms to identify entities and establish their
permissions and roles in the cloud, controlling resource usage and promoting
accounting and isolation.Several work done based on the authentication
mechanisms.But still lot of problem existed in the current schemes.
 Our Proposed Method-Multi-Factor Hash Based Authentication mechanisms in the
cloud computing

•Authentication is the process for confirming the identity of the user.

•The traditional authentication process allows the system to identify the user identity
and validity through the password.
•There are even strong methods of user authentication by combining multiple factors
like certificates ,OTP,finger prints etc.,
•In our proposed work, we included the multiple factors along with hashing concept to
authenticate the users. The phases of proposed framework depicted in the below figure.
Proposed Framework

Figure 1: phases of the proposed scheme

 Registration
• Registration is an important phase in the proposed scheme.
• The parameters that are required for the further communication will be exchanged in
this phase.
• The main feature of this phase is to provide confidentiality and integrity to the
parameters that are exchanged between the cloud user and cloud server in the open
environment.
• The process of registration phase is depicted in the figure 1.
Registration
 Steps of Registration Algorithm
The registration process of a mobile device or mobile user to a cloud server is a one
time process where the userID and the password are setup and some encrypted files are
exchanged. Technically, registration involves the exchange of userID, password and
other unique information such as credit card for accessing pay-per-use cloud services
The steps of registration process is described below.
1. A CU who wants to access cloud services from the CS must be register with the CS
to get userID and password. So he/she chooses userID , password, and random salt
value.
 Steps of Registration Algorithm
3. Then ,the client module computes h(userID),h(password||salt) and encrypts the hash
userID and password by concatenating the random x value using the public key of the
cloud server and transmitted to the cloud server shown in the below.
E(h(userID)||h(password||salt)||x), Kupublic_cloud)
4. The cloud server receives the credentials and performs the decrypt the operation
using its private key and stores the credentials in the cloud database along with the life
time and password expiration period and maintains random value x temporarily at
server sider for further communication
D(h(userID)||h(password||salt)||x), Prprivate_cloud)
 Steps of Registration Algorithm
5. Now ,the cloud server generates the two certificates based on the user policies and cloud
policies
UC = (UserID||Subscription||Lifetime)
CC = (CloudPolicies||SecurityPolicies)

6.Upon the generated certificates ,double encryption will be applied by using the random
key x and public key of the cloud server that makes the credentials will be confidential
and integrity of the credentials will be provided
E(E(UC||CC, PKpriv_cloud ),x)
 Login and Authentication Phase
• Whenever the CU wants to avail the services from the CS, the CU sends an
authentication request to the CS. The authentication request is validated by the CS
and if the request is valid then the CS sends authentication request to the CU to prove
the authenticity of the CS. Our proposed scheme is a two way authentication process.
• Cloud Server authenticates the Cloud user
• Cloud user authenticates the Cloud server.
Our investigated authentication process is briefly illustrated in the Figure 2 and Figure3.
 Cloud Server Authenticating Cloud User

Figure 2: proposed step1 authentication model of cloud server to cloud user

 Cloud Server Authenticating Cloud User

Figure 3: proposed step2 authentication model of cloud server to cloud user

 Cloud Server Authenticating Cloud User

1. Then ,the client module computes h(userID),h(password||salt) and encrypts the hash
userID and password by concatenating the random x value using the public key of
the cloud server and transmitted to the cloud server shown in the below.

E(h(userID)||h(password||salt), Kupublic_cloud)
 Second Step Authentication credentials
2. The CS decrypts the u1 using its private key and compares the received values with stored
values if the life time of CU and expiration period is not yet completed. If equality holds
further authentication request generated from the CS to CU. The following are the verification
equations.
D(E(h(userID)||h(password||salt) ), Kupublic_cloud) PKpriv_cloud.)
h(uid)=?h(uid)
h(password)=?h(password)

3.The CU receives the message from the CS and computes hash function on available certificates
and then encrypts the hash certificates along with random value y and send to the CS shown
in below
E(h(UC||CC)||y, Kupublic_cloud)
 Second Step Authentication credentials
4. The CS performs the decrypt operation using its private key and computes hash on
certificates available at the server side and compares the received certificates with the
computed certificates.
The following are the verification equations for validating the certificates.
CV= Perform(D(E(h(UC||CC)||y, Kupublic_cloud) ), PKpriv_cloud)
CV'= hash (UC||CC)
CV’=?CV

5. If the comparison of certificates are valid the CS send authentication success message
to the CU.
 Cloud User authenticating Cloud Server

• Once the user is authenticated, the cloud server sends its digital signature, which
consists of user certificates and cloud certificates indicated as UC and CC. The
certificates are concatenated with random nonce value y. The authentication
procedure performed by the Cloud user to Cloud server depicted in the below figure
Cloud Server Authentication by Cloud User

Figure 5: proposed authentication model of cloud user to cloud server

 Steps for the process of cloud Server
Authentication
The following steps are chosen the process of cloud server authentication.
1. The Cloud server applies hash function on certificates by concatenate the nonce value y
and transferred to the CU .
The computed value is
DS=h(CC||UC||y)
2. The CU receives the DS and computes hash function on certificates available at the
client device by concatenating with y.
The CU computes DS’=h(CC||UC||y) .
3. The CU verifies the DS and DS’ are equal or not. If equality holds the Server
authentication is success.
4.The verification equation is DS=?DS‘ if holds true Cloud server Authentication success
 Update Password phase

• The main objective of this phase is to change the secret factors frequently to decrease
the degree of the predictability of the password in the authentication process. This
phase is activated to due to the registered user password will be expired. The
password expiration period is set by the CS during the registration process.
Whenever the CU receives the request from the CS to update password, the CU
inputs the old password and new password and send to the CS in the encrypted hash
format. The CS receives the password and applies the decryption, checks the old
password is legal or not. If it is legal, updates the old password with the new
password and sets the expiry period of the new password.
 Re-registration Phase

• The Re-registration phase is similar to the registration phase, if the life time of
the registered user is expired this phase will be activated. In this phase ,the CU
have the capability to change the policies offered by the cloud server by
updating the values in the registration phase ,then the CS creates the new
certificates CC and UC and transferred to the CU in the encrypted format
using nonce value. The frequent updating of the certificates reduces the
predictability in the authentication process that improves security.
 Experimental setup and Security Evaluation of
Proposed Protocol
• The implementation of proposed algorithm is done in the Azure cloud virtual
machine using java API. The Azure cloud provides a list of virtual machine images
and according to the requirements the user chooses the virtual machine. The pricing
model of virtual machine is based on the user subscription, security policies adopted
and usage of the virtual machine. For the implementation Windows R2 virtual
machine with D1core, 3.5GB memory has chosen.
• In our scheme standard hashing[31] and encryption algorithms applied. SHA 160
algorithm is used to perform one –way hash function and RSA algorithm is used as
public key encryption to send the user credentials, and standard encryption algorithm
is AES(Advanced encryption Standard ) as the symmetric encryption algorithm
Experimental setup and Security Evaluation of
Proposed Protocol
• During the CU registration, 2000 registration requests are sent from the cloud user to
cloud server and responses are generated from the CU to CS. The man-in-the middle
attack is activated randomly modified 100 requests. The cloud server running in the
registration scheme rejects 100 requests .Only 1900 non modified registration
requests are processed. Similarly the CS sends the 1000 requests .Among 1000
requests 100 request are modified by the Man-in-the-Middle object that are rejected
by the cloud user. In authentication phase we also activated the replay attack but it is
impossible to apply replay attack on authentication requests due to the authentication
requests are sent to the CS in the encrypted format. We are able to authenticate the
operations of the proposed scheme using the emulation and show that proposed
scheme can withstand the Man-in-the middle attack and replay attacks.
 Evaluation Parameters
• The evaluation of proposed scheme is done by computing the scores True
Acceptance Rate (TAR), True Rejection Rate(TRR), False Acceptance Rate(FAR) ,
False Rejection Rate(FRR) that describes the strength of the proposed scheme. The
following parameters are consider as an evaluation parameters.
 Evaluation Parameters
• True Acceptance Rate (TAR) - It is the probability to correctly match given input
value to stored value. It measures the percent of valid inputs which are correctly
accepted.
• True Rejection Rate (TRR) - It is the probability to correctly detect non matching
given input value to stored value. It measures the percent of invalid inputs which are
correctly rejected. .
 Evaluation Parameters
• False Acceptance Rate (FAR) - Probability to incorrectly match input pattern to a
non-matching value stored in the database.
• False Rejection Rate (FRR) - Probability to fail to detect a match between the input
pattern and a matching value in the database. It measures the percent of valid inputs
which are incorrectly rejected.
Results of Evaluation Parameters
 SECURITY ANALYSIS
• In this section, the security analysis of the anonymous mutual authentication scheme
is analysed using formal authentication analysis protocol GNY Logic and with
various security features such as resistance to forging attack, resistance to replay
attacks, user anonymity, authentication and collision attack.
•
 Resistance to replay attack
• In replay attack, an attacker fraudulently or maliciously repeated or delayed the valid
message transmission. This attack is performed by the adversary who intercepts the
message and retransmits it. In the cloud server authentication every time new session
value is appended to the digital signature
 User anonymity

• This proposed mutual authentication technique for mobile cloud computing

applications provides anonymity in an efficient manner. In this method, the privacy
of service providers and cloud users are protected from other entities or attackers by
applying hash function on user identities with the encryption procedure
 Resistance to Collision Attack
• The proposed method can also withstand against collision attack. A collision attack
tries to find the two inputs producing the same hash value. find the two different
messages m1 and m2 such that h(m1)=h(m2).The Cloud server digital signature is
authenticated every time by appending the new random value which is sent by the
cloud user at the verification process.
 Conclusion
• In this paper, we proposes a novel hash based authentication scheme “mutual hash
based authentication scheme” between the CS and CU . Technically, mutual hash
based authentication scheme is composed of four phases: registration, authentication,
update and Re-registration. With these phases, mutual hash based authentication
scheme utilizes hashing, certificates in addition to traditional user id and password
based authentication to ensure confidentiality and integrity during the authentication
process. Our analysis results  We analyze the unity of our proposed authentication
procedure using GNY belief logic and Scyther tool that can indicate that the
proposed mutual hash based authentication scheme can survive a variety of different
attacks, such as man-in-the-middle, replay attacks, etc.
 Future work
• In future work, we are planning to include the biometric parameters for effective and
accurate authentication with self learning algorithm for identifying features of the
biometric template using deep learning algorithms.
Thank you Sir