Content uploaded by Satish S R V Karuturi
Author content
All content in this area was uploaded by Satish S R V Karuturi on Apr 10, 2024
Content may be subject to copyright.
© 2019 IJRAR April 2019, Volume 6, Issue 2 www.ijrar.org (E-ISSN 2348-1269, P- ISSN 2349-5138)
IJRAR19K9505
International Journal of Research and Analytical Reviews (IJRAR) www.ijrar.org
833
Multi-Tier Authentication Scheme to Enhance
Security in Cloud Computing
Karuturi S R V Satish1, M Swamy Das2
Research Scholar, Mewar University, Rajastan, India1
Faculty of Computer Science and Engineering, Mewar University, Rajastan, India2
Abstract: The goal of this work is to demonstrate
the design of a more advanced and secure
authentication mechanism for executing secure
financial transactions over the Internet. Since
technology is evolving at a rapid pace, security
techniques such as authentication schemes must
be updated as well. Security measures are
extremely important in the banking and financial
industries. Single-tier authentication is
insufficient for any internet application that
exchanges personal or confidential information.
Authentication techniques using more than one
tier are considered to be safer than single-tier
authentication schemes. Secure authentication
techniques that are well-designed are more
fraud-deterrent. In several computing
disciplines, diff multi-tier authentication
techniques have been developed and
implemented. The fundamental disadvantage of
these systems is that they do not protect against
insider attacks in the majority of cases. Another
disadvantage of Cloud Computing is that the
entire authentication control is delegated to the
server. In Cloud Computing, trusting a third-
party server is quite difficult. This paper presents
a technique that divides the authentication
process into two levels or tiers. Simple username
and password are used in the first tier. The
second tier consists of a predetermined sequence
of steps. This technique has the advantage of not
requiring any new hardware or software. As a
result, it may be utilised and accessed it from
anywhere in the world.
Keywords: Different authentication schemes,
man-in-middle insider attacks and multi-tier
authentication.
1 INTRODUCTION
Computing technology has advanced at a
breakneck pace during the last few decades.
Systems with great resource handling capacity,
capability and computing power have been
designed. So, The researchers' main focus for the
last decade has been to develop both hardware
and software. Many tasks are now completed
online as a result of advancements in internet
technology. Chatting, entertainment,
information collecting, and money transactions
are all examples of this. Authentication is
required for all of these online activities.
Authentication refers to the process of verifying
a user's identification, or whether the person is
who he claims to be. In the event of financial
transactions, information security is necessary to
carry out the transaction, which includes the
individual's data authentication parameters as
well as other transactions related sensitive data.
Various mechanisms, such as username-
passwords, biometric facial recognition, fake
screen, public key infrastructure, and
symmetric/non-symmetric key based
© 2019 IJRAR April 2019, Volume 6, Issue 2 www.ijrar.org (E-ISSN 2348-1269, P- ISSN 2349-5138)
IJRAR19K9505
International Journal of Research and Analytical Reviews (IJRAR) www.ijrar.org
834
authentication algorithms, are used for
authentication. Authentication systems are
important strategies for ensuring the validity of
all communication entities' identities [1]. In the
case of Cloud Computing, authentication is quite
complex. In Cloud Computing, a third party is in
charge of computing power, data storage space
and client application support among other
things. Every piece of information that a user
accesses is saved in a cloud database. Because
the Cloud database is maintained by a third-party
Cloud provider, users are hesitant to store their
data there. To use the Cloud's resources, the user
must provide proof of identity proving that they
are a legitimate person asking authorization to
use their resources. A user must first pass the
authentication phase before using or controlling
a remote server or processing financial
transactions [2].
The design and enhancement or implementation
of a multi-tier authentication mechanism in
Cloud are presented in this work. The second
section is devoted to a review of the literature.
The limitations of existing techniques are
discussed in Section III. Section IV describes the
proposed authentication scheme. Section V
discusses the results, and Sections VI discusses
conclusion and wrap up the study by discussing
future plans.
2 LITERATURE REVIEW
In most of the applications, user authentication is
accomplished simply through the use of a login
and password. Hackers can detect a user's
password in a matter of minutes using free
internet password cracking tools [3]. “NIST
(National Institute of Standards and Technology)
and FFIEC (Federal Financial Institutions
Examination Council)” provide details on
specifications to carry out sensitive financial
transactions to protect customers from this issue.
A single layer login password is insufficient. [4]
and [5] specified different authentication and
authorization models. For applying
authentication, the application must employ
many tiers. As a result, users are required to
input a secret code that is sent to their phone [5].
[6] contains certain risk management procedures
that are required to validate the identification of
retail and commercial consumers utilising
Internet-based financial services. Significant
legal and technological changes in computers
have occurred since 2001. The standards place a
higher premium on the protection of consumer
information [6]. These principles are aimed at
reducing fraud and identity theft. These
guidelines also include recommendations for
enhancing authentication technology. Financial
Institutions (FI) shall ensure the following
information on a regular basis, according to [6]
and [7].
Risk mitigation actions, such as proper
authentication strength, should be identified by
FI.
In light of any significant technological
advances, FI should adapt their information
security programme as needed. Customer
information, as well as internal and external
threats to information, should be protected by FI.
To provide a number of multifactor
authentication methods which including:
Shared Secrets: Client and third party user may
share Sensitive that are referred to as a shared
secrets.
© 2019 IJRAR April 2019, Volume 6, Issue 2 www.ijrar.org (E-ISSN 2348-1269, P- ISSN 2349-5138)
IJRAR19K9505
International Journal of Research and Analytical Reviews (IJRAR) www.ijrar.org
835
Tokens: Tokens are physical devices (that a
person possesses) that can be used for applying
multi-tier authentication method. Take, for
example, the mobile device connected to the
internet.
OTP (One-Time-Password) Scratch Card
(Non-Hardware-Based): The user is handed a
scratch card in this method. A one-time
password is provided by the scratch card. The
user is instructed to fill in specific numbers at
specific locations on the scratch card.
Biometrics: Biometric technologies use a
physiological or physical feature to identify or
authenticate a living person.
OOB Authentication: OutOfBond
Authentication, The user is authenticated twice
in this authentication system. The username and
password are entered first. Second, the user is
prompted to enter the code obtained on his or her
cell phone.
Geo Location: This approach verifies the user's
physical presence by determining his geographic
location. For example, if a user has completed
transactions in one country, his subsequent
transactions are presumed to be completed in
that same country.
SSO will handle any additional authentication
required by any other application once the user
has been authenticated. SSO (Single Sign-On) is
a method of gaining access to numerous
resources by authenticating only once. The
benefit of using SSO is that it reduces the
number of logins a user has to make for multiple
applications. SSO has the disadvantage that if the
SSO server is compromised, the entire Cloud
application is hacked as well.
[9] presents an approach that authenticates
Cloud access on various layers. It creates a
password and concatenates it at several levels.
To obtain access to each level, the user must
enter a password. This method has the advantage
of employing a multi-tiered strategy. When
compared to single-level security, multilayer
security is much more difficult to breach.
For the purpose of determining user authenticity,
the proposed approach relies on two-step
verification, which includes passwords,
smartcards, and out of band (strong two factors)
authentication[12]. The benefit of this method is
that it encourages clients to maintain specific
authentication controls in order to protect
themselves from assaults. The disadvantage of
this method is that it necessitates the use of
additional hardware and software to complete
the operations, which can be time consuming.
Other methods of authentication are presented in
[14] and [15], which use biometrics or other
physical traits. These techniques have the
advantage of using multi-tier authentication.
[16] discusses a framework for dealing with
security issues that takes advantage of the WS-*
security specifications to handle authentication
and related difficulties. [17-20] address
strategies for dealing with privacy, trust, and
policy-based access, but no multi-tiered
authentication is discussed. As a result, [17-20]
can use the suggested multi-tiered authentication
technique. [21], [22], and [23] discuss further
multi-tier authentication approaches. These
techniques have the disadvantage of requiring
additional hardware and software.
© 2019 IJRAR April 2019, Volume 6, Issue 2 www.ijrar.org (E-ISSN 2348-1269, P- ISSN 2349-5138)
IJRAR19K9505
International Journal of Research and Analytical Reviews (IJRAR) www.ijrar.org
836
3 LIMITATIONS OF EXISTING
TECHNIQUES
In the literature review, various approaches were
discussed. As described in Section II, the
methodologies under consideration have some
advantages and disadvantages. The
disadvantages of various solutions can be
divided into four categories: security against
insider attacks, authentication control pointed at
the server or client, additional hardware and
software required, and the number of security
levels necessary. The comparison of several
strategies based on the above characteristics is
shown in Figure 1.
Figure 1: Various authentication techniques are compared
and contrasted.
An overview of the comparison is provided
below, in brief form:
Insider attack: The insider has access to first-
tier authentication credentials, which is
supported by the data. This is simply
unacceptable. As a result, a second level of
authentication is required.
Additional hardware and software are
required: Some of the techniques [10, [13], and
[14] necessitate the use of additional hardware
and software. This increases the amount of time
it takes to complete the techniques. Due to the
fact that the operation of such authentication
procedures is dependent on the operation of
additional hardware, the authentication
technique is rendered inoperable if the additional
hardware does not function properly.
Multi Tier Security : Multi-tier authentication
techniques are more secure than single-tier
authentication schemes, according to [6] and [7].
Insider attacks on single-tiered systems are a real
threat. As a result, it is preferable to have more
than one authentication tier in place.
The goal of this parameter was to provide
security even if the authentication credentials
were provided to a third party under pressure.
Security under pressure.
4 Proposed Authentication Scheme
The technique has been detailed in the proposed
work through the proposed architecture, which is
depicted in Figure 2. One-Time Password (OTP)
and Secure PIN authentication are used in
conjunction with DH (Diffie-Hellman) key
exchange is the one-time key generation. The
“Hash Message Authentication Code (HMAC)”
is used for data integrity, and the “Advanced
Encryption Standard” (AES) for confidentiality
is used in conjunction with Hash Message
Authentication Code (HMAC). Following
username and password authentication, Diffie-
Hellman Key Exchange is used to create a shared
public secret key that is utilised throughout the
session to reduce the overall amount of time
spent in the session. In the same way that a Man-
© 2019 IJRAR April 2019, Volume 6, Issue 2 www.ijrar.org (E-ISSN 2348-1269, P- ISSN 2349-5138)
IJRAR19K9505
International Journal of Research and Analytical Reviews (IJRAR) www.ijrar.org
837
in-the-Middle attack to make the key vulnerable,
the Secure PIN concept makes the system safe
from assault. Finally, the server generates an
OTP and sends it to the user's registered email
address in order to complete the authentication
procedure for the user. After completing the
three-tier authentication process, the user can log
in and utilise the programme to do any actions as
shown in below Figure2,
Figure 2: Proposed Architecture
5 RESULTS
The proposed security solution makes use of
three-tiered levels of authentication. Users are
verified using their login and password in the
first stage; they are authorised using a Secure Pin
in the second stage; and they are authenticated
using a One-Time Password sent to them
through email in the third and final stage. To
illustrate the two possible outcomes of the
authentication phases in the proposed security
technique, consider the letters Success (S) and
Failure (F). As a result, the options for the three-
tier authentication stages are as follows: SSS,
FSS, SFS, SSF, FFS, SFF, FSF, FFF, and N (T)
= 8 for our suggested system, where T is the total
number of possible combinations. Consider the
probability of success in accessing the system at
each authentication layer, denoted by the letter p.
For example, failure to break the entire
authentication system, or SSS, is denoted by P
(E), where P (E) = p3 for three-tier
authentication and failure to break the system is
denoted by 1 - P (E) = 1 -p 3 for two-tier
authentication.
If p equals 0.5, then p 2 equals 0.25 and p 3
equals 0.125, which means the likelihood of
successfully cracking the entire system is
extremely low (almost zero) as compared to the
existing system's one-tier authentication or two-
tier authentication as shown in below figure 3,
Figure 3: Probability of Success for Breaking the
Authentication Tiers of the System.
Figure 4: Performance Analysis
The strength of the entire three-tier
authentication system is determined by the
password that the user chooses at registration, as
well as the secure pin and one-time password
produced by the Cloud server, among other
© 2019 IJRAR April 2019, Volume 6, Issue 2 www.ijrar.org (E-ISSN 2348-1269, P- ISSN 2349-5138)
IJRAR19K9505
International Journal of Research and Analytical Reviews (IJRAR) www.ijrar.org
838
factors. The likelihood of successfully breaking
the three-tier authentication system is also
indirectly proportional to the strength of the
system, which implies that the greater the
strength of the system, the lower the probability
of successfully breaching it is.
6 CONCLUSION AND FUTURE
PLANS
This study focuses on the design and
implementation of a multi-tier authentication
technique that does not require any additional
hardware or software components. In the
proposed authentication strategy, there is still
work to be done in instances where the user
wishes to alter his or her username and password
for both the first tier and the second tier of
authentication. Other strategies, such as [21] and
[22], send the new password to the email address
that the user has registered with them. However,
this password creation process is incompatible
with the authentication scheme that we have
proposed. The fact that email is only one tier of
protection means that if a new password is
provided to the user's registered email address,
overall security will be reduced to the level of
single tier security once more. Consequently, in
multitier authentication schemes, the new
password should likewise be recovered in a
multitier manner, that is preferable if half of the
password is sent one way and the other half is
sent the other way., or in any combination of the
two. The various multi-tiered methods of
retrieving the password are within the purview
of this work's future development.
REFERENCES:
[1] Chun-I Fan, Pei-HsiuHo, and Ruei-Hau
Hsu, “Provably Secure Nested One-Time
Secret Mechanisms for Fast Mutual
Authentication and Key Exchange in
Mobile Communications”, IEEE/ACM
Transactions on Networking, Vol. 18,
No. 3, JUNE 2010.
[2] Wen-Shenq, Juang, Sian-Teng Chen, and
Horng-TwuLiaw, “Robust and Efficient
Password-Authenticated Key Agreement
Using Smart Cards”, IEEE, Transaction
on Industrial Electronics, Vol. 55, No. 6,
June 2008.
[3] White paper for authentication and
authorization,
“http://www.cryptocard.com/images/sto
ries/pdfs/Authentication_W P.PDF”.
[4] Prof. More V.N, “Authentication and
Authorization Models”, International
Journal of Computer Science and
Security (IJCSS), Volume (5): Issue
(1): 2011.
[5] David Chou, “Strong User
Authentication on the Web”, Microsoft
Corporation, August-2008 Available
at:
http://msdn.microsoft.com/en-
us/library/cc838351.aspx
[6] “Authentication in an Internet Banking
Environment”, Federal Financial
Institutions Examination Council,
Government of USA, 2005.
[7] William E. Burr et al., “Electronic
Authentication Guideline by
[8] U.S. Department of Commerce”, NIST
Special Publication 800-63, Version
1.0.2, April 2006.
© 2019 IJRAR April 2019, Volume 6, Issue 2 www.ijrar.org (E-ISSN 2348-1269, P- ISSN 2349-5138)
IJRAR19K9505
International Journal of Research and Analytical Reviews (IJRAR) www.ijrar.org
839
[9] Ashish G. Revar and Madhuri D.
Bhavsar, “Securing User Authentication
Using Single Sign On in Cloud
Computing”, Institute of Technology,
Nirma University, IEEE, December
2011.
[10] Dinesha et al.,“Multi-level
Authentication Technique for Accessing
Cloud Services”, International
Conference on Computing,
Communication and Applications
(ICCCA), IEEE, 22-24 February 2012,
pp 1-4.
[11] Prashant et al., “An Architecture
Based on Proactive model for Security in
Cloud”, International Conference on
Recent Trends in IT, IEEE, 3-5 June
2011, pp 661-666.
[12] Wenjun Zhang, “2-Tier Cloud
Architecture with Maximized RIA”,
Research Institute of Applied Computer
Technology, IEEE, Vol. 6, 2010, pp 52-
56.
[13] Amlan et al. , “A Strong User
Authentication Framework for Cloud
Computing”, Asia- Pacific Services
Computing Conference, IEEE Computer
Society, 2011, pp 110-115.
[14] Adrian Kapczynski and
Marcinsobota, “Distributed
Authentication Systems Enhanced by
Quantum Protocols”, Fifth International
Conference on Information Technology:
New Generations, IEEE, 2008, pp 928-
931.
[15] Mohammed RazaKanjee,
KalyaniDivi, and Hong Liu,“A
Physiological Authentication Scheme in
Secure Healthcare Sensor Networks”,
Proceedings of IEEE Secon, 2010.
[16] Fengyu Zhao, XinPeng, Wenyun
Zhao, “Multi-Tier Security Feature
Modeling for Service-Oriented
Application Integration”, Eigth
IEEE/ACIS International Conference on
Computer and Information Science,
IEEE, 2009, Page 1178-83.
[17] S. Singh and S. Bawa, “Design of
a Framework for Handling Security
Issues in Grids”, in International
Conference on Information Technology,
2006, ICIT‟06, 18-21 Dec. 2006, pp.
178-179.
[18] Sarbjeet Singh and Seema Bawa,
“A Privacy Policy Framework for Grid
and Web Services”, Information
Technology Journal 6, 2007, pp. 809-
817.
[19] Seema, Sarbjeet Singh and Dolly
Sharma, “An Access Control Framework
for Grid Environment”, Indian Journal of
Computer Science and Engineering”,
Vol. 2, No. 6, Dec 2011 – Jan 2012, pp.
937-948.
[20] S. Singh, “Trust Based
Authorization Framework for Grid
Services”, Journal of Emerging Trends in
Computing and Information Sciences,
Vol. 2, No. 3, March 2011, pp. 136-144.
© 2019 IJRAR April 2019, Volume 6, Issue 2 www.ijrar.org (E-ISSN 2348-1269, P- ISSN 2349-5138)
IJRAR19K9505
International Journal of Research and Analytical Reviews (IJRAR) www.ijrar.org
840
[21] S. Singh and S. Bawa, “A
Privacy, Trust and Policy based
Authorization Framework for Services in
Distributed Environments”, International
Journal of Computer Science, Vol. 2, No.
1, 2007, pp. 85-92.
[22] Charles Miller, “Password
Recovery”, available at
http://fishbowl.pastiche.org/archives/doc
s/PasswordRecovery.pdf
[23] Google Account Recovery,
methods available at
https://accounts.google.com/RecoverAc
count
[24] Peter Mell and Timothy Grance,
“Recommendations of the National
Institute of Standards and Technology”,
NIST Special Publication 800 145,
Computer Security Division,
Information Technology, September
2011.
[25] Daniel Guermeur and Amy
Unruh, “Google App Engine Java and
GWT Application Development”, Packt
Publication, Chapter 1, November 2010.
[26] Fay Chang et al., “Bigtable: A
Distributed Storage System for
Structured Data”, Google
Incorporation, Available at:
http://research.google.com/archive/bigta
ble.html
[27] Karuturi S R V Satish, M Swamy
Das “Review of cloud computing and
data security” The International Journal
Of Analytical And Experimental Modal
Analysis, Volume 10, issue 3, pp:123-
130, 2018.