Content uploaded by Subhash Chandra Patel
Author content
All content in this area was uploaded by Subhash Chandra Patel on Sep 04, 2021
Content may be subject to copyright.
DOI: 10.4018/IJGC.2018070101
Volume 9 • Issue 2 • July-December 2018
Copyright © 2018, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
1
Subhash Chandra Patel, IIT(BHU), Varanasi, India
Sumit Jaiswal, IIT(BHU), Varanasi, India
Ravi Shankar Singh, IIT(BHU), Varanasi, India
Jyoti Chauhan, SRM University NCR Haryana, India
The most challenging issues in cloud computing are access control and data security because users
of the cloud outsource sensitive data and information to cloud provider servers, which are not within
the same trusted domain as the data owner. Within cloud computing, various services and resources
need protection from unauthorized use as a part of the security. Authentication is a key technology for
information security. In recent years, a lot of research has been carried out throughout the world and
several schemes have been proposed to improve authentication in the cloud. Remote authentication
is the commonly used method to determine the identity of the remote client. In this article, the
authors have proposed a systematic method for authenticating clients, namely by using a password,
biometrics, and out-of-band-based access control mechanisms that are suitable for access control.
The proposed system involves user ID/password, biometrics characteristics, and a mobile phone as
a software token for one-time password generation.
Access Control, Authentication, Biometrics, Cloud Computing, Internet, Out of Band, Security
The continuous improvement in computing infrastructure, in the last two decades, has produced a
flood of data demanding improvement in large-scale data processing technologies. Cloud computing
has emerged with major advantages in data storage technology and sharing of resources. We have to
pay only for the resources and computer services that we use Patel et al. (2015). We are witnessing
a continuous growth of computational technologies and consequent data generation during the past
few decades. With the development of web technologies, users now generate and consume large
amounts of data on the Internet. Cloud computing has provided a pattern change in the distribution of
resources across the network, reducing the administrative costs associated with the IT infrastructure.
With such progress, we find the necessity of new approaches to harness the potential of cloud in
data storage and processing. Many issues and challenges exist in cloud computing. Some problems
are safety, identity managing, source managing, cyber security, energy and energy managing, source
Volume 9 • Issue 2 • July-December 2018
2
obtainability and source heterogeneity. Among all these problems, security is important concern in
the cyber world Reddy (2009).
According to Department of Defense, Australian Government (2012) “Nowadays, cyber-crime has
become vigorous over network’s growth businesses. Therefore, cyber security has become a vital
requisite”. Cyber crooks have the skills to do the lot from burglary cerebral assets and pledging fraud
by liberating worms and assuring acts of cyber terrorism. Cyber thieves have a dozen dangerous tools
at their fingertips, and they ferret out weaknesses in website and software programs to snuffers that
snatch passwords Chien et al. (2002).
According to security experts, almost 60% attacks go undetected. Most victim companies that
have been suffered with such attacked will not report to the press, because of losing of the public
trust and reputation Jain et al. (2013).
For cyber-security, the multifactor authentication approaches are being deployed. Such approaches
include user id and password, token verification OTP and Biometrics characteristics in order to prove
his/her identity and gain access to the system Singh et al. (2015).
The hazard is the opportunity of an occasion and a negative impact on the success of attempts.
Cloud technologies and solutions for non-cloud technologies agonize from the same type of
risk, that is, security, integrity, availability and performance, Horwath et al. (2012). The level of
organizational risk depends solutions are used in which way in the cloud. It is because of up and
down in the probability and influence on events of the threat (inside and outside) linked through
CSP which were contracted for services Babu et al. (2013). Few specific risks related with cloud
computing are the following.
The cloud does not contain statistics about its procedures, processes, controls and events for users.
For example, cloud clients have little knowledge of data storage locations, procedures used by CSP
to provide or assign computing possessions, precise panels used to guard mechanisms of the cloud
design, or how the client data is parted by a cloud, M.S Babu et al. (2013).
When tenants are more vulnerable to information leaks access numerous cloud with compromised
that he was not given, and dedicated servers simply means the organization The risk is a basketball
data and information linked to the privacy and confidentiality of war, Patel et al. (2015).
Cloud facility suppliers might eventually go through a partnership in the initial phase. For
instance an outcome, CSP users might face functioning disturbances or suffer the time and cost
for examination also accepting another resolution, for example adapting back to in house held
resolutions, Patel et al. (2015).
The risk managing procedure should be used to unsteadiness the assistances of cloud computing
with the safety hazards related with bringing intervention resistor to the vendor Horwath et al.
Volume 9 • Issue 2 • July-December 2018
3
(2012). Risk valuation should reflect whether the agency needs to trust its repute, business
endurance and data to a provider that can transfer, store and process agency data is unsafe, Patel
et al. (2015). See Table 1.
Private cloud underpins registering on-request and gives finish adaptability to develop a
specialized arrangement that will suit your particular application needs. Anyway a private cloud can
really be less secure than an open cloud. Private cloud endures a special arrangement of difficulties.
Embracing a private cloud opens your organization to a few dangers as shown below.
Trust is a complex concept, for which there is no generally accepted academic definition. According to
Patel et al. (2015) “Trusting someone or trusting someone to the full, it’s very difficult and dangerous
in any case, especially in environments with cloud computing” Trust is an important function that
plays a key role in the relationship between users and CSPs (cloud service providers) that participate
in the exchange of valuable data in the cloud. It also determines the confidence that expresses the
client’s belief in the quality of his service, the effectiveness of his work, the effectiveness of his
distribution of resources through the cloud in accordance with all norms and laws, while at the same
time; it also contains the necessary level of security assurance and recognition of the minimum risk
factor, Cardenas (2013).
Availability provides information on how to organize an organization, transfer information and access
it. Availability can be affected on the temporal equilibrium, as well as on the absence of side effects.
Denial of service attacks, outages and natural methods are all threats to availability, Jaiswal et al.
(2015). Availability may be affected by the courts that cause the Toujoura, and the loss may be partial
or complete. DoS attacks and natural disasters threaten accessibility.
Table 1. Comparative analysis of different cloud environment and associated risks
Risks Public Cloud Private Cloud Hybrid Cloud
Security
Responsibility for security
is shared between the cloud
vendor and the organization
consuming cloud services.
A private cloud is less secure
than a public cloud.
Security in a hybrid cloud is even
more complex. Security is an issue.
Companies must have adequate
security planning to protect internal
data.
Performance
Network bandwidth,
latency and jitter, noisy
neighbors on shared
compute resources, access
to important resources and
services and the speed of
that access, and more.
In private cloud you also won’t
always meet your theoretical
performance goal.
Performance might vary depending
on the current mix of workloads,
software upgrades from VMware,
OpenStack, or other elements of the
system, and many other factors
Data Lose
Running multiple versions
of VMware ESX, with some
using virtual machine file
system (VMFS) options
unsupported by earlier
versions, can lead to some
VMs failing, data loss, and
downtime.
Many private clouds are
exposed to major risk of data
loss. Due to the vibrant nature
of a private cloud, outdated
techniques for protection data
may not be enough, and may
not function in predictable
ways across all scenarios.
If a critical application is running
on two VMs, with one live copy
and one backup copy, and one of
those fails, there will typically
be an automatic failover. If that
failover instantiates the backup
on the same physical host as the
live copy, there is a single point of
failure.
Volume 9 • Issue 2 • July-December 2018
4
We originate two difficult problems related to security during the survey. First, security from the
inside; It is assumed that the insider can access the first level authentication credentials. This is
unacceptable, so multi-level authentication is mandatory. Secondly, access control; data are under the
custody of a third party cloud service provider. Therefore it must require some method to authenticate
the user on the client side.
The main objective of this pater is to examine the security related obstacles in acceptance of cloud
computing and based on that investigation we focus our objective to propose approaches to enhance
the security of cloud user as well as providers data and personnel information privacy. Design and
development of efficient frameworks for cloud computing by using suitable authentication factors
and methods to improve the security of cloud computing are the ultimate concern.
A model for authentication in cloud computing was proposed to provided two steps authentication to
access the cloud services Patel et al. (2013), but poor network availability and sim cloning were the
threats to that system. A user authentication scheme for cloud computing was proposed by Sanjeet et
al. (2012) to provided mutual authentication and session key agreement. But at the user end the client
has to do a lot of mathematical computation for verification. Khan et al. (2007) analyzed a flexible
biometrics remote user authentication scheme that was vulnerable and can easily be cryptanalyzed.
Liao et al. (2006) proposed password authentication scheme that supported the Diffie–Hellman key
agreement protocol over insecure networks, but their scheme is vulnerable to the attack and can easily
be cryptanalyzed. Liao et al. (2006), proposed two factor smartcard and password authentication
scheme that was vulnerable to many attacks, as demonstrated by Yang et al. (2008).
Authentication for access control is a key procedure for ensuring the security of information. To improve
the authentication in the cloud computing, a lot of research has been done. Remote authentication
is a method commonly used to determine the identity of a remote client. Multifactor authentication
method uses more than one factor, so it is not easy to do it than single-factor authentication. Therefore,
correctly developed and applied methods of multifactor authentication are more reliable and stronger
limitations of fraud.
There are various authentication techniques for access control, the SWOT analysis of existing
authentication techniques are presented as in Table 2.
The worries about security, protection, and consistency are the cloud reception and relocation issues.
Tending to these requires a multifactor authentication approach that can moderate the danger of the
extended assault surface crosswise over both on-premises and different IaaS and SaaS conditions.
Multifactor authentication provides unrivaled permeability, insurance, and access control over the
Volume 9 • Issue 2 • July-December 2018
5
cloud assault surface. This approach becomes even more crucial as organizations gain familiarity
with IaaS and SaaS, and choose to use multiple clouds at the same time.
User authentication ensures proper authorization to access the systems and services. In proposed work,
we have utilized the following authentication methods to design strong access control mechanism
for private cloud computing:
• Biometrics
• PIN/Password
• SMS based mobile OTP
Table 2. SWOT analysis of existing authentication techniques
Method Strength Weakness Opportunity Threat
Shared Secrets
Shared by both the
customer and the trusted
third party.
Easy to set up and use.
Regular renewal to
keep the security due to
deterministic function
of storing password
Mitigate
eavesdropping
when sending
username and
password in plain
text it is a good
practice to use
shared secret.
The possibility
of counterfeit
and altering.
Tokens
The use of mobile internet
device to gain access
to Internet connection
is stronger than single
factor/knowledge based
authentication system.
Carrying hardware
token all the time is
inconvenient for users.
Software tokens are
vulnerable to visual
spoofing attacks. Also
it requires installation
of token driver on the
system.
Software tokens
are flexible and
less expensive
than the hardware
based solution.
Software tokens
are inherently
vulnerable to
malware and key
logger attacks.
Biometrics
Psychological or
behavioral traits/
characteristics of a human
cannot be easily stolen.
The possibility of reuse
due to leakage of enrolled
data is impossible as to
imitate the legitimate user
for illegitimate purposes.
Secure, easy to use. It
reduces the complexity of
the authentication process
Data acquisition
and data storage
processes signify the
main obstacles to this
technique. Identify the
possibility of platform
failure or authentication
error.
More products
with types
of biometric
authentication
such as computers
and smartphones.
Security concerns
growth by
consumers’
results in
higher demand
for biometric
services
Duplication of
technology by
other companies.
New
technologies that
could challenge
this platform &
technology.
Out of Band
OTP’s offer strong security
because they cannot be
guessed or hacked
Provides protection from
unauthorized access.
Easy to deploy for the
administrator
Requires possession
of OTP generation
software/hardware or
access to a secondary
channel for OTP
transmission.
Easier to use for
the employee
than complex
frequently
changing
passwords
Man-in-
the- middle/
client insertion
Phishing
(reduced to one
time action)
Volume 9 • Issue 2 • July-December 2018
6
Here we used multifactor to authenticate an individual’s through several steps as shown in Figure 1.
Here we used all of three factors such as first tier authentication involved biometric authentication
to authenticate an individual during entry point to achieve more reliable verification or identification.
Generally, there are various factors of physical attributes that are used or can be used for authentication:
Finger print scans, Retina or iris scans, Voice recognition, Facial recognition S. Kumar et al. (2016).
Depending on the application context, biometrics system may operate either in the verification or
identification mode.
the subject’s identity are confirmed by this mode, user’s input image/data is compared with the data
stored in the database through their respective sets of characteristics to confirm the claim. This is a
method of positive recognition, where the main goal is to avoid having several subjects use the same
person, S. Jaiswal et al. (2002).
Identification is a critical component in the application of negative recognition. A biometric system
can be demonstrated as a characteristic pattern recognition system, where the image of the input
subject is reduced to a set of features that are subsequently used to compare them with the sets of
Figure 1. Multi-factor authentication
Volume 9 • Issue 2 • July-December 2018
7
functions of other images to determine their identity, S.Jaiswal et al. (2016) & A.K. Jain et al. (2002),
as shown in Figure 2.
A common biometrics system can be validated as having four main modules as; Data
Capture, Signal Processing, Data Storage, Matching and Decision subsystems, Spantzel et al.
(2007) & Modi (2007).
This module a suitable biometric reader or scanner is used to collect biometric data of people. For
example, images of fingerprints, an optical fingerprint sensor (minutiae) can be used to capture
friction, the shape of the crest and the size of an individual fingerprint Kumar et al. (2016).
Pre-processing technologies, including: image noise removal, edge sharpness, image refurbishment,
image separation, mining and declassification, etc. Kumar et al. (2016). Some pre-processing stages
include noise filtering (for example, with Gaussian windows Jain et al. (2002) and re-sampling). Re-
sampling is performed on some systems to obtain a representation based on methods, it consists of
equidistant points, avoids the resampling step, because some Discriminatory speed characteristics
are lost in the process Kumar et al. (2017).
The method of extracting characteristics determines the quality and suitability of the biometric data
obtained by the sensor in the estimates, Bhargav et al. (2007). The received data obey the algorithm
to increase its quality. To simplify comparison it is using a feature extractor to create a compact but
expressive representation called a set of functions. For example, the position and orientation of the
small points in the fingerprint image will be calculated in the feature extraction module.
Figure 2. Block diagram of a general biometrics recognition system
Volume 9 • Issue 2 • July-December 2018
8
The extracted characteristic is compared with the template database in order to verify the identity
of the biometric input characteristics. Matching includes generating the conformity assessment by
matching sets of functions corresponding to two samples. The score of the match shows the comparison
between the two images, Jain et al. (2002).
In this process, the corresponding estimates generated in the corresponding module are used to
make the final decision. In the identification operation mode, the result is a list of possible matching
identities ordered by their coincidence Kumar et al. (2017).
This research proposed a generic biometric methodology which provides the security to cloud. The
proposed framework consists of following parts.
The user or consumer must first register with the cloud server if users / consumers want to access
cloud resources. To register to the server in the cloud, perform the following steps Kumar et al.
(2017). See Figure 3.
• People (User / Consumer) must go through the registering practice provided by the cloud
service provider;
• People must provide an identifier i.e. user name (email id) during registration;
• The Biometrics system checks the e-mail ID based on the availability of this user name. The
user name must not be repeated or be the same as the user name;
• After checking the availability of the user name, you must create a password. Individual image
through a webcam or high-resolution camera is stored in the database as a password;
• After providing the correct user name and saving the image as a password, registration is
completed on the cloud computing server.
Figure 3. New user registration in cloud using generic biometric system
Volume 9 • Issue 2 • July-December 2018
9
The registered user must log on to the cloud server, Jain et al. (2002). Below are the steps to enter
the cloud server:
• People (user / consumer) must enter a valid user name in their login interface, which was already
provided by the user at the time of registration. And for the password, the user’s image is captured
by a web camera or a high-resolution camera;
• The biometric system verifies the user’s name and the user’s biometric functions (for example,
the image) as a password provided by people;
• After associating a user name with a user image as a password, the biometric system provides
access to the cloud services for the user. If the user name or biometric functions of the user (for
example, the image) do not match, an error message is displayed in the biometric system;
The Figure 4 depicts the User Registration in cloud using generic biometrics Recognition System.
OTP algorithm should be generating a difficult-to-guess password because hackers have multiple
techniques and methods to predict, recover, or hint the password, Herzberg (2003). Therefore, it’s very
vital to establish a secure OTP creating system. Various elements can be jumbled the OTP algorithm
to produce a difficult-to-guess password.
Step 1: The user wishes to login into a secure website.
Step 2: The user sends an encrypted SMS to server.
Figure 4. User registration in cloud using generic biometrics recognition system
Volume 9 • Issue 2 • July-December 2018
10
Step 3: The server received the encrypted SMS.
Step 4: The server decrypts and breaks the SMS into certain parts: Sender’s Mobile Number,
Username, PIN and IMEI number etc.
Step 5: Server checks the information against the database to ensure that user is genuine, if user is
not genuine then server ignore the SMS.
Step 6: If the user is genuine then server generates an OTP and this OTP is encrypted by a unique
symmetric key shared between server and user.
Step 7: Server sends the encrypted OTP to user via SMS.
There are several steps to register with any cloud service provider. Figure 5 describes the processes
of registration of new users in cloud computing:
Step 1: User brows and sends request to CSP.
Step 2: CSP receives his request and sends him a registration form to user.
Step 3: User provides his personal information like name, address, mobile number and biometric
characteristics like fingerprint also first time to get registered with CSP. This information of user
is kept by Authentication Server.
Step 4: Now user is registered by providing information in Step 3.
Step 5: after successful registration in step-4, the user provides his biometrics data and OTP to
authentication server to authenticate first time with AS.
Step 6: After successful authenticated by authentication server in step-5, the AS sends a request to
certificate authority to generate a certificate to user.
Step 7: The certificate authority generates a certificate to user.
Step 8: CA sends its copy to AS and user e-mail id also.
The user is registered and authenticated after multiple steps by the authentication server and then
user avails the specific services of cloud.
The user is registered and authenticated after several steps by the authentication server and then
user avail the specific services of cloud.
Figure 5. New user registration in cloud
Volume 9 • Issue 2 • July-December 2018
11
The Figure 6 describes the framework for Multi-factor authentication for access control in
cloud computing.
After successful registration the user can get the services from specific cloud service provider
after successful authorization by AS. There are several steps to get the service from CSP:
Step-1 the user opens the URL of the CSP and enters his credentials.
Step-2 if user id=true (matched from already submitted
credentials in user database)
then provide biometric-data;
else access denied;
if biometric-data=match; (a onetime password send to user’s
registered mobile no.)
then provide OTP;
else access denied;
if OTP=verified;
then go to next step;
Step-3 A certificate issued to user and he presents it to session
monitor
If certificate=correct;
then user permitted to access the service;
else user is invalid;
On every access of the services, session monitoring creates a log file for audit purpose
in future.
Figure 6. Multi-factor authentication framework for access control
Volume 9 • Issue 2 • July-December 2018
12
All possible combinations to guess the private key have been tried by the attacker during the brute
force attack. In the original RSA, the probability of failure against this attack will be decreased
considerably by choosing exponents larger than 2048 bits.
Mathematical attack will occur by determining p, q or pq, and it could be prevented by using 2048
bits exponents in RSA. Also it could be prevented by increasing the value of digest ℎ, the chance of
successful mathematical attack would be decreased considerably.
The proposed scheme never transmits user private data in plaintext format. The messages are
transmitted over a public channel. Clearly, these messages cannot be decoded easily to get ID, PW
etc. Hence, the scheme provides user privacy.
The KDC and CSP store all the registered IDs in the database and checks availability of a unique ID
in each new registration and provide certificate to manage the identity of user.
In proposed method, the secret key (K) is shared by both the AS and user. Using this key they can communicate
with each other for a particular session. Since this key is generated randomly it cannot be breach easily.
We have compared our method with existing system of Singh et al. (2012), based on several
parameters such as:
1. Security against man in middle attack;
2. User privacy;
3. User identity; and
4. Non-Repudiation as shown in Figure 7.
In this paper, we report that the level of authentication used by the cloud service provider should
match the risks associated with these products and services. The cloud service provider must conduct
Figure 7. Result comparison
Volume 9 • Issue 2 • July-December 2018
13
risk assessments to determine the types and levels of risk associated with their Internet banking
applications. Here, risk valuations specify that the practice of single feature validation is scarce.
Agencies believe that the authentication of one factor is insufficient in the case of transactions with
a high level of risk associated with access to customer information or movement of funds to other
parties. Multifactor authentication for access control has become the most important requirement for
cloud computing to achieve the goals of secrecy, integrity and confidentiality. It is important to more
closely integrate computer and network security to develop a true security discipline in the cloud. We
use multi-factor access mechanisms to authenticate an individual. In the future, we strive and try to
improve the technique of collecting biometric data. This will greatly improve the user identification
process, which uses a common biometric recognition system. Thus, this will lead us to another step
towards a cloud-based and secure cloud computing network.
There are several limitations that can be difficult with the correct implementation of user
authentication through multifactor mechanisms. The effectiveness of the proposed structure depends
on several factors, such as the lack of availability of the mobile network, which can cause a delay
in obtaining the TNA and the expiration of the session. Future work can be to reduce the delay in
receiving OTP. The system also depends on the FRR (false deflection rate) of the biometric device,
so in the future the FFR will be improved.
Volume 9 • Issue 2 • July-December 2018
14
Aloul, F., Zahidi, S., & El-Hajj, W. (2009). Multi Factor Authentication Using Mobile Phones. International
Journal of Mathematics and Computer Science, 4(2), 65–80.
Bhargav, S. A., Anna, C. S., & Modi, S. (2007). Privacy Preserving Multi-actor Authentication with Biometrics.
Retrieved from www.slideshare.net/bspalabs/2007-privacy-preserving-multifactor-authentication-with-biometrics
Cardenas, C. (2013). Cloud Security: The Challenges with Key Management in the Cloud and everywhere else.
Academic Press.
Chan, W., Leung, E., & Pili, H. (2012). Enterprise Risks Management For Cloud Computing. The Committee
of Sponsoring Organizations of the Treadway Commission (COSO).
Chien, H. Y., Jan, J. K., & Tseng, Y.M. (2002). An efficient and practical solution to remote authentication:
Smart card. Computer Security, 21(4).
Choudhury, A. J., Kumar, P., Sain, M., Lim, H., & Jae-Lee, H. (2011). A Strong User Authentication Framework
for Cloud Computing. 2011 IEEE Asia-Pacific Services Computing Conference. doi:10.1109/APSCC.2011.14
Department of Defense, Australian Government. (2012). Multifactor Authentication. Cyber Security Operation
Centre.
Emam, A. H. M. (2013). Additional Authentication and Authorization using Registered Email-ID for Cloud
Computing. International Journal of Soft Computing and Engineering, 3(2).
Government of USA. (2005). Authentication in an Internet Banking Environment. Federal Financial Institutions
Examination Council, Government of USA. Version 1.0.2.
Hani, Q. B., & Ditcher, J.P. (2017). Stand-Out Segmentation Access Control for Cloud Outsourced Data. 2017
IEEE International Conference on Edge Computing (EDGE). doi:10.1109/IEEE.EDGE.2017.37
Herzberg, A. (2003). Payments and banking with mobile personal devices. Communications of the ACM, 46(5),
53–58. doi:10.1145/769800.769801
Hwang, M. S., & Li, L. H. (2000). A New Remote User Authentication Scheme using Smart Cards. IEEE
Transactions on Consumer Electronics, 46(1).
Jain, A. K., Griess, F. D., & Connell, D. (2002). On-line signature verification. Pattern Recognition, 35(12),
2963–2972. doi:10.1016/S0031-3203(01)00240-0
Jain, V., & Sharma, V. (2013). Surveying and Analyzing Security challenges and Privacy in Cloud Computing.
International Journal of Computer Science and Information Technology & Security, 3(5).
Jaiswal, S., Kumar, S., Patel, S. C., Singh, R. S., & Singh, S. K. (2015). Biometric Authentication for the Cloud
Computing. IGI Global. doi:10.4018/978-1-4666-6559-0.ch001
Jaiswal, S., Kumar, S., Patel, S. C., Singh, R. S., & Singh, S. K. (2016). Biometric Authentication for the Cloud
Computing. IGI Global.
Jaiswal, S., Patel, S. C., & Singh, R. S. (2015). Security Challenges in Cloud Computing. IGI Global.
Khan, A. R. (2012). Access Control In Cloud Computing Environment. ARPN Journal of Engineering and
Applied Sciences, 7(5).
Khan, M. K., & Zhang, J. (2007). Improving the security of ‘a f lexible biometrics remote user authentication
scheme. Computer Standards & Interfaces, 29(1), 82–85. doi:10.1016/j.csi.2006.01.002
Kumar, S., Abidi, A. I., & Singh, S. K. (2016). Cloud Security Using Ear Biometrics. IGI Global. doi:10.4018/978-
1-4666-9466-8.ch037
Kumar, S., Datta, D., & Singh, S. K. (2016). Swarm Intelligence for Biometric Feature Optimization. IGI Global.
Kumar, S., Singh, A. K., Singh, S. K., & Singh, R. S. (2017). Privacy preserving security using biometrics in
cloud computing. Multimedia Tools and Applications.
Volume 9 • Issue 2 • July-December 2018
15
Liao, I.-E., Lee, C. C., & Hwang, M. S. (2006). A password authentication scheme over insecure networks.
Journal of Computer and System Sciences, 72(4), 727–740. doi:10.1016/j.jcss.2005.10.001
Nayak, S. K., Mohapatra, S. & Majhi, B. (2012). An Improved Mutual Authentication Framework for Cloud
Computing. International Journal of Computer Applications, 52(5).
Patel, S. C., Jaiswal, S., & Singh, R. S. (2015). Security Issues in Cloud Computing. IGI Global. doi:10.4018/978-
1-4666-8387-7.ch001
Patel, S. C., Singh, R. S., & Jaiswal, S. (2015). Secure and privacy enhanced authentication framework for cloud
computing. 2nd International Conference on Electronics and Communication Systems (ICECS). doi:10.1109/
ECS.2015.7124863
Reddy, B. (2009). Cloud computing security issues and challenges. Academic Press.
Singh, A., & Chatterjee, K. (2015). A secure multi-tier authentication scheme in cloud computing
environment. 2015 International Conference on Circuits Power and Computing Technologies. doi:10.1109/
ICCPCT.2015.7159276
Singh, M., & Singh, S. (2012). Design and Implementation of Multi-tier Authentication Scheme in Cloud.
International Journal of Computer Science Issues, 9(5).
William, E., Burr Donna, F., Dodson, W., & Polk, T. (2006). Electronic Authentication Guideline by U.S.
Department of Commerce. NIST Special Publication 800-63.
Yang, G., Wong, D. S., Wang, H., & Deng, X. (2008). Two-factor mutual authentication based on smart cards
and passwords. Journal of Computer and System Sciences, 74, 1160-1172.
Zhao, G., Li, Y., Du, L., & Zhao, X. (2015). Asynchronous Challenge-Response Authentication Solution Based
on Smart Card in Cloud Environment. 2015 2nd International Conference on Information Science and Control
Engineering. doi:10.1109/ICISCE.2015.42
Subhash Chandra Patel received his M.Tech. degree in Information Security from the Guru Gobind Singh
Indraprashtha University, New Delhi in 2010. Currently, he is pursuing Ph.D. in the Department of Computer
Engineering at the IIT (BHU), Varanasi, India. He is working on Cloud Computing. His research interests include
Cloud Computing Security, and Information Security.
Sumit Jaiswal received his M.Tech degree from NIT Durgapur, India in 2013, presently he is pursuing PhD in
Computer Science and Engineering from IIT (BHU), Varanasi. His Research interest include Information Security,
Network Security, Cryptography and Cloud Computing and its security.
Ravi Shankar Singh received Ph.D. in Computer Science and Engineering from Indian Institute of Technology
(Banaras Hindu University), Varanasi, India in 2010. He is working as Associate Professor in Computer Science
and Engineering Department at IIT (BHU). His research interest includes Data Structures, Algorithms and High-
Performance Computing.
Jyoti Chauhan received her M. Tech degree in Computer Engineering from MRIU, Faridabad in 2011, presently
working as an assistant professor at GHRIET affiliated to Pune University and pursuing Ph.D in computer science
from SRM university, NCR Haryana. Her research interest includes IOT, Cloud Computing and Database.
