Two Factor Authentication for Cloud Computing

Abstract

[The fast-emerging of cloud computing technology today has sufficiently benefited its wide range of users from individuals to large organizations. It carries an attractive characteristic by renting myriad virtual storages, computing resources and platform for users to manipulate their data or utilize the processing resources conveniently over Internet without the need to know the exact underlying infrastructure which is resided remotely at cloud servers. However due to the loss of direct control over the systems/applications, users are concerned about the risks of cloud services if it is truly secured. In the literature, there are cases where attackers masquerade as cloud users, illegally access to their accounts, by stealing the static login password or breaking the poor authentication gate. In this paper, we propose a two-factor authentication framework to enforce cloud services’ authentication process, which are Public Key Infrastructure (PKI) authentication and mobile out-of-band (OOB) authentication. We discuss the framework’s security analysis in later session and conclude that it is robust to phishing and replay attacks, prohibiting fraud users from accessing to the cloud services.]