Abstract

Cloud computing, enabling remote access to services and resources, poses a critical challenge in user authentication and access control, as users can access resources from anywhere with an internet connection. Traditional authentication methods, such as passwords and tokens, are vulnerable to attacks like brute-force, phishing, and man-in-the-middle (MITM). Researchers are exploring biometric authentication methods, but security and privacy concerns arise due to cloud environment control and potential data breaches or theft. To address these concerns, a comprehensive multifactor authentication (MFA) framework was proposed with an authorization scheme to enhance data security in a cloud environment. The proposed methodology comprises three phases: user registration, login, and continuous authentication. During the registration phase, users provide significant data, resulting in the assignment of a unique 6-digit personal identification number (PIN) upon successful registration. In the login process, authentication is achieved using a combination of static (primary user credentials), dynamic (color-based physical action verification), and possession factors (one-time password). Additionally, a trust score is calculated based on the evaluation of inherence factors (IFs), including user and typing behavior, to assign access control. The continuous authentication phase involves the use of a secure PIN for critical operations, evaluation of risk values, and reauthentication requests when necessary. The proposed model demonstrated superior performance, achieving 99.4% robustness, 99.7% accuracy, and a 0.3% error rate on a closed dataset, and 99.8% robustness, 99.8% accuracy, and a 0.2% error rate on an open dataset. The model's effectiveness was further demonstrated by its ability to prevent unauthorized access and mitigate security risks through the use of behavioral biometrics and access control strategies. The proposed MFA effectively addressed security concerns in cloud systems. It offered valuable benefits to cloud service providers and end users by enhancing data security and mitigating potential threats.

Keyword

Multifactor authentication, Behavioral biometrics, Access control, Authorization, Continuous authentication, Cloud users.

Cite this article

Fathima AR, Saravanan A.An approach to cloud user access control using behavioral biometric-based authentication and continuous monitoring. International Journal of Advanced Technology and Engineering Exploration. 2024;11(119):1469-1496. DOI:10.19101/IJATEE.2024.111100516

Refference

[1]Sunyaev A. Cloud computing. Internet computing: principles of distributed systems and emerging internet-based technologies. 2020:195-236.

[2]Ande R, Adebisi B, Hammoudeh M, Saleem J. Internet of things: evolution and technologies from a security perspective. Sustainable Cities and Society. 2020; 54:101728.

[3]Jiang P, Wang Q, Huang M, Wang C, Li Q, Shen C, et al. Building in-the-cloud network functions: security and privacy challenges. Proceedings of the IEEE. 2021; 109(12):1888-919.

[4]Ali HS, Sridevi R. Credential-based authentication mechanism for IoT devices in fog-cloud computing. In ICT analysis and applications 2022 (pp. 307-18). Springer Singapore.

[5]Zhou C, Lin Z. Study on fraud detection of telecom industry based on rough set. In 8th annual computing and communication workshop and conference 2018 (pp. 15-9). IEEE.

[6]Wang X, Yan Z, Zhang R, Zhang P. Attacks and defenses in user authentication systems: a survey. Journal of Network and Computer Applications. 2021; 188:103080.

[7]Suleski T, Ahmed M, Yang W, Wang E. A review of multi-factor authentication in the internet of healthcare things. Digital health. 2023; 9:20552076231177144.

[8]Yao Q, Wang Q, Zhang X, Fei J. Dynamic access control and authorization system based on zero-trust architecture. In proceedings of the 1st international conference on control, robotics and intelligent system 2020 (pp. 123-7). ACM.

[9]Saranya N, Sakthivadivel M, Karthikeyan G, Rajkumar R. Securing the cloud: an empirical study on best practices for ensuring data privacy and protection. International Journal of Engineering and Management Research. 2023; 13(2):46-9.

[10]Shahidinejad A, Ghobaei-arani M, Souri A, Shojafar M, Kumari S. Light-edge: a lightweight authentication protocol for IoT devices in an edge-cloud environment. IEEE Consumer Electronics Magazine. 2021; 11(2):57-63.

[11]Sarkar S, Roychowdhury S. Authentication authorization and security issues in cloud computing. International Journal for Research in Applied Science & Engineering Technology. 2023; 11(XI):1275-83.

[12]Rayani PK, Changder S. Continuous user authentication on smartphone via behavioral biometrics: a survey. Multimedia Tools and Applications. 2023; 82(2):1633-67.

[13]Finnegan OL, WhiteIII JW, Armstrong B, Adams EL, Burkart S, Beets MW, et al. The utility of behavioral biometrics in user authentication and demographic characteristic detection: a scoping review. Systematic Reviews. 2024; 13(1):61.

[14]Papaioannou M, Pelekoudas-oikonomou F, Mantas G, Serrelis E, Rodriguez J, Fengou MA. A survey on quantitative risk estimation approaches for secure and usable user authentication on smartphones. Sensors. 2023; 23(6):1-34.

[15]Otta SP, Panda S, Gupta M, Hota C. A systematic survey of multi-factor authentication for cloud infrastructure. Future Internet. 2023; 15(4):1-20.

[16]Saranya A, Naresh R, Karuppiah S, Jenifer M. Development of trust-based authorization and authentication framework for secure electronic health payment in cloud environment. Soft Computing. 2024:1-6.

[17]Gupta S. Next-generation user authentication schemes for IoT applications. PhD thesis, University of Trento, Italy. 2020.

[18]Halunen K, Häikiö J, Vallivaara V. Evaluation of user authentication methods in the gadget-free world. Pervasive and Mobile Computing. 2017; 40:220-41.

[19]Erdogan O, Saran NA. A survey on server-based electronic identification and signature schemes to improve eIDAS: with a new proposal for Turkey. Peer Journal Computer Science. 2021; 7:e734.

[20]Li X, Qiu W, Zheng D, Chen K, Li J. Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Transactions on Industrial Electronics. 2009; 57(2):793-800.

[21]Farash MS, Attari MA. A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks. The Journal of Supercomputing. 2014; 69: 395–411.

[22]Farash MS. Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Networking and Applications. 2016; 9:82-91.

[23]Mo J, Hu Z, Chen H, Shen W. An efficient and provably secure anonymous user authentication and key agreement for mobile cloud computing. Wireless Communications and Mobile Computing. 2019; 2019(1):4520685.

[24]Hammami H, Yahia SB, Obaidat MS. A lightweight anonymous authentication scheme for secure cloud computing services. The Journal of Supercomputing. 2021; 77(2):1693-713.

[25]Chaudhry SA, Mahmood K, Naqvi H, Khan MK. An improved and secure biometric authentication scheme for telecare medicine information systems based on elliptic curve cryptography. Journal of Medical Systems. 2015; 39:1-12.

[26]Chaudhry SA, Naqvi H, Mahmood K, Ahmad HF, Khan MK. An improved remote user authentication scheme using elliptic curve cryptography. Wireless Personal Communications. 2017; 96:5355-73.

[27]Xie Q, Wong DS, Wang G, Tan X, Chen K, Fang L. Provably secure dynamic ID-based anonymous two-factor authenticated key exchange protocol with extended security model. IEEE Transactions on Information Forensics and Security. 2017; 12(6):1382-92.

[28]Chang CC, Le HD. A provably secure, efficient, and flexible authentication scheme for ad hoc wireless sensor networks. IEEE Transactions on Wireless Communications. 2015; 15(1):357-66.

[29]Alkhalifah ES. Password based authentication for web based graphics computing services retrieval in cloud. Multimedia Tools and Applications. 2024:1-23.

[30]Jan SU, Qayum F. An authentication scheme for distributed computing environment. International Journal of Information and Computer Security. 2020; 13(2):227-48.

[31]Saravanan A, Bama SS. CloudSec (3FA): a multifactor with dynamic click colour-based dynamic authentication for securing cloud environment. International Journal of Information and Computer Security. 2023; 20(3-4):269-94.

[32]Ahmadi F, Gupta G, Zahra SR, Baglat P, Thakur P. Multi-factor biometric authentication approach for fog computing to ensure security perspective. In international conference on computing for sustainable global development 2021 (pp. 172-6). IEEE.

[33]Uslu U, İncel ÖD, Alptekin GI. Evaluation of deep learning models for continuous authentication using behavioral biometrics. Procedia Computer Science. 2023; 225:1272-81.

[34]Hossain MA, Al HMA. Improving cloud data security through hybrid verification technique based on biometrics and encryption system. International Journal of Computers and Applications. 2022; 44(5):455-64.

[35]Uddin MA, Kaif M, Zubair MA, Ali MR. Data Repossession by optimized blow fish algorithm in Ml and multistage authentication in cloud. Mathematical Statistician and Engineering Applications. 2023; 72(1):1360-6.

[36]Buriro A, Gupta S, Yautsiukhin A, Crispo B. Risk-driven behavioral biometric-based one-shot-cum-continuous user authentication scheme. Journal of Signal Processing Systems. 2021; 93(9):989-1006.

[37]Durga KK, Rejeti VK, Chandra GR, Ramesh R. Utilizing multi-stage authentication and an optimized blowfish algorithm for effective secure date retrieval on cloud computing. Journal of Data Acquisition and Processing. 2023; 38(4):1418-31.

[38]Kaur S, Kaur G, Shabaz M. A secure two‐factor authentication framework in cloud computing. Security and Communication Networks. 2022; 2022(1):7540891.

[39]Anitha HM, Jayarekha P. Multistage authentication to enhance security of virtual machines in cloud environment. International Journal of Advanced Computer Science and Applications. 2021; 12(10):615-23.

[40]Mostafa AM, Ezz M, Elbashir MK, Alruily M, Hamouda E, Alsarhani M, et al. Strengthening cloud security: an innovative multi-factor multi-layer authentication framework for cloud user authentication. Applied Sciences. 2023; 13(19):10871.

[41]Megouache L, Zitouni A, Djoudi M. Ensuring user authentication and data integrity in multi-cloud environment. Human-centric Computing and Information Sciences. 2020; 10:1-20.

[42]Alshahrani M, Traore I. Secure mutual authentication and automated access control for IoT smart home using cumulative keyed-hash chain. Journal of Information Security and Applications. 2019; 45:156-75.

[43]Jasmine RM, Jasper J, Geetha MR. An efficient secure cryptosystem using improved identity based encryption with multimodal biometric authentication and authorization in cloud environments. Wireless Networks. 2024:1-21.

[44]Rajeshkumar K, Dhanasekaran S, Vasudevan V. A novel three-factor authentication and optimal mapreduce frameworks for secure medical big data transmission over the cloud with shaxecc. Multimedia Tools and Applications. 2024: 1-29.

[45]Arumugam S. An effective hybrid encryption model using biometric key for ensuring data security. The International Arab Journal of Information Technology. 2023; 20(5):796-807.

[46]Arasan A, Sadaiyandi R, Al-turjman F, Rajasekaran AS, Selvi KK. Computationally efficient and secure anonymous authentication scheme for cloud users. Personal and Ubiquitous Computing. 2024; 28(1):111-21.

[47]Konwar R, Jha D, Agrawal R, Purkayastha R, Banerjee I. A two-factor authentication mechanism using a novel OTP generation algorithm for cloud applications. In 14th international conference on cloud computing, data science & engineering 2024 (pp. 245-50). IEEE.

[48]Aburbeian AM, Fernández-veiga M. Secure internet financial transactions: a framework integrating multi-factor authentication and machine learning. AI. 2024; 5(1):177-94.

[49]George AT, Scholar PG, Mathew J. Argon2: the secure password hashing function. Proceedings of the national conference on emerging computer applications 2021 (pp. 81-4).

[50]Mondal S, Bours P. Combining keystroke and mouse dynamics for continuous user authentication and identification. In international conference on identity, security and behavior analysis 2016 (pp. 1-8). IEEE.

[51]Saravanan A, Bama SS, Kadry S, Ramasamy LK. A new framework to alleviate DDoS vulnerabilities in cloud computing. International Journal of Electrical & Computer Engineering. 2019; 9(5):4163-75.