Total views : 211
Secure USB Authentication on Distributed Cloud Computing Environments
Objectives: Authentication is the first step of secure communication. Especially, cloud environment is a critical issue for user authentication because cloud storages have a lot of user credentials. Methods/Statistical Analysis: To solve this problem, security USB is released currently, especially in the public sector, use a mandatory system of security USB memory in the enterprise has been applied. However, information for user authentication or be stored in plain text in a specific area of the USB memory, vulnerabilities that can be authenticated bypassed by user interaction is found. Findings: Cloud storage services are getting popular and it must be secured. Otherwise, personal privacy could be compromised. Once username and password are compromised, valuable information will be in jeopardy. USB memory is small, cheap and the capacity ratio of price as a portable storage medium to provide a large capacity, it has secured already many users. Further, due to the small size, often lost or stolen accident, flows out the data in the USB memory, social problems such as major technology leakage of effluent and industrial personal information has occurred. Improvements/ Applications: To solve the vulnerability of such user’s authentication, by using the structure properties of the hash function and encryption algorithm and the storage medium presents a secure user’s authentication methods.
Access Control, USB, User Behavior, Secure Authentication.
- Evans W. Jr, Weiss KE. A user authentication scheme is not requiring secrecy in the computer. Communication of the Association for Computing Machinery. 1974 Aug; 17(8):437–42.
- Yi X, Shenzhen Y. Anomaly detection based on web users’ browsing behaviors. Journal of Software. 2007; 18(4):967–77.
- Mather T, Kumaraswamy S, Shahid L. Cloud security and privacy: An enterprise perspective on risks and compliance (Theory in Practice). 1st ed. O'Reilly Media; 2009 Oct.
- Bae K, Yim K. Analysis of an intrinsic vulnerability on keyboard security. Journal of the Kandersteg International Scout Centre. 2008 Jun; 18(3):89–95.
- Shiralizadeh A, Hatamlou A, Massari M. Presenting a new data security solution in cloud computing. Journal of Scientific Research and Development. 2015; 2(2):30–6.
- Lee K, Bae K, Yim K. Hardware approach to solving password exposure problem through keyboard sniff. World Academy of Science, Engineering and Technology. International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering. 2009; 3(8):1501–3.
- O’Gorman L. Comparing passwords, tokens and biometrics for user authentication. Proceedings of the IEEE. 2003 Dec; 91(12):2021–40.
- Jung T, Yim K. Countermeasures to the vulnerability of the keyboard hardware. Journal of the Korea Information Security and Cryptology. 2008; 18(4):187–94.
- Kaur R, King S. Analysis of security algorithms in cloud computing. International Journal of Application or Innovation in Engineering and Management. 2014 Mar; 3(3):171–6.
- Lockdown: A safe and practical environment for security applications. 2009. Available from: http://repository.cmu.edu/cgi/viewcontent.cgi?article=1004&context=cylab
- Padmapriya A, Subhasri P. Cloud computing, reverse Caesar cipher algorithm to increase data security. International Journal of Engineering Trends and Technology. 2013 Apr; 4(4):1067–71.
- Li W, Ping L. Trust model to enhance security and interoperability of cloud environment. Springer Berlin Heidelberg: Cloud Computing; 2009 Dec. p. 69–79.
- Arockiam L, Monikandan S. Data security and privacy in cloud storage using hybrid symmetric encryption algorithm. International Journal of Advanced Researching Computer and Communication Engineering. 2013 Aug; 2(8):3064–70.
- Millan GL, Perez MG, Perez GM, Skarmeta AFG. PKI-based trust management in inter-domain scenarios. Computers and Security. 2010 Mar; 29(2):278–90.
- Kingpin. Attacks on and counter measures for USB hardware token devices. Proceedings of the Fifth Nordic Workshop on Secure IT Systems Encouraging Co-operation; Reykjavik, Iceland. 2000 Oct. p. 35–57.
- Electronics Computer Technology (ICECT) 2011 3rd International Conference on Kanniyakumari. 2011. Available from: http://toc.proceedings.com/12007webtoc.pdf
- William S. Cryptography and network security, Principles and practices. 6th ed. Prentice Hall; 2013 Mar.
- Hwang SJ, Park KH. A keyboard security method based on a sub-classing. Journal of Korea Multimedia Society. 2011; 14(1):15–23.
- Shakeeba SK, Tuteja RR. Security in cloud computing using cryptographic algorithms. International Journal of Innovative Research in Computer and Communication Engineering. 2015 Jan; 3(1):148–54.
- Research on trust model of PKI. 2011. Available from: https://www.researchgate.net/publication/232639129_Research_on_trust_model_of_PKI
- Data encryption and decryption algorithms using key rotations for data security in the cloud system. 2014. Available from: http://ieeexplore.ieee.org/document/6884895/
- Chen D, Zhao H. Data security and privacy protection issues in cloud computing. IEEE Proceedings of International Conference on Computer Science and Electronics Engineering; 2012. p. 647–51.
- Purdy GB. A high-security log-in procedure. Communications of Association for Computing Machinery. 1974 Aug; 17(8):442–5.
- Kwon K, Ahn SJ, Chung JW. Network security management using ARP spoofing. Springer Berlin Heidelberg; 2004 May. p. 142–9.
- Haller NM. The S/Key one-time password system. Proceeding Internet Society Symposium on Network and Distributed System Security; 1944. p. 151–7.
- Arockiam L, Monikandan S. Arocrypt: A confidentiality technique for securing enterprise’s data in the cloud. IJET. 2015 Feb-Mar; 7(1):245–53.
- A new noise mingling approach to protecting the authentication password. 2010. Available from: http://ieeexplore.ieee.org/document/5447494/?reload=true&arnumber=5447494
- Jeong H. Vulnerability analysis of secure USB flash drives. IEEE International Workshop on Memory Technology, Design and Testing; 2007. p. 61–4.
- Yim K. A fix to the HCI specification to evade ID and password exposure by USB sniff. Proceedings of APIC-IST 2008; 2008 Dec. p. 191–4.
- Mitchell CJ, Chen L. Comments on the S/KEY user authentication scheme. ACM Operating Syst Rev. 1996 Oct; 30(4):12–6.
- Trusted framework for health information exchange. 2013. Available from: https://www.healthit.gov/sites/default/files/trustframeworkfinal.pdf
- Zhang N, Shi Q, Merabti M. Anonymous public-key certificates for anonymous and fair document exchange. IEEE Proceedings-Communications. 2000 Dec; 147(6):345–50.
- Abbasi G, Muftic S. Cryptonet, security management protocols. DNCOCO'10 Proceedings of the 9th WSEAS International Conference on Data Networks, Communications, Computers; 2010. p. 15–20.
- Yu J, Wang G, Mu Y, Gao W. An efficient generic framework for three-factor authentication with provably secure instantiation. IEEE Transactions on Information Forensics and Security. 2014 Dec; 9(12):2302–13.
- Pansa D, Chomsiri T. Security web improving by using dynamic password authentication. International Conference on Network and Electronics Engineering. 2011; 11:32–6.
- Hong S. Multi-factor user authentication on group communication. Indian Journal of Science and Technology. 2015 Jul; 8(15):1–6.
- Hong S. Hybrid routing algorithm on mesh network based on traffic records. Indian Journal of Science and Technology. 2015 Apr; 8(S7):327–31.
- There are currently no refbacks.
This work is licensed under a Creative Commons Attribution 3.0 License.