Masterarbeit MSTR-3452

Ashraf, Umair: Securing Cloud Applications with Two-Factor Authentication.
Universität Stuttgart, Fakultät Informatik, Elektrotechnik und Informationstechnik, Masterarbeit Nr. 3452 (2013).
75 Seiten, englisch.
CR-Klassif.D.4.6 (Operating Systems Security and Protection)
K.6.5 (Security and Protection)

Content management Software as a Service (SaaS) applications have made a lot of attention in the recent years. The software and related content is hosted in cloud and remote access is given to the users through a web browser or a thin web client. The content management SaaS solutions store the regulatory content of an organization in cloud. Any successful attempt of unauthorized access to the cloud content can pose certain security risks, ranging from financial loss, defamation, to civil or criminal crime.

Security and privacy are two major hindrance for cloud consumers in adopting SaaS based cloud applications \cite{sccloud}. We need a solution to maximize the level of trust between the cloud consumers and the cloud providers. The level of trust can be increased by increasing information security and privacy, which boils down to strong authentication, authorization and access control mechanism. This thesis focuses on new technologies to improve authentication of services consumed in the cloud. Password authentication is the commonly used single-factor authentication mechanism. The password authentication is defenceless to many security threats. Passwords are vulnerable to replay and discovery attacks. They also do not show any resistance to eavesdropping, man-in-the-middle or phishing attacks. Two-factor authentication opens up new horizons in security enhancement. It mandates users to provide two authentication tokens during the authentication phase. The two authentication tokens cover vulnerabilities of each other and combine together to provide higher information security.

Ensuring strong authentication is a complete process within itself. The probability of occurrence of a security breach and the loss involved in it play a decisive role in selecting an authentication assurance level. The assurance level is the measurement of the strength of an authentication process. The appropriate technology is selected to meet a certain assurance level and mitigates the exposed risk to an information system. Selecting the appropriate technology includes selecting the authentication tokens, choosing the token management policy and determining the communication protocol between the client and the server. Also, authentication security enhancement is a cyclic process and requires continuous monitoring and improvement.

The two-factor authentication solution must secure all the SaaS software and services. While most of the software and services support password authentication, not all of them provide support for two-factor authentication. Ensuring two-factor authentication in a SaaS model is a challenging task and requires all the software and services to be brought under one authentication policy.

Volltext und
andere Links
PDF (664361 Bytes)
Abteilung(en)Universität Stuttgart, Institut für Parallele und Verteilte Systeme, Anwendersoftware
BetreuerWeizenegger, Tim
Eingabedatum11. Juli 2013
   Publ. Institut   Publ. Informatik