Master Thesis MSTR-3452

BibliographyAshraf, Umair: Securing Cloud Applications with Two-Factor Authentication.
University of Stuttgart, Faculty of Computer Science, Electrical Engineering, and Information Technology, Master Thesis No. 3452 (2013).
75 pages, english.
CR-SchemaD.4.6 (Operating Systems Security and Protection)
K.6.5 (Security and Protection)
Abstract

Content management Software as a Service (SaaS) applications have made a lot of attention in the recent years. The software and related content is hosted in cloud and remote access is given to the users through a web browser or a thin web client. The content management SaaS solutions store the regulatory content of an organization in cloud. Any successful attempt of unauthorized access to the cloud content can pose certain security risks, ranging from financial loss, defamation, to civil or criminal crime.

Security and privacy are two major hindrance for cloud consumers in adopting SaaS based cloud applications \cite{sccloud}. We need a solution to maximize the level of trust between the cloud consumers and the cloud providers. The level of trust can be increased by increasing information security and privacy, which boils down to strong authentication, authorization and access control mechanism. This thesis focuses on new technologies to improve authentication of services consumed in the cloud. Password authentication is the commonly used single-factor authentication mechanism. The password authentication is defenceless to many security threats. Passwords are vulnerable to replay and discovery attacks. They also do not show any resistance to eavesdropping, man-in-the-middle or phishing attacks. Two-factor authentication opens up new horizons in security enhancement. It mandates users to provide two authentication tokens during the authentication phase. The two authentication tokens cover vulnerabilities of each other and combine together to provide higher information security.

Ensuring strong authentication is a complete process within itself. The probability of occurrence of a security breach and the loss involved in it play a decisive role in selecting an authentication assurance level. The assurance level is the measurement of the strength of an authentication process. The appropriate technology is selected to meet a certain assurance level and mitigates the exposed risk to an information system. Selecting the appropriate technology includes selecting the authentication tokens, choosing the token management policy and determining the communication protocol between the client and the server. Also, authentication security enhancement is a cyclic process and requires continuous monitoring and improvement.

The two-factor authentication solution must secure all the SaaS software and services. While most of the software and services support password authentication, not all of them provide support for two-factor authentication. Ensuring two-factor authentication in a SaaS model is a challenging task and requires all the software and services to be brought under one authentication policy.

Full text and
other links
PDF (664361 Bytes)
Department(s)University of Stuttgart, Institute of Parallel and Distributed Systems, Applications of Parallel and Distributed Systems
Superviser(s)Weizenegger, Tim
Entry dateJuly 11, 2013
   Publ. Computer Science