Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
40 views4 pages

Cloud Computing Authentication

The document discusses the Single Sign-On (SSO) authentication process in cloud computing, highlighting OpenID and SAMAL as primary approaches, with SAMAL being preferred due to its security against phishing. It outlines different authentication methods for private, public, and hybrid clouds, emphasizing the need for secure practices due to vulnerabilities in existing systems. The document also suggests the implementation of Wireless Public Key Infrastructure as a potential solution for improving cloud authentication security.

Uploaded by

tanusneha456
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
40 views4 pages

Cloud Computing Authentication

The document discusses the Single Sign-On (SSO) authentication process in cloud computing, highlighting OpenID and SAMAL as primary approaches, with SAMAL being preferred due to its security against phishing. It outlines different authentication methods for private, public, and hybrid clouds, emphasizing the need for secure practices due to vulnerabilities in existing systems. The document also suggests the implementation of Wireless Public Key Infrastructure as a potential solution for improving cloud authentication security.

Uploaded by

tanusneha456
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Cloud computing authentication process is done by mechanism called “Single Sign

On”. In single sign on consumer has given access to his all kinds of services using
one username and a one password. Therefore consumer does not have to
remember several passwords to get access to all their services.

To achieve single sign on mainly two approaches are used

OpenID based Single Sign On

SAMAL based Single Sign On

OpenID is vulnerable for several risks like phishing attacks, so SAMAL based
Single Sign On is the commonly used approach to achieve Cloud computing
Identity security.

What is SAMAL
SAMAL stands for security assertion markup language which developed by
OASIS. It is the most used xml based standard for exchanging authentication
and authorization data in between two domains.

Authentication Approaches According to cloud


computing Deployment Model
In cloud authentication different approaches are been used. According to the
cloud deployment model authentication methods gets little bit different for
example authentication mean used in private cloud is little bit different than
to authentication mean used in public clouds. Following we have mentioned
some authentication approaches which are used in different cloud
deployment models

Authentication procedure used in Private Cloud


computing
This authentication pattern is called trusted IDM pattern Google APP Engine
use this kind of pattern user submit their user credentials to IDM component
IDM component encrypt the user credentials and then user credentials
submit to the authenticator then decrypt user credentials and authenticate
the user if the authentication successful via domain resolver IDP give access
to the services provided by cloud

This approach is very secure approach though it’s not scalable and the
number of request that handle simultaneously is very large.
Authentication procedure used in public cloud
computing
Above authentication pattern is called External IDM Pattern these kind of
authentication procedures are mainly used in public clouds when a user want
to get access to the cloud user first send their credentials to external
authenticator via SSL connection then the authenticator checks the user
credentials in LDAP servers and if the user is correctly validated it sends
valid attributes via SAMAL to the IDM .then the IDM does the domain
resolution and give access to the necessary services in public cloud. Ping
Identity is a kind of example for external authenticators.

Unlike to the private cloud public cloud has large number of users because
public clouds are mainly exposed to a larger crowd, maintaining username
password will need more space and number of authentication request handle
simultaneously also gets higher. Therefore public cloud authentications are
mainly handled by external authenticator.

Following figure further illustrate a use case which describe the


authentication process in a public cloud

1 The user attempts to reach a hosted Google application, such as Gmail,


Start Pages, or another Google service.

2 Google generates a SAML authentication request. The SAML request is


encoded and embedded into the URL for the partner’s SSO service. The
RelayState parameter containing the encoded URL of the Google application
that the user is trying to reach is also embedded in the SSO URL. This
RelayState parameter is meant to be an opaque identifier that is passed
back without any modification or inspection

3 Google sends a redirect to the user’s browser. The redirect URL includes
the encoded SAML authentication request that should be submitted to the
partner’s SSO service

4 The partner decodes the SAML request and extracts the URL for both
Google’s ACS (Assertion Consumer Service) and the user’s destination URL
(RelayState parameter). The partner then authenticates the user. Partners
could authenticate users by either asking for valid login credentials or by
checking for valid session cookies

5 The partner generates a SAML response that contains the authenticated


user’s username. In accordance with the SAML 2.0 specification, this
response is digitally signed with the partner’s public and private DSA/RSA
keys.
6 The partner encodes the SAML response and the RelayState parameter and
returns that information to the user’s browser. The partner provides a
mechanism so that the browser can forward that information to Google’s
ACS. For example, the partner could embed the SAML response and
destination URL in a form and provide a button that the user can click to
submit the form to Google. The partner could also include JavaScript on the
page that automatically submits the form to Google

7 Google’s ACS verifies the SAML response using the partner’s public key. If
the response is successfully verified, ACS redirects the user to the
destination URL.

8The user has been redirected to the destination URL and is logged in to
Google Apps

Authentication procedure used in Hybrid cloud


computing
Hybrid cloud is a combination of two or more clouds (private cloud+ public
cloud or public cloud+ Community cloud). Authentication in such kind of
cloud there should be a procedure for communicate in between those clouds.
As hybrid cloud is a combination of several cloud there want be a clear
authentication pattern. Authentication pattern will be changed according to
the implementation.

Problems of existing cloud Authentication process


Existing cloud authentication procedure has exposed for several problems.
Today most of the cloud authentication processes use a single user name
and password to authenticate user. Therefore cloud application could be
exposed several security problems. Below we have mentioned some of the
authentication security problems which exist in cloud authentication.

Cloud computing applications could be accessible from any device; private


(e.g., laptop) or public (e.g., Internet café). And this has been a greater
burden for most IT managers and CEO’s alike: “If you are not in control of the
device that is accessing the data held within your network, then how can you
surely identify the actual person that is using the device

User name and the password gives very little protection to the user certain
password could be easily hacked, stolen or guessed or gained using phishing
attacks. During past few years several such security breaches were reported.
All the user credentials are stored in a central location if somehow sever
which stores the username and password get accessed by a third party they
will gain the users credentials they will easily access user services

If these single sign on is used by organization then the employee should be


trained for creating stronger password which couldn’t easily guessed or
hacked this will be extra cost for a organization

Better authentication procedure is very much in needed for cloud computing


and there should be a better way to identify and guarantee the user.

Wireless public key Infrastructure


Wireless public key infrastructure is kind of security protocol which is widely
been used for better authentication. Some countries like Estonia has used
wireless public key infrastructure for voting systems. It has also been
proposed to use in M Commerce applications such banking payments
systems.

You might also like