Authentication Technologies for Cloud Computing, IoT and Big Data
2: Faculty of Computer Systems & Software Engineering, University Malaysia Pahang, Malaysia
Critical systems and infrastructure rely heavily on ICT systems and networks where security issues are a major concern. Authentication methods verify that messages come from trusted sources and guarantee the smooth flow of information and data. In this edited reference, the authors present state-of-art research and development in authentication technologies including challenges and applications for Cloud Technologies, IoT and Big Data. Topics covered include authentication; cryptographic algorithms; digital watermarking; biometric authentication; block ciphers with applications in IoT; identification schemes for Cloud and IoT; authentication issues for Cloud applications; cryptography engines for Cloud based on FPGA; and data protection laws.
Inspec keywords: law; field programmable gate arrays; cryptography; watermarking; data protection; cloud computing; Big Data; Internet of Things; biometrics (access control); message authentication
Other keywords: information security; FPGA; big data; watermarking; data protection laws; biometric authentication; cryptographic algorithms; cloud computing; data authentication algorithms; IoT; authentication technologies; lightweight security algorithms; identification schemes
Subjects: Computing security management; Legal aspects of computing; Security aspects of hardware; Computer communications; Data security; Cryptography; Computer networks and techniques; General and management topics; General electrical engineering topics; Internet software
- Book DOI: 10.1049/PBSE009E
- Chapter DOI: 10.1049/PBSE009E
- ISBN: 9781785615566
- e-ISBN: 9781785615573
- Page count: 370
- Format: PDF
-
Front Matter
- + Show details - Hide details
-
p.
(1)
-
1 Introduction
- + Show details - Hide details
-
p.
1
–12
(12)
Authentication is central to any security issue, involving the verification process of the identity of a person or a process to access a secured system. Therefore, authentication is extremely important to guarantee the smooth flow of information without troubles. Authentication process is implemented for data in storage and data in-transit with communication network. Critical systems, e.g., energy, banking and finance, defense, transportation, business process, manufacturing, water system, and emergency services heavily rely on information systems and networks. Authentication has become an integrated part of modern computing and communication technologies, e.g., Internet of Things (IoT), cloud computing, and connected vehicles. This chapter provides an overview of the book, its theme, and purpose by introducing the topics of the book that presents the current technological advances and the new trends in authentication in information security.
-
2 Information security
- + Show details - Hide details
-
p.
13
–36
(24)
Information security is a very important component of system and network security. The understanding and implementation of the five pillars of information security, namely, confidentiality, integrity, availability, authenticity, and nonrepudiation, is fundamental to the protection of information assets from the omnipotent adversarial cyber threat. The evolving adversary requires a counter active information security program for both small and large organizations. This chapter defines the fundamental elements of information security, and presents the core standards for information security, threat classes, and data classification standards. With the rapid adoption of the Internet of Things (IoT) paradigm, IoT device security has become an important topic, which is addressed in detail in this chapter. Standards associated with information security in health care, as well as the National Institute of Standards and Technology (NIST) framework for cyber security, are also described in detail. The chapter concludes with a discussion on the foreseeable challenges for information security in the IoT era.
-
3 Data authentication algorithms
- + Show details - Hide details
-
p.
37
–65
(29)
Data authentication algorithms represent the baseline on which advanced authentication protocols can be built. In the realm of cloud computing, IoT, and big data, data authentication algorithms play a vital role to secure the transmitted, stored, and exchanged data and information. These basic and advanced algorithms are categorized into four main types. Passwords and hash functions represent the simplest authentication schemes. Hash functions are used into the more complex constructions of authentication algorithms such as MACs and digital signatures. The choice of the underlined mathematical building blocks, such as ECs, contributed to the improvement of authentication algorithms; nowadays, we have algorithms with efficient computation performance and shorter cryptographic keys. Besides the cryptographic realm of authentication, biometric and steganography schemes have been used as other means of authentication algorithms where the featured of the user are the keys to authenticate him/her into the system. Below, we summarize the overall learned lessons and list some future trends in this area of research.
-
4 Cryptographic algorithms
- + Show details - Hide details
-
p.
67
–105
(39)
In this chapter, different types of cryptographic algorithms applicable for security in IoT, cloud computing, and Big Data are presented. IoT, cloud computing, and Big Data are based on a highly interconnected network of devices, servers, and massive volumes of data where all kinds of communications seem to be possible. Therefore, the security requirement for such technologies becomes critical, which should be provided by cryptographic algorithms. Two main categories in cryptography are symmetric key cryptography and asymmetric or PKC. The applicable methods for PKC are rather slow compared to symmetric key cryptographic algorithms. Therefore, PKC is used as a complement to symmetric key cryptography for providing security in IoT, cloud computing, and Big Data.
-
5 Digital watermarking algorithms for multimedia data
- + Show details - Hide details
-
p.
107
–123
(17)
Nowadays, the remarkable growth of Internet technology makes multimedia applications popular. However, the security issue of multimedia data is a big concern due to the openness of the Internet. The threats may occur in terms of illegal copying and/or unauthorized manipulation of multimedia data. From the last few decades, digital watermarking has been considered as one of the promising solutions for controlling the content from unlawful manipulation and redistribution. In watermarking, a watermark or logo is embedded in the original image. The watermark can be extracted later for applications such as copyright protection, ownership verification, content authentication, and so on. In this context, the watermarking is addressing broadly into two application areas such as copyright protection using robust watermarking and to detect illegal content manipulation through fragile watermarking approach. One more type of watermarking, called semi-fragile watermarking, is also quite popular. It is sustainable against certain attacks for the purpose of copyright protection and is applicable for reinforcing the authentication property of multimedia documents. So, the aim of this chapter is to discuss watermarking approaches such as robust, fragile, and semi-fragile in the context of basic requirements or principles, and developing procedures. We also discuss the state-of-the-art as well as some possible research scope in this particular area.
-
6 Biometric authentication
- + Show details - Hide details
-
p.
125
–152
(28)
Biometrics refers to 'automated recognition of individuals based on their behavioural and biological characteristics such as fingerprints, iris, face, hand, voice, and gait.' Compared to traditional authentication methods, biometrics are easy to use, convenient, not possible to share, reliable, and cannot be forgotten or lost. Compensating for this need, this chapter will focus on the biometric authentication systems which help to prevent unauthorized access to the local server and cloud resources.
-
7 Lightweight block ciphers with applications in IoT
- + Show details - Hide details
-
p.
153
–180
(28)
This chapter aims to provide a comprehensive survey of lightweight block ciphers that have been designed for resource-constrained IoT platforms. The implementations of 10 lightweight block ciphers are compared on 8-bit, 16-bit, and 32-bit microcontrollers by using evaluation metrics such as power and energy consumption, latency, security level, throughput, and efficiency metrics. Furthermore, advantages and disadvantages of these ciphers are discussed. Finally, authentication problems and solutions for IoT devices are discussed in detail.
-
8 Identification schemes in the post-quantum area based on multivariate polynomials with applications in cloud and IoT
- + Show details - Hide details
-
p.
181
–207
(27)
In this chapter, we survey the identification schemes based on multivariate polynomials over a finite field. We provide some basic definitions needed to construct the structure of identification schemes based on multivariate polynomials over a finite field. Then, we provide a brief survey of identification schemes based on multivariate polynomials by considering applications in different platforms. We analyze them in view of the zero knowledge property and the number of passes such as 3-pass and 5-pass. By considering open problems in the literature, we propose a novel identification scheme based on multivariate quadratic polynomials. Then, we compare them in terms of efficiency. We also provide a discussion for cloud, IoT, and big data applications of quantum secure identification schemes.
-
9 Authentication issues for cloud applications
- + Show details - Hide details
-
p.
209
–240
(32)
The challenges of security in cloud computing can be categorized into network level (network protocols and network security such as distributed nodes, distributed data, Internode communication), user authentication level (encryption/decryption techniques, authentication methods), data level (data integrity and availability such as data protection and distributed data), and generic issues (traditional security tools, and the use of different technologies). Authentication, in the cloud applications, is the process of validating and guaranteeing the identity of cloud service subscribers or users. The reliability and security of the cloud computing environment especially are based on authentication. Therefore, this chapter discusses security issues for cloud applications and then focus on the authentication technologies in the cloud system.
-
10 The insider threat problem from a cloud computing perspective
- + Show details - Hide details
-
p.
241
–272
(32)
Cloud computing is viewed as a cost-effective and scalable way of providing computing resources for both large and small organizations. However, as cloud storage is outsourced it is highly susceptible to information security risks. The insider threat may become particularly insidious with the predilection towards cloud computing. Insiders have a significant advantage, as not only do they have knowledge about vulnerabilities in policies, networks or systems but they also have the requisite capability. An `insider' is any individual who has legitimate access to an organization's information technology infrastructure whereas an `insider threat' uses the authority granted to him/her for illegitimate gain. Fundamentally, the insider threat concern is a complex issue, as the problem domain intersects the social, technical, and socio-technical dimensions. From a cloud-computing perspective, the concept of the insider is multi-contextual and consequently propagates more opportunities for malfeasance. The definition of an insider changes from context to context; an insider is someone who works within an organization that uses a cloud-based system and it also includes a user that works for a cloud service provider. Clearly, the concept of the insider within the cloud-computing domain is amorphous. This chapter intends to define the insider threat and identify the various types of insider threats that exist within the cloud-computing domain. This chapter considers the challenges involved in managing the insider threat and possible mitigation strategies including authentication schemes within cloud-based systems. To this end, this chapter also considers the various mitigation strategies that exist within the technical, social and sociotechnical domains in order to identify gaps for further research.
-
11 Cryptographic engines for cloud based on FPGA
- + Show details - Hide details
-
p.
273
–308
(36)
Cryptographic operations are being performed in all security critical applications and devices. Encryption/Decryption and authentication operations are used in the cloud server for full virtual machine encryption, protection of data at rest, data in motion, etc. Execution of cryptographic operations on the processor reduces the efficiency and increases heat production. Integration of fieldprogrammable gate array (FPGA) devices to cloud data centers opens up the opportunity to implement critical tasks in hardware, thereby improving the efficiency. Security being a critical application on cloud can be implemented on hardware to improve performance and reduce heat production. This chapter presents hardware implementation of four cryptographic engines-AES, DES, SHA, and MD5 on FPGA. Finally, an adaptive reconfigurable security system with the four cryptographic engines using partial reconfiguration is discussed. Depending on the dynamic need, only the necessary algorithm can be loaded which saves power and area.
-
12 Data protection laws
- + Show details - Hide details
-
p.
309
–337
(29)
Data protection, data privacy, and information privacy are all terms defined as the process of protecting important data/information from corruption, scam, fraud, loss, or compromise. This includes the relationship between the data collection and technology, the public perception and expectation of privacy, and the political as well as legal roots surrounding that data. Therefore, data protection laws aim to provide a balance between the individual's privacy rights and the proper use of data. Data protection is a concern for individuals and organizations who collect, analyze, store, and transmit data; such data could be written on paper or stored on a computer system or network. Both ways of handling information may be prune to loss, damage, or errors. Documents handled as hardcopies may be copied easily, stolen, lost, destroyed, etc. Therefore, it is very difficult to protect such information available in hardcopy format and, in reality, there is no secure method that would safeguard such documents. One may propose to store them in vaults which are secure and protect documents from humidity, light, and fire; however, many questions would be raised in the process of applying/handling such securing strategy before and after storage. On the other hand, electronic information stored on electronic devices and networks needs to be handled very carefully so that these physical systems and the information stored in them do not fall in the hands of those who may use it in fraud, abuse, scam, etc., in addition to policies which should be in place to secure information during the process of transmission and storage. In this chapter, issues related to data protection laws are discussed.
-
13 Conclusion
- + Show details - Hide details
-
p.
339
–341
(3)
The book contains theoretical and practical knowledge of state-of-the-art authentication technologies and their applications in big data, IoT, and cloud computing with this technologically connected world. The first six chapters of the book provide the fundamental details of the authentication technologies.The objective of Chapters 7 to 11 is to develop fast and secure algorithms for resource-constrained IoT and cloud computing, while the aim of Chapter 12 is to protect the data by laws and policies. All these chapters include research challenges and future research directions with the evolution of technologies.
-
Back Matter
- + Show details - Hide details
-
p.
(1)