Two-Factor Authentication and Role-based Access Control for Cloud Services

Abstract

Cloud computing became a tendency technology for IT and non-IT organizations. Many sectors and organizations shift towards cloud computing technology. They adopt this technology to deploy their services. Many services and applications gained benefits from cloud computing since these services become accessible over the whole world via the cloud. Cloud computing mitigates the burden of constructing and maintaining large data centers for non-IT sectors. Cloud providers offer On-Demand, scalable and measured services for cloud consumers to deploy their services and store their sensitive data. Accessing the cloud is one of the major security issues. Cloud provider should apply robust access model to gain the trust of their customers. They should restrict the access and grant the consumer the least privileges that are needed to accomplish his/her task. For that role-based access control model adopted in this thesis. This model is implemented to protect cloud services from unauthorized access. A mechanism of the time-based one-time password as two-factor authentication is also implemented to overcome the weakness of static password. A model of an online education system was created as an example of a cloud service. The system was developed using PHP language. The system has different roles each role has the least permission was needed. And for authentication BLOWFISH BCRYPT hashing function was used to implement time-based one time password. This password is renewed every session and has a timestamp of 30 seconds and then became unusable. The system has the capability to authenticate and authorize users of different roles. One time password raises the reliability of the authentication process by sending the password to the user’s email.