Abstract
Two important topics related to the cloud security are discussed in this chapter: the authentication of logical users accessing the cloud, and the security of data stored on public cloud servers. A real cloud platform is used as example; it is designed and implemented to support basic web applications, and to be shared by small and medium companies. Such platform is built using the OpenStack architecture. The user authentication is based on an original biometric approach exploiting fingerprints and open to multimodal improvements. The platform guarantees secure access of multiple users and complete logical separation of computational and data resources, related to different companies. High level of protection of the data, stored in the cloud, is ensured by adopting a peculiar data fragmentation approach.
Details are given about the authentication process and of the service modules involved in the biometric authentication. Furthermore are discussed the key issues, related to the integration of the biometric authentication, in the cloud platform.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Srinavasin, M. K., et al. (2012). State of the art cloud computing security taxonomies: A classification of security challenges in the present cloud computing environment. In ICACCI 2012 proceedings of the international conference on advances in computing, communications and informatics (pp. 470–476). ACM.
Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation Computer Systems, 28(3), 583–592.
Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), 1–11.
Nelson, C., & Teller, T. (2016). Cloud attacks illustrated: Insights from the cloud provider. In RSA conference, February 29, 2016–March 4, 2016. Moscone Center San Francisco.
Skokowski, P. (2014). Lessons from Apple iCloud Data Leak. CSA–Cloud Security Alliance Industry Blog [Online]. https://blog.cloudsecurityalliance.org/2014/11/19/lessons-from-apple-icloud-data-leak/
Gonsalves, A. (2013). Data leakage risk rises with cloud storage services. Computer world Hong Kong [Online]. http://cw.com.hk/news/data-leakage-risk-rises-cloud-storage-services
Konstantas, J. (2011). What does the Sony PlayStation network breach teach us about cloud security? Security week [Online]. http://www.securityweek.com/what-does-sony-playstation-network-breach-teach-us-about-cloud-security
Sotto, L. J., Treacy, B. C., & McLellan, M. L. (2010). Privacy and data security risks in cloud computing. World Communications Regulation Report, 5(2), 38.
European Commission (2012). Exploiting the potential of cloud computing in Europe, September 27, 2012 [Online]. Available: http://europa.eu/rapid/press-release_MEMO-12-713_it.htm
Yinqian Zhang, M. K. (2012). Cross-VM side channels and their use to extract private keys. In CCS’12. Raleigh, North Carolina, USA.
NIST (2013). NIST Cloud Computing Standards Roadmap. NIST
Ross, A. A., Nandakumar, K., & Jain, A. K. (2006). Handbook of multibiometrics (Vol. 6). Berlin: Springer.
Vielhauer, C. (2005). Biometric user authentication for IT security: From fundamentals to handwriting (advances in information security) (Vol. 18). New York: Springer.
Ratha, N. K., Connell, J. H., & Bolle, R. M. (2001). Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal, 40(3), 614–634. Chicago.
Juels, A., & Sudan M. (2002). A fuzzy vault scheme. In Proceedings of the 2002 IEEE international symposium on information theory (p. 408). IEEE.
Soutar, C., Roberge, D., Stoianov, A., Gilroy, R., & Kumar, B. V. (1998). Biometric encryption using image processing. In van Renesse, R. L. (Ed.), Proceedings of the SPIE, optical security and counterfeit deterrence techniques II (Vol. 3314, p. 178U188).
Ratha, N. K., Connell, J. H., & Bolle, R. M. (2001). Enhancing security and privacy of biometric-based authentication systems. IBM Systems Journal, 40, 614–634.
Linnartz, J.-P., & Tuyls, P. (2003). New shielding functions to enhance privacy and prevent misuse of biometric templates. In Proceedings of the 4th international conference on Audio- and video-based biometric person authentication (AVBPA’03) (pp. 393–402). Springer.
Chang, Y., Zhang, W., & Chen, T. (2004). Biometrics-based cryptographic key generation. In Proceedings of the IEEE international conference on multimedia and expo (ICME ‘04) (pp. 2203–2206). IEEE Computer Society.
Chen, C., Veldhuis, R., Kevenaar, T., & Akkermans, A. (2007). Multibits biometric string generation based on the likelyhood ratio. In Proceedings of the IEEE conference on biometrics: Theory, applications and systems (BTAS ‘07) (pp. 1–6). IEEE Computer Society.
Juels, A., & Wattenberg, M. (1999). A fuzzy commitment scheme. In Proceedings of the 6th ACM conference on computer and communication security (pp. 28–36). ACM.
Martini, U., & Beinlich, S. (2003). Virtual PIN: Biometric encryption using coding theory. In Brömme, A., & Busch, C. (Eds.), BIOSIG 2003: Biometrics and electronic signatures, ser. Lecture notes in informatics (Vol. 31, pp. 91–99). Gesellschaft fur Informatik.
Masala, G. L, Ruiu P, Brunetti A, Terzo O, & Grosso E (2015). Biometric authentication and data security in cloud computing. In Proceeding of the international conference on security and management (SAM). The Steering Committee of The World Congress in Computer Science (p. 9). Computer Engineering and Applied Computing (WorldComp).
Ruiu, P., Caragnano, G., Masala, G. L., & Grosso, E. (2016). Accessing cloud services through biometrics authentication on proceedings of the international conference on complex, intelligent, and software intensive systems (CISIS-2016), July 6–8, 2016. Japan: Fukuoka Institute of Technology (FIT).
Maltoni, D., Maio, D., Jain, A., & Prabhakar, S. (2009). Handbook of fingerprint recognition (2nd ed.). Berlin: Springer.
OpenStack. OpenStack cloud administrator guide [Online]. Available http://docs.openstack.org/admin-guide-cloud/content/
Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., & Xu, Y.. Two can keep a secret: A distributed architecture for secure database services. In: Proceeding of the 2nd conference on innovative data systems research (CIDR). Asilomar, California, USA.
Ciriani, V., Di Vimercati, S. D. C., Foresti, S., Jajodia, S., Paraboschi, S., & Samarati, P. (2007). Fragmentation and encryption to enforce privacy in data storage. In European symposium on research in computer security (pp. 171–186). Berlin, Heidelberg: Springer.
Damiani, E., De Capitani, S., di Vimercati, S., Jajodia, S., Paraboschi, S., & Samarati, P. (2003). Balancing confidentiality and efficiency in untrusted relational DBMSs. In: CCS03 proceeding of the 10th ACM conference on computer and communications security, Washington, DC, USA, October 2003. New York: ACM Press.
Hacigümüs, H., Iyer, B., & Mehrotra, S. (2002). Providing database as a service. In ICDE’02 proceedings of the 18th international conference on data engineering, San Jose, California, USA. Los Alamitos, California: IEEE Computer Society.
Lowe, D. (1999). Object recognition from local scale-invariant features. In International conference on computer vision and pattern recognition (pp. 1150–1157).
Lowe, D. (2004). Distinctive image features from scale-invariant keypoints. International Journal of Computer Vision, 60(2), 91–110.
Lowe, D. (2001). Local feature view clustering for 3d object recognition. In IEEE conference on computer vision and pattern recognition (pp. 682–688).
Bicego, M., Lagorio, A., Grosso, E., & Tistarelli, M. (2006). On the use of SIFT features for face authentication. In CVPRW'06 Conference on computer vision and pattern recognition workshop (pp. 35–35). IEEE.
Ke, Y., & Sukthankar, R. (2004). PCA-SIFT: A more distinctive representation for local image descriptors. In IEEE conference on computer vision and pattern recognition.
Heusch, G., Rodriguez, Y., & Marcel, S. (2005). Local binary patterns as an image preprocessing for face authentication. IDIAP-RR 76, IDIAP.
Zhang, G., Huang, X., Li, S., Wang, Y., & Wu, X. (2004). Boosting local binary pattern (lbp)-based face recognition. In L. 3338, SINOBIOMETRICS (pp. 179–186). Springer.
Fierrez, J., Galbally, J., Ortega-Garcia, J., et al. (2010). BiosecurID: A multimodal biometric database. Pattern Analysis and Applications, 13, 235.
Placek, M., & Buyya, R. (2006). The University of Melbourne, a taxonomy of distributed storage systems. Reporte Técnico, Universidad de Melbourne, Laboratorio de Sistemas Distribuidos y Cómputo Grid.
Assunção, M. D., Calheiros, R. N., Bianchi, S., Netto, M. A., & Buyya, R. (2015). Big Data computing and clouds: Trends and future directions. Journal of Parallel and Distributed Computing, 79, 3–15.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this chapter
Cite this chapter
Masala, G.L., Ruiu, P., Grosso, E. (2018). Biometric Authentication and Data Security in Cloud Computing. In: Daimi, K. (eds) Computer and Network Security Essentials. Springer, Cham. https://doi.org/10.1007/978-3-319-58424-9_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-58424-9_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-58423-2
Online ISBN: 978-3-319-58424-9
eBook Packages: EngineeringEngineering (R0)