ABSTRACT
Cloud computing is a natural fit for mobile security. Typical handsets have input constraints and practical computational and power limitations, which must be respected by mobile security technologies in order to be effective. We describe how cloud computing can address these issues. Our approach is based on a flexible framework for supporting authentication decisions we call TrustCube (to manage the authentication infrastructure) and on a behavioral authentication approach referred to as implicit authentication (to translate user behavior into authentication scores). The combination results in a new authentication paradigm for users of mobile technologies, one where an appropriate balance between usability and trust can be managed through flexible policies and dynamic tuning.
- }}Amazon Elastic Compute Cloud (Amazon EC2). On the Web at http://aws.amazon.com/ec2/.Google Scholar
- }}Android. On the Web at http://www.android.com/.Google Scholar
- }}Entrust IdentityGuard. On the Web at http://www.entrust.com/strong-authentication/identityguard/index.htm.Google Scholar
- }}Google App Engine. On the Web at http://code.google.com/appengine.Google Scholar
- }}List of countries by number of mobile phones in use. On the Web at http://en.wikipedia.org/wiki/List_of_ countries_by_number_of_mobile_phones_in_use.Google Scholar
- }}OpenID. On the Web at http://openid.net.Google Scholar
- }}RSA Adaptive Authentication. On the Web at http://www.rsa.com/node.aspx?id=3018.Google Scholar
- }}SecurID. On the Web at http://en.wikipedia.org/wiki/SecurID.Google Scholar
- }}The 41st Parameter. On the Web at http://www.the41st.com/.Google Scholar
- }}Trusted Computing Group. On the Web at http://www.trustedcomputinggroup.org/.Google Scholar
- }}Trusted Network Connect. On the Web at http://www.trustedcomputinggroup.org/ developers/trusted_network_connect/.Google Scholar
- }}R. Greenstadt and J. Beal. Cognitive security for personal devices. In The First ACM Workshop on AISec, 2008. Google ScholarDigital Library
- }}M. Jakobsson, E. Shi, P. Golle, and R. Chow. Implicit Authentication for Mobile Devices. In HotSec '09: Proceedings of the 4th USENIX Workshop on Hot Topics in Security, 2009. Google ScholarDigital Library
- }}A. Juels, M. Jakobsson, and T. N. Jagatic. Cache cookies for browser authentication. In Proceedings of the 2006 IEEE Symposium on Security and Privacy, 2006. Google ScholarDigital Library
- }}Y. Niu, E. Shi, R. Chow, P. Golle, and M. Jakobsson. One experience collecting sensitive mobile data. In USER Workshop of SOUPS, 2010.Google Scholar
- }}J. Oberheide, E. Cooke, and F. Jahanian. CloudAV: N-Version Antivirus in the Network Cloud. In Proceedings of the 17th USENIX Security Symposium (Security), 2008. Google ScholarDigital Library
- }}E. Shi, Y. Niu, M. Jakobsson, and R. Chow. Implicit authentication through learning user behavior. In Information Security Conference (ISC), 2010. Google ScholarDigital Library
- }}Z. Song, J. Molina, S. Lee, H. Lee, S. Kotani, and R. Masuoka. Trustcube: An infrastructure that builds trust in client. In Future of Trust in Computing, Proceedings of the First International Conference, 2009.Google Scholar
Index Terms
- Authentication in the clouds: a framework and its application to mobile users
Recommendations
Simultaneous authentication and secrecy in identity-based data upload to cloud
Most existing works to secure cloud devote to remote integrity check, search and computing on encrypted data. In this paper, we deal with simultaneous authentication and secrecy when data are uploaded to cloud. Observing that cloud is most interesting ...
A privacy preserving three-factor authentication protocol for e-Health clouds
E-Health clouds are gaining increasing popularity by facilitating the storage and sharing of big data in healthcare. However, such an adoption also brings about a series of challenges, especially, how to ensure the security and privacy of highly ...
A non-interactive deniable authentication scheme based on designated verifier proofs
A deniable authentication protocol enables a receiver to identify the source of the given messages but unable to prove to a third party the identity of the sender. In recent years, several non-interactive deniable authentication schemes have been ...
Comments