| 總結: | Together with the fast growth of networks and mobile devices, cloud computing has
become one of the top technologies that everyone has been talking about in the last
decade. At the same time, it has become one of the most attractive and effective business
solutions for many companies worldwide. Organizations are gradually migrating their
employees’ data into the cloud environments, due to flexibility and cost efficiency which
the cloud systems offer. However, as organization are moving their data and employees’
information into the cloud, it has become a great challenge to design a secure cloud
system, as it strongly lies on the chosen authentication, as it is the one which provides
authenticity and confidentially respectively. Due to virtualization and multi-tenancy of
the cloud systems, the complexity of security issues has even increased compared to
traditional data centers, and in many instances user accounts have been compromised. As
a result of these incidents in recent years, there is a growing lack of trust in cloud
infrastructures. This thesis present research on cloud security challenges and how they
can be addressed by enhancing the current authentication mechanism. Security
requirements of SaaS environments differs from traditional data centers. To address a
specific cloud security challenges, an enhanced authentication method is developed
during this research work. Motivated by a number of security experts in cloud computing,
we proposed an innovative solution of authentication for cloud web-based applications.
We aim to improve on passwords with respect to both usability as well as security. It uses
an enhanced encryption algorithm, and the data is stored securely in the cloud systems.
The proposed authentication method, uses an enhanced method where the credentials are
encrypted through an algorithm. As a result, the user’s information is more secured, and
the risk of compromised accounts is less, compared with two factor authentication. We
have developed a cloud-based application that adapts the enhanced authentication
method, and its security measurement were evaluated using IBM Application Security on
Cloud tool. Results of different security testings are then compared to validate the
effectiveness of the proposed authentication method.
|
|---|
