secure session control in education cloud using one time password (otp)

Download Secure Session Control in Education Cloud Using One Time Password (OTP)

Post on 06-May-2015

1.430 views

Category:

Education

2 download

Embed Size (px)

DESCRIPTION

An M.Phil. Dissertation

TRANSCRIPT

  • 1.SECURE SESSION CONTROL IN EDU-CLOUD USING OTP by S. EDEL JOSEPHINE RAJAKUMARI 12MCS107 2012-2013

2. CONTENTS Introduction Literature Review Security Issues and Solutions in Cloud Computing - A Survey Secure Session Control in Edu-Cloud using OTP Conclusion 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 2 3. OBJECTIVE The objective of the Dissertation is To Analyze the existing security issues in Cloud Computing To Develop a Secure Edu-Cloud Architecture To Provide a Secure Session Control for Edu-Cloud using OTP 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 3 4. DISSERTATION OVERVIEW Chapter 1- Introduction to Cloud Computing, E-Learning and Cloud based E-Learning Chapter 2- A review of related work previously done regarding this dissertation Chapter 3- An overview of existing security issues in Cloud Computing Chapter 4- Proposed architecture and a model Chapter 5- Conclusion with suggestions for future enhancements 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 4 5. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 5 6. INTRODUCTION Computing Computing is any goal-oriented activity requiring, benefiting from, or creating computers. For example, computing includes designing, developing and building hardware and software systems; processing, structuring, and managing various kinds of information; doing scientific research on and with computers; making computer systems behave intelligently; creating and using communications and entertainment media etc. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 6 7. INTRODUCTION Cloud Computing Cloud Computing is a subscription based service using which IT resources are delivered as services to users. Internet based computing Principle- Pay as you go 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 7 8. INTRODUCTION 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 8 Cloud Clients Web browser, mobile app, thin client, terminal emulator SaaS CRM, Email, virtual desktop, communication, games PaaS Execution runtime, database, web server, development tools IaaS Virtual machines, servers, storage, load balancers, network Infrastructure Platform Application Basic Cloud Services 9. INTRODUCTION Deployment Models Private Cloud Community Cloud Public Cloud Hybrid Cloud 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 9 10. E-LEARNING E-learning refers to the use of electronic media and Information and Communication Technologies (ICT) in education. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 10 11. E-LEARNING SOLUTIONS 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 11 E-Learning Asynchronous E-Learning Synchronous E-Learning Development and Management 12. CLOUD BASED E-LEARNING The goals and requirements of Cloud based E-Learning are: Location shifting Time shifting Interaction tools Learning management tools Courseware Cloud Infrastructure 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 12 13. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 13 14. LITERATURE REVIEW According to Nabendu Chaki et al. [Roh 11] In Cloud, virtual machines connected to the host system constantly to be monitored in a virtualized environment. A virtual machine monitor (VMM) can be placed in a virtual environment which will keep track of all the traffic flowing in and out of a virtual machine network. If any suspicious activity found, the corresponding virtual machine will be disconnected from the virtualized network. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 14 15. LITERATURE REVIEW According to Pankaj Arora et al. [Pan 12] Proposed Model SMI (Security Model for IaaS) Secure Configuration Policy (SCP) Secure Resources Management Policy (SRMP) Security Policy Monitoring and Auditing (SPMA) 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 15 16. LITERATURE REVIEW According to Sunil Sanka et al. [Sun 10] Modified Diffie-Hellman key exchange protocol for addressing data confidentiality, integrity and authentication issues. According to this protocol, a symmetric key is shared secretly between the Cloud Service Provider and the user. The D-H key exchange protocol is proposed for the users to access the outsourced data efficiently and securely from cloud service providers infrastructure. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 16 17. LITERATURE REVIEW According to Shahid Al Noor et al. [Sha 10] Cloud Central System Internal Architecture Two Sublayers Upper Sublayer Lower Sublayer 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 17 18. LITERATURE REVIEW According to Gunasekar Kumar et al. [Gun 11] Security measures for Cloud based E-Learning: SMS Security mechanism Biometric mechanism Security Token ACL mechanism 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 18 19. LITERATURE REVIEW According to M.Okuhara et al. [Mas 10] Security architectures based on access control, authentication and identity management, and security visualization. The results of the architectures are Logical separation of cloud service layers by virtualization presents in the same level of security as physical separation of computing environments. One time password provides a powerful authentication mechanism that precludes password leak. Dashboard and information-security services enable the users to visualize the efficiency and cost-effectiveness of information- security measures. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 19 20. LITERATURE REVIEW According to D.Kasi Viswanath et al. [Kas 12] Benefits of Cloud based E-Learning are: Lower costs Improved performance Instant software updates Improved document format compatibility Benefits for students Benefits for teachers. Cloud Computing challenges: Security Privacy Reliability Legal issues Open standard Compliance Freedom Long-term viability. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 20 21. LITERATURE REVIEW According to Paul Pocatilu [Pau 10] E-Learning systems usually require many hardware and software resources. There are many educational institutions that cannot afford such investments, and Cloud Computing is the best solution. E-learning systems can use benefit from Cloud Computing using: Infrastructure: use an e-learning solution on the provider's infrastructure Platform: use and develop an e-learning solution based on the provider's development interface Services: use the e-learning solution given by the provider. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 21 22. LITERATURE REVIEW According to A.P.Nirmala and Dr. R.Sridaran [Nir 12] A survey on Cloud Computing issues at design and implementation levels. At design level, architectural issues and platform related issues are discussed. At implementation level, business related issues and technical issues are discussed. The paper mainly focused on security and performance based issues in Cloud Computing. According to Danimir Mandic et al. [Dan] A preview of possible risks that Cloud Computing can bring to the area of E-Learning, with a preview of possible risk of intellectual property. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 22 23. LITERATURE REVIEW According to MD. Anwar Hossain Masud and Xiaodi Huang [Anw 12] Cloud based E-Learning Challenges: bandwidth security authentication management resource development role of teachers user data charging The proposed framework has an open structure, can interoperate with external content and social service (such as twitter, g-mail, YouTube, etc...) at the data level and it is subdivided into management subsystem and service subsystem. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 23 24. LITERATURE REVIEW According to Sanjeet Kumar Nayak et al. [San 12] A framework which provides mutual authentication and session key agreement in Cloud Computing environment. The scheme executes in three phases such as server initialization phase, registration phase, and authentication phase. The architecture satisfied the following security features: mutual authentication, session key agreement, password change, non-reply attack, identity management, and scalability. They assured that the proposed protocol can resist many popular attacks such as replay attack, password stolen attack, etc... 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 24 25. LITERATURE REVIEW According to Alok Kumar Vishwakarma and A. E. Narayanan [Alo 12] Introduced a service additionally with the basic Cloud services SaaS, PaaS, and IaaS which is called E-Learning as a Service (EaaS). Benefits of E-Learning: o Reduced cost of learning materials o Increased participation of academic institutes o Greater accessibility and better learning outcome o Flexibility Benefits of proposed scheme over existing methods: o cost reduction o smarter classroom o data portability o smart administration o innovation in research. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 25 26. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 26 27. SECURITY ISSUES AND SOLUTIONS IN CLOUD COMPUTING A SURVEY Threats in Cloud Computing Denial of Service (DoS) Distributed Denial of Service (DDoS) Side Channel Attack Authentication Attack Man-In-The-Middle (MITM) Attack SQL-Injection Attack Guest-Hopping Attack Packet Sniffing Country or Jurisdiction Multitenant Risks Malicious Insiders Vendor Lock-in Risk of the Cloud-based Provider Failing 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 27 28. SECURITY ISSUES AND SOLUTIONS IN CLOUD COMPUTING A SURVEY Security Concerns of Cloud Computing Residence of data Lack of Access Control Security of Data SLA Long-term Viability Data Breach Data Leakage Disaster Recovery 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 28 29. SECURITY ISSUES AND SOLUTIONS IN CLOUD COMPUTING A SURVEY Security Principles for Information Sec

Recommended

View more >