Visible to the public A Multi-token Authorization Strategy for Secure Mobile Cloud Computing

TitleA Multi-token Authorization Strategy for Secure Mobile Cloud Computing
Publication TypeConference Paper
Year of Publication2014
AuthorsAhmad, A., Hassan, M.M., Aziz, A.
Conference NameMobile Cloud Computing, Services, and Engineering (MobileCloud), 2014 2nd IEEE International Conference on
Date PublishedApril
KeywordsAccess Control, authorisation, Authorization, authorization architecture, cloud computing, cloud computing security, cloud resources, Computer hacking, computing models, credentials, data privacy, hacker, identity management system, identity management systems, IdM, malicious code, mathematical analysis, mathematical modeling, mobile cloud computing, Mobile communication, mobile computing, Modified Identity Management System, multitoken authorization strategy, oAuth, omnipresent mobile-based clients, Organizations, privacy, radio links, secure mobile cloud computing, Secure Mobile Computing, security, security of data, Servers, traffic interception, Trust, vulnerable wireless communication links

Cloud computing is an emerging paradigm shifting the shape of computing models from being a technology to a utility. However, security, privacy and trust are amongst the issues that can subvert the benefits and hence wide deployment of cloud computing. With the introduction of omnipresent mobile-based clients, the ubiquity of the model increases, suggesting a still higher integration in life. Nonetheless, the security issues rise to a higher degree as well. The constrained input methods for credentials and the vulnerable wireless communication links are among factors giving rise to serious security issues. To strengthen the access control of cloud resources, organizations now commonly acquire Identity Management Systems (IdM). This paper presents that the most popular IdM, namely OAuth, working in scope of Mobile Cloud Computing has many weaknesses in authorization architecture. In particular, authors find two major issues in current IdM. First, if the IdM System is compromised through malicious code, it allows a hacker to get authorization of all the protected resources hosted on a cloud. Second, all the communication links among client, cloud and IdM carries complete authorization token, that can allow hacker, through traffic interception at any communication link, an illegitimate access of protected resources. We also suggest a solution to the reported problems, and justify our arguments with experimentation and mathematical modeling.

Citation Key6834955