Visible to the public Biblio

Found 1314 results

Filters: Keyword is compositionality  [Clear All Filters]
2021-10-12
Gouk, Henry, Hospedales, Timothy M..  2020.  Optimising Network Architectures for Provable Adversarial Robustness. 2020 Sensor Signal Processing for Defence Conference (SSPD). :1–5.
Existing Lipschitz-based provable defences to adversarial examples only cover the L2 threat model. We introduce the first bound that makes use of Lipschitz continuity to provide a more general guarantee for threat models based on any Lp norm. Additionally, a new strategy is proposed for designing network architectures that exhibit superior provable adversarial robustness over conventional convolutional neural networks. Experiments are conducted to validate our theoretical contributions, show that the assumptions made during the design of our novel architecture hold in practice, and quantify the empirical robustness of several Lipschitz-based adversarial defence methods.
Dong, Sichen, Jiao, Jian, Li, Shuyu.  2020.  A Multiple-Replica Provable Data Possession Algorithm Based on Branch Authentication Tree. 2020 IEEE 11th International Conference on Software Engineering and Service Science (ICSESS). :400–404.
The following topics are dealt with: learning (artificial intelligence); neural nets; feature extraction; pattern classification; convolutional neural nets; computer network security; security of data; recurrent neural nets; data privacy; and cloud computing.
Muller, Tim, Wang, Dongxia, Sun, Jun.  2020.  Provably Robust Decisions based on Potentially Malicious Sources of Information. 2020 IEEE 33rd Computer Security Foundations Symposium (CSF). :411–424.
Sometimes a security-critical decision must be made using information provided by peers. Think of routing messages, user reports, sensor data, navigational information, blockchain updates. Attackers manifest as peers that strategically report fake information. Trust models use the provided information, and attempt to suggest the correct decision. A model that appears accurate by empirical evaluation of attacks may still be susceptible to manipulation. For a security-critical decision, it is important to take the entire attack space into account. Therefore, we define the property of robustness: the probability of deciding correctly, regardless of what information attackers provide. We introduce the notion of realisations of honesty, which allow us to bypass reasoning about specific feedback. We present two schemes that are optimally robust under the right assumptions. The “majority-rule” principle is a special case of the other scheme which is more general, named “most plausible realisations”.
El-Sobky, Mariam, Sarhan, Hisham, Abu-ElKheir, Mervat.  2020.  Security Assessment of the Contextual Multi-Armed Bandit - RL Algorithm for Link Adaptation. 2020 2nd Novel Intelligent and Leading Emerging Sciences Conference (NILES). :514–519.
Industry is increasingly adopting Reinforcement Learning algorithms (RL) in production without thoroughly analyzing their security features. In addition to the potential threats that may arise if the functionality of these algorithms is compromised while in operation. One of the well-known RL algorithms is the Contextual Multi-Armed Bandit (CMAB) algorithm. In this paper, we explore how the CMAB can be used to solve the Link Adaptation problem - a well-known problem in the telecommunication industry by learning the optimal transmission parameters that will maximize a communication link's throughput. We analyze the potential vulnerabilities of the algorithm and how they may adversely affect link parameters computation. Additionally, we present a provable security assessment for the Contextual Multi-Armed Bandit Reinforcement Learning (CMAB-RL) algorithm in a network simulated environment using Ray. This is by demonstrating CMAB security vulnerabilities theoretically and practically. Some security controls are proposed for CMAB agent and the surrounding environment. In order to fix those vulnerabilities and mitigate the risk. These controls can be applied to other RL agents in order to design more robust and secure RL agents.
Li, Xinyu, Xu, Jing, Zhang, Zhenfeng, Lan, Xiao, Wang, Yuchen.  2020.  Modular Security Analysis of OAuth 2.0 in the Three-Party Setting. 2020 IEEE European Symposium on Security and Privacy (EuroS P). :276–293.
OAuth 2.0 is one of the most widely used Internet protocols for authorization/single sign-on (SSO) and is also the foundation of the new SSO protocol OpenID Connect. Due to its complexity and its flexibility, it is difficult to comprehensively analyze the security of the OAuth 2.0 standard, yet it is critical to obtain practical security guarantees for OAuth 2.0. In this paper, we present the first computationally sound security analysis of OAuth 2.0. First, we introduce a new primitive, the three-party authenticated secret distribution (3P-ASD for short) protocol, which plays the role of issuing the secret and captures the token issue process of OAuth 2.0. As far as we know, this is the first attempt to formally abstract the authorization technology into a general primitive and then define its security. Then, we present a sufficiently rich three-party security model for OAuth protocols, covering all kinds of authorization flows, providing reasonably strong security guarantees and moreover capturing various web features. To confirm the soundness of our model, we also identify the known attacks against OAuth 2.0 in the model. Furthermore, we prove that two main modes of OAuth 2.0 can achieve our desired security by abstracting the token issue process into a 3P-ASD protocol. Our analysis is not only modular which can reflect the compositional nature of OAuth 2.0, but also fine-grained which can evaluate how the intermediate parameters affect the final security of OAuth 2.0.
Zhou, Yimin, Zhang, Kai.  2020.  DoS Vulnerability Verification of IPSec VPN. 2020 IEEE International Conference on Artificial Intelligence and Computer Applications (ICAICA). :698–702.
This paper analyzes the vulnerability in the process of key negotiation between the main mode and aggressive mode of IKEv1 protocol in IPSec VPN, and proposes a DOS attack method based on OSPF protocol adjacent route spoofing. The experiment verifies the insecurity of IPSec VPN using IKEv1 protocol. This attack method has the advantages of lower cost and easier operation compared with using botnet.
Vinarskii, Evgenii, Demakov, Alexey, Kamkin, Alexander, Yevtushenko, Nina.  2020.  Verifying cryptographic protocols by Tamarin Prover. 2020 Ivannikov Memorial Workshop (IVMEM). :69–75.
Cryptographic protocols are utilized for establishing a secure session between “honest” agents which communicate strictly according to the protocol rules as well as for ensuring the authenticated and confidential transmission of messages. The specification of a cryptographic protocol is usually presented as a set of requirements for the sequences of transmitted messages including the format of such messages. Note that protocol can describe several execution scenarios. All these requirements lead to a huge formal specification for a real cryptographic protocol and therefore, it is difficult to verify the security of the whole cryptographic protocol at once. In this paper, to overcome this problem, we suggest verifying the protocol security for its fragments. Namely, we verify the security properties for a special set of so-called traces of the cryptographic protocol. Intuitively, a trace of the cryptographic protocol is a sequence of computations, value checks, and transmissions on the sides of “honest” agents permitted by the protocol. In order to choose such set of traces, we introduce an Adversary model and the notion of a similarity relation for traces. We then verify the security properties of selected traces with Tamarin Prover. Experimental results for the EAP and Noise protocols clearly show that this approach can be promising for automatic verification of large protocols.
Hassan, Mehmood, Sultan, Aiman, Awan, Ali Afzal, Tahir, Shahzaib, Ihsan, Imran.  2020.  An Enhanced and Secure Multiserver-based User Authentication Protocol. 2020 International Conference on Cyber Warfare and Security (ICCWS). :1–6.
The extensive use of the internet and web-based applications spot the multiserver authentication as a significant component. The users can get their services after authenticating with the service provider by using similar registration records. Various protocol schemes are developed for multiserver authentication, but the existing schemes are not secure and often lead towards various vulnerabilities and different security issues. Recently, Zhao et al. put forward a proposal for smart card and user's password-based authentication protocol for the multiserver environment and showed that their proposed protocol is efficient and secure against various security attacks. This paper points out that Zhao et al.'s authentication scheme is susceptive to traceability as well as anonymity attacks. Thus, it is not feasible for the multiserver environment. Furthermore, in their scheme, it is observed that a user while authenticating does not send any information with any mention of specific server identity. Therefore, this paper proposes an enhanced, efficient and secure user authentication scheme for use in any multiserver environment. The formal security analysis and verification of the protocol is performed using state-of-the-art tool “ProVerif” yielding that the proposed scheme provides higher levels of security.
Kai, Wang, Wei, Li, Tao, Chen, Longmei, Nan.  2020.  Research on Secure JTAG Debugging Model Based on Schnorr Identity Authentication Protocol. 2020 IEEE 15th International Conference on Solid-State Integrated Circuit Technology (ICSICT). :1–3.
As a general interface for chip system testing and on-chip debugging, JTAG is facing serious security threats. By analyzing the typical JTAG attack model and security protection measures, this paper designs a secure JTAG debugging model based on Schnorr identity authentication protocol, and takes RISCV as an example to build a set of SoC prototype system to complete functional verification. Experiments show that this secure JTAG debugging model has high security, flexible implementation, and good portability. It can meet the JTAG security protection requirements in various application scenarios. The maximum clock frequency can reach 833MHZ, while the hardware overhead is only 47.93KGate.
Li, Yongjian, Cao, Taifeng, Jansen, David N., Pang, Jun, Wei, Xiaotao.  2020.  Accelerated Verification of Parametric Protocols with Decision Trees. 2020 IEEE 38th International Conference on Computer Design (ICCD). :397–404.
Within a framework for verifying parametric network protocols through induction, one needs to find invariants based on a protocol instance of a small number of nodes. In this paper, we propose a new approach to accelerate parameterized verification by adopting decision trees to represent the state space of a protocol instance. Such trees can be considered as a knowledge base that summarizes all behaviors of the protocol instance. With this knowledge base, we are able to efficiently construct an oracle to effectively assess candidates of invariants of the protocol, which are suggested by an invariant finder. With the discovered invariants, a formal proof for the correctness of the protocol can be derived in the framework after proper generalization. The effectiveness of our method is demonstrated by experiments with typical benchmarks.
He, Leifeng, Liu, Guanjun.  2020.  Petri Nets Based Verification of Epistemic Logic and Its Application on Protocols of Privacy and Security. 2020 IEEE World Congress on Services (SERVICES). :25–28.
Epistemic logic can specify many design requirements of privacy and security of multi-agent systems (MAS). The existing model checkers of epistemic logic use some programming languages to describe MAS, induce Kripke models as the behavioral representation of MAS, apply Ordered Binary Decision Diagrams (OBDD) to encode Kripke models to solve their state explosion problem and verify epistemic logic based on the encoded Kripke models. However, these programming languages are usually non-intuitive. More seriously, their OBDD-based model checking processes are often time-consuming due to their dynamic variable ordering for OBDD. Therefore, we define Knowledge-oriented Petri Nets (KPN) to intuitively describe MAS, induce similar reachability graphs as the behavioral representation of KPN, apply OBDD to encode all reachable states, and finally verify epistemic logic. Although we also use OBDD, we adopt a heuristic method for the computation of a static variable order instead of dynamic variable ordering. More importantly, while verifying an epistemic formula, we dynamically generate its needed similar relations, which makes our model checking process much more efficient. In this paper, we introduce our work.
Remlein, Piotr, Rogacki, Mikołaj, Stachowiak, Urszula.  2020.  Tamarin software – the tool for protocols verification security. 2020 Baltic URSI Symposium (URSI). :118–123.
In order to develop safety-reliable standards for IoT (Internet of Things) networks, appropriate tools for their verification are needed. Among them there is a group of tools based on automated symbolic analysis. Such a tool is Tamarin software. Its usage for creating formal proofs of security protocols correctness has been presented in this paper using the simple example of an exchange of messages with asynchronous encryption between two agents. This model can be used in sensor networks or IoT e.g. in TLS protocol to provide a mechanism for secure cryptographic key exchange.
Naveed, Sarah, Sultan, Aiman, Mansoor, Khwaja.  2020.  An Enhanced SIP Authentication Protocol for Preserving User Privacy. 2020 International Conference on Cyber Warfare and Security (ICCWS). :1–6.
Owing to the advancements in communication media and devices all over the globe, there has arisen a dire need for to limit the alarming number of attacks targeting these and to enhance their security. Multiple techniques have been incorporated in different researches and various protocols and schemes have been put forward to cater security issues of session initiation protocol (SIP). In 2008, Qiu et al. presented a proposal for SIP authentication which while effective than many existing schemes, was still found vulnerable to many security attacks. To overcome those issues, Zhang et al. proposed an authentication protocol. This paper presents the analysis of Zhang et al. authentication scheme and concludes that their proposed scheme is susceptible to user traceablity. It also presents an improved SIP authentication scheme that eliminates the possibility of traceability of user's activities. The proposed scheme is also verified by contemporary verification tool, ProVerif and it is found to be more secure, efficient and practical than many similar SIP authetication scheme.
2021-10-04
Masood, Raziqa, Pandey, Nitin, Rana, Q. P..  2020.  DHT-PDP: A Distributed Hash Table based Provable Data Possession Mechanism in Cloud Storage. 2020 8th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO). :275–279.
The popularity of cloud storage among data users is due to easy maintenance, and no initial infrastructure setup cost as compared to local storage. However, although the data users outsource their data to cloud storage (a third party) still, they concern about their physical data. To check whether the data stored in the cloud storage has been modified or not, public auditing of the data is required before its utilization. To audit over vast outsourced data, the availability of the auditor is an essential requirement as nowadays, data owners are using mobile devices. But unfortunately, a single auditor leads to a single point of failure and inefficient to preserve the security and correctness of outsourced data. So, we introduce a distributed public auditing scheme which is based on peer-to-peer (P2P) architecture. In this work, the auditors are organized using a distributed hash table (DHT) mechanism and audit the outsourced data with the help of a published hashed key of the data. The computation and communication overhead of our proposed scheme is compared with the existing schemes, and it found to be an effective solution for public auditing on outsourced data with no single point of failure.
2021-09-21
Ilavendhan, A., Saruladha, K..  2020.  Comparative Analysis of Various Approaches for DoS Attack Detection in VANETs. 2020 International Conference on Electronics and Sustainable Communication Systems (ICESC). :821–825.
VANET plays a vital role to optimize the journey between source and destination in the growth of smart cities worldwide. The crucial information shared between vehicles is concerned primarily with safety. VANET is a MANET sub-class network that provides a free movement and communication between the RSU and vehicles. The self organized with high mobility in VANET makes any vehicle can transmit malicious messages to some other vehicle in the network. In the defense horizon of VANETs this is a matter of concern. It is the duty of RSU to ensure the safe transmission of sensitive information across the Network to each node. For this, network access exists as the key safety prerequisite, and several risks or attacks can be experienced. The VANETs is vulnerable to a range of security attacks including masquerading, selfish node attack, Sybil attack etc. One of the main threats to network access is this Denial of Service attack. The most important research in the literature on the prevention of Denial of Service Attack in VANETs was explored in this paper. The limitations of each reviewed paper are also presented and Game theory based security model is defined in this paper.
Taranum, Fahmina, Sarvat, Ayesha, Ali, Nooria, Siddiqui, Shamekh.  2020.  Detection and Prevention of Blackhole Node. 2020 4th International Conference on Electronics, Materials Engineering Nano-Technology (IEMENTech). :1–7.
Mobile Adhoc networks (MANETs) comprises of mobile devices or nodes that are connected wirelessly and have no infrastructure. Detecting malicious activities in MANETs is a challenging task as they are vulnerable to attacks where the performance of the entire network degrades. Hence it is necessary to provide security to the network so that the nodes are prone to attack. Selecting a good routing protocol in MANET is also important as frequent change of topology causes the route reply to not arrive at the source node. In this paper, R-AODV (Reverse Adhoc On-Demand Distance Vector) protocol along with ECC (Elliptic Key Cryptography) algorithm is designed and implemented to detect and to prevent the malicious node and to secure data transmission against blackhole attack. The main objective is to keep the data packets secure. ECC provides a smaller key size compared to other public-key encryption and eliminates the requirement of pre-distributed keys also makes the path more secure against blackhole attacks in a MANET. The performance of this proposed system is simulated by using the NS-2.35 network simulator. Simulation results show that the proposed protocol provides good experimental results on various metrics like throughput, end-to-end delay, and PDR. Analysis of the results points to an improvement in the overall network performance.
Narayana, V.Lakshman, Midhunchakkaravarthy, Divya.  2020.  A Time Interval Based Blockchain Model for Detection of Malicious Nodes in MANET Using Network Block Monitoring Node. 2020 Second International Conference on Inventive Research in Computing Applications (ICIRCA). :852–857.
Mobile Ad Hoc Networks (MANETs) are infrastructure-less networks that are mainly used for establishing communication during the situation where wired network fails. Security related information collection is a fundamental part of the identification of attacks in Mobile Ad Hoc Networks (MANETs). A node should find accessible routes to remaining nodes for information assortment and gather security related information during route discovery for choosing secured routes. During data communication, malicious nodes enter the network and cause disturbances during data transmission and reduce the performance of the system. In this manuscript, a Time Interval Based Blockchain Model (TIBBM) for security related information assortment that identifies malicious nodes in the MANET is proposed. The proposed model builds the Blockchain information structure which is utilized to distinguish malicious nodes at specified time intervals. To perform a malicious node identification process, a Network Block Monitoring Node (NBMN) is selected after route selection and this node will monitor the blocks created by the nodes in the routing table. At long last, NBMN node understands the location of malicious nodes by utilizing the Blocks created. The proposed model is compared with the traditional malicious node identification model and the results show that the proposed model exhibits better performance in malicious node detection.
Bhawsar, Aditya, Pandey, Yogadhar, Singh, Upendra.  2020.  Detection and Prevention of Wormhole Attack Using the Trust-Based Routing System. 2020 International Conference on Electronics and Sustainable Communication Systems (ICESC). :809–814.
As the configuration used for the Mobile Ad hoc Networks (MANET) does not have a fixed infrastructure as well, the mechanism varies for each MANET. The finding of the route in this mechanism also varies because it does not have any fixed path route for routing as well every node in this structure behaves like a base station. MANET has such freedom for its creation, so it also faces various types of attacks on it. Some of the attacks are a black hole, warm hole etc. The researchers have provided various methods to prevent warm hole attacks, as the warm hole attack is seen as difficult to prevent. So here a mechanism is proposed to detect and prevent the warm hole attack using the AODV protocol which is based on trust calculation. In our method, the multiple path selection is used for finding the best path for routing. The path is tested for the warm hole attack, as the node is detected the data packet sent in between the source and destination selects the path from the multi-paths available and the packet delivery is improved. The packet delivery ratio (PDR) is calculated for the proposed mechanism, and the results have improved the PDR by 71.25%, throughput by 74.09 kbps, and the E to E delay is decreased by 57.92ms for the network of 125 nodes.
Vaseer, Gurveen.  2020.  Multi-Attack Detection Using Forensics and Neural Network Based Prevention for Secure MANETs. 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT). :1–6.
This paper presents Forensic methods for detection and prevention of multiple attacks along with neural networks like Denial-of-Service (DoS), probe, vampire, and User-to-Root (U2R) attacks, in a Mobile Ad hoc Network (MANET). We accomplish attacker(s) detection and prevention percentage upto 99% in varied node density scenarios 50/100/150.
Azhari, Budi, Yazid, Edwar, Devi, Merry Indahsari.  2020.  Dynamic Inductance Simulation of a Linear Permanent Magnet Generator Under Different Magnet Configurations. 2020 International Conference on Sustainable Energy Engineering and Application (ICSEEA). :1–8.
Recently, some innovations have been applied to the linear permanent magnet generator (LPMG). They are including the introduction of high-remanence rare-earth magnets and the use of different magnet configurations. However, these actions also affect the flow and distribution of the magnetic flux. Under the load condition, the load current will also generate reverse flux. The flux resultant then affects the coil parameters; the significant one is the coil inductance. Since it is influential to the output voltage and output power profiles, the impact study of the permanent magnet settings under load condition is essential. Hence this paper presents the inductance profile study of the LMPG with different magnet configurations. After presenting the initial designs, several magnet settings including the material and configuration were varied. Finite element magnetic simulation and analytical calculations were then performed to obtain the inductance profile of the LPMG. The results show that the inductance value varies with change in load current and magnet position. The different magnet materials (SmCo 30 and N35) do not significantly affect the inductance. Meanwhile, different magnet configuration (radial, axial, halbach) results in different inductance trends.
Wang, Yuzheng, Jimenez, Beatriz Y., Arnold, David P..  2020.  \$100-\textbackslashtextbackslashmu\textbackslashtextbackslashmathrmm\$-Thick High-Energy-Density Electroplated CoPt Permanent Magnets. 2020 IEEE 33rd International Conference on Micro Electro Mechanical Systems (MEMS). :558–561.
This paper reports electroplated CoPt permanent magnets samples yielding thicknesses up to 100 μm, deposition rates up to 35 μm/h, coercivities up to 1000 kA/m (1.25 T), remanences up to 0.8 T, and energy products up to 77 kJ/m3. The impact of electroplating bath temperature and glycine additives are systematically studied. Compared to prior work, these microfabricated magnets not only exhibit up to 10X increase in thickness without sacrificing magnetic performance, but also improve the areal magnetic energy density by 2X. Using a thick removeable SU-8 mold, these high-performing thick-film magnets are intended for magnetic microactuators, magnetic field sensors, energy conversion devices, and more.
Wang, Meng, Zhao, Shengsheng, Zhang, Xiaolong, Huang, Changwei, Zhu, Yi.  2020.  Effect of La addition on structural, magnetic and optical properties of multiferroic YFeO3 nanopowders fabricated by low-temperature solid-state reaction method. 2020 6th International Conference on Mechanical Engineering and Automation Science (ICMEAS). :242–246.
Nanosize multiferroic La-doped YFeO3 powders are harvested via a low-temperature solid-state reaction method. X-ray diffraction (XRD), scanning electron microscopy (SEM) and Raman spectra analysis reveal that with La addition, YFeO3 powders are successfully fabricated at a lower temperature with the size below 60 nm, and a refined structure is obtained. Magnetic hysteresis loop illustrates ferromagnetic behavior of YFeO3 nano particles can be enhanced with La addition. The maximum and remnant magnetization of the powders are about 4.03 and 1.22 emu/g, respectively. It is shown that the optical band gap is around 2.25 eV, proving that La doped YFeO3 nano particles can strongly absorb visible light. Both magnetic and optical properties are greatly enhanced with La addition, proving its potential application in magnetic and optical field.
2021-09-16
Astakhova, Liudmila, Medvedev, Ivan.  2020.  The Software Application for Increasing the Awareness of Industrial Enterprise Workers on Information Security of Significant Objects of Critical Information Infrastructure. 2020 Global Smart Industry Conference (GloSIC). :121–126.
Digitalization of production and management as the imperatives of Industry 4.0 stipulated the requirements of state regulators for informing and training personnel of a significant object of critical information infrastructure. However, the attention of industrial enterprises to this problem is assessed as insufficient. This determines the relevance and purpose of this article - to develop a methodology and tool for raising the awareness of workers of an industrial enterprise about information security (IS) of significant objects of critical information infrastructure. The article reveals the features of training at industrial enterprises associated with a high level of development of safety and labor protection systems. Traditional and innovative methods and means of training personnel at the workplace within the framework of these systems and their opportunities for training in the field of information security are shown. The specificity of the content and forms of training employees on the security of critical information infrastructure has been substantiated. The scientific novelty of the study consists in the development of methods and software applications that can perform the functions of identifying personal qualities of employees; testing the input level of their knowledge in the field of IS; testing for knowledge of IS rules (by the example of a response to socio-engineering attacks); planning an individual thematic plan for employee training; automatic creation of a modular program and its content; automatic notification of the employee about the training schedule at the workplace; organization of training according to the schedule; control self-testing and testing the level of knowledge of the employee after training; organizing a survey to determine satisfaction with employee training. The practical significance of the work lies in the possibility of implementing the developed software application in industrial enterprises, which is confirmed by the successful results of its testing.
Grusho, A., Nikolaev, A., Piskovski, V., Sentchilo, V., Timonina, E..  2020.  Endpoint Cloud Terminal as an Approach to Secure the Use of an Enterprise Private Cloud. 2020 International Scientific and Technical Conference Modern Computer Network Technologies (MoNeTeC). :1–4.
Practical activities usually require the ability to simultaneously work with internal, distributed information resources and access to the Internet. The need to solve this problem necessitates the use of appropriate administrative and technical methods to protect information. Such methods relate to the idea of domain isolation. This paper considers the principles of implementation and properties of an "Endpoint Cloud Terminal" that is general-purpose software tool with built-in security instruments. This apparatus solves the problem by combining an arbitrary number of isolated and independent workplaces on one hardware unit, a personal computer.
Patel, Ashok R.  2020.  Biometrics Based Access Framework for Secure Cloud Computing. 2020 International Conference on Computational Science and Computational Intelligence (CSCI). :1318–1321.
This paper is focused on the topic of the use of biometrics framework and strategy for secure access identity management of cloud computing services. This paper present's a description of cloud computing security issues and explored a review of previous works that represented various ideas for a cloud access framework. This paper discusses threats like a malicious insider, data breaches, and describes ways to protect them. It describes an innovative way portrayed a framework that fingerprint access-based authentication to protect Cloud services from unauthorized access and DOS, DDoS attacks. This biometrics-based framework as an extra layer of protection, added then it can be robust to prevent unauthorized access to cloud services.