Providing User Security Guarantees in Public Infrastructure Clouds

The infrastructure cloud (IaaS) service model offers improved resource flexibility and availability, where tenants - insulated from the minutiae of hardware maintenance - rent computing resources to deploy and operate complex systems. Large-scale services running on IaaS platforms demonstrate the viability of this model; nevertheless, many organizations operating on sensitive data avoid migrating operations to IaaS platforms due to security concerns. In this paper, we describe a framework for data and operation security in IaaS, consisting of protocols for a trusted launch of virtual machines and domain-based storage protection. We continue with an extensive theoretical analysis with proofs about protocol resistance against attacks in the defined threat model. The protocols allow trust to be established by remotely attesting host platform configuration prior to launching guest virtual machines and ensure confidentiality of data in remote storage, with encryption keys maintained outside of the IaaS domain. Presented experimental results demonstrate the validity and efficiency of the proposed protocols. The framework prototype was implemented on a test bed operating a public electronic health record system, showing that the proposed protocols can be integrated into existing cloud environments.

Hybrid authentication systems: towards robust user authentication on wireless and mobile devices using biometric technologies

Adequate user authentication is a persistent problem, particularly with mobile devices, which tend to be highly personal and at the fringes of an organisation's influence. Yet these devices are being used increasingly in various business settings, where they pose a risk to security and privacy, not only from sensitive information they may contain, but also from the means they typically offer to access such information over wireless networks. User authentication is the first line of defence for a mobile device that falls into the hands of an unauthorised user. However, motivating users to enable simple password mechanisms and periodically update their authentication information is difficult at best. This paper examines some of the issues relating to the use of biometrics as a viable method of authentication on mobile wireless devices. It is also a critical analysis of some of the techniques currently employed and where appropriate, suggests novel hybrid ways in which they could be improved or modified. Both biometric technology and wireless setting based constraints that determine the feasibility and the performance of the authentication feature are specified. Some well known biometric technologies are briefly reviewed and their feasibility for wireless and mobile use is reviewed. Furthermore, a number of quantitative and qualitative parameters for evaluation are also presented. Biometric technologies are continuously advancing toward commercial implementation in wireless devices. When carefully designed and implemented, the advantage of biometric authentication arises mainly from increased convenience and coexistent improved security.