Abstract
Strong authentication and encryption schemes help cloud stakeholders in performing the robust and accurate cloud auditing of a potential service provider. All security-related issues and challenges, therefore, need to be addressed before a ubiquitous adoption of cloud computing. In this chapter, the authors provide an overview of existing biometrics-based security technologies and discuss some of the open research issues that need to be addressed for making biometric technology an effective tool for cloud computing security. Finally, this chapter provides a performance analysis on the use of large-scale biometrics-based authentication systems for different cloud computing platforms.
TopProblem Identification
There are many concerns associated with cloud computing (Almorsy, Grundy & Ibrahim, 2011). One of the major issues is that the cloud users are not familiar with what the cloud actually is, leaving them making irrational decisions when choosing a service provider. Because the cloud is fairly new, there are several vulnerabilities and faults associated with the system. Large amounts of sensitive data, from PIN numbers to passwords, are submitted across the cloud. Therefore, there must be a solution to increase the security for cloud computing while minimizing the number of vulnerabilities and threats that the cloud currently faces (Hutchings, Smith & James 2013).
Key Terms in this Chapter
Template: The original biometric that the input is tested against.
Physiological Biometric Identification: Is a measured factor that represents a living characteristic that cannot be altered or change.
Rogue Administrator: Hired by a cloud provider; the administrators have access to sensitive information; they abuse their privileges, and cause a loss of confidentiality and integrity in the organization.
Behavioral Biometric Identification: Is created based upon the action(s) of a user. Examples include signature, voice recognition, and keystroke measurement.
Insider Threat: An individual that is a current employee or contractor that misuses their authorization to gain access to important information or data.
Malicious Insiders: Malicious insiders can be current or former employees, contractors or business partners that gains access to an organizations network, system or data and release this information without permission by the organization.
Service Traffic Hijacking: An attacker gains access to the users’ credentials, the hacker can eavesdrop on the users’ activities and transactions, manipulate data, return falsified information, and redirect users’ clients to illegitimate sites.
Outsider Threat: Is someone that does not have authorized access to the organization.
Biometrics: Biometrics is a system of verification that uses biological identification for access. Some examples include fingerprint scan, retinal scan, facial recognition, or signature.
Denial-of-Service Attacks: DoS attack cannot wipe out an entire cloud computing system it can cause the system to slow down that will cause the host providers to take it down themselves.
Cloud Computing: An infrastructure that uses a network of remote servers hosted on the Internet to store, manage, and process data rather than store it on a local server or personal computer.
Data Breaches: Identified as an intentional or unintentional release of secure information to an untrusted environment.