FORTIYING CLOUD SECURITY BY A NOVEL AUTHENTICATION MECHANISM FOR SAFEGUARDING USER DATA IN PUBLIC CLOUD ENVIRONMENTS

Paper ID: EIJTEM_2025_12_3_17-27

Author's Name: Manas Ranjan, Pawan Kumar

Volume: 12

Issue: 3

Year: 2025

Page No: 17-27

Abstract:

In the era of widespread cloud adoption, public cloud environments are increasingly targeted by cyber threats due to their shared and remotely accessible infrastructure. Ensuring secure and reliable user authentication is paramount to mitigating risks such as unauthorized access, data breaches, and identity theft. This paper introduces a novel authentication mechanism designed to fortify cloud security by combining multi-factor authentication (MFA) with adaptive, context-aware security protocols. The proposed framework integrates biometric validation, user behavior analytics, and dynamic risk scoring to assess real-time threats and respond with appropriate authentication challenges. Furthermore, it incorporates cryptographic tokenization and session integrity verification to enhance data protection during user interactions with cloud services. Experimental results and comparative analysis demonstrate the superiority of this approach in minimizing authentication failures, improving detection accuracy, and thwarting advanced attacks such as man-in-the-middle (MITM), replay, and phishing attacks. This research provides a scalable, intelligent, and user-centric solution to bolster trust and security in public cloud ecosystems.

Keywords: Cloud Security, Public Cloud, User Authentication, Multi-Factor Authentication (MFA), Biometric Security, Behavioral Analytics, Risk-Based Access Control, Data Protection, Cyber Threat Mitigation, Adaptive Authentication

References:

1. Alasmary, W., Alhaidari, F., & Elleithy, K. (2020). A survey of biometric authentication on IoT and cloud. Sensors, 20(21), 6251. https://doi.org/10.3390/s20216251
2. Almuairfi, S., Veeraraghavan, P., & Chilamkurti, N. (2012). A novel cloud trust and security management framework with feedback mechanism. Procedia Computer Science, 10, 1042–1049. https://doi.org/10.1016/j.procs.2012.06.146
3. Arfaoui, G., Rannen, R., & Ghariani, H. (2019). Secure authentication scheme for cloud computing based on multi-factor authentication and reputation. Journal of Information Security and Applications, 48, 102367. https://doi.org/10.1016/j.jisa.2019.102367
4. Avasarala, R. (2020). Securing public cloud: Challenges and best practices. International Journal of Cloud Computing, 9(3), 225–243.
5. Bhowmick, S., & Roy, S. (2019). A hybrid user authentication model for cloud computing. Procedia Computer Science, 165, 701–708. https://doi.org/10.1016/j.procs.2020.01.028
6. Bonneau, J., Herley, C., van Oorschot, P. C., & Stajano, F. (2012). The quest to replace passwords: A framework for comparative evaluation of Web authentication schemes. IEEE Symposium on Security and Privacy, 553–567. https://doi.org/10.1109/SP.2012.44
7. Choudhury, O., & Kumar, S. (2016). A novel two-factor authentication scheme using fingerprint and OTP. Procedia Computer Science, 78, 428–435.
8. Cloud Security Alliance. (2017). Security guidance for critical areas of focus in cloud computing v4.0. https://cloudsecurityalliance.org
9. Daryabar, F., Dehghantanha, A., & Choo, K.-K. R. (2016). Cloud security solutions: A review. Computer Law & Security Review, 32(3), 285–298.
10. Dlamini, M. T., Eloff, J. H. P., & Eloff, M. M. (2009). Information security: The moving target. Computers & Security, 28(3-4), 189–198. https://doi.org/10.1016/j.cose.2008.11.005
11. Echeverría, L., & Astudillo, C. (2019). Adaptive multi-factor authentication using machine learning. International Journal of Computer Applications, 975(8887), 11–19.
12. Giri, R., & Sahoo, G. (2017). Securing cloud authentication using an improved multifactor approach. International Journal of Cloud Applications and Computing (IJCAC), 7(1), 1–14. https://doi.org/10.4018/IJCAC.2017010101
13. Halpert, B. (2011). Auditing cloud computing: A security and privacy guide. Wiley.
14. Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal of Internet Services and Applications, 4(1), 5. https://doi.org/10.1186/1869-0238-4-5
15. Hu, V. C., Ferraiolo, D., & Kuhn, R. (2015). Assessment of access control systems. National Institute of Standards and Technology. https://doi.org/10.6028/NIST.IR.7316
16. Islam, S. H., & Khan, M. K. (2014). A robust and efficient password-authenticated key agreement scheme for cloud computing. Journal of Network and Computer Applications, 42, 135–143.
17. Jansen, W., & Grance, T. (2011). Guidelines on security and privacy in public cloud computing. NIST Special Publication 800-144.
18. Kaur, R., & Kaur, K. (2020). A comprehensive survey on authentication approaches in cloud computing. Journal of King Saud University–Computer and Information Sciences. https://doi.org/10.1016/j.jksuci.2020.07.002
19. Khan, A., & Tao, S. (2021). A context-aware, trust-based framework for user authentication in cloud computing. IEEE Access, 9, 112454–112465. https://doi.org/10.1109/ACCESS.2021.3104411
20. Li, W., & Ping, L. (2009). Trust model to enhance security and interoperability of cloud environment. IEEE International Conference on Cloud Computing, 69–79.
21. Liu, H., Zhang, H., & Zhang, M. (2020). A user behavior-based adaptive authentication scheme in cloud environments. IEEE Transactions on Cloud Computing, 10(2), 789–802.
22. Modi, C., Patel, D., Borisaniya, B., Patel, H., & Rajarajan, M. (2013). A survey of intrusion detection techniques in cloud. Journal of Network and Computer Applications, 36(1), 42–57.
23. NIST. (2017). Digital Identity Guidelines (SP 800-63-3). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-63-3
24. Sahi, A., Lai, D., Li, Y., & Deng, J. (2017). Brand-independent phishing detection based on heuristic visual similarity assessment. IEEE Access, 5, 8960–8974. https://doi.org/10.1109/ACCESS.2017.2708756
25. Wang, C., Wang, Q., Ren, K., Lou, W., & Li, J. (2010). Toward secure and dependable storage services in cloud computing. IEEE Transactions on Services Computing, 5(2), 220–232. https://doi.org/10.1109/TSC.2011.24

View PDF