Biometrics to Secure Cloud Communication and Applications

Organizations implementing cloud solutions have gained many benefits over the past several years. Cloud solutions provide several advantages such as mobility, flexibility and costs savings. Therefore, it is expected that the number of cloud users will grow rapidly in the next few years. Cloud computing allows dynamically scalable online resources to be provisioned over the internet cheaply as a service. Along with the many benefits that cloud computing offers the security challenges that it poses are equally striking. The two fundamental functions for secure cloud management are identity management and access control.

In cloud computing, the current approaches for user authentication are based on credentials that are submitted by the user. These credentials include passwords, tokens and digital certificates. However, these credentials are not completely secure and can unfortunately be stolen, accidentally revealed or just hard to remember. In view of the above, a biometric-based authentication protocol is best suited for the cloud environment to implement user authentication schemes. Moreover, the non-denial requirements of remote user authentication approach imply that it can be efficiently achieved using a biometrics-based method. One of the most popular and effective biometric approaches is fingerprint authentication scheme.

The most important benefit of mobile cloud computing is the capability to access data and applications at any time and from anywhere effortlessly and cost-effectively. Cloud computing is an emerging technology where users can access services based on their requirements without getting into the intricacies of knowing how the services are delivered or where they are hosted. The cloud environment is based on abstracting and providing various resources like computing power, network, storage and software remotely as services on the internet.

Current internet authentication approaches for most cases imply a username and password combination. But the biggest problem with this approach is that the existence of too many password account pairings for every individual user leads to either forgotten passwords or using the same combination for multiple sites. Protecting the remote data and applications from any illegitimate access still remains a primary security concern in mobile cloud computing. The main issue is along with the authorized users, the cloud provider can also access the data. The possibility of unauthorized access by third parties such as hackers also exists. Security issue is therefore a major area of research in mobile cloud computing.

Vulnerability of web applications to security breaches and hacker attacks is a huge concern as these applications involve both and enterprise and private customer information. For any web application development, protecting such assets is an important priority. The protection mechanism can involve various steps such as authentication and authorization, asset handling, activity logging and auditing. Though traditional mechanisms such as password management or encryption can be used to take care of this purpose, their effectiveness cannot be guaranteed.

Thus we see that although the adoption of cloud computing provides a lot of advantages in terms of flexibility, scalability and reliability; it also brings many new security challenges such as protection and privacy of personal data. Moreover, protection mechanisms such as encryption may not be suitable for mobile cloud computing users as encryption technology is a high workload process and requires high CPU processing power. Also, mobile devices have hardware limitations and may not be able to install and run applications that require extensive CPU processing and large memory. Therefore, the use of fingerprint recognition to authenticate mobile cloud computing not only protects the mobile cloud from unauthorized users but also improves the overall security.

The implementation of biometric technology to cloud signifies that the cloud services can be utilized through a web-based interface. This interface can either be a web browser or a mobile application. The basic layout of any biometric identification system remains same irrespective of the modality that is used.

This approach involves moving both the biometric database and the software part to the cloud. This will ensure appropriate technology scalability and sufficient amounts of storage. Moreover, a cloud based system has several other aspects such as real-time and parallel processing capabilities that make it further appealing. The widespread availability of mobile devices makes it accessible for many applications and services that rely on mobile clients. The existing generation of biometric systems offers many new possibilities for cloud computing security. Adopting biometrics in cloud computing and applications will help clients to ensure information security as well as provide a cost-effective security solution for the service providers.

The deployment of biometric technology to cloud computing offers many attractive possibilities that include smart spaces, access control applications, ambient intelligence environments etc. Mobile cloud-based biometrics is an emerging market trend fueled by factors such as flexibility and enhanced cost savings. This further adds to the number of mobile cloud users which is growing rapidly. A Bloomberg survey reveals that cloud computing is expected to earn around $ 270 billion in 2020.

The diagram shown below explains an authentication mechanism that uses fingerprint recognition to secure mobile cloud access and applications.

This authentication approach utilizes the camera of mobile phone to capture fingerprint images. The idea is to convert the fingertip image obtained by the mobile phone camera to a fingerprint image and extract the ridge structure from it to make it as similar as possible to the image obtained from a fingerprint sensor. Every time the user wants to access the cloud, he simply scans his fingerprint and logs in. The whole approach is hosted on cloud to derive maximum benefit as all processes and storage are there.

Initially, the user presents his fingertip to the sensor that captures the image and this is known as the enrollment phase. The fingerprint sample is pre-processed to obtain the extracted features and stored in a database which will later be used for comparison to verify the identity of the user. When a user wants to login to access applications on cloud, he provides his fingerprint to the sensor which captures the image and performs some pre-processing function to extract the features. Then a matching function performs a comparison between these extracted features and the features that were stored in the database during the enrollment phase. If the matching is successful, the user is accepted otherwise rejected.

The comparison between the extracted features and the features stored in the database results in a similarity score (S). It is explained below.

If S has a low value, it implies there is little similarity.

If S has a high value, it implies there is high similarity.

This similarity score (S) is then compared to a predefined threshold (T) based on which the final decision will be made.

If (S>T) then
The user is accepted
Else if (S<T) then
The user is rejected.

Biometrics infrastructure can be very quickly set up literally within a matter of few minutes. Biometric services can be provided as an on-demand service where it is possible to add or cancel components almost instantaneously. It is an affordable technology especially for the small and medium-sized businesses. Unlike traditional authentication systems, the costs involved in a biometric cloud-based infrastructure is mostly fixed. For example, password based systems require maintenance costs for resetting of forgotten or lost passwords.

It is highly scalable which implies that a biometric application can be cut back or expanded in just a matter of few minutes. The available resource pooling enables biometric databases to be scaled and can fit any array of applications ranging from a simple 1:1 to the most complex 1: N verification scenarios.

We have discussed in this article how biometric technology can be applied to cloud communication and applications to combat the security risks such as hacked passwords and data intrusion. The advantages that biometrics provides to cloud computing makes it a viable and positive solution for all entities involved in the process. The greatest advantage of implementing biometrics in cloud is that enterprise grade biometric based systems can now be made available for all kinds and types of businesses, not just a select few. It is expected that with the passage of time the application of biometric technology to cloud computing will be more widely accepted and rapidly implemented on a larger scale.