A secure authentication model for Cloud federation

摘要

The cloud computing is a revolutionary change in the IT field. One of Cloud Computing evolution is Cloud Federation. Thanks to this paradigm, cloud providers can federate themselves, in order to reduce costs and enlarge their capabilities, through cooperating together. However, some limitations have to be overcome firstly. One of the major requirement is a strong identity management solution. Using Cloud Federation, the customers can get services from several Cloud Service Providers belonging to the federation. In this context, Single Sign-On property can be adopted to verify identities of users without requiring them to be authenticated with each service provider separately. The advantage is that only one authentication is required to access all resources. However, if a password is hacked by a malicious person, he will have access to all services. Thus, authentication in Cloud federation is still a major research challenge that remains unsolved. This paper suggests a new authentication model to address authentication concerns in the Cloud federation context and support multi-domain clients in a multi-provider environment. It is based on Single Sign-on property combined with One Time Password mechanism to enhance security. The paper also shows how the proposed solution can be successfully applied to manage the authentication needed among clouds for the federation establishment and present some implementation details. The proposed architecture offers significant advantages like the easy to use and strong security.