A SECURE IDENTITY AND ACCESS MANAGEMENT FRAMEWORK IN CLOUD ENVIRONMENT BASED ON DUAL-FACTOR AUTHENTICATION

Assuring secure as well as user-convenient access to services and/or resources provided by cloud service providers is a crucial requirement for the widespread acceptance of cloud-based services. As a result, several Identity and Access Management (IAM) mechanisms have been proposed to address security and privacy issues inherent in cloud environments. A typical IAM mechanism mainly depends on a trusted third-party service, typically provided by an identity provider (IdP) server, to authenticate users before granting them access to services and/or resources provided by the cloud servers. These mechanisms, however, suffer from the lack of trust between the identity provider and cloud service provider. A fake identity provider can counterfeit access to cloud resources to disclose services using the user’s identity without his/her consent. This paper presents a dual-factor-based IAM framework that alleviates such security concerns. In the proposed framework, the user’s identity is verified by authenticating his/her credentials of the identity provider and by authenticating his/her iris biometric data by a directory server. The Bio Encoding Iris template protection scheme is employed to protect iris templates stored in the directory server. Experimental results on the typical iris dataset, CASIA-IrisV3-Interval, demonstrate the suitability of the iris biometric for the realization of the proposed IAM framework.