1.SECURE SESSION CONTROL IN EDU-CLOUD USING OTP by S. EDEL JOSEPHINE RAJAKUMARI 12MCS107 2012-2013

2. CONTENTS Introduction Literature Review Security Issues and Solutions in Cloud Computing - A Survey Secure Session Control in Edu-Cloud using OTP Conclusion 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 2 3. OBJECTIVE The objective of the Dissertation is To Analyze the existing security issues in Cloud Computing To Develop a Secure Edu-Cloud Architecture To Provide a Secure Session Control for Edu-Cloud using OTP 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 3 4. DISSERTATION OVERVIEW Chapter 1- Introduction to Cloud Computing, E-Learning and Cloud based E-Learning Chapter 2- A review of related work previously done regarding this dissertation Chapter 3- An overview of existing security issues in Cloud Computing Chapter 4- Proposed architecture and a model Chapter 5- Conclusion with suggestions for future enhancements 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 4 5. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 5 6. INTRODUCTION Computing Computing is any goal-oriented activity requiring, benefiting from, or creating computers. For example, computing includes designing, developing and building hardware and software systems; processing, structuring, and managing various kinds of information; doing scientific research on and with computers; making computer systems behave intelligently; creating and using communications and entertainment media etc. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 6 7. INTRODUCTION Cloud Computing Cloud Computing is a subscription based service using which IT resources are delivered as services to users. Internet based computing Principle- Pay as you go 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 7 8. INTRODUCTION 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 8 Cloud Clients Web browser, mobile app, thin client, terminal emulator SaaS CRM, Email, virtual desktop, communication, games PaaS Execution runtime, database, web server, development tools IaaS Virtual machines, servers, storage, load balancers, network Infrastructure Platform Application Basic Cloud Services 9. INTRODUCTION Deployment Models Private Cloud Community Cloud Public Cloud Hybrid Cloud 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 9 10. E-LEARNING E-learning refers to the use of electronic media and Information and Communication Technologies (ICT) in education. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 10 11. E-LEARNING SOLUTIONS 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 11 E-Learning Asynchronous E-Learning Synchronous E-Learning Development and Management 12. CLOUD BASED E-LEARNING The goals and requirements of Cloud based E-Learning are: Location shifting Time shifting Interaction tools Learning management tools Courseware Cloud Infrastructure 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 12 13. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 13 14. LITERATURE REVIEW According to Nabendu Chaki et al. [Roh 11] In Cloud, virtual machines connected to the host system constantly to be monitored in a virtualized environment. A virtual machine monitor (VMM) can be placed in a virtual environment which will keep track of all the traffic flowing in and out of a virtual machine network. If any suspicious activity found, the corresponding virtual machine will be disconnected from the virtualized network. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 14 15. LITERATURE REVIEW According to Pankaj Arora et al. [Pan 12] Proposed Model SMI (Security Model for IaaS) Secure Configuration Policy (SCP) Secure Resources Management Policy (SRMP) Security Policy Monitoring and Auditing (SPMA) 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 15 16. LITERATURE REVIEW According to Sunil Sanka et al. [Sun 10] Modified Diffie-Hellman key exchange protocol for addressing data confidentiality, integrity and authentication issues. According to this protocol, a symmetric key is shared secretly between the Cloud Service Provider and the user. The D-H key exchange protocol is proposed for the users to access the outsourced data efficiently and securely from cloud service providers infrastructure. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 16 17. LITERATURE REVIEW According to Shahid Al Noor et al. [Sha 10] Cloud Central System Internal Architecture Two Sublayers Upper Sublayer Lower Sublayer 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 17 18. LITERATURE REVIEW According to Gunasekar Kumar et al. [Gun 11] Security measures for Cloud based E-Learning: SMS Security mechanism Biometric mechanism Security Token ACL mechanism 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 18 19. LITERATURE REVIEW According to M.Okuhara et al. [Mas 10] Security architectures based on access control, authentication and identity management, and security visualization. The results of the architectures are Logical separation of cloud service layers by virtualization presents in the same level of security as physical separation of computing environments. One time password provides a powerful authentication mechanism that precludes password leak. Dashboard and information-security services enable the users to visualize the efficiency and cost-effectiveness of information- security measures. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 19 20. LITERATURE REVIEW According to D.Kasi Viswanath et al. [Kas 12] Benefits of Cloud based E-Learning are: Lower costs Improved performance Instant software updates Improved document format compatibility Benefits for students Benefits for teachers. Cloud Computing challenges: Security Privacy Reliability Legal issues Open standard Compliance Freedom Long-term viability. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 20 21. LITERATURE REVIEW According to Paul Pocatilu [Pau 10] E-Learning systems usually require many hardware and software resources. There are many educational institutions that cannot afford such investments, and Cloud Computing is the best solution. E-learning systems can use benefit from Cloud Computing using: Infrastructure: use an e-learning solution on the provider's infrastructure Platform: use and develop an e-learning solution based on the provider's development interface Services: use the e-learning solution given by the provider. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 21 22. LITERATURE REVIEW According to A.P.Nirmala and Dr. R.Sridaran [Nir 12] A survey on Cloud Computing issues at design and implementation levels. At design level, architectural issues and platform related issues are discussed. At implementation level, business related issues and technical issues are discussed. The paper mainly focused on security and performance based issues in Cloud Computing. According to Danimir Mandic et al. [Dan] A preview of possible risks that Cloud Computing can bring to the area of E-Learning, with a preview of possible risk of intellectual property. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 22 23. LITERATURE REVIEW According to MD. Anwar Hossain Masud and Xiaodi Huang [Anw 12] Cloud based E-Learning Challenges: bandwidth security authentication management resource development role of teachers user data charging The proposed framework has an open structure, can interoperate with external content and social service (such as twitter, g-mail, YouTube, etc...) at the data level and it is subdivided into management subsystem and service subsystem. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 23 24. LITERATURE REVIEW According to Sanjeet Kumar Nayak et al. [San 12] A framework which provides mutual authentication and session key agreement in Cloud Computing environment. The scheme executes in three phases such as server initialization phase, registration phase, and authentication phase. The architecture satisfied the following security features: mutual authentication, session key agreement, password change, non-reply attack, identity management, and scalability. They assured that the proposed protocol can resist many popular attacks such as replay attack, password stolen attack, etc... 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 24 25. LITERATURE REVIEW According to Alok Kumar Vishwakarma and A. E. Narayanan [Alo 12] Introduced a service additionally with the basic Cloud services SaaS, PaaS, and IaaS which is called E-Learning as a Service (EaaS). Benefits of E-Learning: o Reduced cost of learning materials o Increased participation of academic institutes o Greater accessibility and better learning outcome o Flexibility Benefits of proposed scheme over existing methods: o cost reduction o smarter classroom o data portability o smart administration o innovation in research. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 25 26. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 26 27. SECURITY ISSUES AND SOLUTIONS IN CLOUD COMPUTING A SURVEY Threats in Cloud Computing Denial of Service (DoS) Distributed Denial of Service (DDoS) Side Channel Attack Authentication Attack Man-In-The-Middle (MITM) Attack SQL-Injection Attack Guest-Hopping Attack Packet Sniffing Country or Jurisdiction Multitenant Risks Malicious Insiders Vendor Lock-in Risk of the Cloud-based Provider Failing 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 27 28. SECURITY ISSUES AND SOLUTIONS IN CLOUD COMPUTING A SURVEY Security Concerns of Cloud Computing Residence of data Lack of Access Control Security of Data SLA Long-term Viability Data Breach Data Leakage Disaster Recovery 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 28 29. SECURITY ISSUES AND SOLUTIONS IN CLOUD COMPUTING A SURVEY Security Principles for Information Security in Cloud Key Protection Captcha Technique Keep the cloud secret 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 29 30. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 30 31. SECURE SESSION CONTROL IN EDU-CLOUD USING OTP Challenges of Cloud based E-Learning 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 31 Challenges Bandwidth Security Authentication Management Resource Development Role of Teachers User Data Payment 32. SECURE SESSION CONTROL IN EDU-CLOUD USING OTP Secure Edu-Cloud Architecture 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 32 EDU-CLOUD ACL A/C Balance Service Authentication (OTP) Student Teacher Others Cloud Service Provider 33. SECURE SESSION CONTROL IN EDU-CLOUD USING OTP Secure Session Control Mechanism 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 33 EDU-CLOUD (SJCEDU) Session 1 OTP Username (12MCS107) OTP Username (12MCS107) Access Denied Authorized User Hacker 34. SECURE SESSION CONTROL IN EDU-CLOUD USING OTP Implementation in ASP.NET 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 34 Online-Quiz Home Page 35. SECURE SESSION CONTROL IN EDU-CLOUD USING OTP Implementation in ASP.NET 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 35 Creating First Session 36. SECURE SESSION CONTROL IN EDU-CLOUD USING OTP Implementation in ASP.NET 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 36 OTP Generation 37. SECURE SESSION CONTROL IN EDU-CLOUD USING OTP Implementation in ASP.NET 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 37 Login with OTP 38. SECURE SESSION CONTROL IN EDU-CLOUD USING OTP Implementation in ASP.NET 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 38 Creating Second Session 39. SECURE SESSION CONTROL IN EDU-CLOUD USING OTP Implementation in ASP.NET 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 39 Denial of Session 40. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 40 41. CONCLUSION The dissertation satisfies the objective by providing a Secure Session Control in Edu- Cloud so that multiple sessions of the same user is forbidden. Future Enhancements In case, the session stopped unexpectedly due to some reasons except hacking such as power cut, device failure or users inconvenience, the current session will be expired. It would be appreciable if the session can be resumed with some authentication features. When conducting tests in educational clouds it is to be taken care of that a student has to attend the test only once. The authentication mechanism can be extended to biometric authentication or some advanced authentication methods. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 41 42. REFERENCES 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 42 [Akr 07] Akram Alkouz and Samir A. EI-Seoud, Web Services Based Authentication System for E-Learning, International Journal of Computing & Information Sciences, Volume5, No.2, August 2007. [Ale 05] Alex Koohang and Keith Harman, Open Source: A Metaphor for E-Learning, Informing Science Journal, Volume8, 2005. [Alo 12] Alok Kumar Vishwakarma, A. E. Narayanan, E-Iearning as a Service: A New Era for Academic Cloud Approach, 1st International Conference on Recent Advances in Information Technology (RAIT), 2012. [Anj 12] Anjali Jindia, Sonal Chawla, E-learning and Cloud Computing, IJAIR 2012, Department of Computer Science and Applications, Punjab University, India. [Anw 12] MD. Anwar Hossain Masud, Xiaodi Huang, A Novel Approach for Adopting Cloud-based E-learning System, 2012 IEEE/ACIS 11th International Conference on Computer and Information Science. [Chr] Christopher Mallow, Authentication Methods and Techniques. [Dan] Danimir Mandic, Vladimir Urosevic, Mihajlo Tijanic, E-learning and Security Problems in Cloud Computing Environment, Selected Topics in Education and Educational Technology, ISBN: 978-960-474-232-5, ISSN: 1792-5061. [Far 11] Farzad Sabahi, Cloud Computing Security Threats and Responses, 2011. Available at http://ieeexplore.ieee.org/xpl/articleDetails.jsp?&arnumber=6014715. [Fer 12] A.Fernandez, D.Peralta, F.Herrera, and J.M.Benitez, An Overview of E-Learning in Cloud Computing, Springer-Verlag Berlin Heidelberg 2012. [Gun 11] Gunasekar Kumar, Anirudh Chelikani, Analysis of security issues in cloud based E-Learning, 2011. 43. REFERENCES 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 43 [Haf] Hafiz Zahid Ullah Khan, Comparative Study of Authentication Techniques, International Journal of Video & Image Processing and Network Security, Volume10, No.04. [Ham 13] S.Hameetha Begum, T.Sheeba, and S.N.Nisha Rani, Security in Cloud based E-learning, International Journal of Advanced Research in Computer Science and Software Engineering, Volume3, Issue 1, January 2013, ISSN:2277 128X. [Kas 12] D.Kasi Viswanath, S.Kusuma, and Saroj Kumar Gupta, Cloud Computing Issues and Benefits Modern Education, Global Journal of Computer Science and Technology, Cloud & Distributed, Volume12, Issue 10, Version 1.0, July 2012, Double Blind Peer Reviewed International Research Journal, Global Journals Inc. (USA). [Kaw 12] Kawser Wazed Nafi, Tonny Shekha Kar, Sayed Anisul Hoque, Dr. M. M. A Hashem, A Newer User Authentication, File encryption and Distributed Server Based Cloud Computing security architecture, International Journal of Advanced Computer Science and Applications, Volume 3, No. 10, 2012. [Man 12] Maninder Singh and Sarbjeet Singh, Design and Implementation of Multi-tier Authentication Scheme in Cloud, IJCSI International Journal of Computer Science Issues, Volume9, Issue 5, No.2, September 2012. [Mar 07] Maria Nickolova, Eugene Nickolov, Threat Model for User Security in E-Learning Systems, International Journal "Information Technologies and Knowledge", Volume1, 2007. [Mas 10] Masayuki Okuhara, Tetsuo Shiozaki, Takuya Suzuki, Security Architectures for Cloud Computing, FUJITSU Sci. Tech. J., Volume46, No.4, October 2010. [Nir 12] A.P.Nirmala and Dr. R.Sridaran, Cloud Computing Issues at Design and Implementation Levels A Survey, Volume03, Issue 06, Pages: 1444-1449 (2012), Int. J. Advanced Networking and Applications. [Nun 13] Nungki Selviandro, Zainal Arifin Hasibuan Cloud-Based E-Learning: A Proposed Model and Benefits by Using E-Learning Based on Cloud Computing for Educational Institution, International Federation for Information Processing (IFIP), 2013. 44. REFERENCES 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 44 [Pan 10] Pance Ribarski, Ljupcho Antovski, Implementing Strong Authentication with OTP: Integrated System, ICT Innovations 2010 Web Proceedings ISSN 1857-7288. [Pan 12] Pankaj Arora, Rubal Chaudhry Wadhawn, Er. Satinder Pal Ahuja, Cloud Computing Security Issues in Infrastructure as a Service, Volume 2, Issue 1, January 2012, ISSN 128X, International Journal of Advanced Research in Computer Science and Software Engineering. [Pau 10] Paul Pocatilu, Cloud Computing Benefits for E-learning Solutions, Oeconomics of Knowledge, Volume2, Issue 1, 1Q 2010. [Roh 11] Rohit Bhadauria, Rituparna Chaki, Nabendu Chaki, Suganta Sanyal, A Survey on Security Issues in Cloud Computing, 2011. [SAN 01] An Overview of Different Authentication Methods and Protocols, SANS Institute InfoSec Reading Room, 2001. [San 12] Sanjeet Kumar Nayak, Subasish Mohapatra, Banshidhar Majhi, An Improved Mutual Authentication Framework for Cloud Computing, International Journal of Computer Applications (0975 8887) Volume 52 No.5, August 2012. [Sha 10] Shahid Al Noor, Golam Mustafa, Shaiful Alam Chowdry, Md. Zakir Hossain, Fariha Tasmin Jaigirdar, A Proposed Architecture of Cloud Computing for Education System in Bangladesh and the Impact on Current Education System, International Journal of Computer Science and Network Security, Volume 10, No.10, October 2010. [Sun 10] Sunil Sanka, Chittaranjan Hota, Muttukrishnan Rajarajan, Secure Data Access in Cloud Computing, Internet Multimedia Services Architecture and Application (IMSAA), IEEE 4th International Conference, 2010. 45. REFERENCES 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 45 [Sur 12] K.S.Suresh, and Prof.K.V.Prasad, Security Issues and Security Algorithms in Cloud Computing, IJARCSSE, Volume2, Issue 10, October 2012. [Vis 13] Vishal Paranjape, Vimmi Pandey, An Improved Authentication Technique with OTP in Cloud Computing, International Journal of Scientific Research in Computer Science and Engineering Research Paper Volume 1, Issue-3 E- ISSN: 2320-7639. [You] Young Sil Lee, HyoTaek Lirn, HoonJae Lee, A Study on Efficient OTP Generation using Stream Cipher with Random Digit, Division of Computer and Information Engineering, Dongseo University. Reference Book Kris, Cloud Computing, Jones & Bartlett Learning, 2011. 46. PUBLICATIONS Presented a Paper on Security Issues and Solutions in Cloud Computing A Survey at a National Conference NCAC 2013 at Jamal Mohamed College. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 46 47. 18/9/2013 SECURE SESSION CONTROL IN EDU-CLOUD USING OTP 47