I have proposed a an authentication approach using three factors such as User id/pwd as first factor, OTP as second factor and Bio metric characteristics as third factor to get access the cloud resource and applications. but i am not understood that how to simulate it?
kindly help me......
I will publish a paper in January 2017 at https://dx.doi.org/10.1145/3007748.3007754 that exactly answers your question. Please have patience and follow my profile!
BTW: OTP does not necessary represent the "What you have" factor in the authn sheme unless you have a separate binding with the device. Typically OTP message can be read by using any device. In this case I assume that you have a two factor authn scheme where you just extend the "What you know" factor with OTP mechanism for some unknown reason.
Hi,
You can use the MATLAB 2016 online version to implement Cloud simulation where you can implement and simulate your model in a real time environment. Moreover, it is a kind of framework where you can set your code files in middle-ware from where you can publish and subscribe your model settings.
Thanks
User authentication is a combination of two processes - first, identification (of a user real or fictitious name at the authentication server) and second, verification (of entered by the user credential(s) at the authentication server connected to the user credentials database).
User name (or user id) is not considered to be a shared secret. User names are not encrypted either on communication lines or at the server / database to enable the identification process to happen.
OTP as an out-of-band (what user has) authentication factor is more inconvenient for a user and expensive to implement and utilize by the user and the cloud service as compared to password (what user knows) authentication factor. Also, recent studies show that OTP is not as secure as it was expected.
Biometric authentication factor technology (what user is) is even more doubtful case for a cloud service for several reasons: integration and utilization cost, remote credential setup and especially credential reset . If stolen, the same biometric credential cannot be reinstated again. Also, the value of false negative and false positive errors may not fit the accuracy of authentication errors required, especially for financial services. Clouds do not want these responsibilities, additional expense and headache.
I think you should look closer at the pitfalls I just briefly outlined, before devoting much time to this idea. Multi-factor user authentication is widely studied and explored by the industries for more than a decade, and it is still a hotly debatable subject. Learn more before jumping into it.
You would be able to simulate it using 'Scyther' which is a automated security claim verification tool. Use the web link to know about it further..
https://www.cs.ox.ac.uk/people/cas.cremers/scyther/
- Badges
- Science method