Authentication and authorization in cloud computing using kerberos

Abstract

The emergence of cloud computing paradigm offers attractive and innovative computing services. Cloud providers deliver various types of computing services to customers according to a pay-per-use economic model. However, this technology introduces a new concern for enterprises and businesses regarding their privacy and security. Security as a Service is a new cloud service model for the security enhancement of a cloud environment. This is a way of centralizing security solutions under the control of professional security specialists. Authentication and authorization services are parts of cloud security services. This study focused on Authentication and authorization solutions for cloud environments. More specifically, architecture of a cloud security system is designed and proposed for providing two identity services for cloud-based systems: authentication and authorization. The main contribution of this study is to implement these services using Kerberos protocol, which will enable cloud-based application service providers to manage their users in an open, flexible, interoperable and secure environment. The methods of the proposed services are necessary for managing and providing those identity services. The implementation and specification of each service is described and explained, a prototype system of an authentication and authorization services are implemented and tested. The implementation is done using Web Service technology; it is shown that both services are at least computationally secure against potential security risks associated with different types of attacks. The security of Kerberos protocol that has been implemented for authentication ensures a secure and reliable environment for cloud-based application services, which is very easy to deploy and exploit on cloud-based platforms.