OTP as a Service in the Cloud Allows for Authentication of Multiple Services

No Thumbnail Available
Date
Journal Title
Journal ISSN
Volume Title
Publisher
Research Parks Publishing LLC
Abstract
Description
Users no longer trust traditional password-based authentication methods since so many online services now interact with one another. Credentials obtained online are often used to reclaim additional credentials, and sophisticated assaults often target the weakest of a large number of available credentials. One-time passwords and a two-factor authentication mechanism appear to be a natural improvement over traditional username/password schemes, thus researchers are looking into them. The OTP verifier is deployed to the cloud in this manuscript to facilitate its use by cloud service providers. OTP providers can outsource their OTP deployments to the cloud and cloud customers can activate their accounts on the OTP provider across many cloud services when the OTP verifier is hosted in the cloud as a service. This lets them take advantage of multiple cloud services without having to juggle multiple OTP accounts. Alternatively, OTP service provision prevents novice SMEs from overspending on OTP provisioning hardware, software, and staff. This paper presents the architecture necessary to create a trustworthy OTP provider in the cloud, one that respects users' right to privacy. The OTP provider registration, activation, and authentication processes for cloud users are examined. We define and evaluate the privacy and security implications of the suggested architecture. With these assumptions in place, attacks from unknown sources, user profiles with unlinkable features, inquisitive service providers, and OTP verifiers are all thwarted. The analysis ensures the reliability and validity of the proposed solution, which places the OTP supplier in the cloud.
Keywords
OTP, Cloud, Authentication, Multiple Services, Hardware, Software, Modern Security Measures
Citation