Accessing Cloud through API in a More Secure and Usable Way
A common method for accessing and managing cloud computing resources is through an Application Programming Interface (API). Each API request from an application must include a client authentication to the cloud service, which proves the possession of a secret key. Securing such keys is critical to the confidentiality, integrity, and availability of the data and services hosted in the cloud. Currently users manually handle these keys; a process that is neither secure nor user-friendly. Where to store the keys and how to access them are still security challenges especially for those applications that reside in the cloud themselves. Furthermore, keys are in clear text at least in a computers memory. Attackers can find ways to recover them. This paper presents a solution to these problems by using portable security devices. The device securely exchanges keys with the cloud serve, securely stores the keys, and performs cryptographic computations using these keys for the client authentication. The user must have the device and authenticate to it in order use it. The solution enables a two-factor hierarchical security protection of the cloud computing resources. It not only enhances the security but also improves the usability.
HongQian Karen Lu
Gemalto, Inc. Austin, Texas, U.S.A.
国际会议
13th International Conference on Enterprise Information System(第13届企业信息系统国际会议 ICEIS 2011)
北京
英文
1428-1441
2011-06-08(万方平台首次上网日期,不代表论文的发表时间)