International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395 -0056 Volume: 04 Issue: 06 | June -2017 www.irjet.net p-ISSN: 2395-0072 © 2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal | Page 2066 Cloud Service Security using Two-factor or Multi factor Authentication Jubin Luckose 1 , Sameer Chindarkar 2 , Dhanamma Jagli 3 1,2 Final year student MCA, V. E. S. Institute of Technology, University of Mumbai, India. 3 Assistant Professor, V. E. S. Institute of Technology, University of Mumbai, India. -------------------------------------------------------------------------***---------------------------------------------------------------------- Abstract - Due to the recent security infringement incidents of single factor authentication services, there is an inclination towards the use of multi-factor authentication (MFA) mechanisms. These MFA mechanisms should be available to use on modern hand-held computing devices like smart phones due to their big share in computational devices market. Moreover, the high social acceptability and ubiquitous nature has attracted the enterprises to offer their services on modern day hand-held devices. In this regard, the big challenge for these enterprises is to ensure security and privacy of users. To address this issue, we have implemented a verification system that combines human inherence factor (handwritten signature biometrics) with the standard knowledge factor (user specific passwords) to achieve a high level of security. The major computational load of the aforementioned task is shifted on a cloud based application server so that a platform-independent user verification service with ubiquitous access becomes possible. Custom applications are built for both the iOS and Android based devices which are linked with the cloud based two factor authentication (TFA) server. The system is tested on- the-run by a diverse group of users and 98.4% signature verification accuracy is achieved. Key Words: Cloud Security, Two-Factor Authentication, Multi-factor Authentication, Security, Authentication Process, Cloud Service. I. INTRODUCTION With the increasing trend towards ubiquitous computing and Internet technology, remote access to services and private networks is becoming a peculiar feature of today businesses. These advances in technology have facilitated both the enterprises and their targeted user-groups or clients. In a recent report by Gartner, it is estimated that the user authentication services used by enterprises will rise from less than 10% as of today, to more than 50% by 2017. However, the associated security challenges related to user authenticity and safety of private data have opened new avenues for malevolent activities. The emerging requirement is to provide better security solutions that could efficiently cater-for the possible risks and loopholes endangering security of Smartphone users. Using static passwords for user authentication is a risky venture. This is evident from the recent incidents of security infringement faced by major corporations. Around 6.5 million unsalted SHA1 hashed LinkedIn passwords were leaked in June 2012. A data breach in an FTP server owned by the IEEE resulted in leak of 0.1 million plaintext passwords in September 2012. Drop box confirmed that it got hacked in July 2012 and therefore offered two-factor authentication from October 2012. Twitter, Skype, New York Times and Wall Street Journal suffered security breaches during the last one year. Adobe said it was investigating how 150 million customer records were stolen during October 2013. Therefore, the recent trend is to shift towards TFA, which is more robust to security breaches and identity thefts. US Federal Financial Institutions Examination Council (FFIEC) recommends the banks to use TFA, in order to monitor monetary transactions. The user credentials presented for remote validation for TFA schemes take a number of forms such as one time issued pass-codes, biometric traits, Key Fob hardware authenticators and digital certificates. In this work, we propose to use dynamic handwritten signatures in a TFA framework that runs on interactive hand-held devices. Human biometrics can be defined as the automatic methods of recognizing different humans based on measurable anatomical, physiological and behavioral characteristics. Physiological biometrics are derived using invasive methods that are based on some physical parameters coming directly from human body. Non- invasive biometric traits that are characteristic of the concerned person are termed as Behavioral biometrics. We prefer to use behavioral biometrics (i.e., handwritten signatures) in the current work because of their high acceptability due to less cumbersomeness and ease in data collection. We argue those behavioral biometrics are more suitable to use in TFA systems because unlike the Key Fob tokens, user does not have to carry the issued identity all the times. Moreover, risk of identity loss/theft is negligible and these are difficult to replicate. Among all the biometric measures, handwritten signature is an old, tested and most commonly used person authentication metric. Recent advances in sensing technologies and efficient touchable interfaces present in modern hand held devices have also made it an easily deploy-able authentication metric. Mobile devices are easily available to use and thus any authentication framework using biometric data collectible through these devices is of paramount importance. In contrast to traditional scanners and dedicated electronic devices for