Information Technology Reference
In-Depth Information
2 Theoretical Background and Related Work
This section sets forth the paper's theoretical fundamentals as well as related
work in the field of cloud-based authentication services.
2.1 Cloud Computing
Accordingtothe
National Institute of Standards and Technology
(NIST),
Cloud
Computing
is defined as a “model for enabling convenient on-demand network
access to a shared pool of configurable computing resources [...] that can be
rapidly provisioned and released with minimal management effort or service
provider interaction” [15]. Cloud services refer to resources at the infrastructure,
platform or application layer and provide specific advantageous characteristics
such as multi-tenancy, easy standardized access through thin clients, scalability
of the underlying infrastructure, and automated self-service provisioning [11,
14, 15]. Hence, the most frequently mentioned obstacles are concerns regarding
security and compliance, but also issues related to the ease of integration with
existing systems and possible lock-in effects [11, 14].
2.2 Authentication
Users can generally be authenticated using knowledge-based, token-based or bio-
metric methods [12]. Most systems implement basic PIN- or password-based
mechanisms (knowledge) [4]. However, because of several inherent drawbacks,
the strength of authentication of knowledge-based mechanisms is considered to
be insucient for many applications [5, 18]. A possible way to increase this
strength is to replace or to supplement existing controls with token-based proce-
dures (e.g. one-time password (OTP) generators) or biometric methods (e.g. face
recognition, keystroke dynamics) [4, 8, 12]. The combination of different kinds
of authentication methods is referred to as
multi-factor authentication
[4, 12].
2.3 Authentication as a Service
The application of security services according to the
Cloud Computing
model is
referred to as
Security as a Service
, SECaaS) and, accordingly, promises addi-
tional specific benefits compared to on-premises solutions or traditional security
service outsourcing [1, 9, 17]. A study conducted by the author in 2011
1
discov-
ered that statistically, there are three drivers for the adoption of SECaaS:
- Perceived Ease of Adoption:
Degree to which the adopter believes that
the SECaaS adoption is effortless, both technically and organizationally
speaking;
1
Survey was conducted in 2011 in cooperation with the
German Federal Association
for Information Technology, Telecommunications and New Media
(BITKOM e.V.,
