A proof of concept implementation of a mobile based authentication scheme without password table for cloud environment

Cloud computing is a fast growing technology offering a wide range of software and infrastructure services on a pay-per-use basis. Many small and medium businesses (SMB´s) have adopted this utility based Computing Model as it contributes to reduced operational and capital expenditure. Though the resource sharing feature adopted by Cloud service providers (CSP´s) enables the organizations to invest less on infrastructure, it also raises concerns about the security of data stored at CSP´s premises. The fact that data is prone to get accessed by the insiders or by other customers sharing the storage space is a matter of concern. Regulating access to protected resources requires reliable and secure authentication mechanism, which assures that only authorized users are provided access to the services and resources offered by CSP. This paper proposes a strong two-factor authentication mechanism using password and mobile token. The proposed model provides Single Sign-on (SSO) functionality and does not require a password table. Besides introducing the authentication scheme, the proof of concept implementation is also provided.