An approach to cloud user access control using behavioral biometric-based authentication and continuous monitoring

Cloud computing, enabling remote access to services and resources, poses a critical challenge in user authentication and access control, as users can access resources from anywhere with an internet connection. Traditional authentication methods, such as passwords and tokens, are vulnerable to attacks like brute-force, phishing, and man-in-the-middle (MITM). Researchers are exploring biometric authentication methods, but security and privacy concerns arise due to cloud environment control and potential data breaches or theft. To address these concerns, a comprehensive multifactor authentication (MFA) framework was proposed with an authorization scheme to enhance data security in a cloud environment. The proposed methodology comprises three phases: user registration, login, and continuous authentication. During the registration phase, users provide significant data, resulting in the assignment of a unique 6-digit personal identification number (PIN) upon successful registration. In the login process, authentication is achieved using a combination of static (primary user credentials), dynamic (color-based physical action verification), and possession factors (one-time password). Additionally, a trust score is calculated based on the evaluation of inherence factors (IFs), including user and typing behavior, to assign access control. The continuous authentication phase involves the use of a secure PIN for critical operations, evaluation of risk values, and reauthentication requests when necessary. The proposed model demonstrated superior performance, achieving 99.4% robustness, 99.7% accuracy, and a 0.3% error rate on a closed dataset, and 99.8% robustness, 99.8% accuracy, and a 0.2% error rate on an open dataset. The model's effectiveness was further demonstrated by its ability to prevent unauthorized access and mitigate security risks through the use of behavioral biometrics and access control strategies. The proposed MFA effectively addressed security concerns in cloud systems. It offered valuable benefits to cloud service providers and end users by enhancing data security and mitigating potential threats.