Add to collection(s) Add to saved
  1. Engineering & Technology
Uploaded by Information Iaeme

USABLE AUTHENTICATION FOR CLOUD BASED MOBILE LEARNING IN ENGINEERING EDUCATION

advertisement 
International Journal of Civil Engineering and Technology (IJCIET)
Volume 10, Issue 04, April 2019, pp. 209-218. Article ID: IJCIET_10_04_253
Available online at http://www.iaeme.com/ijciet/issues.asp?JType=IJCIET&VType=10&IType=04
ISSN Print: 0976-6308 and ISSN Online: 0976-6316
© IAEME Publication
Scopus Indexed
USABLE AUTHENTICATION FOR CLOUD
BASED MOBILE LEARNING IN ENGINEERING
EDUCATION
Ramananda Mallya K
Research & Development Centre, Bharathiar University, Coimbatore, Tamilnadu.
IS&E Department, MITE, Moodbidri, Karnataka, India.
Dr. B Srinivasan
Department of Computer Science, Gobi Arts & Science College,
Gobichettipalayam, Tamilnadu, India
ABSTRACT
It has been established that Cloud based Mobile Learning has provided creative
opportunities for both teachers and students, as it creates an active learning
atmosphere anywhere and anytime. This informal type of learning is supportive in
improving the learning competencies of engineering students. Data security has been
identified as a major issue of apprehension in the successful implementation of cloud
based mobile learning. One of the major security issues encountered in the mobile
cloud based learning is the authentication of the legitimate user who wants to get
connected to the cloud. Considering the mobile environment, a suitable authentication
method has to be invented which provides security without dropping the user
convenience of the smart phone users. This article proposes a usable touch stroke
interval based authentication method using the game theory approach for the mobile
cloud. The proposed authentication method forms a kind of two stroke authentication
comprising of username password and touch stroke interval. It was found that the
proposed method provides a fairly secure user authentication, yet balancing the
usability of smart phone user.
Keywords: mobile cloud computing, mobile learning, user authentication, engineering,
education
Cite this Article: Ramananda Mallya K and Dr. B Srinivasan, Usable Authentication
for Cloud Based Mobile Learning in Engineering Education, International Journal of
Civil Engineering and Technology, 10(4), 2019, pp. 209-218.
http://www.iaeme.com/IJCIET/issues.asp?JType=IJCIET&VType=10&IType=04
http://www.iaeme.com/IJCIET/index.asp
209
editor@iaeme.com
Ramananda Mallya K and Dr. B Srinivasan
1. INTRODUCTION
The handiness and ease of use technology provided by today’s Smart phones has opened up a
wide range of uses and applications in the modern society. Among the major technologies
involving the modern Smart phones, the most sought technology is mobile cloud computing
[1].
Mobile cloud computing is the sizzling research topic in industries and among the
researchers, which has many advantages like convenience and easy access [2]. This technology
has changed the internet field into a distinct and vast computing field, having a intense
prospering future. The uses of this interesting technology have roofed almost every region
including education, electronic mail, healthcare sector and Information technology [3].
Considering the educational setting, the organization data resides in the mobile cloud and
the students can access the data by getting connected to the cloud by using their mobile phones.
This concept of learning provides ease of access and convenience as the student can use the
education contents from anywhere and anytime [4].
Cloud based mobile learning can be effectively used to teach and learn engineering subjects
outside the classroom. The authors of [5] conducted a study to explore the effect of mobile
cloud computing technology on learning competencies of engineering students. The results
showed that use of cloud based mobile learning in learning an engineering subject is productive
and does has an positive impact on learning competencies of students which will result in
improved attainment of course outcomes.
At the same time, mobile cloud computing has many drawbacks; security is being the major
concern among them. The fact that, any Smart phone can access the organization data opens
up a major security threat [6]. To deal with this situation the organization has to critically think
about the data and information security issues.
Thus, it becomes essential for the educationists and researchers to look into different data
and information security mechanisms. An important security mechanism to deal with
information security is authentication of the valid user to gain access in to the system.
The authentication of the user who is willing to access the data in the cloud is one of the
main security measures that have to be addressed. To make sure that only a legitimate user can
access the content in the cloud, a secure and strong authentication mechanism has to be
developed [7].
However, one has to keep in mind that the developed authentication mechanism should be
usable since the user will be using smart phone and hence the authentication method should
not consume more time which makes inconvenience to the user. The user convenience has to
be given at most importance when designing an authentication mechanism to be implemented
in a mobile phone. Hence, the time taken for user authentication is an important criterion for
evaluating the authentication method used in a smart phone.
This article starts with discussion about mobile cloud computing with its associated benefits
and challenges. The next section discusses various security issues concerned in the mobile
cloud. It also explores the user authentication and a variety of authentication methods proposed
for the mobile cloud implementation. Then we propose a new authentication method based on
the concepts of touch stroke time and game theory for the mobile cloud and validate the new
method.
http://www.iaeme.com/IJCIET/index.asp
210
editor@iaeme.com
Usable Authentication for Cloud Based Mobile Learning in Engineering Education
2. BACKGROUND
2.1. Mobile cloud computing
Nowadays, smart phones are emerging at quick period which are outfitted with a vast number
of features and applications. They have the capability of moving anywhere and accessing the
data any time. With the facility to access the web any time, the smart phones can be linked to
cloud emerging in a new computing model called mobile cloud computing.
The mobile cloud computing Forum defines mobile cloud as follows [8]: ‘Mobile cloud
computing is an infrastructure in which both the data processing and data storage are performed
outside the mobile equipment. It moves the computing and data storage away from mobile
phones and into the cloud, bringing applications to not just Smartphone users but a much
broader range of mobile subscribers’.
The mobile cloud computing technology has become popular and is being extensively used
by the users all over the world. Today mobile cloud is being used in a range of applications as
discussed in [9]. Common applications of mobile cloud include:
• Email: One of the mainly used and popular applications of mobile cloud is Email on
the mobile. Users can check their mails using their smart phones, which is a classic
example of mobile cloud application.
• Mobile Commerce: Mobile Commerce (M-Commerce) is the method of performing
business using mobile devices. M-Commerce applications include Shopping using the
smart phones, online payments made using mobiles.
• Mobile Healthcare: Mobile Healthcare (M-Health) is the method of using mobile
devices in the healthcare division. Accessing patient health records quickly and easily
is a significant example of M-Health.
• Mobile Gaming: Mobile Gaming is the idea of playing online games using the mobile
devices. When mobile cloud is used, all the computations are performed in the cloud,
thus allowing the users to play advanced games on their smart phones.
• Mobile Learning: Mobile Learning (M-Learning) is the theory of learning anywhere,
anything using the mobile devices. The use of mobile cloud for M-Learning provides
advanced learning facility for the learners since all data processing and storage are done
in the cloud outside the smart phone.
Eventually, we also need to look into different issues and challenges faced by the mobile
cloud computing technology which is still a developing trend. As any other new field, mobile
cloud computing also has numerous issues and challenges. Mobile cloud is the bond between
two different technologies namely cloud computing and mobile computing. Among the two,
the cloud has highest computing facilities whereas the mobile computing ability is limited.
Thus, a number of issues are to be resolved concerning mobile cloud [10].
These issues are linked to the mobile user who uses the services offered by the cloud. We
know that mobile devices are open to the elements of diverse types of security vulnerabilities
and risks, since the mobile device is attached to internet. The association to the cloud also
exposes the mobile device into many security and privacy issues [11].
2.2. Mobile learning in the cloud
Mobile learning was on the rise in the previous decade and research was on to enhance its
performance [12]. Basically, mobile learning implementation demands huge investments and
resources. Hence to popularize the mobile learning concept, some alternative was required to
http://www.iaeme.com/IJCIET/index.asp
211
editor@iaeme.com
Ramananda Mallya K and Dr. B Srinivasan
be invented in order to reduce the investments [13]. The mobile cloud computing is proved to
be the best fit technology for the same.
In mobile cloud computing, storage and hardware resources are available outside the
mobile device and in the cloud. Thus, mobile cloud-based M-learning overcomes device
resource and storage limitations. Also, mobile cloud drastically reduces the investments to be
made by the organizations to implement M-learning.
In [14], the author has coined the idea of introducing cloud computing in the education
sector and presented the possible benefits and disadvantages. An E-learning architecture rooted
in cloud computing was developed by the authors of [15]. Based on a new architecture Elearning system was effectively implemented using the cloud and performance of the proposed
system was evaluated.
Over the time, based on the success of E-learning and cloud computing combinations, the
idea of combing M-learning and mobile cloud has evolved. In [16], the authors have
constructed the architecture of M-learning system using cloud. The analysis of such an MLearning system has also been done. At the same time, there is a number of security and privacy
issues exist in the implementation of mobile learning [17]. Hence, there is a strong need to
address these issues and propose a better solution.
2.3. User authentication in the mobile cloud
Modern organizations and individual users have started to acquire full advantage of large
storage facility provided by the mobile cloud by storing their data and personal information in
the cloud. However, some security issues occur when the user’s data resides in the cloud. For
providing better security, the mobile cloud should be equipped with proper as well as strong
authentication mechanism to ensure that illegal user does not get entry into the system.
Different authors have proposed different authentication mechanisms for the mobile cloud
computing which are discussed below.
In [18], the authors have proposed an authentication method based on Quick Response
Code (QR Code). In this scheme, user will enter user id and password. Along with that the
image of user is captured by the mobile device. Then all the three; user id, password and image
will be transformed into a QR Code. Based on the QR code authentication is performed. The
method provided good authentication as it uses the image of the valid user. However, it resulted
in added computation burden on the mobile device to capture the image and then send it to the
server.
Authentication in the mobile cloud based on the concept of Message Digest was proposed
by the authors of [19]. In this method, an encrypted hashed message was used during
authentication of the user. The method was complex in processing since it requires both
encryption and hashing.
In [20], the authors have proposed an authentication mechanism based on one-time
password. In this scheme, the user provides the user id and password to the cloud server and
the server generates a one-time password for user authentication. The scheme resulted in slow
authentication as the user needs to wait for the one-time password.
In [21], the author has introduced a lightweight authentication scheme for the mobile cloud
using the aid of mobile network. The method used a local authentication inside the mobile
network using user id and password. This method had used the user mobile network as the third
party for authentication. This idea was simple, however may not be practical in most cases.
The authors of [22] have proposed an authentication method for the mobile cloud using
touch stroke. Along with the user id and password, the system will calculate the time taken to
http://www.iaeme.com/IJCIET/index.asp
212
editor@iaeme.com
Usable Authentication for Cloud Based Mobile Learning in Engineering Education
enter the credentials to the cloud server. The cloud server will authenticate the user after
verifying the user credentials along with the touch stroke time. The performance of this method
was good; however, it was too simple and hence lacked security.
3. METHODOLOGY
From the literature, it was found that numerous authentication methods have been proposed for
mobile cloud. However, these methods were found to be complex in nature considering smart
phone user convenience. When user authentication has to be done for the smart phone, user
convenience has to be given at most importance. Thus, it becomes necessary to find a simple
authentication method that considers both security and user convenience in mind.
We have included the concept of touch stroke interval in the authentication process. It is a
behavior-based authentication mechanism in which the touch speed of the user is used during
authentication.
The user needs to install a learning application on their mobiles and register with a
username and password. During registration time, the value of the game derived from touch
stroke intervals pertaining to username and password will also get stored in the server. The
Figure 1 shows the cloud based mobile learning application, MobiLearn.
Figure 1 The MobiLearn mobile learning application
The proposed cloud based mobile learning system includes two subsystems; one is the
cloud server which is used to hold the files uploaded by the teachers and the other one is the
mobile client. The mobile client will connect to the cloud server if it needs to access the learning
materials. The server will authenticate the user and only genuine user is allowed to access the
materials.
During Authentication time, when user enters his username and password the touch stroke
durations between each character are calculated and sent to the server. The Game theory is used
to calculate the value of the game and authentication is approved only if both password and
game value are matched.
http://www.iaeme.com/IJCIET/index.asp
213
editor@iaeme.com
Ramananda Mallya K and Dr. B Srinivasan
The calculation of Game value from the touch stroke interval is carried out using the
following procedure. Assume that the password used by an authorized user is rAmAnA30#.
When the user types this password the time interval between successive key presses are
computed. Starting at time 0, time taken to press r is 0.3 seconds; time taken to press next
character A is 0.7 seconds and so on. Table 1 shows the time interval for the above password.
Table 1 Key press time interval for the given password by authorized user
Key
Time
r
0.3
A
0.7
m
0.3
A
0.7
n
0.3
A
0.7
3
0.6
0
0.3
#
0.3
The computed key press time intervals are then represented in the form of a Game theory
matrix as shown in Figure 2.
0.3
0.7
0.6
0.7
0.3
0.3
0.3
0.7
0.3
Figure 2 Game theory matrix for the authorized user.
From the Game matrix, the value of the game is calculated using the following procedure.
The 3x3 matrix is reduced into a 2x2 matrix by using the method of dominance. The resulting
matrix is shown in Figure 3.
0.3
0.7
0.7
0.3
Figure 3 Reduced matrix for the authorized user.
Using Analytical method, the value of Game for the above matrix is calculated and value
of the game is 5.
The proposed method provides a form of two stroke authentication, as it verifies both
password and the value of the game. The method successfully overcomes the shoulder surfing
attack. Even if an unauthorized user obtains the smart phone and password of the user he cannot
login in to the system since the typing speed of that user will be different. For example consider
the scenario of unauthorized user trying to login to the system using the stolen smart phone and
password.
When the unauthorized user types this password the time interval between successive key
presses are computed. Starting at time 0, time taken to press r is 0.2 seconds; time taken to
press next character A is 0.6 seconds and so on. Table 2 shows the time interval for the above
password.
Table 2 Key press time interval for the given password by unauthorized user
Key
Time
r
0.2
A
0.6
m
0.3
A
0.6
n
0.2
A
0.6
3
0.5
0
0.2
#
0.2
The computed key press time intervals are then represented in the form of a Game theory
matrix as shown in Figure 4.
0.2
0.6
0.5
0.6
0.2
0.2
0.3
0.6
0.2
Figure 4 Game theory matrix for the unauthorized user.
http://www.iaeme.com/IJCIET/index.asp
214
editor@iaeme.com
Usable Authentication for Cloud Based Mobile Learning in Engineering Education
The 3x3 matrix is reduced into a 2x2 matrix by using the method of dominance. The
resulting matrix is shown in Figure 5.
0.2
0.6
0.6
0.2
Figure 5 Reduced matrix for the unauthorized user.
Using Analytical method, the value of Game for the above matrix is calculated and value
of the game is 4. Thus, even if the two users entered the same password, their typing speed
varies and hence the access is denied to the unauthorized user whose value of the game is
different from the authorized user.
The system will authenticate the user only if user name, password and value of the game
all three factors match with the authorized user. Hence, the proposed method successfully
protects the system from unauthorized access even in the extreme cases of smart phone and
password stealing.
4. DISCUSSION
Two versions of MobiLearn apps were tested in order to evaluate the performance of the
authentication methods. One version used the plain password authentication which includes
username and password verification. Another version used the touch stroke interval
authentication method, which includes username, password and value of the game derived from
the touch stroke interval time.
Both versions of the application were installed on the same android smart phone and tested
for diverse username and passwords. Two types of passwords were tested. Simple password
comprised of only alphabets and complex passwords comprised of alphabets, numbers and
special characters.
A total of 60 username and passwords placed at different levels of complexities were tested
on the two versions of the application and the time involved in the authentication of the user
using each version of the application were measured. The results were drawn on the graphs for
validation purpose.
When plain username and passwords were used by the users, the average time taken for
authentication was found to be 11 seconds and 16 seconds for the touch stroke interval method.
This is illustrated in Figure 6.
Figure 6 Comparison of two methods using simple passwords
http://www.iaeme.com/IJCIET/index.asp
215
editor@iaeme.com
Ramananda Mallya K and Dr. B Srinivasan
When complicated passwords were used by the users, the average the average time taken
for authentication was found to be 18 seconds and 24 seconds for the touch stroke interval
method. This is illustrated in Figure 7.
Figure 7 Comparison of two methods using complex passwords
From the test consequences it is clear that the use of the improved authentication method
called touch stroke interval authentication does not have much effect on the total time essential
for authenticating the user. The total time dissimilarity between the two methods is very
insignificant and minor.
At the same time, the touch stroke interval authentication methods validate both password
and touch stroke interval and provides a form of two-phase authentication which provides
superior security. Thus, it is apparent that the proposed method provides added security devoid
of compromising on user convenience.
5. CONCLUSION
Mobile cloud computing happens to be the latest trend in the engineering educational field,
which is still on the rise. Undeniably, this technology will experience abundant changes in the
near future, in terms of security methods, best policies and standards. Implementation of mobile
learning by means of the mobile cloud is also a reasonably new innovation in the engineering
education sector, which undeniably has a number of returns compared to the conventional
learning process. At the same time, learning using the mobile cloud has to bear a number of
issues primarily related to security of user data that has to be primarily addressed. There
happens to be lot of scope in innovative research in this area where a number of security
procedures and algorithms can be invented so that a competent mobile learning system can be
developed using the mobile cloud. We have proposed a system that will provide safe
authentication of the users to improve security of user data in the cloud. Maintaining the
convenience of the smart phone user, it is necessary to build a smarter authentication method
that combines convenience of the user and improved security. We have proposed a fairly
effortless authentication method which is practically secure enough establishing a balancing
act between data security and handiness of the smart phone user in the mobile cloud
environment.
http://www.iaeme.com/IJCIET/index.asp
216
editor@iaeme.com
Usable Authentication for Cloud Based Mobile Learning in Engineering Education
REFERENCES
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
[17]
[18]
Hoang, T. D., Chonho, L., Dusit, N. and Ping, W. A Survey of Mobile Cloud Computing:
Architecture, Applications, and Approaches. Wireless Communications and Mobile
Computing, 13(18), 2013, pp. 1587-1611. doi: https://doi.org/10.1002/wcm.1203
Fernando, N., Seng, W. L. and Rahayu, W. Mobile Cloud Computing: A Survey. Future
Generation Computer Systems, 29(1), 2013, pp 84-106. doi: 10.1016/j.future.2012.05.023
Talal, H. N., Sherali, Z., Abdullah, A. and Quan, Z. S. Mobile Cloud Computing:
Challenges and Future Research Directions. Journal of Network and Computer
Applications, 115(1), 2018, pp. 70-85. doi: 10.1016/j.jnca.2018.04.018
Ramananda Mallya K. and Srinivasan, B. Mobile Learning in the Cloud: A New Stage for
Knowledge Management. International Journal of Computer Sciences and Engineering,
6(6), 2018, pp 1454-1458. doi: https://doi.org/10.26438/ijcse/v6i6.14541458
Ramananda Mallya K. and Srinivasan, B. Effect of Cloud based Mobile Learning on
Engineering Education. International Journal of Mechanical Engineering and Technology,
10(3),
2019,
pp.
614-621.
http://www.iaeme.com/IJMET/issues.asp?JType=IJMET&VType=10&IType=3
Velev, D. G. Challenges and Opportunities of Cloud-based Mobile Learning. International
Journal of Information and Education Technology, 4(1), 2014, pp. 49-53.
Ahmad, Z., Mayes, K., Dong, S. and Markantonakis, K. Considerations for Mobile
Authentication in the Cloud. Information Security Technical Report, 16(3-4), 2011, pp.
123–130. doi: https://doi.org/10.1016/j.istr.2011.09.009
Mobile Cloud Computing Forum, 2018. http://www.mobilecloudcomputingforum.com
Khan, A. U. R., Othman, M., Madani, S. A. and Khan, S. U. A Survey of mobile cloud
computing application models. IEEE Communications Surveys and Tutorials, 16(1), 2014,
pp. 393-413. doi:
Khan, A. U. R., Othman, M., Xia, F. and Khan, A. N. Context-Aware Mobile Cloud
Computing and Its Challenges. IEEE Cloud Computing, 2(3), 2015, PP. 42-49. doi:
https://doi.org/10.1109/mcc.2015.62
Abdul Nasir Khan, Mat Kiah, M. L., Samee, U. Khan and Sajjad A. Madani. Towards
secure mobile cloud computing: A survey. Future Generation Computer Systems, 25(5),
2013, pp. 1278-1299. doi:
Baran, E. A. Review of Research on Mobile Learning in Teacher Education. Educational
Technology & Society, 17(4), 2014, pp. 17-32.
Hou, W. and Zhu, D. M. Research on the Practice of Developing Technologies on Mobile
Learning. Modern Educational Technology, 20, 2010, pp. 115-126.
Sultan, N. Cloud computing for education: a new dawn? International Journal of
Information Management, 30(2), 2010, pp. 109-116.
Masud, A. and Huang, X. An e-learning system architecture based on cloud computing.
World Academy of Science, Engineering and Technology, 6, 2012, pp. 736-740.
Masud, A. and Huang, X. A cloud based m-learning architecture for higher education.
Archives Des Sciences, 66(1), 2013, pp. 751-760.
Georgios Kambourakis. Security and Privacy in M-Learning and beyond: Challenges and
State-of-the-art. International Journal of u- and e- Service, Science and Technology, 6(3),
2013, pp. 67-84.
Oh, D. S., Kim, B. H. and Lee, J. K. A Study on Authentication System using QR code for
Mobile Cloud Computing Environment. In 6th international conference on future
information technology, Loutraki, Greece, Springer-Verlag, 2011, pp. 500-507.
http://www.iaeme.com/IJCIET/index.asp
217
editor@iaeme.com
Ramananda Mallya K and Dr. B Srinivasan
[19]
[20]
[21]
[22]
Saurabh Dey, Srinivas Sampalli and Qiang Ye. MDA: Message Digest-based
Authentication for Mobile Cloud Computing. Journal of Cloud Computing Advances,
Systems and Applications, 15(18), 2016, pp. 1-13.
Chunhua Chen, Chris J. Mitchell and Shaohua Tang, Ubiquitous One-time Password
Service using the Generic Authentication Architecture. Mobile Networks and Applications,
18(5), 2013, pp. 738–747.
Mohammad Rasoul Momeni. A Lightweight Authentication Scheme for Mobile Cloud
Computing. International Journal of Computer Science and Business Informatics, 14(2),
2014, pp. 153-160.
Ramananda Mallya K. and Srinivasan, B. Securing data using touch stroke authentication
in the mobile cloud. International Journal of Applied Engineering Research, 13(15), 2018,
pp 11810-11815.
http://www.iaeme.com/IJCIET/index.asp
218
editor@iaeme.com
Related documents
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
Cloud Based Business Growth Support Processes
Cloud Based Business Growth Support Processes
Security Position
Security Position
Download
advertisement