تحسين الأمنية بتطوير نموذج للتوثيق وفحص سلامة ملفات المستخدم لتطبيقات الويب السحابية العامة

Abstract

Cloud computing is being adopted generally and it has shown a high impact on the development of businesses, it enables on-demand access to a shared pool of configurable computing resources. Cloud computing faces many security problems like any other electronic system, and among these problems is the attacks on user authentication and thus on the integrity and confidentiality of data especially in the public cloud computing environment. Authentication plays a major role in keeping information secure in the cloud environment. Cloud users must ensure the integrity of their files stored in the cloud. In this study, the main objective is to develop a model for user authentication and checking the integrity of files stored in the public cloud, by studying the state of art of security models in public cloud computing and analyzing them, in particular the models for integrity of data or files and user authentication. This study uses the descriptive, deductive, applied and prototype methodology. We developed a model for the user authentication and file integrity checking for files in the cloud, in the user authentication system, we used two-factor authentication that involves password and digital signature which uses the certificate-based authentication. For the file integrity checking system, the model used a secure hashing algorithm whereby the file hash value is calculated and encrypted before sending to the cloud. All file and data transfers between the cloud provider and the user are encrypted using the symmetric and asymmetric encryption system. We used several tools and programming languages to implement the model and experiments. Our experiments proved that the model is effective and acceptable. Among the most important results is that the model provides strong user authentication and integrity checking system for cloud users and files. The model also provides confidentiality and non-repudiation. It also increases user confidence in cloud applications as we ensured secure connection between cloud users and cloud service providers, the model also uses less computation power on user devices. Future studies should be conducted to solve the problem of phishing attacks for web pages, and the model can be improved to verify the integrity of files shared by multiple users and adapt the model to new security algorithms.