Emerging trends in cloud computing with advanced biometric security

Cloud Computing

Emerging Trends for Cloud Computing facilitated by Advanced Biometric Technologies for Enhanced Security

Author (I will fill this part )

Affiliation (I will fill this part )

An organizations' greatest asset is its information and knowledge. The integration and refinement of biometrics technologies into the process workflows of homeland security and defence agencies globally is the objective of this analysis.

Inherent in the development of a biometrics-based access strategy for cloud-based resources is the need for compliance to global standards and U.S. Federal mandates as well. The influence of the Federal Information Processing Standard (FIPS) 199 for information management [7], the Federal Information Processing Systems standard (FIPS200) [7], in addition to the Federal Rules of Evidence and CFR Part 1250 compliance are included in this analysis.

Using cloud computing platforms to more effectively and economically manage and distribute information, government agencies concentrating on homeland security and defence can attain greater agility and effectiveness by using biometrics as their primary technology for authenticating users and safeguarding information assets. Strategies that require intensive collaboration are predicated on having each role within homeland security and defence agency integrate yet secure from the standpoint of access and authentication with biometric-based access technologies and processes.

Ultimately, the objective is to create a role-based cloud architecture that can scale and be agile enough to give homeland security and defence agencies the ability to anticipate and respond to threats while protecting the core information assets effectively through biometric-based technologies and processes.

1. Introduction

Cloud computing and its underlying technologies are redefining the economics, strategies and processes by which organizations use their most critical asset, information. Protecting these critical information assets in homeland security and defence ministries requires exact verification of the identity and role of those using the databases, files, systems and global networks. Authentication based purely on keystrokes or passwords has been shown to be less secure in pervasive cloud-based applications vs. biometrics and more advanced forms of security based on identifying a person through biological and physiological attributes [3]. Engraining biometrics into cloud-based platforms and applications for department of homeland security and defence agencies requires intensive levels of process integration and system development. This analysis presents the overview of cloud computing from the context of the integration points to make biometrics-based security possible.

This analysis focuses on evaluating the benefits, risks, and assessing the strengths, weaknesses, opportunities and threats of using biometric technologies in conjunction with cloud computing platforms in the fields of Homeland Security and Defense industries. More specifically, looking at how to integrate biometrics-based technologies into homeland security and defence industry workflows to ensure greater levels of authentication, identity verification and role-based access across all information assets is the goal of this analysis. In order to accomplish this, comparisons of biometric technologies that are in pilot status or in active use today by governments globally are first discussed in this analysis.

In order to integrate biometrics effectively into these workflows the global and U.S.-specific standards must first be assessed. The rapid pace of technological change is matched by the proliferation of standards globally in biometrics, both from compliance and from security standpoint [3] has led to biometrics being integrated at the application level of databases, security applications and systems. These standards include those from the global computing standards organizations including the World Wide Web Consortium (W3C), the International Electrical Engineering Society (IEEE) and International Standards organization (ISO) 27001 [7]. The latter standard is the most all-encompassing and concentrates on an enterprise-wide control of security strategies. What is significant about these standards is that they have led to the development of an entirely new set of Application Program Interfaces (APIs) for biometrics processes and systems. These APIs are forcing the development of more streamlined, integrated, and Web-based applications that are Web Services-based [10]. The intent of these APIs is to create enough agility for application, database and platform providers to traverse the cloud computing protocol stack or architectural platform as illustrated in Figure 1. Please see Figure 1, Traversing Cloud Computing Architectures using Biometrics APIs for a graphical representation of the cloud computing protocol stack. The speed and accuracy of information workflows that traverse this stack have direct implications on the performance of cloud-based applications globally, across shared databases and security platforms by departments of homeland security and departments or ministries of defence. The greater the level of integration across these systems, the greater the level of security and role-based authentication that can occur over time which makes the development of APIs critically important for biometrics adoption globally.

Specifically the APIs that define how to traverse a cloud-based protocol stack using a J2EE-enabled gateway. This API translates J2EE and AJAX commands into packets for transmission over TCP/IP-based networks. Encrypting these packets for data security is crucial to overall network reliability and security. In addition to these factors, the use of the Java Authentication and Authorization Services (JAAS) protocol to integrate with legacy data via a gateway is used. Arguably APIs are programming constructs, yet their ability to integrate legacy data do make them use cases in complex integration.

These APIs could be harnessed by the application, database and platform providers to traverse the cloud computing protocol stack or architectural platform as illustrated in Figure 1. The speed and accuracy of information workflows that traverse this stack have direct implications on the performance of cloud-based applications globally, across shared databases and security platforms by departments of homeland security and departments or ministries of defence. The greater the level of integration across these systems, the greater the level of security and role-based authentication that can occur over time which makes such development critically important for biometrics adoption globally.

In addition to these industry standards, there are other standards on the use cases of biometrics-based security technologies and their applicability to security strategies and roles [3].

These standards, while U.S.-based, are indicative of the depth of compliance occurring in the use of biometrics and security technology for cloud computing. In conjunction with the APIs and their role in defining platform and protocol stack integration, they have also successfully been used to significantly reduce the training time of new employees developing such security solutions [4]. These standards are also acting as a catalyst for greater inter-process and inter-system integration across the many applications, systems and varying legacy security platforms that departments of homeland security and defence ministries rely on [9].

The APIs specifically dedicated to cross-platform integration through the use of a J2EE-based gateway as defined to traverse the cloud computing architecture rely on a reduced instruction set of routines that are specifically designed to allow for more efficient processing. The reliance on J2EE-based programming standard specifically has been adhered to for their development [6]. The API set has also specifically been designed to allow for auditability and compliance to the following standards for biometrics security and encryption: the Federal Information Processing Standard (FIPS) 199 for information management [7], the Federal Information Processing Systems standard (FIPS200) [7], Federal Rules of Evidence and CFR Part 1250 compliance [7] [3].

The Federal Information Processing Systems standard (FIPS200) ) [7] specifically covers the areas of access control, audit and accountability, awareness and training, certification, accreditation, and security assessments, Configuration management, Contingency planning, identification and authentication, and incident response. In addition, this standard also specifically defines aspects of maintenance, media protection, personnel security, physical and environmental protection and planning risk assessment. The two remaining areas of systems and services acquisition System and communications protection are also defined as part of the standard. Taken together these areas form a strategic security plan for defence and homeland security departments.

Cloud Computing and Biometrics

Cloud computing has emerged as a force in computing as a result of the integration of virtualization technologies [8] and the development of application platforms that can scale elastically across the resource needs of organizations [5]. This has also contributed to the portability of applications to the cloud with APIs that can scale throughout the Cloud computing protocol stack [5]. The rapid maturation of the cloud computing platform is also revolutionizing the economics of enterprise software as well, shifting the balance of purchasing power. No longer are software purchasing decisions made by the Chief Technology officer (CTO); the line-of-business managers and leaders in private industry often purchase cloud-based applications and expense them, creating a challenge for CIOs and their IT staffs who need to integrate the systems and applications together in an organization to maximize their effectiveness and secure the organizations' assets [8]. The need for having encrypted APIs at the system and machine level is critical, as are the requirements of more effective approaches to integrating which specific type of biometrics device is chosen [9].

APIs that provide organizations wide latitude of freedom in choosing which type of biometrics device they choose to implement are driving biometrics adoption. This freedom of defining configurations for biometrics access devices increases the number of pilot projects and testing of biometric-based access control for cloud platform globally [2] [9]. In addition, this approach of allowing for APIs to control access is also fuelling multi-party based access across roles in a given workgroup [6].

In addition to the stability, scalability and extensibility of its architecture, cloud platform have made it possible for workflows across government to become more pervasive and secure as a result [4]. The TCO of a given cloud platform or series of applications therefore has continued to become reduced by the experience effect (comparable to economies of scale yet only applied to data aggregated and knowledge creation) across government [6]. This experience effect is being driven by the pervasive piloting of APIs and the development of shared resource programs that enable greater accuracy and speed of response to share security threats across departments of homeland security, departments, and ministries of defence globally [9].

The flexibility and agility of APIs are also the catalyst for Infrastructure-as-a-Service (IaaS) secured platforms that are biometrics device agnostic. That is to say they rely only on the API-based interface to the device, not the actual commands to operate them. This has drastically reduced the cost and time-to-value for biometrics systems globally, and has reduced TCO drastically as well.

The Biometrics APIs that hold together the Cloud Computing Infrastructure shown in Figure 1 also have specific implications on the Platform-as-a-Service (PaaS) layer of the model as well, as this layer deals with integration to legacy systems [8].

Being able to connect with and use the various legacy systems through biometrics-driven APis and peripheral devices can drastically reduce the threat of a system being hacked or compromised [9].

This area middle layer of the Cloud Computing Infrastructure is the most vulnerable due to the proliferation of standards, both from industry organizations including W3C and IEEE, and the many government standards continue to focus on this most vulnerable aspect of deployment cloud computing technologies [7] .

Standards including ISO/IEC 19784-1, ISO/IEC 24708, and ISO 27001 programming standards that homeland security and defence departments must adhere to mitigate risks of security breaches at this level of the could computing infrastructure model [7].

All of these factors have been included in a series of API requirements that enable integration of each layer of the Cloud Computing Infrastructure [8]. This is particularly relevant in the PaaS layer of the cloud-computing infrastructure, where security to the API level needs to be achieved while at the same time delivering pervasive support for the burgeoning number of biometric systems [2] in development and use today to support role-based access of sensitive data [6]. Integrating the biometrics API into the PaaS layer is also critically important for supporting identity verification and authorization technologies including iris scans, facial recognition, palm and retina scanning, in fingerprint identification and analysis which vary across devices in terms of their implementation and device-level support [10]. Homeland security and defence organizations choosing to deploy a range of technologies face the daunting task of ensuring integration to identification databases on the one hand and to the actual scanning device on the other are secured and cannot be compromised [9]. For many homeland security and defence organizations however, the reliance on role-based access across their organization has become a requirement [9]. Role-based authentication necessitates the use of multiple identification technologies, each requiring integration to a tertiary and often legacy databases, while also requiring integration to the actual device through APIs. The PaaS layer is then by default the weakest link in the security strategy of any cloud computing infrastructure.

Figure 1. Traversing Cloud Computing Architectures using Biometrics APIs

3.

Evaluating Role-based Biometric Use in Cloud Computing Environments

3.1 Biometric Characteristics

Superior to authentication through credentials or licenses, biometric-based authentication share a common trait of being able to identify a person by their behavioural and physiological attributes [10]. Biometric technologies can thus be used to define group-based permissions based on roles that are cross-referenced by physiological attributes [6]. This leads to availability of security protocols for homeland security and defence organizations, where entire groups can be defined for access to specific areas, for example in a branch of the military needing access to a supply chain centre [10]. All biometric technologies share the attributes of universality, uniqueness, permanence, and collectability [1]. All four of these criteria must be met for a biometrics system to be effectively used for monitoring, granting or refusing access to assets, both information and location-based [2]. From a SaaS standpoint, the integration of various biometrics technologies must be in compliance to industry and government requirements [7] if the databases accessed at the IaaS layer of the cloud computing infrastructure model are to remain secure. The most challenging aspect of biometric implementation through SaaS however is securing the queries to the authentication, biometrics, and identity management databases integrated at the IaaS layer of the cloud infrastructure [5]. Please see Table 4.1, Comparing Biometric Technologies. There is a correlation between cost and susceptibility, as the higher the cost to implement the less the susceptibility of the technology to circumvention [10]. To compensate for this fact, system use requirements are critical for the secure use of biometrics in homeland security and defence applications. The next section discusses these system use requirements.