See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/362015454

INTERNATIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND

MANAGEMENT (IJSREM) A Two-Level Authentication Approach for Securing
Data in Cloud

Article · July 2022

DOI: 10.55041/IJSREM15098

CITATIONS READS

0 1,665

3 authors, including:

Vinothkumar Jaikumar
Annamalai University
16 PUBLICATIONS 66 CITATIONS

SEE PROFILE

All content following this page was uploaded by Vinothkumar Jaikumar on 15 July 2022.

The user has requested enhancement of the downloaded file.

 INTERNATIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT (IJSREM)
VOLUME: 06 ISSUE: 06 | JUNE - 2022 IMPACT FACTOR: 7.185 ISSN: 2582-3930

A Two-Level Authentication Approach for Securing Data in Cloud

Dr.J.Vinothkumar 1, Logaiyan Parthasarathy2
1
Asst.Prof / Dept. of Computer Science, Rajiv Gandhi Arts and Science College, Puducherry, India.
2
Post Graduate Teacher, PSBB Millennium School, Cuddalore, India.

system can be located anywhere in the world. This type of

Abstract— Security in Cloud Application has become a key computing is called a distributed system.
concern in recent years since all industries are marching
towards cloud technology. There are several concerns in Grid Computing – The process of handling the distributed
providing a secure environment to various sectors such as information or tasks among a group of networked computers
finance, healthcare using a cloud-computing environment. The with the aid of a single computer is termed grid computing.
primary concern is to provide secure access to cloud-based
Cloud Computing –The technology which maintains data and
applications. There are many existing solutions in use such as
One Time Password (OTP) for secure access. But, in the present its applications through the internet and the central remote
scenario, the two important issues that have to be addressed are server are termed cloud computing. The vital characteristic of
the One Time Password (OTP) has to be encrypted before cloud computing is the mechanism through which consumers
sending to the end-users and the authentication time for login or business people can use an application or can access their
should be reduced to keep the authentication process secure. data across the globe. The only criteria are the need for an
This paper proposes an OTP generation mechanism based on internet connection. The services of storage, memory,
the user credential for a Cloud-based electronic healthcare processing are centralized due to these technology provides
system for securing healthcare data. Hence, the proposed system efficient computing and this emerges to be a recent
addresses how to provide a secure OTP using the proposed
advancement of computer technology
secure algorithm to the end-user based on Short Message
Service (SMS). This proposed system also provides a secure data Cloud Computing can also be a specialized form of
sharing scheme for the dynamic group in a cloud environment. Distributed Computing. It differs from Grid Computing in the
Any user in the cloud can share the data with other users by the following ways:
use of a group signature. The group signature is generated with
the help of end-user credentials for secure data sharing. A group  Scalability: It is scalable to a higher extent
member will send their credential to the group manager. After
verifying the user credential, the group manager will provide  Virtualization: It can be abstracted as an entity and
the group signature to the group member for accessing and delivers services to customers present anywhere
sharing data in the cloud. In the proposed system, the cost of around the globe
computation is not dependent on the number of the revoked
user.  Services: It can be dynamically configured and
delivery was done on demand.
Keywords— Cloud computing security, Authentication, OTP,
Dynamic Password, Time Synchronization, Information and
communication security, Trust. Advantages of Cloud Computing
Cloud computing or the Cloud server offers several services
I. INTRODUCTION to the client. The only thing that client needs to have is a PC
Computing plays an important role in the day-to-day or a smartphone and an internet to access the cloud server.
activities of an individual such as email, usage of a debit,
The cloud has the added advantage of having a mechanism to
credit card, and online transaction for booking the ticket and
manage the resources that it has, balance the workload, and
other purposes. Also, computing has the power to improve
manage if there is any change of request. It is not just a
the speed of financial transactions in banks. The different
collection of computer resources.
types of computing are:
There is a rapid decrease in hardware cost and a great
Parallel Computing – The method by which a single
increase in computing power and storage capacity.
problem is solved using two or more processes is termed
parallel computing. Elasticity is another enormous advantage of the cloud,
whereby it can add an application etc., dynamically at the
Distributed Computing – The computational process that is
time of the client's request.
carried out within a group of the computing system. This
© 2022, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM15098 | Page 1
 INTERNATIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT (IJSREM)
VOLUME: 06 ISSUE: 06 | JUNE - 2022 IMPACT FACTOR: 7.185 ISSN: 2582-3930

The cost that would be incurred by downloading and Cloud computing is answerable for overseeing touchy
installing the needed software is eliminated in the cloud. information in a colossal volume. It permits different clients
to share the information using explicit access privileges
Cloud Service Models
which shift from one client to another. Yet, since information
 Cloud Software as a Service (SaaS) - Use proprietors and cloud storage are not situated in a similar
provider’s applications over a network believed space, it has become obligatory to encode the
information prior to transferring it onto the cloud. Encryption
 Cloud Platform as a Service (PaaS) - Deploy algorithms assume a significant part in giving information
customer-created applications to a cloud. security. The significant assignment of encryption algorithms
 Cloud Infrastructure as a Service (IaaS) - Rent is to ensure protection and security. The encryption
processing, storage, network capacity,and other calculations are named
fundamental computing resources.  Symmetric Key Algorithms
One Time Passwords  Asymmetric key algorithms
In symmetric encryption, a similar key is utilized for
encryption just as unscrambling though in unbalanced
encryption public key is utilized for encryption and a private
key is utilized for decoding.
Data Security on cloud
Cloud security is a bunch of organization made rules to
impede any conceivable type of information misfortune,
breech, or inaccessibility. Cloud security is additionally a
specific, add-on cloud administration that guarantees cloud
conditions and the information put away in them are secure.
Cloud suppliers and security organizations wouldn't endure
long assuming that they couldn't ensure their clients'
information well. In any case, associations should choose for
themselves which security highlights they require, and these
may not be a one-size-fits-all suggestion.
Figure 1: One-Time Password
For instance, fundamental cloud administrations will more
often than exclude essential security highlights; be that as it
A one-time secret key (OTP) is exactly what the names may, ventures require undertaking grade security choices.
suggest, a secret phrase that is just legitimate for one login. When moving to the cloud, security and IT experts are astute
The advantage of OTPs is that it offers a lot higher security to comprehend their organization's danger craving and
than static passwords, in the cost of ease of use and security pose so they realize what cloud-based controls will
arrangement issues. OTPs are insusceptible against secret be essential. For instance:
word sniffing assaults, assuming an aggressor use
programming to gather your information traffic, video Administrative consistence might be fundamental. Provided
records you when you type on your console, or utilize social that this is true, the association will need consistence
designing, it doesn't make any difference since the secret controls.
phrase that the assailant gets hold of won't be legitimate to The viability of the information security required ought to be
utilize. An OTP can be produced utilizing various strategies, undeniable.
and is frequently utilized related to a gadget that is
synchronized with a validation server Cloud-based controls ought to be basically just about as
powerful as on-premises controls. The cloud supplier ought
Time sensitive OTPs: In the time sensitive strategy, a gadget to have actual security set up to guarantee that troublemakers
with an interior clock creates passwords that are relying upon don't approach gear.
the current time. For instance, consistently another secret
word is created in the gadget, and a similar secret phrase is To reassure customers, cloud suppliers offer administration
produced at the verification server. At the point when the consoles IT and security experts can use to guarantee that:
client needs to sign in to an assistance or framework, the Their information and the cloud climate that has it are secure.
current OTP that is shown on the gadget is utilized.
They have regularly updated knowledge into the present
Data Security status of safety.

© 2022, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM15098 | Page 2

 INTERNATIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT (IJSREM)
VOLUME: 06 ISSUE: 06 | JUNE - 2022 IMPACT FACTOR: 7.185 ISSN: 2582-3930

They get convenient notices of outside the allotted Tragically, most associations are not overseeing security
boundaries conditions and essential occasions. weaknesses as consistently as they ought to. All things being
equal, they're overseeing weaknesses intermittently, like
They can recognize the underlying driver of issues and
Patch Tuesday, month to month, and so forth most
remediate them.
associations likewise battle to focus on weaknesses since they
Given the quick development of information volumes, the can be so various.
speeding up speed of innovation advancement, and
Detect The association ought to have discovery controls set
continually arising dark cap strategies, depending on the
up that recognize issues and ready security work force when
security of your cloud is a sensible choice. This is on the
vital. Identification controls will quite often work couple with
grounds that – whenever oversaw appropriately – it can give
remedy controls that might be programmed, manual, or a mix
more noteworthy strength and security than in-house server
of the two, contingent upon whether the circumstance is
farms. To understand that, notwithstanding, cloud security
brought about by a minor mistake, a cyberattack, or one more
the executives and security the board ought to be adjusted
kind of episode.
and reliable.
Correct Security episodes happen regardless security
controls are set up. Before they occur, there ought to be
remedy controls set up that limit the measure of harm an
agitator can cause. For instance, assuming a programmer
accesses an information base or delicate document, what
occurs straightaway? In the event that the information are
annihilated, are there calamity recuperation choices set up
Cloud Security Software and Services
Coming up next are a portion of the cloud security
programming and administration choices organizations ought
to consider:
IaaS or PaaS cloud security choices – these are add-on
administrations that give endeavours more broad security
choices than are accessible with fundamental cloud choices.
Character and Access Management (IAM) – these
instruments guarantee that main approved gatherings
approach information and figuring assets.
Actual security – IaaS/PaaS suppliers ought to have actual
security – locked entryway, designated spots –
notwithstanding advanced security to guarantee their IT
resources stay secure.
 Encryption – scrambles information very still and
Figure 2: Cloud Security moving.
Cloud Security Architecture  Entrance testing – outside advisors are employed as
Cloud security design impacts the viability of cloud security. "white caps" to break into an organization's
Coming up next are a couple of significant security the board framework to recognize shortcomings.
tips you can use to sustain user's cloud environment.  Consistence controls – guarantee adherence to
Prevent The "best" sort of cyberattacks are those that fizzle HIPPA, GDPR, and so forth
from the start. The most ideal way to forestall an assault is to
Password Authentication
constantly:
The multilateral framework architecture is probably the
Recognize weaknesses. furthest down the line idea to ensure information. In this
Focus on them dependent on their seriousness, system set of rules will be intended to access and handle the
danger insight, and the resources that would be information. Presently the inquiry is the way to ensure this
impacted by the assault. multilateral design which is securing the information. Secret
phrase confirmation is one of the broadly utilized verification
Remediate the focused on weaknesses by fixing strategies. It is successful, straightforward, and precise, with
them. no additional expense. The strength of a secret phrase relies
upon how powerful a secret phrase is produced to secure the

© 2022, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM15098 | Page 3

 INTERNATIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT (IJSREM)
VOLUME: 06 ISSUE: 06 | JUNE - 2022 IMPACT FACTOR: 7.185 ISSN: 2582-3930

framework. The interest is extremely clear and basic. In this always uses dynamic keys which is very difficult to hack by
base paper, we foster a secret word age framework by the middleman because of confusing dynamic private keys.
utilizing a reasonable structure plan to get strategies created Krishna et.al (2015) developed ATM transaction security by
by multilateral framework. The security will be two level generating and sending OTP through the GSM module to the
security approaches. At first the framework will be created to client's registered mobile number. If the customer failed to
produce dynamic secret word utilizing set of rules and register with the OTP, immediately ATM card will be
afterward same will be utilized to validate the client while blocked after the three successive wrong attempts. Abhskek
handling the information. So the whole reasonable structure et. al(2018) developed a framework that identifies the MAC
will be planned such a way that it gives greater security to the address of the registered phone number's device which
multilateral framework in the cloud. requires generating TOTP(Time-based OTP).TOTP is the
offline secret hash code generated by the offline token
II. RELATED WORKS generation mobile App. Sumathy and Ananthi Sheshaayee
Raghavendran et.al (2016) surveyed that a lot of large-scale (2014) developed reliable m-banking authentication by
organizations have migrated to cloud computing and introducing PIN along with the OTP. The PIN is mainly used
relocating their business and have their designated storage to encrypt and decrypt the OTP which is known only to the
unit attached along with it. The author elaborates in detail client and the bank. Each time the PIN is verified and SMS is
about the advantages and security regarding matters over the sent the client registered mobile number. Such a combination
cloud environment. Sheta Patel and Mayank Bhatt developed of PIN and OTP is more secured in case of any uncertainties
a proposed algorithm in cloud computing by introducing the arise due to any possible attacks such as middleman attacks
concept of assigning various time slices to each cloud user or mobile theft.
processes depending on the priorities of their task. Such a Jaikumar V et.al (2021) proposed a cloud model which uses
system results better than the existing round robin method. the cloud-based encryption algorithm and ring model along
Sujareet kaur and vinay Chopra(2015) adding an encryption with fingerprint authentication on the cloud. Moganarangan
algorithm to the existing cloud services .It possess the et al (2017) developed a multilevel authentication system for
security enabled service by using small size dynamic private the healthcare environment. In this paper, the author
key which operates the encryption / decryption algorithm. sectionalizes the fingerprint image into five divisions based
Such algorithm is secure and put forward to help identifying on the fingerprint classification. The author suggested that
the cloud users and hackers and immediately reject them the hacking of user fingerprint patterns is huge difficult when
from cloud service. Scarlin and K.Curran (2013) introduce the sectionalized image is used for enrolment and matching.
two technologies namely Multi-tenancy and Virtualization Ananya Bhattacharya et.al (2013) proposed an approach to
offers dynamicity which cannot be tracked. Such system speed up the matching process of fingerprint by classifying
results better than the conventional system. Nirmal and the fingerprint into different groups in enrolment which
Sanjeev Kumar (2018) list out the various cloud security improves fingerprint matching. R.G.S.kumar et al (2017)
issues that may be possible at the cloud data transmission at developed Tri degree coalition which aims for dynamicity,
the hybrid cloud. The cloud computing data transmission user identity preserving, and privacy of user data. The author
policy ensures whether the issues specified by the author are suggests the Virtual machine allocation policy to store the
sorted and rectified before the actual transmission begins. encrypted keys over the cloud environment
Choiet.al(2015) proposed a secure OTP algorithm which uses
the IMSI number of registration of users and captcha images
along with OTP to prevent from the various attack. Kysaw
and Nay (2019) developed the OTP approach which is
encrypted by RSA public-key encryption algorithm. Such
type of encryption is more secure even for the third party
user. Fazal et.al (2020) proposes the generation of OTP by
using one of the hashing functions called the mid-square
method. The encryption used in his system is the AES
encryption algorithm. By this method, the generated OTP is
used for many online transactions. Huiye and Yueqong
(2013) developed a novel two-factor authentication scheme
based on OTP which reduces the computation cost and also
offers the secured transaction. OTP generator algorithm uses
infinite and forward hash chaining methods to allocate
memory for the hash keys. Dindayal Mahto and Dilip (2017)
proposes the generation of OTP along with iris biometric for
e-commerce transactions. Such type of OTP is shorter than
RSA. This type of OTP is much secured and it is very
difficult to hack by intruders. This proposed algorithm

© 2022, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM15098 | Page 4

 INTERNATIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT (IJSREM)
VOLUME: 06 ISSUE: 06 | JUNE - 2022 IMPACT FACTOR: 7.185 ISSN: 2582-3930

secure to ensure the clients' information and gain the trust of

the clients.
III. PROPOSED SYSTEM Authentication with OTP: The authentication method
utilized is two-factor validation with a one-time secret
password with certain adjustments. The client's cell phone
will function as the confirmation gadget, in which the client
needs to enter a 6-digit PIN code to produce an OTP that can
be utilized for login. The OTP that is created on the cell
phone depends on three parts which will be hashed along
with MD5:6-digit PIN code that the client enters.
A mysterious arbitrary number that was made during gadget
introduction (Init-secret) that main exists on the client's cell
phone.
OTP Generation
The significant undertaking of the proposed framework is to
make a one-time secret phrase based on the random sphere
value space to verify the clients to stay away from different
digital assaults like a phishing assaults. The one-time secret
key age conspire should have the option to create a bigger
space of interesting passwords so it very well may be utilized
to validate various clients all at once with no deception. The
OTP adds an additional a security layer to ensure the client
login.

Figure 3: Two-factor OTP authentication

Authentication solutions
The previous section referenced the issues with static
passwords and furthermore different issues related with
various cloud suppliers' security arrangements, and how they
can't be utilized acceptably in a cloud climate. There are
ways of having a solid and simple to-utilize cloud
administration that can fulfil these standards':
 Give a superior secret word answer for login
strategies than the unreliable strategy for static
passwords.
 Give a superior two-factor OTP verification
arrangement than those talked about in the past part.
3. Have a straightforward enlistment framework,
which simultaneously doesn't think twice about.
 Utilize an encryption calculation that is secure yet in
addition quick, to have the option to serve the
tremendous measure of cloud clients.
 Offer an answer that is for nothing to draw in more
clients to the cloud administrations.
By and large, the security answer for cloud administrations
should be not difficult to utilize yet in addition be extremely Figure 4: Flow Chart of OTP Login Security

© 2022, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM15098 | Page 5

 INTERNATIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT (IJSREM)
VOLUME: 06 ISSUE: 06 | JUNE - 2022 IMPACT FACTOR: 7.185 ISSN: 2582-3930

OTPs are broadly utilized over the web for authentication. Encryption algorithm
OTP age is utilizing values in the circle space-based irregular
a) Extract each character from a record and get its
number age framework for enormous thickness clients on the
comparing ASCII esteem.
double. The cubic irregular capacity gives the ability of a
bigger number of arbitrary number mixes. The OTP age at b) Convert the ASCII worth to the relating parallel
first produces the network of million qualities. The various worth
quantities of qualities are arbitrarily chosen among the
c) Check in the event that the parallel worth is 8 pieces
million qualities created before and connect to make an OTP.
Then, at that point, the perplexing number is changed over or not.
into a whole number based secret key is changed over into a d) If not then add going before 0's to make it a 8-bit
picture utilizing visual encoding makes it safer and sends it double worth.
by means of portable/SMS-based confirmation conditions.
e) Reverse the relating 8-digit paired worth.
f) Extract the initial 4 pieces from the switched 8-digit
paired worth and opposite them.
Step1: Sphere Random Function to generate a random g) Similarly, separate the last 4 pieces and converse
number them too.
a) Initialization of the arbitrary number generator and work h) Append the 4-cycle paired qualities acquired in
out the point of rise in the circle. The circle contains stages 6 and 7.
values in the open span, (- π/2, π/2) yet isn't consistently
circulated. i) The 8-cycle double worth acquired subsequent to
attaching in sync 8 is the cipher text.
b) Creation of the point of azimuth for every circle point
dependent on consistently circulated in the open stretch, j) Convert this 8-cycle double worth to ASCII and
(0,2π) compose the relating character to the encoded
record.
c) Compute sweep an incentive for each point dependent on
an open interval, (0, 6) not consistently circulated. k) The key is created by adding 10 to the ASCII esteem
in sync 10, and the relating character is kept in touch
d) Rearrange and connect the arbitrary grid esteems and with a different encryption key record.
return OTP.

Decryption Algorithm
Step 2: encoding and decoding
We have created and carried out a symmetric key algorithm
where OTP is encrypted at the customer side and transferred a) Extract each character from the encoded document
to an online distributed storage administration. Here we deal and get its comparing ASCII esteem.
with the encryption cycle and encryption keys. At the point b) Get the ASCII worth of each character from the
when the information is downloaded from the distributed encryption key record and take away 10 from it.
storage administration we decode it utilizing the encryption
keys. c) Check assuming that the qualities in stages 1 and 2
are something similar or not.
The primary point of this calculation is to get the information
while on the way, in spite of the fact that SSL(Secure Sockets d) If they are not a similar then decoding won't be
Layer) is utilized to keep the information hidden by building performed.
up an encoded connect between a web server and a program e) If they are a similar decoding will be performed by
while the information is on the way however by scrambling turning around the encryption calculation, i.e., by
the information before it is sent gives an additional a layer of changing scrambled person over to comparing
safety. Likewise, many specialist co-ops don't scramble ASCII worth and afterward from ASCII worth to 8-
information when it is moved between their own server farms bit twofold worth, breaking the parallel worth to 4
which can prompt government interruptions, information pieces, switching them independently, and attaching
misfortune and protection hazards, hazard of licensed them and the switching the affixed paired worth.
innovation robbery, and spying endeavours, and furthermore
many specialist co-ops don't have start to finish encryption. f) The decoded character is kept in touch with a
In this manner, encoding information at the customer side different unscrambling document which ought to be
before it is transferred to a distributed storage administration as old as content of the first record.
can assist with managing such dangers.

© 2022, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM15098 | Page 6

 INTERNATIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT (IJSREM)
VOLUME: 06 ISSUE: 06 | JUNE - 2022 IMPACT FACTOR: 7.185 ISSN: 2582-3930

GROUP SIGNATURE The CSP operates the cloud which provides the storage
services with a price associated with the service. As the CSPs
Any member of the group is allowed to sign the messages
are outside the user's trusted areas the CSPs are not relied
while the identity is kept secret from the verifiers. But when a
upon fully. The cloud server is honest and at the same time
dispute occurs the group manager might reveal the identity of
curious and hence tries to learn about the data content and the
the owner of the signature, and this is termed traceability.
identity of the cloud users. But the cloud server does not
In this proposed work we apply a group signature, which has delete or modify the data due to the presence of the auditing
the following properties: scheme.
Only members of the group can sign messages; The group manager has a responsibility to generate the
parameter for the system, registration of the user, revocation
a) The group signature can be verified by the member of the user, and during the dispute, it has to reveal the real
but the member who made this signature cannot be
identity of the data owner. In the given health application, the
discovered. group manager is acted by the administrator of the hospital/
b) These group signatures are a simplification of the health care. Therefore, we assumed that the other parties
credentials authentication schemes, in that every having full trust in the group manager.
person has to prove that they belong to a certain A set of registered users are the group members who store
group. their private data in the cloud server and share them with
We consider a cloud computing architecture by combining other members of the group. In the health care application
with a healthcare example that a health care uses a cloud to which we use, the group member’s role is played by the staff
allow its staff member in a similar group or division to share members. The group is dynamic as the staff members resign
data. The cloud, group manager who is the administrator, and and new staff members join the company.
several group members who constitute the staff are the
entities that comprise the system model. This model is IV. EXPERIMENTAL SETUP &RESULTS
illustrated in Figure The results obtained and the experimental setup of
Figure 5: Proposed System Architecture implementation of two-level authentication using the concept
of Mobile OTP to access the private cloud.
Server Localhost
Intel® Core™2 Duo
processor
4 GB hard Disk
4 GB RAM
Operating System Windows operating
system(Windows 7
and above)
Wamp Server
(Apache, MySQL
Server, PHP)
FasttoSms API,
CURL
PhpSecurelib
Table 1: Software Requirements
WAMP Server is a collection of open-source software used
to create a web server. The collection consists of Linux – the
operating system, Apache server – the server, MySQL– the
database system, PHP – the programming language
FasttoSMS API is used to send OTP from a PHP
application. The user need to register and subscribe to the
SMS service
PHPSecurelib is a Machine Learning API that is used to
encrypt the uploaded medical report and it gets decrypted
when the doctor download file

© 2022, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM15098 | Page 7

 INTERNATIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT (IJSREM)
VOLUME: 06 ISSUE: 06 | JUNE - 2022 IMPACT FACTOR: 7.185 ISSN: 2582-3930

Figure 8: Level 2 Authentication. OTP is only valid for 3

minutes. After that, the session expires and access is
denied.
Figure 6: We have successfully registered and now we
move to the Login page

Figure 9: After successful authentication, user-uploaded

Figure 7: Level 1 Authentication (Username and
documents are encrypted and stored in cloud storage.
Password Authentication)

© 2022, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM15098 | Page 8

 INTERNATIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT (IJSREM)
VOLUME: 06 ISSUE: 06 | JUNE - 2022 IMPACT FACTOR: 7.185 ISSN: 2582-3930

Figure 12: Like the user, the doctor can also login into the
system

Figure 10: Files stored in remote cloud

Figure 13: OTP for doctor’s registered mobile number

Figure 11: File gets encrypted in cloud server

V. CONCLUSION AND FUTURE WORK

Any verification framework's core strength relies upon the
likelihood of progress for breaking that framework for getting
to the administrations given by the cloud specialist co-ops. In
our proposed authentication scheme, the core strength is
certification based validation, an OTP generation mechanism
dependent on the client accreditations and gathering mark for
client verification. For gaining admittance to the requested
service, the aggressor needs to break all the authentication
layers. Security investigation says that increments as the

© 2022, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM15098 | Page 9

 INTERNATIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT (IJSREM)
VOLUME: 06 ISSUE: 06 | JUNE - 2022 IMPACT FACTOR: 7.185 ISSN: 2582-3930

quantity of validation techniques in the framework, the

likelihood of accomplishment for breaking the OTP-based
11. H. Parmar, “Generation of Secure One-Time
verification framework comes to approach zero.
Password Based on Image Authentication,” pp. 195–
Subsequently, by seeing the investigation of safety, we can
206, 2012.
say that there is an exceptionally less likelihood of breaking
the client accreditation based verification framework. The 12. H. Liu and Y. Zhang, “An improved one-time
proposed method takes more space than the current password authentication scheme,” Int.Conf.
verification strategy which is extremely less, and furthermore Commun. Technol. Proceedings, ICCT, pp. 1–5,
we can say that it is immaterial on account of a cloud 2013.
environment where a lot of capacity and it’s versatile.
13. E. Erdem and M. T. Sandikkaya, “OTPaaS-One
time password as a service,” IEEE Trans. Inf.
VI. REFERENCES
Forensics Secur., vol. 14, no. 3, pp. 743–756, 2018.
1. V. Jaikumar and K. Venkatachalapathy, “Integrative
optimization with Qos using multi-level security in 14. H. Choi, H. Kwon, and J. Hur, “A secure OTP
medical cloud,” J. Ambient Intell. Humaniz. algorithm using a smartphone application,” Int.
Comput., 2021. Conf. Ubiquitous Futur. Networks, ICUFN, vol.
2015-Augus, no. 2, 476–481, 2015.
2. J. Hamdard, N. Delhi, P. Agarwal, J. Hamdard, and
N. Delhi, “Cryptography Based Security for Cloud 15. J. V. Kumar, K. P. Kumar, K. Srinadh, and K. S.
Computing System,” Int. J. Adv. Res. Comput. Sci., Kumar, “International Journal of Research
vol. 8, no. 5, pp.2193–2197, 2017. Publication and Reviews Biometric Attendance
System Over IOT,” no. 2, pp.494–497, 2021.
3. Journal, E. Engineering, and S. Kumar, “Security in
Cloud Computing: A review,” vol. 10, no. 2, pp. 16. K. N. Pandey, S. Kumari, and P. Dhiman, “ATM
927–936, 2018. Transaction Security Using Fingerprint / OTP,” vol.
2, no. 3, pp. 448–453, 2015.
4. V. Paranjape and V. Pandey, “An Improved
Authentication Technique with OTP in Cloud 17. M. A. Hassan, Z. Shukur, and M. K. Hasan, “An
Computing,” no. 3, pp. 22–26, 2013. Improved Time-Based One Time Password
Authentication Framework for Electronic
5. C. V. Raghavendran, G. N. Satish, P. S. Varma, and Payments,” Int. J. Adv. Comput.Sci. Appl., vol. 11,
G. J. Moses, “A Study on Cloud Computing no. 11, pp. 359–366, 2020.
Services,” Int. J. Eng. Res. Technol., vol. 4, no. 34,
pp. 1–7, 2017. 18. Karia, A. B. Patankar, and P. Tawde, “SMS-Based
One Time Password Vulnerabilities and
6. S. Carlin and K. Curran, “Cloud computing Safeguarding OTP Over Network,” vol. 3, no. 5, pp.
security,” Int. J. Ambient Comput. Intell., vol. 3, no. 1339–1343, 2014.
1, pp. 14–19, 2011.
19. S. Zhao and W. Hu, “Improvement on OTP
7. H. J. Kim et al., “Novel Hybrid Encryption authentication and a possession-based authentication
Algorithm Based on Aes, RSA, and Twofish for framework,” 2018.
Bluetooth Encryption,” Int. J. Electr. Comput. Eng.,
vol. 8, no. 1, pp. 1–18, 2018. 20. F. Noorbasha, C. R. Krishna, and S. Hafijullairshad,
“FPGA Based OTP Generation System for Data
8. M. Robinson Joel, V. Ebenezer, M. Security,” Int. J. Recent Technol. Eng., vol. 8, no. 5,
Navaneethakrishnan, and N. Karthik, “Encrypting pp. 1836–1839, 2020.
and decrypting different files over different
algorithm on cloud platform,” Int. J. Emerg. Trends 21. D. Mahto and D. K. Yadav, “One-Time
Eng. Res., vol. 8, no. 4, pp. 1379–1383, 2020. Password Communication Security Improvement
using Elliptic Curve Cryptography with Iris
9. N. Chandrakala and B. Thirumala Rao, “Migration Biometric,” vol. 12, no. 18, pp. 7105–7114, 2017.
of Virtual Machine to improve the Security in Cloud
Computing,” Int. J. Electr. Comput. Eng., vol. 8, no. 22. N. Moganarangan, G. Sambasivam, N. Balaji, and
1, pp. 210–219, 2018. R. G. Babukarthik, “Efficient multilevel
authentication in an integrated pervasive healthcare
environment,” J. Adv.Res. Dyn. Control Syst., vol.
10. Kyaw Swar Hlaing | Nay Aung Aung, “Secure One 9, no. Special Issue 12, pp. 1661–1672, 2017.
Time Password OTP Generation for user 23. Soe Moe Myint | Moe Moe Myint | Aye Aye Cho,
Authentication in Cloud Environment,” Int. J. Trend “A Study of RSA Algorithm in Cryptography,” Int.
Sci. Res. Dev. , vol. 3, no. 6,89–92, 2019. J. Trend Sci. Res. Dev. Int. J. Trend Sci. Res. Dev.,
vol. 3, no. 5, pp. 1670–1674, 2019.

© 2022, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM15098 | Page 10

 INTERNATIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT (IJSREM)
VOLUME: 06 ISSUE: 06 | JUNE - 2022 IMPACT FACTOR: 7.185 ISSN: 2582-3930

24. Kaur, G. Narula, C. Science, and C. Science, “One

Time Password Generation Using Mathematical
Random Function In Sphere Space For Mid-Sized
Applications”, International Journal of Advance
Engineering and Research Development, pp. 150–
154, 2014.
25. Kulat, R. Kulkarni, N. Bhagwat, K. J. Desai, and P.
Kulkarni, “Prevention of Online Transaction Frauds
Using OTP Generation Based on Dual Layer
Security Mechanism,”2016.
26. V. Gangwar, Ravishanker, and A. K. Luhach,
“Mobile based secure authentication using TLS and
offline OTP,” Int. J. Control Theory Appl., vol. 9,
no. Specialissue11, pp. 5253–5262, 2016.

27. M. A. Albahar, O. Olawumi, K. Haataja, and P.

Toivanen, “Novel Hybrid Encryption Algorithm
Based on Aes, RSA, and Twofish for Bluetooth
Encryption,” J. Inf. Secur., vol. 09, no. 02, pp. 168–
176, 2018.
28. AnanthiShesashaayee and D. Sumathy, “OTP
Encryption Techniques in Mobiles for
Authentication and Transaction Security”,
International Journal of Innovative Research in
Computer and Communication Engineering, pp.
6192–6201, 2014.
29. H. J. Kim et al., “Comparative study of multimodal
biometric recognition by fusion of iris and
fingerprint,” Procedia Comput. Sci., vol. 5, no. 03,
pp. 619–622, 2018.
30. R. G. S. Kumar, T. Nalini, and V. Saranya, “A
COMPLETE PUBLIC AUDITING FOR DATA
SHARING IN HYBRID CLOUD USING TRI
DEGREE COALITION ( TDC )
ARCHITECTURE,”, International Journal of
Recent Technology and Engineering , vol. 117, no.
21, pp. 925–929, 2017.

© 2022, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM15098 | Page 11

View publication stats