International Conference on Recent Advances in Mechanical Engineering and Interdisciplinary Developments [ICRAMID - 2014]

Integrating OTP Authentication service in

OpenStack
D.Sudha Devi
#

#1

, Dr.K.Thilagavathy

*2

, S.VaghulaKrishnan

#3

, S.Harish

#4

, R.Srinivasan

#5

Department of Computer Technology and Applications, Coimbatore Institute of Technology,

Coimbatore, INDIA
1

SUDHADEVI_CIT@YAHOO.COM, VAGHULK@GMAIL.COM, 4HARISHSRIRAM@GMAIL.COM, 5SRINICOOLLIFE@GMAIL.COM

*Department of Physics, Coimbatore Institute of Technology, Coimbatore, INDIA

2

THILAGAVATHY@CIT.EDU.IN

Abstract Cloud Computing is being intended to deliver

information technology services based on internet on demand.
The benefits of cloud technology are incomparable which takes
the information technology into a new dimension. Organizations
already invested for their own infrastructure are likely to set up
private clouds to reap the benefits of cloud computing
technologies. Cloud services are thriving by the open source
software OpenStack. In this paper, we aim to introduce the
largest open-source cloud operating system OpenStack with a
new authentication mechanism. This paper tries to address the
challenge of finding legitimate users by introducing One Time
Password(OTP) as an authentication mechanism in OpenStack.
Replay attacks can be defeated by using One Time Password.
The OTP mechanism provides an extra level of protection which
makes it extremely difficult for any potential intruder to abuse
the recorded password that was already used to log into cloud
service. The integration of OTP mechanism into OpenStack
allows users to protect their credentials from unauthorized
access. Also One Time Password is used to grant access to
legitimate users into the cloud environment and to prevent access
to malicious users bot attacks. With secured cloud environment
users can enjoy lot many benefits of private cloud service.
Keywords Cloud computing, private cloud setup, one-time
password, secured authentication, OpenStack cloud installation

I. INTRODUCTION
The internet based computing technology Cloud
Computing is defined by NIST as Cloud computing is a
model for enabling ubiquitous, convenient, on-demand
network access to a shared pool of configurable computing
resources (e.g., networks, servers, storage, applications, and
services) that can be rapidly provisioned and released with
minimal management effort or service provider interaction.
This cloud model is composed of five essential characteristics,
three service models, and four deployment models. The
essential Characteristics of Cloud model are On-demand selfservice, Broad network access, Resource pooling, Rapid
elasticity and Measured service. The three service models are
Software as a Service(SaaS), Platform as a Service(PaaS),
Infrastructure as a Service(IaaS) and the four deployment
models are Public Cloud, Private Cloud, Hybrid Cloud and
Community Cloud[1].
In a Public cloud the client has to depend on the cloud
service providers infrastructure and cannot be controlled
internally by the client. This leads to the concern that the
management of the data and services may not be fully

trustworthy. To have good control over their data and to ensure

the security of the data it is better to go for a Private cloud
rather than Public cloud. Organizations already invested for
their own infrastructure are interested in setting up private
cloud service within their organizational boundaries since a
private cloud can offer on-demand capability where services
can be scaled as needed similar to a public cloud[2].
The open-source cloud platforms provide the facility to
deploy private Infrastructure as a Service. Such open source
cloud platforms are supported with Eucalyptus[3],
CloudStack[4], OpenStack[5], OpenNebula[6] etc. In this
paper OpenStack cloud operating system is considered for
providing Infrastructure as a Service for private cloud service.
When the cloud service is provided, there is a need to verify
the legitimacy of the user in order to prevent the misuse of the
services. On the other hand cloud users also wish to know
whether his/her account in the cloud environment is secured
and has the ability to provide barriers for any kind of unethical
activity by a hacker or any unauthorized access and usage of
resources. To enhance the privacy and security of cloud user in
OpenStack, an One time password authentication mechanism
is introduced. To overcome the replay attacks of traditional
static passwords, OTP authentication can be integrated into
OpenStack which are not vulnerable to malicious users
recording or obtaining access to the resources[7]. A private
cloud service using OpenStack is implemented in our institute
and OTP authentication mechanism is developed with
PYTHON. This service proves to be a prominent solution for
verifying legitimacy of users and to overcome unauthorized
attacks.
The rest of the paper is organized as follows: Section II
introduces Private Cloud service using OpenStack, Section III
deals with OpenStack Cloud implementation results , Section
IV discusses with the One-Time Password service in
OpenStack and Section V concludes with Conclusion.
II. PRIVATE CLOUD SERVICE USING
OPENSTACK
A. Overview of OpenStack Cloud Operating System
OpenStack is a collection of open source software projects that
enterprises/service providers can use to setup and run their
cloud compute and storage infrastructure. Rackspace and
NASA are the key initial contributors to the stack. OpenStack

ISBN 978-1-4799-3158-3
1187

International Conference on Recent Advances in Mechanical Engineering and Interdisciplinary Developments [ICRAMID - 2014]

consortium has managed to have more than 150 members

including Canonical, Dell, Citrix, Intel, Cisco, IBM etc [5,8]
OpenStack is an open source software for Infrastructure as a
Service (IaaS) Cloud Computing.
The OpenStack Essex version implemented in our institute
encompasses the following five components:
Compute Service (Nova)
Storage Service (Swift)
Image Service (Glance)
Identity Service (Keystone)
User Interface Service (Horizon)

Keystone are Endpoints, Regions, User, Service, Role and

Tenant.
Storage Service (Swift) - Swift provides storage facility for
OpenStack. The components of Swift are Swift Account, Swift
Container, Swift Object, Swift Proxy and RING.
User Interface Service (Horizon) - Horizon is a web based
dashboard that is used to manage and administer OpenStack
services. It is used to manage instances and images, create
keypairs, attach volumes to instances, manipulate Swift
containers etc. [5,8]

B. Architecture of OpenStack
The Architecture of OpenStack has the following
Components:
Compute Service (Nova) - Nova is the Controller node for the
OpenStack Computing Infrastructure. That is nova handles the
life cycle of all created instances which means Nova manages
the compute resources, networking, and scalability features of
the OpenStack cloud.
The Components of Nova are
i.
API Server (nova-api) - provides an interface to
interact with the cloud infrastructure.
ii.
Message Queue (rabbit-mq server) - OpenStack
components communicates among themselves using
the message queue.
iii.
Compute Workers (nova-compute) - handles the
instances life cycle.
iv.
Scheduler (nova-scheduler) - maps the nova-api calls
to the appropriate components.
v.
Network Controller (nova-network) - handles the
network configuration of the host machines.
vi.
Volume Worker (nova-volume) - used for creating,
deleting and attaching or detaching a volume to an
instance.

C. Installation
A Private Cloud has been deployed with three systems
namely Server1, Server2, Server3 and Client systems. Server1
is intended to run all the components of Nova, Glance, Swift,
Keystone and Horizon. Server2 and Server3 are intended to
run Nova-compute alone. Client is used to interact with the
deployed OpenStack Components.

Fig 2: OpenStack Private Cloud Setup

The following Table1 shows the configuration details of the
systems used to set up OpenStack cloud environment:
TABLE I Server Configuration used for Private Cloud setup

Fig 1: OpenStack Architecture

Image Service (Glance) - OpenStack Imaging Service uses
Object store to store images and is a lookup and retrieval
system for virtual machine images. The two components of
Glance are Glance-control and Glance-registry.
Identity Service (Keystone)
Keystone provides identity and access policy services for all
components in OpenStack. The function of Keystone is to
provide authentication and authorization. The components of

ISBN 978-1-4799-3158-3
1188

International Conference on Recent Advances in Mechanical Engineering and Interdisciplinary Developments [ICRAMID - 2014]

Server1 Cloud Controller Node

1. For Server1 LUbuntu 12.04 version is installed as the
base operating system. The components nova-api,
nova-compute, nova-volume, nova-network, novascheduler are installed.
2. Server1 has two network interface cards (NICs). One
connected to public IP through which clients can
communicate and another connected to private IP
through which all other compute nodes can
communicate with the server.
Configure the network by editing the
/etc/network/interfaces file as follows:

Server2 and Server3 Compute Nodes

1. Server2 and Server3 is installed with LUbuntu 12.04
version as the base operating system. Only the nova
components nova-api, nova-compute, nova-volume,
nova-network, nova-scheduler are installed.
2. Server 2 and 3 has two network interface cards
(NICs). One connected to public IP through which
servers2 and 3 can download openstack packages and
another connected to private IP through which these
compute nodes can communicate with the server.
Configure the network by editing the
/etc/network/interfaces file as follows.
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address (for server2 -192.168.84.160
for server3 192.168.84.140)
netmask 255.255.255.0
network 192.168.84.0
broadcast 192.168.84.255
gateway 192.168.84.1
dns-nameservers 8.8.8.8

auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.84.155
netmask 255.255.255.0
network 192.168.84.0
broadcast 192.168.84.255
gateway 192.168.84.1
dns-nameservers 8.8.8.8
auto eth1
iface eth1 inet static
address 192.168.4.1
netmask 255.255.255.0
network 192.168.4.0
broadcast 192.168.4.255
3.

4.

5.
6.

7.

8.
9.

10.

Install NTP package in the ntp config file to ensure

that the time on the server stays in sync with the
external server.
Install mysql-server, python-mysqldb package for
creating user, databases for Nova, Glance, Keystone
to give privileges to the users.
Install Keystone to create tenants as admin and
service; roles as admin and member.
Install Glance and Nova components by installing the
glance packages glance-api, glance-client, glancecommon and glance-registry, and the nova packages
nova-api, nova-cert, nova-compute, nova-computekvm,
nova-network,
nova-objectstore,
novascheduler, nova-volume, rabbitmq-srver, novanc and
nova-consoleauth.
Assign a pool of IPs to be associated to the instances
as follows
nova-manage
network
create
private
-fixed_range_v4=192.168.4.32/27 --num_networks=1
--bridge=br100 --bridge_interface=eth1 -network_size=32
Export the environment variables and restart all nova
services
Executing the command sudo nova-manage service
list confines whether the nova setup functions
correctly
Install OpenStack Dashboard with the openstackdashboard package for user interface and Swift
components for storage[8,9].

auto eth1
iface eth1 inet static
address (for server2 - 192.168.4.2
for server3 192.168.84.3)
netmask 255.255.255.0
network 192.168.4.0
broadcast 192.168.4.255
3.

4.
5.

Client
1.
2.
3.

Install NTP package in the ntp config file to ensure

that the time on the server stays in sync with the
external server.
Install the nova components and restart novacompute.
Executing the command sudo nova-manage service
list confines whether the nova setup functions
correctly[8,9].

The Base OS for the client system may be either

Windows or Linux.
Install Chrome browser to have compatibility with the
OpenStack dashboard.
Open a browser and type the IP address of Server1 as
follows http://192.168.84.155.

The OpenStack dashboard will be populated and the

user can login with their username and password assigned
by the admin to manage the OpenStack Private Cloud
services[9].

III. OPENSTACK CLOUD

IMPLEMNTATION RESULTS
Using the open source software OpenStack a private
cloud service is implemented in our institute for testing and
research purposes. As a first step the private cloud setup
functioning is tested by creating several VMs and softwares

ISBN 978-1-4799-3158-3
1189

International Conference on Recent Advances in Mechanical Engineering and Interdisciplinary Developments [ICRAMID - 2014]

were installed. From anywhere inside the institution campus

the software installed in the guest OS is readily accessible.
Following are the screenshots of OpenStack
implementation for the Institution.

Screenshot 5. Instances created in OpenStack

IV. ONE-TIME PASSWORD SERVICE IN OPENSTACK

Screenshot 1. OpenStack Login screen

Screenshot 2. OpenStack User screen

Screenshot 3. OpenStack Services screen

The OTP service concentrates on verifying the

legitimacy of the user. The user provides the username and
password credentials for verification. An OTP is generated in
the Multi-recurred random algorithm and is sent to the users
through the registered e-mail id. The Username, OTP, Expiry
time of OTP are stored in the database. On receiving OTP user
must provide the OTP to gain access to his account in single
attempt else the users has to wait till the expiry of the OTP and
has to request for the new OTP. Once the OTP has been
generated the user cannot regenerate till the expiry of the OTP.
The Database refreshes the entry for every minute and clears
the generated OTP and Expiry time of OTP. This acts as a
shield for BOTATTACKS and Denial of service attack. The
algorithm for generating OTP is given as follows:
Algorithm:
step1: prompt and read the username and password from the
user
step2: validate the username and password -keystone[DB]user[table]
step3: generate the OTP based on the name
convert the alphabet in the username to its
corresponding ASCII value and store in a array
generate random number keeping the ASCII value as
the upper bound for the OTP
round off the number to single digit number by
adding the digits
if the length of the value is greater than six
trim the OTP to six digit
else
pad the OTP with the a random number
to six digit in length
Step 4: update the database with the OTP and set the expiry
timer to 30 minutes -OTP[DB]-login[table]
Step 5: send the OTP as a E-mail to the registers E-mail id of
the user -keystone[DB]-user[table]
Step 6: prompt and read the OTP
Step 7: verify the OTP and grant access
Step 8: check the database for every minute and delete the
record after the expiry of the OTP

Screenshot 4. Various Images & Snapshots screen

ISBN 978-1-4799-3158-3
1190

International Conference on Recent Advances in Mechanical Engineering and Interdisciplinary Developments [ICRAMID - 2014]

The following are the screenshots for One-Time

Password generation:

[6]
[7]
[8]

OpenNebula, https://www.opennebula.org
ne-time pass ord, http: en. i ipedia.org i i ne-time pass ord
OpenStack CSSCorp Open Source cloud service,
https://www.cssoss.files.wordpress.com/2012/05/openstackbookv30_csscorp2
[9] P.Aruna, L. Yamuna Devi, D.Sudha Devi, N.Priya, Dr.S.Vasantha,
Dr.K.Thilagavathy, Private Cloud for rganizations: An
Implementation using penStac , Volume 4, Issue 10, Pages 82-87,
October 2013.
[10] One-Time Passwords - roadmap, http://hea-www.harvard.edu/~fine/
Tech /otp

Screenshot 6. One Time Password execution

Screenshot 7. Generating OTP

V. CONCLUSIONS
In this paper, we aimed to give a solution for
verifying the legitimacy of the cloud user. Hence a
private cloud service is deployed using OpenStack Essex
Version. The OTP service is implemented in PYTHON
which can be integrated into the open source software
OpenStack. OTP authentication mechanism overcomes
the replay attacks of traditional static passwords and is
not vulnerable to malicious users from obtaining access to
the resources[10]. This service proves to be a prominent
solution for verifying legitimacy of users and to
overcome unauthorized attacks. In future the services can
be expanded to provide biometric authentication (iris
scan, finger print scanner, face recognition) which will
provide a much better authentication in the cloud
environment.
REFERENCES
[1]
[2]

[3]
[4]
[5]

NIST Definition of Cloud Computing, http://csrc.nist.gov/publications/

nistpubs/800-145/SP800-145.pdf.
D.Sudha Devi, L. Yamuna Devi, Dr.K.Thilagavathy, P.Aruna,
N.Priya, Dr.S.Vasantha, Private Cloud in Educational Institutions: An
Implementation using UEC, Volume78-No.1, Page 8-12, September
2013.
Build a Private Eucalyptus Cloud,
https://www.eucalyptus.com/eucalyptus-cloud
Apache Cloudstack : Open source Cloud Computing,
https://www.cloudstack.apache.org
OpenStack
Open
Source
Cloud
Computing
Software,
https://www.openstack.org

ISBN 978-1-4799-3158-3
1191