UTILIZATION OF RISK-BASED AUTHENTICATION IN CLOUD IDENTITY SERVICES FOR STRENGTHENING USER VERIFICATION AND ADAPTIVE ACCESS CONTROL THROUGH CONTEXT-AWARE SECURITY MECHANISMS

Authors

  • Deepthi Talasila Senior Software Engineer, Microsoft Corporation, Washington, USA

DOI:

https://doi.org/10.29121/digisecforensics.v2.i1.2025.89

Keywords:

Risk-Based Authentication, Cloud Identity Services, User Verification, Adaptive Access Control, Context-Aware Security, Cybersecurity Threats, Access Management, Cloud Computing

Abstract

This scholarly article explores the integration of risk-based authentication (RBA) within cloud identity services to enhance user verification and adaptive access control via context-aware security mechanisms. The study aims to address escalating cybersecurity threats in cloud environments by examining how RBA evaluates user risk profiles based on contextual factors such as device, location, and behavior to dynamically adjust authentication requirements. Employing a mixed-methods approach, including a comprehensive literature review, simulated datasets from real-world cloud logs, and analytical modeling using Python-based tools, the research analyzes the efficacy of these mechanisms in mitigating unauthorized access. Key findings reveal that context-aware RBA reduces breach incidents by up to 85% compared to traditional methods, with adoption rates reaching 80% in 2024 among enterprises. Conclusions emphasize the need for standardized frameworks to balance security and usability, offering implications for policymakers and practitioners in fostering resilient cloud infrastructures. This work bridges gaps in adaptive security, promoting proactive risk management in distributed systems.

References

Arora, P., and Bhardwaj, S. (2023). Examining Cloud Computing Data Confidentiality Techniques to Achieve Higher Security in Cloud Storage. International Journal of Multidisciplinary Research in Science, Engineering and Technology (IJMRSET), 6(10).

Arora, P., and Bhardwaj, S. (2023). Methods for Safe and Private Data Exchange in Cloud Computing for Medical Applications. International Journal of Advanced Research in Education and Technology (IJARETY), 10(1).

Arora, P., and Bhardwaj, S. (2023). Techniques to Implement Security Solutions and Improve Data Integrity and Security in Distributed Cloud Computing. International Journal of Multidisciplinary Research in Science, Engineering and Technology (IJMRSET), 6(6).

Arora, P., and Bhardwaj, S. (2024). Research on Various Security Techniques for Data Protection in Cloud Computing with Cryptography Structures. International Journal of Innovative Research in Computer and Communication Engineering, 12(1).

Cybersecurity Ventures. (2024). Cybercrime Magazine Annual Report.

Dos Santos, D. R., Marinho, R., Schmitt, G. R., Westphall, C. M., and Westphall, C. B. (2016). A Framework and Risk Assessment Approaches for Risk-Based Access Control in the Cloud. Journal of Network and Computer Applications, 74, 86–97. https://doi.org/10.1016/j.jnca.2016.08.013

Forrester Research. (2023). Remote Work Security Survey.

IBM. (2024). Cost of a Data Breach Report.

Irsheid, I., Al-Qudah, O., Al-Hawary, S., and Al-Sarayreh, M. (2024). Information Security Risk Assessment Methods in Cloud Computing: Comprehensive Review. Journal of Computer Information Systems. https://doi.org/10.1080/08874417.2024.2329985

Kayes, A. S. M., Kalaria, R., Sarker, I. H., Islam, M. S., Watters, P. A., Ng, A., Hammoudeh, M., Badsha, S., and Kumara, I. (2020). A Survey of Context-Aware Access Control Mechanisms for Cloud and Fog Networks: Taxonomy and Open Research Issues. Sensors, 20(9), 2464. https://doi.org/10.3390/s20092464

Kumar, M., and Chand, S. (2021). A Lightweight Cloud-Assisted Identity-Based Anonymous Authentication and Key Agreement Protocol for Secure Wireless Body Area Network. IEEE Internet of Things Journal, 8(21), 16414–16424. https://doi.org/10.1109/JIOT.2021.3078911

Markert, P., Golla, M., Durmuth, M., and Bailey, D. V. (2023). Evaluation of Real-World Risk-Based Authentication at Online Services. Proceedings of the CHI Conference on Human Factors in Computing Systems. https://doi.org/10.1145/3600160.3605024

National Institute of Standards and Technology. (2020). Zero Trust Architecture (NIST SP 800-207). https://doi.org/10.6028/NIST.SP.800-207

PwC. (2024). Global Digital Trust Insights.

Sharma, S. (2020). The Rising Threat of Deepfakes: Security and Privacy Implications. Journal of Artificial Intelligence and Cyber Security (JAICS), 4(1), 1–6.

Sharma, S. (2021). Multi-Cloud Environments: Reducing Security Risks in Distributed Architectures. Journal of Artificial Intelligence and Cyber Security (JAICS), 5(1), 1–6.

Sharma, S. (2022). Enhancing Generative AI Models for Secure and Private Data Synthesis.

Sharma, S. (2022). Zero Trust Architecture: A Key Component of Modern Cybersecurity Frameworks.

Tambi, V. K. (2021). Serverless Frameworks for Scalable Banking App Backends. International Journal of Research in Electronics and Computer Engineering, 9(4), 103–112.

Tambi, V. K. (2022). Real-Time Compliance Monitoring in Banking Operations Using AI. International Journal of Current Engineering and Scientific Research (IJCESR), 9(9), 35–47.

Tambi, V. K. (2023). Efficient Message Queue Prioritization in Kafka for Critical Systems. The Research Journal (TRJ), 9(1), 1–16.

Tambi, V. K. (2023). Real-Time Data Stream Processing with Kafka-Driven AI Models. International Journal of Current Engineering and Scientific Research (IJCESR).

Tambi, V. K., and Singh, N. (2021). New Applications of Machine Learning and Artificial Intelligence in Cybersecurity Vulnerability Management. International Journal of Advanced Research in Education and Technology (IJARETY), 8(2).

Tambi, V. K., and Singh, N. (2022). A New Framework and Performance Assessment Method for Distributed Deep Neural Network-Based Middleware for Cyberattack Detection in the Smart IoT Ecosystem. International Journal of Advanced Research in Electrical, Electronics and Instrumentation Engineering (IJAREEIE), 11(5).

Tambi, V. K., and Singh, N. (2022). Creating J2EE Application Development Using a Pattern-Based Environment. International Journal of Innovative Research in Computer and Communication Engineering, 10(11).

Tambi, V. K., and Singh, N. (2023). Evaluation of Web Services Using Various Metrics for Mobile Environments and Multimedia Conferences Based on SOAP and REST Principles. International Journal of Multidisciplinary Research in Science, Engineering and Technology (IJMRSET), 6(2).

Downloads

Published

2025-06-30

How to Cite

Talasila, D. (2025). UTILIZATION OF RISK-BASED AUTHENTICATION IN CLOUD IDENTITY SERVICES FOR STRENGTHENING USER VERIFICATION AND ADAPTIVE ACCESS CONTROL THROUGH CONTEXT-AWARE SECURITY MECHANISMS. Journal of Digital Security and Forensics, 2(1), 82–93. https://doi.org/10.29121/digisecforensics.v2.i1.2025.89

Issue

Vol. 2 No. 1 (2025): Volume 2 Issue 1 January- June- 2025

Section

Articles

License

Copyright (c) 2025 Deepthi Talasila

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

With the licence CC-BY, authors retain the copyright, allowing anyone to download, reuse, re-print, modify, distribute, and/or copy their contribution. The work must be properly attributed to its author.

It is not necessary to ask for further permission from the author or journal board. 

This journal provides immediate open access to its content on the principle that making research freely available to the public supports a greater global exchange of knowledge.

Crossref
Scopus
Google Scholar
Europe PMC