A Blind Signature-Based Approach for Cross-Domain Authentication in the Cloud Environment

In recent years, Cloud services have become an important part of people's lives, providing them with a large amount of IT resources, available from anywhere and at any time. The access to the services offered is controlled basing on users' identification credentials. As people acquire services from multiple cloud providers, in order to avoid the proliferation of identities associated to a single user, new cross-organization authentication methods, allowing the authorized transfer of users' identification data from one Cloud to another, are emerging. However, since most of these techniques do not protect adequately users' private information, attackers can easily intercept and tamper with confidential identity-related messages. In this paper, the authors use the characteristics of blind signatures to support user verification of the registering provider, to protect the user's identity, and to address known vulnerabilities in these systems. In addition, they use a strong designated verifier signature with message recovery characteristics to strengthen data communication security in the whole process.

[1]  Drummond Reed,et al.  OpenID 2.0: a platform for user-centric identity management , 2006, DIM '06.

[2]  Roger Clarke,et al.  Privacy and consumer risks in cloud computing , 2010, Comput. Law Secur. Rev..

[3]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[4]  Félix Gómez Mármol,et al.  Towards the integration of reputation management in OpenID , 2014, Comput. Stand. Interfaces.

[5]  Chin-Ling Chen,et al.  The design of a secure anonymous Internet voting system , 2004, Comput. Secur..

[6]  Fuw-Yi Yang,et al.  A Provably Secure and Efficient Strong Designated Verifier Signature Scheme , 2010 .

[7]  Heba Kurdi,et al.  A combinatorial optimization algorithm for multiple cloud service composition , 2015, Comput. Electr. Eng..

[8]  Rainer A. Rueppel,et al.  A new signature scheme based on the DSA giving message recovery , 1993, CCS '93.

[9]  Collin Jackson,et al.  Robust defenses for cross-site request forgery , 2008, CCS.

[10]  Jörg Schwenk,et al.  Security Analysis of OpenID , 2010, Sicherheit.

[11]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[12]  Alessandro Armando,et al.  An authentication flaw in browser-based Single Sign-On protocols: Impact and remediations , 2013, Comput. Secur..

[13]  Chin-Chen Chang,et al.  An anonymous voting mechanism based on the key exchange protocol , 2006, Comput. Secur..

[14]  Anders Eriksson,et al.  What Networking of Information Can Do for Cloud Computing , 2009, 2009 18th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises.

[15]  Markus Jakobsson,et al.  Designated Verifier Proofs and Their Applications , 1996, EUROCRYPT.

[16]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[17]  Kirstie Hawkey,et al.  Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures , 2012, Computers & security.

[18]  Jukka Ylitalo,et al.  OpenID authentication as a service in OpenStack , 2011, 2011 7th International Conference on Information Assurance and Security (IAS).

[19]  Rajkumar Buyya,et al.  Article in Press Future Generation Computer Systems ( ) – Future Generation Computer Systems Cloud Computing and Emerging It Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility , 2022 .