ECC-based anti-phishing protocol for cloud computing services

Cloud is the next generation computing platform. Cloud computing provides dynamically scalable virtualised computing resources as a service over the internet. It is a technology that provides software, computation, data access and storage services at a relatively low cost to the users. Cloud servers store enormous amount of crucial data which are vital for cloud computing services. Therefore, it becomes essential to authenticate the legitimate users of the cloud before they can access this data. Phishing attacks are the most popular in twenty-first century cyber crime which are becoming more sophisticated and therefore are a major threat to cloud computing services. In this paper, we propose a password-based anti-phishing protocol which authenticates the legitimate users of the cloud. The proposed protocol is based on the cutting edge technology of elliptic curve cryptography and therefore offers best security at a low cost.

[1]  Markus Jakobsson,et al.  Cache cookies for browser authentication , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[2]  David A. Wagner,et al.  Dynamic pharming attacks and locked same-origin policies for web browsers , 2007, CCS '07.

[3]  Tejaswi Redkar,et al.  Windows Azure Platform , 2010 .

[4]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[5]  Chun-Ying Huang,et al.  Using one-time passwords to prevent password phishing attacks , 2011, J. Netw. Comput. Appl..

[6]  Lavanya Ramakrishnan,et al.  Seeking supernovae in the clouds: a performance study , 2010, HPDC '10.

[7]  Shujia Zhou,et al.  Case study for running HPC applications in public clouds , 2010, HPDC '10.

[8]  Dan Boneh,et al.  A browser plug-in solution to the unique password problem , 2005 .

[9]  J. Doug Tygar,et al.  The battle against phishing: Dynamic Security Skins , 2005, SOUPS '05.

[10]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[11]  Mohamed G. Gouda,et al.  SPP: An anti-phishing single password protocol , 2007, Comput. Networks.

[12]  Kuldip Singh,et al.  Dynamic identity-based single password anti-phishing protocol , 2011, Secur. Commun. Networks.

[13]  Sean W. Smith,et al.  Trusted paths for browsers , 2002, TSEC.

[14]  Alexander S. Szalay,et al.  Migrating a (large) science database to the cloud , 2010, HPDC '10.

[15]  Kouichi Sakurai,et al.  Design and Analysis of Diffie-Hellman-Based Key Exchange Using One-time ID by SVO Logic , 2005, ARSPA@ICALP.

[16]  Keqiu Li,et al.  Advanced topics on cloud computing , 2011, Journal of computer and system sciences (Print).

[17]  Christopher Krügel,et al.  On the Effectiveness of Techniques to Detect Phishing Sites , 2007, DIMVA.