论文信息 - A cloud authentication protocol using One-Time Pad

A cloud authentication protocol using One-Time Pad

There is a significant increase in the amount of data breaches in corporate servers in the cloud environments. This includes username and password compromise in the cloud and account hijacking, thus leading to severe vulnerabilities of the cloud service provisioning. Traditional authentication schemes rely on the users to use their credentials to gain access to cloud service. However once the credential is compromised, the attacker will gain access to the cloud service easily. This paper proposes a novel scheme that does not require the user to present his credentials, and yet is able to prove ownership of access to the cloud service using a variant of zero-knowledge proof. A challenge-response protocol is devised to authenticate the user, requiring the user to compute a one-time pad (OTP) to authenticate himself to the server without revealing password to the server. A prototype has been implemented to facilitate the authentication of the user when accessing Dropbox, and the experiment results showed that the overhead incurred is insignificant.

Khin Mi Mi Aung | Sye Loong Keoh | Shu Qin Ren | Lexus Jun Hong Sim

[1] Li Yang,et al. Entity authentication in a mobile-cloud environment , 2013, CSIIRW '13.

[2] Mojtaba Alizadeh,et al. Authentication in mobile cloud computing: A survey , 2016, J. Netw. Comput. Appl..

[3] Young-Sik Jeong,et al. An efficient authentication system of smart device using multi factors in mobile cloud service architecture , 2015, Int. J. Commun. Syst..

[4] Wei Jiang,et al. An Identity-Based Authentication Scheme in Cloud Computing , 2012, 2012 International Conference on Industrial Control and Electronics Engineering.

[5] Slawomir Grzonkowski. SeDiCi: An Authentication Service Taking Advantage of Zero-Knowledge Proofs , 2010, Financial Cryptography.

[6] Thomas Coughlin,et al. Security analysis of authentication protocols for next-generation mobile and CE cloud services , 2011, 2011 IEEE International Conference on Consumer Electronics -Berlin (ICCE-Berlin).

[7] Jong Hyuk Park,et al. SSP-MCloud: A Study on Security Service Protocol for Smartphone Centric Mobile Cloud Computing , 2011 .

[8] Dong-Sik Oh,et al. A Study on Authentication System Using QR Code for Mobile Cloud Computing Environment , 2011 .