Anonymous RFID Authentication for Cloud Services

Cloud computing is one of the fastest growingsegments of IT industry since the users’ commitments forinvestment and operations are minimized, and costs are in directrelation to usage and demand. In general, cloud services arerequired to authenticate the user and most of the practical cloudservices do not provide anonymity of the users. Namely, cloudprovider can track the users easily, so privacy and authenticityare two critical aspects of security. Anonymous authenticationis a technique enabling users to prove that they have privilegewithout disclosing real identities. This type of authenticationcan be useful especially in scenarios where it is sufficient toensure the server that the claiming parties are indeed registered.Some motivating applications in the cloud for an anonymousauthentication protocol are E-commerce, E-voting, E-library, Ecashand mobile agent applications.Many existing anonymous authentication protocols assumeabsolute trust to the cloud provider in which all private keysare stored. This trust may result in serious security and privacyissues in case of private key leakage from the cloud provider.In this paper, we propose forward secure anonymous andmutual authentication protocols using RFID technology for cloudservices. These protocols avoid the trustworthiness to the cloudprovider. Meaning that, even if the private keys are obtainedfrom the corrupted tags or from the server owners of these tagscannot be traced from the past authentication actions. In fact,anonymity of the users will still be ensured even the private keysof tags are compromised.

[1]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[2]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[3]  Ling Tian,et al.  Identity-Based Authentication for Cloud Computing , 2009, CloudCom.

[4]  Rasool Jalili,et al.  AFMAP: Anonymous Forward-Secure Mutual Authentication Protocols for RFID Systems , 2009, 2009 Third International Conference on Emerging Security Information, Systems and Technologies.

[5]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[6]  Mike Burmester,et al.  Robust, anonymous RFID authentication with constant key-lookup , 2008, ASIACCS '08.

[7]  Andrew S. Tanenbaum,et al.  The evolution of RFID security , 2006, IEEE Pervasive Computing.

[8]  Tim Kerins,et al.  Public-Key Cryptography for RFID-Tags , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[9]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[10]  C. Chatmon Secure Anonymous RFID Authentication Protocols , 2022 .

[11]  Refik Molva,et al.  PSP: private and secure payment with RFID , 2009, WPES '09.

[12]  Yong Zhao,et al.  Cloud Computing and Grid Computing 360-Degree Compared , 2008, GCE 2008.

[13]  Zhenfu Cao,et al.  Efficient Password-Based Authentication and Key Exchange Scheme Preserving User Privacy , 2006, WASA.

[14]  Klaus Finkenzeller,et al.  Book Reviews: RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification, 2nd ed. , 2004, ACM Queue.

[15]  Bing Liang,et al.  On the Untraceability of Anonymous RFID Authentication Protocol with Constant Key-Lookup , 2009, ICISS.

[16]  Máire O'Neill,et al.  Public Key Cryptography and RFID Tags , 2007, CT-RSA.

[17]  Mike Burmester,et al.  Universally composable and forward-secure RFID authentication and authenticated key exchange , 2007, ASIACCS '07.

[18]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[19]  Jan Camenisch,et al.  Anonymous credentials on a standard java card , 2009, CCS.

[20]  Frederik Armknecht,et al.  Anonymous Authentication for RFID Systems , 2010, RFIDSec.

[21]  John Lach,et al.  A Sub-0 . 5 V Lattice-Based Public-Key Encryption Scheme for RFID Platforms in 130 nm CMOS , 2011 .

[22]  Kevin Fu,et al.  Privacy for Public Transportation , 2006, Privacy Enhancing Technologies.

[23]  Markus Jakobsson,et al.  Authentication in the clouds: a framework and its application to mobile users , 2010, CCSW '10.

[24]  Gene Tsudik,et al.  Universally Composable RFID Identification and Authentication Protocols , 2009, TSEC.

[25]  Piotr K. Tysowski,et al.  Towards Secure Communication for Highly Scalable Mobile Applications in Cloud Computing Systems , 2011 .