Skip to main content
Top

2020 | OriginalPaper | Chapter

Provably Secure Scalable Distributed Authentication for Clouds

Authors : Andrea Huszti, Norbert Oláh

Published in: Cryptology and Network Security

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

One of the most used authentication methods is based on short secrets like password, where usually the hash of the secrets are stored in a central database. In case of server compromise the secrets are vulnerable to theft. A possible solution to this problem to apply distributed systems. We propose a mutual authentication protocol with key agreement, where identity verification is carried out by multiple servers applying secret sharing technology on server side. The protocol results in a session key which provides the confidentiality of the later messages between the participants. In our solution we also achieve robustness and scalability as well. To show that the proposed protocol is provably secure, we apply the threshold hybrid corruption model. We assume that among the randomly chosen k servers, there is always at least one uncorrupted and the authentication server reveals at most the long-lived keys. We prove that the protocol is secure in the random oracle model, if Message Authentication Code (MAC) is universally unforgeable under an adaptive chosen-message attack, the symmetric encryption scheme is indistinguishable under chosen plaintext attack, moreover Elliptic Curve Computational Diffie-Hellman assumption holds in the elliptic curve group.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Appendix
Available only for authorised users
Literature
1.
go back to reference Acar, T., Belenkiy, M., Küpçü, A.: Single password authentication. Comput. Netw. 57(13), 2597–2614 (2013)CrossRef Acar, T., Belenkiy, M., Küpçü, A.: Single password authentication. Comput. Netw. 57(13), 2597–2614 (2013)CrossRef
2.
go back to reference Bagherzandi, A., Jarecki, S., Saxena, N., Lu, Y.: Password-protected secret sharing. In: ACM Conference on Computer and Communications Security (2011) Bagherzandi, A., Jarecki, S., Saxena, N., Lu, Y.: Password-protected secret sharing. In: ACM Conference on Computer and Communications Security (2011)
5.
go back to reference Bellare, M., Rogaway, P.: Provably secure session key distribution: the three party case. In: Proceedings of the Twenty-Seventh Annual ACM Symposium on Theory of Computing, pp. 57–66 (1995) Bellare, M., Rogaway, P.: Provably secure session key distribution: the three party case. In: Proceedings of the Twenty-Seventh Annual ACM Symposium on Theory of Computing, pp. 57–66 (1995)
6.
go back to reference Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings of the 1992 IEEE Computer Society Symposium on Research in Security and Privacy. IEEE (1992) Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings of the 1992 IEEE Computer Society Symposium on Research in Security and Privacy. IEEE (1992)
9.
go back to reference Boyen, X.: Hidden credential retrieval from a reusable password. In: Proceedings of the 4th International Symposium on Information, pp. 228–238. ACM (2009) Boyen, X.: Hidden credential retrieval from a reusable password. In: Proceedings of the 4th International Symposium on Information, pp. 228–238. ACM (2009)
11.
go back to reference Brainard, J., Juels, A., Kaliski, B., Szydlo, M.: A new two-server approach for authentication with short secrets. In: Proceeding SSYM 2003, Proceedings of the 12th Conference on USENIX Security Symposium, vol. 12, pp. 1–14 (2003) Brainard, J., Juels, A., Kaliski, B., Szydlo, M.: A new two-server approach for authentication with short secrets. In: Proceeding SSYM 2003, Proceedings of the 12th Conference on USENIX Security Symposium, vol. 12, pp. 1–14 (2003)
12.
go back to reference Chen, N., Jiang, R.: Security analysis and improvement of user authentication framework for cloud computing. J. Netw. 9(1), 198–203 (2014) Chen, N., Jiang, R.: Security analysis and improvement of user authentication framework for cloud computing. J. Netw. 9(1), 198–203 (2014)
13.
go back to reference Choudhury, A.J., Kumar, P., Sain, M.: A strong user authentication framework for cloud computing. In: Proceedings of IEEE Asia-Pacific Services Computing Conference, pp. 110–115 (2011) Choudhury, A.J., Kumar, P., Sain, M.: A strong user authentication framework for cloud computing. In: Proceedings of IEEE Asia-Pacific Services Computing Conference, pp. 110–115 (2011)
14.
go back to reference Ford, W., Kaliski, B.S.: Server-assisted generation of a strong secret from a password. In: Enabling Technologies: Infrastructure for Collaborative Enterprises, WET ICE 2000. IEEE (2000) Ford, W., Kaliski, B.S.: Server-assisted generation of a strong secret from a password. In: Enabling Technologies: Infrastructure for Collaborative Enterprises, WET ICE 2000. IEEE (2000)
15.
go back to reference Hassanzadeh-Nazarabadi, Y., Küpçü, A., Özkasap, O.: LightChain: a DHT-based blockchain for resource constrained environments. arXiv preprint arXiv:1904.00375 (2019) Hassanzadeh-Nazarabadi, Y., Küpçü, A., Özkasap, O.: LightChain: a DHT-based blockchain for resource constrained environments. arXiv preprint arXiv:​1904.​00375 (2019)
16.
go back to reference Huszti, A., Oláh, N.: A simple authentication scheme for clouds. In: Proceedings of IEEE Conference on Communications and Network Security (CNS), pp. 565–569 (2016) Huszti, A., Oláh, N.: A simple authentication scheme for clouds. In: Proceedings of IEEE Conference on Communications and Network Security (CNS), pp. 565–569 (2016)
17.
go back to reference Hwang, M.S., Li, L.H.: A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(1), 28–30 (2000)CrossRef Hwang, M.S., Li, L.H.: A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(1), 28–30 (2000)CrossRef
20.
go back to reference Işler, D., Küpçü, A: Distributed Single Password Protocol Framework. IACR Cryptol. ePrint Arch., p. 976 (2018) Işler, D., Küpçü, A: Distributed Single Password Protocol Framework. IACR Cryptol. ePrint Arch., p. 976 (2018)
23.
go back to reference Ku, W.C., Chen, S.M.: Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 50(1), 204–207 (2004)CrossRef Ku, W.C., Chen, S.M.: Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 50(1), 204–207 (2004)CrossRef
28.
go back to reference Soria-Machado, M., Abolins, D., Boldea, C., Socha, K.: Kerberos Golden Ticket Protection, Mitigating Pass-the-Ticket on Active Directory, CERT-EU Security Whitepaper 2014-007 (2016) Soria-Machado, M., Abolins, D., Boldea, C., Socha, K.: Kerberos Golden Ticket Protection, Mitigating Pass-the-Ticket on Active Directory, CERT-EU Security Whitepaper 2014-007 (2016)
33.
go back to reference Sood, S.K., Sarje, A.K., Singh, K.: A secure dynamic identity based authentication protocol for multi-server architecture. J. Netw. Comput. Appl. 34(2), 609–618 (2011)CrossRef Sood, S.K., Sarje, A.K., Singh, K.: A secure dynamic identity based authentication protocol for multi-server architecture. J. Netw. Comput. Appl. 34(2), 609–618 (2011)CrossRef
Metadata
Title
Provably Secure Scalable Distributed Authentication for Clouds
Authors
Andrea Huszti
Norbert Oláh
Copyright Year
2020
DOI
https://doi.org/10.1007/978-3-030-65411-5_10

Premium Partner