Skip to main content

2020 | OriginalPaper | Buchkapitel

Provably Secure Scalable Distributed Authentication for Clouds

verfasst von : Andrea Huszti, Norbert Oláh

Erschienen in: Cryptology and Network Security

Verlag: Springer International Publishing

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

One of the most used authentication methods is based on short secrets like password, where usually the hash of the secrets are stored in a central database. In case of server compromise the secrets are vulnerable to theft. A possible solution to this problem to apply distributed systems. We propose a mutual authentication protocol with key agreement, where identity verification is carried out by multiple servers applying secret sharing technology on server side. The protocol results in a session key which provides the confidentiality of the later messages between the participants. In our solution we also achieve robustness and scalability as well. To show that the proposed protocol is provably secure, we apply the threshold hybrid corruption model. We assume that among the randomly chosen k servers, there is always at least one uncorrupted and the authentication server reveals at most the long-lived keys. We prove that the protocol is secure in the random oracle model, if Message Authentication Code (MAC) is universally unforgeable under an adaptive chosen-message attack, the symmetric encryption scheme is indistinguishable under chosen plaintext attack, moreover Elliptic Curve Computational Diffie-Hellman assumption holds in the elliptic curve group.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Anhänge
Nur mit Berechtigung zugänglich
Literatur
1.
Zurück zum Zitat Acar, T., Belenkiy, M., Küpçü, A.: Single password authentication. Comput. Netw. 57(13), 2597–2614 (2013)CrossRef Acar, T., Belenkiy, M., Küpçü, A.: Single password authentication. Comput. Netw. 57(13), 2597–2614 (2013)CrossRef
2.
Zurück zum Zitat Bagherzandi, A., Jarecki, S., Saxena, N., Lu, Y.: Password-protected secret sharing. In: ACM Conference on Computer and Communications Security (2011) Bagherzandi, A., Jarecki, S., Saxena, N., Lu, Y.: Password-protected secret sharing. In: ACM Conference on Computer and Communications Security (2011)
5.
Zurück zum Zitat Bellare, M., Rogaway, P.: Provably secure session key distribution: the three party case. In: Proceedings of the Twenty-Seventh Annual ACM Symposium on Theory of Computing, pp. 57–66 (1995) Bellare, M., Rogaway, P.: Provably secure session key distribution: the three party case. In: Proceedings of the Twenty-Seventh Annual ACM Symposium on Theory of Computing, pp. 57–66 (1995)
6.
Zurück zum Zitat Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings of the 1992 IEEE Computer Society Symposium on Research in Security and Privacy. IEEE (1992) Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings of the 1992 IEEE Computer Society Symposium on Research in Security and Privacy. IEEE (1992)
9.
Zurück zum Zitat Boyen, X.: Hidden credential retrieval from a reusable password. In: Proceedings of the 4th International Symposium on Information, pp. 228–238. ACM (2009) Boyen, X.: Hidden credential retrieval from a reusable password. In: Proceedings of the 4th International Symposium on Information, pp. 228–238. ACM (2009)
11.
Zurück zum Zitat Brainard, J., Juels, A., Kaliski, B., Szydlo, M.: A new two-server approach for authentication with short secrets. In: Proceeding SSYM 2003, Proceedings of the 12th Conference on USENIX Security Symposium, vol. 12, pp. 1–14 (2003) Brainard, J., Juels, A., Kaliski, B., Szydlo, M.: A new two-server approach for authentication with short secrets. In: Proceeding SSYM 2003, Proceedings of the 12th Conference on USENIX Security Symposium, vol. 12, pp. 1–14 (2003)
12.
Zurück zum Zitat Chen, N., Jiang, R.: Security analysis and improvement of user authentication framework for cloud computing. J. Netw. 9(1), 198–203 (2014) Chen, N., Jiang, R.: Security analysis and improvement of user authentication framework for cloud computing. J. Netw. 9(1), 198–203 (2014)
13.
Zurück zum Zitat Choudhury, A.J., Kumar, P., Sain, M.: A strong user authentication framework for cloud computing. In: Proceedings of IEEE Asia-Pacific Services Computing Conference, pp. 110–115 (2011) Choudhury, A.J., Kumar, P., Sain, M.: A strong user authentication framework for cloud computing. In: Proceedings of IEEE Asia-Pacific Services Computing Conference, pp. 110–115 (2011)
14.
Zurück zum Zitat Ford, W., Kaliski, B.S.: Server-assisted generation of a strong secret from a password. In: Enabling Technologies: Infrastructure for Collaborative Enterprises, WET ICE 2000. IEEE (2000) Ford, W., Kaliski, B.S.: Server-assisted generation of a strong secret from a password. In: Enabling Technologies: Infrastructure for Collaborative Enterprises, WET ICE 2000. IEEE (2000)
15.
Zurück zum Zitat Hassanzadeh-Nazarabadi, Y., Küpçü, A., Özkasap, O.: LightChain: a DHT-based blockchain for resource constrained environments. arXiv preprint arXiv:1904.00375 (2019) Hassanzadeh-Nazarabadi, Y., Küpçü, A., Özkasap, O.: LightChain: a DHT-based blockchain for resource constrained environments. arXiv preprint arXiv:​1904.​00375 (2019)
16.
Zurück zum Zitat Huszti, A., Oláh, N.: A simple authentication scheme for clouds. In: Proceedings of IEEE Conference on Communications and Network Security (CNS), pp. 565–569 (2016) Huszti, A., Oláh, N.: A simple authentication scheme for clouds. In: Proceedings of IEEE Conference on Communications and Network Security (CNS), pp. 565–569 (2016)
17.
Zurück zum Zitat Hwang, M.S., Li, L.H.: A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(1), 28–30 (2000)CrossRef Hwang, M.S., Li, L.H.: A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(1), 28–30 (2000)CrossRef
20.
Zurück zum Zitat Işler, D., Küpçü, A: Distributed Single Password Protocol Framework. IACR Cryptol. ePrint Arch., p. 976 (2018) Işler, D., Küpçü, A: Distributed Single Password Protocol Framework. IACR Cryptol. ePrint Arch., p. 976 (2018)
23.
Zurück zum Zitat Ku, W.C., Chen, S.M.: Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 50(1), 204–207 (2004)CrossRef Ku, W.C., Chen, S.M.: Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 50(1), 204–207 (2004)CrossRef
28.
Zurück zum Zitat Soria-Machado, M., Abolins, D., Boldea, C., Socha, K.: Kerberos Golden Ticket Protection, Mitigating Pass-the-Ticket on Active Directory, CERT-EU Security Whitepaper 2014-007 (2016) Soria-Machado, M., Abolins, D., Boldea, C., Socha, K.: Kerberos Golden Ticket Protection, Mitigating Pass-the-Ticket on Active Directory, CERT-EU Security Whitepaper 2014-007 (2016)
33.
Zurück zum Zitat Sood, S.K., Sarje, A.K., Singh, K.: A secure dynamic identity based authentication protocol for multi-server architecture. J. Netw. Comput. Appl. 34(2), 609–618 (2011)CrossRef Sood, S.K., Sarje, A.K., Singh, K.: A secure dynamic identity based authentication protocol for multi-server architecture. J. Netw. Comput. Appl. 34(2), 609–618 (2011)CrossRef
Metadaten
Titel
Provably Secure Scalable Distributed Authentication for Clouds
verfasst von
Andrea Huszti
Norbert Oláh
Copyright-Jahr
2020
DOI
https://doi.org/10.1007/978-3-030-65411-5_10