Abstract
We propose two new authentication schemes for the cloud that support private attribute-based authentication services. The basic scheme is non-anonymous attribute-based authentication scheme. The extended scheme of the basic scheme is fully anonymous attribute-based authentication scheme to realize full anonymity and unlinkability services. In the proposed schemes, a user is authenticated by the remote server if the intersection of the set of his/her assigned attributes and the server’s required attributes exceeds a satisfactory predefined level. Unlike existing attribute-based encryption and signature schemes that require the user to perform significant amount of elliptic curve bilinear pairings and modular exponentiations, and require the user to hold a significantly long decryption/signature key, in our schemes the user is not required to perform any bilinear pairings. With a fixed length private key, independent of the number of attributes, the cloud user performs only few exponentiations by which he/she is able to authenticate himself/herself to the remote server and establish a session key with the server with the condition that he/she satisfies a predefined level of the server’s attributes requirement. Therefore, our schemes are suitable for implementation on devices with limited resources. We provide the rigorous security of the proposed schemes and complexity analysis of our schemes. Finally, the security and performance comparisons of our schemes with the existing related schemes show that our schemes outperform other existing schemes.







Similar content being viewed by others
References
Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy (SP’07). Oakland, California, USA, pp 321–334
Boneh D, Franklin M (2001) Identity-based encryption from the Weil pairing. In: Advances in Cryptology-CRYPTO 2001. Santa Barbara, California, USA, pp 213–229
Brands S, Demuynck L, De Decker B (2007) A practical system for globally revoking the unlinkable pseudonyms of unknown users. In: Information Security and Privacy (ACISP’07). Townsville, Australia, pp 400–415
Brands SA (2000) Rethinking public key infrastructures and digital certificates: building in privacy. MIT Press, Cambridge
Camenisch J, Lysyanskaya A (2001) An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Advances in Cryptology (EUROCRYPT’01). Innsbruck (Tyrol), Austria, pp 93–118
Camenisch J et al (2010) Specification of the identity mixer cryptographic library. Technical report, Tech Rep
Cao X, Kou W, Du X (2010) A pairing-free identity-based authenticated key agreement protocol with minimal message exchanges. Information Sciences 180(15):2895–2903
Chaum D (1983) Blind signature system. In: Advances in cryptology (Crypto’83). Santa Barbara, California, USA, pp 153–153
Chaum D, Pedersen TP (1992) Wallet databases with observers. Advances in Cryptology (CRYPTO’92), Santa Barbara, California, USA, pp 89–105
Cohen H, Frey G, Avanzi R, Doche C, Lange T, Nguyen K, Vercauteren F (2005) Handbook of elliptic and hyperelliptic curve cryptography. CRC Press, Boca Raton
Gentry C, Silverberg A (2002) Hierarchical ID-based cryptography. In: 8th International Conference on the Theory and Application of Cryptology and Information Security, Advances in cryptology (ASIACRYPT’02). Queenstown, New Zealand, pp 548–566
Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: 13th ACM conference on Computer and Communications Security, Alexandria, VA, USA, pp 89–98. ACM
Guttman B, Roback EA (1995) An introduction to computer security: the NIST handbook. DIANE Publishing, USA
Hajny J, Malina L, Martinasek Z, Tethal O (2013) Performance evaluation of primitives for privacy-enhancing cryptography on current smart-cards and smart-phones. In: 8th International Workshop on Data Privacy Management and Autonomous Spontaneous Security (DPM/SETOP’13), Leuven, Belgium, Lecture Notes in Computer Science, vol 8247, pp 17–33
Huang JJ, Juang WS, Fan CI, Liaw HT (2013) Robust and privacy protection authentication in cloud computing. Int J Innov Comput Inf Control 9(11):4247–4261
Ibrahim MH (2009) Resisting traitors in linkable democratic group signatures. Int J Netw Secur 9(1):51–60
Ibrahim MH (2015) AATCT: anonymously authenticated transmission on the cloud with traceability. Int J Adv Comput Sci Appl 6(9):251–259
Ibrahim MH, Ali IA, Ibrahim II, El-sawi AH (2003) A robust threshold elliptic curve digital signature providing a new verifiable secret sharing scheme. In: 46th IEEE Midwest Symposium on Circuits and Systems, Cairo, Egypt, vol 1, pp 276–280
Khader D (2007) Attribute Based Group Signatures. IACR Cryptology ePrint Archive, p 159
Khader D (2008) Authenticating with Attributes. IACR Cryptology ePrint Archive
Khan AR (2012) Access control in cloud computing environment. ARPN J Eng Appl Sci 7(5):613–615
Kiyomoto S, Fukushima K, Tanaka T (2009) Design of anonymous attribute authentication mechanism. IEICE Trans Commun 92(4):1112–1118
Li J, Kim K (2008) Attribute-Based Ring Signatures. IACR Cryptology ePrint Archive, p 394
Lindell Y (2010) Anonymous authentication. J Priv Confid 2(2):35–63
Liu J, Wang J, Zhuang Y (2012) Fuzzy attribute authentication scheme based on vector space. J Comput Eng Appl 48(19):4–7
Lu S, Jiang H (2006) RTFW: An Access Control Model for Workflow Environment. In: 10th IEEE International Conference on Computer Supported Cooperative Work in Design (CSCWD’06). Southeast University, Nanjing, China, pp 1–5
Maji HK, Prabhakaran M, Rosulek M (2008) Attribute-Based Signatures: Achieving Attribute-Privacy and Collusion-Resistance. IACR Cryptology ePrint Archive, p 328
Nabeel M, Bertino E, Kantarcioglu M, Thuraisingham B (2011) Towards privacy preserving access control in the cloud. In: 7th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom’11). Orlando, Florida, USA, pp 172–180
Oh S, Park S (2003) Task-role-based access control model. Inf Syst 28(6):533–562
Pfleeger CP, Pfleeger SL (2002) Security in computing. Prentice Hall Professional Technical Reference
Raykova M, Zhao H, Bellovin SM (2012) Privacy enhanced access control for outsourced data sharing. In: 16th International Conference on Financial Cryptography and Data Security. Divi Flamingo Beach, Bonaire, pp 223–238
Rostad L, Edsberg O (2006) A study of access control requirements for healthcare systems based on audit trails from access logs. In: 22nd IEEE Annual Computer Security Applications Conference (ACSAC’06). Miami Beach, Florida, USA, pp 175–186
Sahai A, Waters B (2005) Fuzzy identity-based encryption. Advances in Cryptology (EUROCRYPT 2005). Aarhus, Denmark, pp 457–473
Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models. IEEE Comput 29(2):38–47
Schnorr CP (1991) Efficient signature generation by smart cards. J Cryptol 4(3):161–174
Shamir A (1979) How to share a secret. Communications of the ACM 22(11):612–613
Shaniqng G, Yingpei Z (2008) Attribute-based signature scheme. In: 2nd IEEE International Conference on Information Security and Assurance (ISA’08). Hanwha Resort Haeundae, Busan, Korea, pp 509–511
Vullers P, Alpár G (2013) Efficient selective disclosure on smart cards using idemix. In: 3rd IFIP Working Conference on Policies and Research in Identity Management. Royal Holloway, UK, pp 53–67
Yang H, Oleshchuk V (2015) Attribute-based authentication schemes: a survey. Int J Comput 14(2):86–96
Yang K, Jia X (2012) Attributed-based access control for multi-authority systems in cloud storage. In: IEEE 32nd International Conference on Distributed Computing Systems (ICDCS). Macau, China, pp 536–545
Yang P, Cao Z, Dong X (2008) Fuzzy Identity Based Signature. IACR Cryptology ePrint Archive, p 2
Zhou M, Mu Y, Susilo W, Au MH, Yan J (2011) Privacy-preserved access control for cloud computing. In: IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom’11). Changsha, China, pp 83–90
Jan H, Lukas M (2012) Unlinkable Attribute-Based Credentials with Practical Revocation on Smart-Cards. In: 11th International Conference on Smart Card Research and Advanced Applications (CARDIS 2012). Graz, Austria, pp 62–76
Wan Z, Liu JE, Deng RH (2012) HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans Inf Forensics Secur 7(2):743–754
Diaz C, Preneel B (2004) Taxonomy of mixes and dummy traffic. 19th IFIP International Information Security Conference, Toulouse, France, pp 217–232
Sampigethaya K, Poovendran R (2007) A survey on mix networks and their secure applications. Proceedings of the IEEE 94(12):2142–2181
Abdalla M, Fouque P, Pointcheval D (2005) Password-based authenticated key exchange in the three-party setting. In: 8th International Workshop on Theory and Practice in Public Key Cryptography (PKC’05). Les Diablerets, Switzerland, pp 65–84
Chang CC, Le HD (2016) A provably secure, efficient and flexible authentication scheme for ad hoc wireless sensor networks. IEEE Trans Wirel Commun 15(1):357–366
Das AK, Kumari S, Odelu V, Li X, Wu F, Huang X (2016) Provably secure user authentication and key agreement scheme for wireless sensor networks. Security and Communication Networks
Wazid M, Das AK, Kumari S, Li X, Wu F (2016) Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS. Security and Communication Networks
Wazid M, Das AK, Kumari S, Li X, Wu F (2016) Provably secure biometric-based user authentication and key agreement scheme in cloud computing. Security and Communication Networks
Acknowledgements
The authors would like to thank the anonymous reviewers and the Editor for providing constructive and generous feedback.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Ibrahim, M.H., Kumari, S., Das, A.K. et al. Attribute-based authentication on the cloud for thin clients. J Supercomput 74, 5813–5845 (2018). https://doi.org/10.1007/s11227-016-1948-8
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-016-1948-8
Keywords
Profiles
- Saru Kumari View author profile