Skip to main content
Log in

Enhanced authentication for outsourced educational contents through provable block possession

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

In recent years, the volume of educational contents has been explosively increased thanks to the rapid development of multimedia technologies. Furthermore, the development of smart devices has made various educational institutes use them as effective learning tools. Since more and more educational contents become available not only at school zone but at a variety of online learning systems, it becomes increasingly unaffordable for a single educational contents provider to store and process them locally. Therefore, many educational contents providers are likely to outsource the contents to cloud storage for cost saving. These phenomena raise one serious concern: how to authenticate educational contents users in a secure and efficient way? The most widely used password-based authentication suffers from numerous drawbacks in terms of security. Multi-factor authentication protocols based on diverse communication channels such as SMS, biometric, hardware token could enhance security, however they inevitably bring poor usability. To this end, we present a data block-based authentication scheme, which provides provable security and guarantees usability invariant such that users do nothing but entering a password. In addition, the proposed scheme supports efficient user revocation. To the best of our knowledge, our scheme is the first data block-based authentication scheme for outsourced educational contents that is provably secure without usability degradation. The experiment on Amazon EC2 cloud shows that the proposed scheme guarantees nearly constant time for user authentication.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Adams A, Sasse M (1999) Users are not the enemy. ACM Commun 42(12):41–46

    Article  Google Scholar 

  2. Ateniese G, Burns R, Curtmola R, Herring J, Kissner L, Peterson Z, Song D (2007) Provable data possession at untrusted stores. In: ACM CCS, vol 07, pp 598–609

  3. Barni M, Bianchi T, Catalano D, Raimondo M, Donida R, Failla P, Piva A (2012) Privacy-preserving Fingercode authentication. In: MMSec. ACM, Roma, Italy, pp 2–7

  4. Bonneau J, Herley C, Oorschot C, Stajano F (2012) The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. Security and Privacy (SP), 2012. IEEE Symposium on. IEEE:553–567

  5. Chiasson S, Oorschot C, Biddle R (2007) Graphical Password Authentication Using Cued Click Points. In: Proceedings European Symposium. Research in Computer Security (ESORICS), pp 359–374

  6. Chiasson S, Stobert E, Forget A, Biddle R, Oorschot C (2012) Persuasive cued click-points: Design, implementation, and evaluation of a knowledge-based authentication mechanism. IEEE Trans Dependable Secure Comput 9(2):222–235

    Article  Google Scholar 

  7. Core Concepts - Authentication (2014) https://developers.facebook.com/docs/authentication. Accssed 11 December 2014

  8. Czeskis A, Dietz M, Kohno T, Wallach D, Balfanz D (2012) Strengthening user authentication through opportunistic cryptographic identity assertions. In: Proceedings of the 2012 ACM conference on Computer and communications security, pp 404–414

  9. Dirik A (2007) Modeling user choice in the PassPoints graphical password scheme. In: Proceedings of the 3rd symposium on Usable privacy and security. ACM, pp 20–28

  10. Drimer S, Murdoch J, Anderson R (2009) Optimised to Fail: Card Readers for Online Banking. In: Financial Cryptography and Data Security, pp 184–200

  11. Evans D, Huang Y, Katz J, Malka L (2011) Efficient privacyp-reserving biometric identification. In: NDSS, pp 2653–2657

  12. Goofit K (2007) Click passwords under investigation. Computer Security ESORICS. Springer Berlin Heidelberg, pp 343–358

  13. Google Inc. (2014) https://www.google.com/landing/2step. Accssed 7 December 2014

  14. Halevi S, Harnik D, Pinkas B, Shulman-Peleg A (2011) Proofs of ownership in remote storage systems. In: Proceedings of the 18th ACM conference on Computer and communications security. ACM, pp 491–500

  15. IBM Data Center (2014) http://www-935.ibm.com/services/us/en/outsourcing/data-center-outsourcing. Accssed 6 December 2014

  16. Jain K, Prabhakar S, Hong L, Pankanti S (2000) Filterbank-based fingerprint matching. Image Processing, IEEE Transactions on 9.5, pp 846–859

  17. James C (2014) http://www.businessinsider.com/how-hackers-get-into-your-apple-icloud-account-2014-9. Accssed 11 December 2014

  18. Morris R, Thompson K (1979) Password security: a case history. ACM Commun 22(11):594–597

    Article  Google Scholar 

  19. NTTDATA (2014) http://americas.nttdata.com. Accssed 6 December 2014

  20. OpenID Connect (2014) http://openid.net/connect. Accssed 11 December 2014

  21. Recordon D, Fitzpatrick B (2014) http://openid.net/specs/openid-authentication-1_1.html. Accssed 11 December 2014

  22. Reuters (2014) http://www.reuters.com/article/2014/02/04/us-usa-obama-education-idUSBREA130J520140204. Accssed 6 December 2014

  23. RSA SecureID (2014) http://www.emc.com/security/rsa-securid.htm. Accssed 7 December 2014

  24. Salehi-Abari A, Thorpe J, Oorschot C (2008) On Purely Automated Attacks and Click-Based Graphical Passwords. In: Proceedings Annals Computer Security Applications Conference (ACSAC), pp 111–120

  25. Stajano F (2011) Pico: No more passwords!. In Security Protocols XIX. Springer Berlin Heidelberg, pp 49–81

  26. Thorpe J, Oorschot C (2007) Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords. In: Proceedings 16th USENIX Security Symposium, pp 103–118

  27. USA Today (2013) http://www.usatoday.com/story/tech/personal/2013/08/07/views-shift-on-cell-phones-in-schools/2607381 . Accssed 6 December 2014

  28. utopia (2014) http://www.utopiainc.com. Accssed 6 December 2014

  29. Wiedenbeck S, Waters J, Birget C, Brodskiy A, Memon N (2005) PassPoints: Design and longitudinal evaluation of a graphical password system. International Journal of Human-Computer Studies 63.1, pp 102–127

  30. Yuan J, Yu S (2013) Efficient privacy-preserving biometric identification in cloud computing. In: Proceedings of IEEE INFOCOM, pp 2752–2760

Download references

Acknowledgments

This work was supported by the National Research Foundation of Korea(NRF) grant funded by the Korea government(MSIP) (No. 2013R1A2A2A01005559). This research was also supported by the Chung-Ang University Excellent Student Scholarship.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Junbeom Hur.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Hahn, C., Kwon, H., Kim, D. et al. Enhanced authentication for outsourced educational contents through provable block possession. Multimed Tools Appl 75, 13057–13076 (2016). https://doi.org/10.1007/s11042-015-2593-6

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-015-2593-6

Keywords

Navigation