KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

IBC-Based Entity Authentication Protocols for Federated Cloud Systems

  • Cao, Chenlei (Information Security Center, and National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications) ;
  • Zhang, Ru (Information Security Center, and National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications) ;
  • Zhang, Mengyi (Information Security Center, and National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications) ;
  • Yang, Yixian (Information Security Center, and National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications)
  • Received : 2013.09.28
  • Accepted : 2013.03.28
  • Published : 2013.05.30
Download PDF
⟨ Previous Next ⟩

Abstract

Cloud computing changes the service models of information systems and accelerates the pace of technological innovation of consumer electronics. However, it also brings new security issues. As one of the important foundations of various cloud security solutions, entity authentication is attracting increasing interest of many researchers. This article proposes a layered security architecture to provide a trust transmission mechanism among cloud systems maintained by different organizations. Based on the security architecture, four protocols are proposed to implement mutual authentication, data sharing and secure data transmission in federated cloud systems. The protocols not only can ensure the confidentiality of the data transferred, but also resist man-in-the-middle attacks and masquerading attacks. Additionally, the security properties of the four protocols have been proved by S-pi calculus formal verification. Finally, the performance of the protocols is investigated in a lab environment and the feasibility of the security architecture has been verified under a hybrid cloud system.

Keywords

References

  1. The NIST Definition of Cloud Computing, NIST Special Publication 800-145, September, 2011.
  2. D. Zissis and D. Lekkas, "Addressing cloud computing security issues," Future Generation Computer Systems, vol. 28, no. 3, pp. 583-592, March, 2012. https://doi.org/10.1016/j.future.2010.12.006
  3. D. G. Guo, M. Zhang, Y. Zhang and Z. Xu, "Study on cloud computing security," Journal of Software, vol.22, no.1, pp.71-83, January, 2011. https://doi.org/10.3724/SP.J.1001.2011.03958
  4. S. Grzonkowski and P. M. Corcoran, "Sharing cloud services: user authentication for social enhancement of home networking," IEEE Trans. Consumer Electron., vol. 57, no. 3, pp. 1424- 1432, August, 2011. https://doi.org/10.1109/TCE.2011.6018903
  5. S. Grzonkowski and P. M. Corcoran, "Security analysis of authentication protocols for next-generation mobile and CE cloud services," in Proc. of 1st IEEE International Conf. Consumer Electron. Berlin, pp. 83-87, 2011.
  6. D. Boneh and M. Franklin, "Identity-based encryption from the weil pairing," SIAM Journal on Computing, vol. 32, no. 3, pp. 586-615, 2003. https://doi.org/10.1137/S0097539701398521
  7. M. Abadi and A. D. Gordon "A calculus for cryptographic protocols: the Spi calculus," Information and Computation, vol. 148, no. 1, pp. 1-70, 1999. https://doi.org/10.1006/inco.1998.2740
  8. L. Durante, R. Sisto, and A. Valenzano, "Automatic testing equivalence verification of Spi calculus specifications," ACM Trans. Software Engineering and Methodology, vol. 12, no. 2, pp. 222-284, April, 2003. https://doi.org/10.1145/941566.941570
  9. A. Tiu and J. Dawson, "Automating open bisimulation checking for the Spi calculus," in Proc. of 23rd IEEE Computer Security Foundations Symposium, pp. 307-321, 2010.
  10. C. Gentry and A. Silverberg, "Hierarchical ID-based cryptography," in Proc. of ASIACRYPT'02, vol. 2501, pp. 548-566, 2002.
  11. D. Boneh and X. Boyen, "Efficient selective-ID secure identity based encryption without random oracles," Lecture Notes in Computer Science vol. 3027, pp. 223-238, 2004.
  12. D. Boneh, X. Boyen, and E. J. Goh, "Hierarchical identity based encryption with constant size ciphertext," Lecture Notes in Computer Science, vol. 3494, pp. 440-456, 2005.
  13. C. Gentry and S. Halevi, "Hierarchical identity based encryption with polynomially many levels," Lecture Notes in Computer Science, vol. 5444, pp. 437-456, 2009.
  14. D. Boneh and X. Boyen, "Efficient selective identity-based encryption without random oracles," Journal of Cryptology, vol. 24, no. 4, pp. 659-693, October, 2011. https://doi.org/10.1007/s00145-010-9078-6
  15. H. W. Lim and K. G. Paterson, "Identity-based cryptography for grid security," International Journal of Information Security, vol. 10, no. 1, pp. 15-32, 2011. https://doi.org/10.1007/s10207-010-0116-z
  16. H. Cheng, C.Rong, Z. Tan, and Q. Zeng, "Identity based encryption and biometric authentication scheme for secure data access in cloud computing," Chinese Journal of Electronics, vol. 21, no. 2, April, 2012.
  17. H. W. Li, Y. S. Dai, T. Ling, and H. M. Yang, "Identity-based authentication for cloud computing," Lecture Notes in Computer Science, vol. 5931, pp. 157-166, 2009.
  18. L. S. Kang and X. J. Zhang, "Identity-based authentication in cloud storage sharing," in Proc. of 2nd International Conf. on Multimedia Information Networking and Security, pp. 851-855, 2010.
  19. L. Yan, C. M. Rong, and G.S. Zhao, "Strengthen cloud computing security with federal identity management using hierarchical identity-based cryptography," Lecture Notes in Computer Science, vol. 5931, pp. 167-177, 2009.
  20. J. Y. Huang, I. E. Liao, and C. K. Chiang, "Efficient identity-based key management for configurable hierarchical cloud computing environment," in Proc. of International Conf. on Parallel and Distributed Systems, pp. 883-887, 2011.
  21. C. Schridde, M. Smith, and B. Freisleben, "An identity-based key agreement protocol for the network layer," Lecture Notes in Computer Science, vol. 5229, pp. 409-422, 2008.
  22. C. Schridde, T. Dornemann, E. Juhnke, B. Freisleben, and M. Smith, "An identity-based security infrastructure for cloud environments," in Proc. of IEEE International Conf. on Wireless Communications, Networking and Information Security, pp. 644-649, 2010.
  23. S. Kamara and K. Lauter, "Cryptographic Cloud Storage," Lecture Notes in Computer Science, vol. 6054, pp. 136-149, 2010.
  24. X. Yang, B. Nasser, M. Surridge, and S. Middleton, "A Business-oriented cloud federation model for real-time applications," Future Generation Computer Systems, vol. 28, pp. 1158-1167, October, 2012. https://doi.org/10.1016/j.future.2012.02.005
  25. B. Rochwerger, D. Breitgand, E. Levy, A. Galis, K. Nagin et al., "The RESERVOIR model and architecture for open federated cloud computing," IBM Journal of Research & Development, vol.53 (4), pp.535-545, 2009.
  26. D. Villegas, N. Bobroff, I. Roderob, J. Delgado, Y. Liu et al., "Cloud federation in a layered service model," Journal of Computer and System Sciences, vol. 78, pp. 1330-1344, September, 2012. https://doi.org/10.1016/j.jcss.2011.12.017
  27. C. Neuman, T. Yu, S. Hartman and K. Raeburn, "The Kerberos network authentication service (V5)," http://www.ietf.org/rfc/rfc4120, July, 2005.
  28. B. Schneier, Applied Cryptography: Protocols, Algorithms and Source Code in C, 2nd Edition, John Wiley & Sons, 1996.
  29. D. Recordon and B. Fitzpatrick, "OpenID authentication 2.0," http://openid.net/specs/openid- authentication-2_0.html, December, 2007.
  30. S. Sun, K. Hawkey, and K. Beznosov, "Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures," Computers & Security, vol.31, pp. 465-483, June, 2012.

Cited by

  1. Homomorphic Encryption Based Data Storage and Query Algorithm vol.846, pp.None, 2013, https://doi.org/10.4028/www.scientific.net/amr.846-847.1582
  2. IBC-Based Authentication Protocols and a Method of Data Sharing for Cloud Systems vol.989, pp.None, 2014, https://doi.org/10.4028/www.scientific.net/amr.989-994.2349
  3. Computational Analytics of Client Awareness for Mobile Application Offloading with Cloud Migration vol.8, pp.11, 2013, https://doi.org/10.3837/tiis.2014.11.014
  4. An Exploratory Study of Cloud Service Level Agreements - State of the Art Review vol.9, pp.3, 2013, https://doi.org/10.3837/tiis.2015.03.001
  5. Challenges and solutions for Internet of Things Driven by IPv6 vol.9, pp.12, 2013, https://doi.org/10.3837/tiis.2015.12.001
  6. Defense Strategy of Network Security based on Dynamic Classification vol.9, pp.12, 2013, https://doi.org/10.3837/tiis.2015.12.021