Skip to main content
SpringerLink
Log in

Attribute-based authentication on the cloud for thin clients

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

We propose two new authentication schemes for the cloud that support private attribute-based authentication services. The basic scheme is non-anonymous attribute-based authentication scheme. The extended scheme of the basic scheme is fully anonymous attribute-based authentication scheme to realize full anonymity and unlinkability services. In the proposed schemes, a user is authenticated by the remote server if the intersection of the set of his/her assigned attributes and the server’s required attributes exceeds a satisfactory predefined level. Unlike existing attribute-based encryption and signature schemes that require the user to perform significant amount of elliptic curve bilinear pairings and modular exponentiations, and require the user to hold a significantly long decryption/signature key, in our schemes the user is not required to perform any bilinear pairings. With a fixed length private key, independent of the number of attributes, the cloud user performs only few exponentiations by which he/she is able to authenticate himself/herself to the remote server and establish a session key with the server with the condition that he/she satisfies a predefined level of the server’s attributes requirement. Therefore, our schemes are suitable for implementation on devices with limited resources. We provide the rigorous security of the proposed schemes and complexity analysis of our schemes. Finally, the security and performance comparisons of our schemes with the existing related schemes show that our schemes outperform other existing schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Notes

  1. http://www.itforum.dk/downloads/Ronny_Bjones_Uprove.

  2. http://connect.microsoft.com/site642/Downloads/DownloadDetails.aspx?DownloadID=26953.

References

  1. Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy (SP’07). Oakland, California, USA, pp 321–334

  2. Boneh D, Franklin M (2001) Identity-based encryption from the Weil pairing. In: Advances in Cryptology-CRYPTO 2001. Santa Barbara, California, USA, pp 213–229

    Chapter  Google Scholar 

  3. Brands S, Demuynck L, De Decker B (2007) A practical system for globally revoking the unlinkable pseudonyms of unknown users. In: Information Security and Privacy (ACISP’07). Townsville, Australia, pp 400–415

    Chapter  Google Scholar 

  4. Brands SA (2000) Rethinking public key infrastructures and digital certificates: building in privacy. MIT Press, Cambridge

    Google Scholar 

  5. Camenisch J, Lysyanskaya A (2001) An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Advances in Cryptology (EUROCRYPT’01). Innsbruck (Tyrol), Austria, pp 93–118

    Google Scholar 

  6. Camenisch J et al (2010) Specification of the identity mixer cryptographic library. Technical report, Tech Rep

  7. Cao X, Kou W, Du X (2010) A pairing-free identity-based authenticated key agreement protocol with minimal message exchanges. Information Sciences 180(15):2895–2903

    Article  MathSciNet  Google Scholar 

  8. Chaum D (1983) Blind signature system. In: Advances in cryptology (Crypto’83). Santa Barbara, California, USA, pp 153–153

    Chapter  Google Scholar 

  9. Chaum D, Pedersen TP (1992) Wallet databases with observers. Advances in Cryptology (CRYPTO’92), Santa Barbara, California, USA, pp 89–105

  10. Cohen H, Frey G, Avanzi R, Doche C, Lange T, Nguyen K, Vercauteren F (2005) Handbook of elliptic and hyperelliptic curve cryptography. CRC Press, Boca Raton

    Book  Google Scholar 

  11. Gentry C, Silverberg A (2002) Hierarchical ID-based cryptography. In: 8th International Conference on the Theory and Application of Cryptology and Information Security, Advances in cryptology (ASIACRYPT’02). Queenstown, New Zealand, pp 548–566

    Google Scholar 

  12. Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: 13th ACM conference on Computer and Communications Security, Alexandria, VA, USA, pp 89–98. ACM

  13. Guttman B, Roback EA (1995) An introduction to computer security: the NIST handbook. DIANE Publishing, USA

    Book  Google Scholar 

  14. Hajny J, Malina L, Martinasek Z, Tethal O (2013) Performance evaluation of primitives for privacy-enhancing cryptography on current smart-cards and smart-phones. In: 8th International Workshop on Data Privacy Management and Autonomous Spontaneous Security (DPM/SETOP’13), Leuven, Belgium, Lecture Notes in Computer Science, vol 8247, pp 17–33

    Chapter  Google Scholar 

  15. Huang JJ, Juang WS, Fan CI, Liaw HT (2013) Robust and privacy protection authentication in cloud computing. Int J Innov Comput Inf Control 9(11):4247–4261

    Google Scholar 

  16. Ibrahim MH (2009) Resisting traitors in linkable democratic group signatures. Int J Netw Secur 9(1):51–60

    Google Scholar 

  17. Ibrahim MH (2015) AATCT: anonymously authenticated transmission on the cloud with traceability. Int J Adv Comput Sci Appl 6(9):251–259

    Google Scholar 

  18. Ibrahim MH, Ali IA, Ibrahim II, El-sawi AH (2003) A robust threshold elliptic curve digital signature providing a new verifiable secret sharing scheme. In: 46th IEEE Midwest Symposium on Circuits and Systems, Cairo, Egypt, vol 1, pp 276–280

  19. Khader D (2007) Attribute Based Group Signatures. IACR Cryptology ePrint Archive, p 159

  20. Khader D (2008) Authenticating with Attributes. IACR Cryptology ePrint Archive

  21. Khan AR (2012) Access control in cloud computing environment. ARPN J Eng Appl Sci 7(5):613–615

    Google Scholar 

  22. Kiyomoto S, Fukushima K, Tanaka T (2009) Design of anonymous attribute authentication mechanism. IEICE Trans Commun 92(4):1112–1118

    Article  Google Scholar 

  23. Li J, Kim K (2008) Attribute-Based Ring Signatures. IACR Cryptology ePrint Archive, p 394

  24. Lindell Y (2010) Anonymous authentication. J Priv Confid 2(2):35–63

    Google Scholar 

  25. Liu J, Wang J, Zhuang Y (2012) Fuzzy attribute authentication scheme based on vector space. J Comput Eng Appl 48(19):4–7

    Google Scholar 

  26. Lu S, Jiang H (2006) RTFW: An Access Control Model for Workflow Environment. In: 10th IEEE International Conference on Computer Supported Cooperative Work in Design (CSCWD’06). Southeast University, Nanjing, China, pp 1–5

  27. Maji HK, Prabhakaran M, Rosulek M (2008) Attribute-Based Signatures: Achieving Attribute-Privacy and Collusion-Resistance. IACR Cryptology ePrint Archive, p 328

  28. Nabeel M, Bertino E, Kantarcioglu M, Thuraisingham B (2011) Towards privacy preserving access control in the cloud. In: 7th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom’11). Orlando, Florida, USA, pp 172–180

  29. Oh S, Park S (2003) Task-role-based access control model. Inf Syst 28(6):533–562

    Article  Google Scholar 

  30. Pfleeger CP, Pfleeger SL (2002) Security in computing. Prentice Hall Professional Technical Reference

  31. Raykova M, Zhao H, Bellovin SM (2012) Privacy enhanced access control for outsourced data sharing. In: 16th International Conference on Financial Cryptography and Data Security. Divi Flamingo Beach, Bonaire, pp 223–238

    Chapter  Google Scholar 

  32. Rostad L, Edsberg O (2006) A study of access control requirements for healthcare systems based on audit trails from access logs. In: 22nd IEEE Annual Computer Security Applications Conference (ACSAC’06). Miami Beach, Florida, USA, pp 175–186

  33. Sahai A, Waters B (2005) Fuzzy identity-based encryption. Advances in Cryptology (EUROCRYPT 2005). Aarhus, Denmark, pp 457–473

    Google Scholar 

  34. Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models. IEEE Comput 29(2):38–47

    Article  Google Scholar 

  35. Schnorr CP (1991) Efficient signature generation by smart cards. J Cryptol 4(3):161–174

    Article  Google Scholar 

  36. Shamir A (1979) How to share a secret. Communications of the ACM 22(11):612–613

    Article  MathSciNet  Google Scholar 

  37. Shaniqng G, Yingpei Z (2008) Attribute-based signature scheme. In: 2nd IEEE International Conference on Information Security and Assurance (ISA’08). Hanwha Resort Haeundae, Busan, Korea, pp 509–511

  38. Vullers P, Alpár G (2013) Efficient selective disclosure on smart cards using idemix. In: 3rd IFIP Working Conference on Policies and Research in Identity Management. Royal Holloway, UK, pp 53–67

    Chapter  Google Scholar 

  39. Yang H, Oleshchuk V (2015) Attribute-based authentication schemes: a survey. Int J Comput 14(2):86–96

    Google Scholar 

  40. Yang K, Jia X (2012) Attributed-based access control for multi-authority systems in cloud storage. In: IEEE 32nd International Conference on Distributed Computing Systems (ICDCS). Macau, China, pp 536–545

  41. Yang P, Cao Z, Dong X (2008) Fuzzy Identity Based Signature. IACR Cryptology ePrint Archive, p 2

  42. Zhou M, Mu Y, Susilo W, Au MH, Yan J (2011) Privacy-preserved access control for cloud computing. In: IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom’11). Changsha, China, pp 83–90

  43. Jan H, Lukas M (2012) Unlinkable Attribute-Based Credentials with Practical Revocation on Smart-Cards. In: 11th International Conference on Smart Card Research and Advanced Applications (CARDIS 2012). Graz, Austria, pp 62–76

  44. Wan Z, Liu JE, Deng RH (2012) HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans Inf Forensics Secur 7(2):743–754

    Article  Google Scholar 

  45. Diaz C, Preneel B (2004) Taxonomy of mixes and dummy traffic. 19th IFIP International Information Security Conference, Toulouse, France, pp 217–232

  46. Sampigethaya K, Poovendran R (2007) A survey on mix networks and their secure applications. Proceedings of the IEEE 94(12):2142–2181

    Article  Google Scholar 

  47. Abdalla M, Fouque P, Pointcheval D (2005) Password-based authenticated key exchange in the three-party setting. In: 8th International Workshop on Theory and Practice in Public Key Cryptography (PKC’05). Les Diablerets, Switzerland, pp 65–84

    Chapter  Google Scholar 

  48. Chang CC, Le HD (2016) A provably secure, efficient and flexible authentication scheme for ad hoc wireless sensor networks. IEEE Trans Wirel Commun 15(1):357–366

    Article  MathSciNet  Google Scholar 

  49. Das AK, Kumari S, Odelu V, Li X, Wu F, Huang X (2016) Provably secure user authentication and key agreement scheme for wireless sensor networks. Security and Communication Networks

  50. Wazid M, Das AK, Kumari S, Li X, Wu F (2016) Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS. Security and Communication Networks

  51. Wazid M, Das AK, Kumari S, Li X, Wu F (2016) Provably secure biometric-based user authentication and key agreement scheme in cloud computing. Security and Communication Networks

Download references

Acknowledgements

The authors would like to thank the anonymous reviewers and the Editor for providing constructive and generous feedback.

Author information

Authors and Affiliations

  1. Department of Electronics, Communications and Computers Engineering, Faculty of Engineering, Helwan University, 1, Sherif St., P.O. 11792, Helwan, Cairo, Egypt

    Maged Hamada Ibrahim

  2. Department of Mathematics, Ch. Charan Singh University, Meerut, 250 005, Uttar Pradesh, India

    Saru Kumari

  3. Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad, 500 032, India

    Ashok Kumar Das

  4. Department of Mathematics, Indian Institute of Technology, Kharagpur, 721 302, India

    Vanga Odelu

Authors
  1. Maged Hamada Ibrahim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Saru Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ashok Kumar Das
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vanga Odelu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Saru Kumari.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ibrahim, M.H., Kumari, S., Das, A.K. et al. Attribute-based authentication on the cloud for thin clients. J Supercomput 74, 5813–5845 (2018). https://doi.org/10.1007/s11227-016-1948-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-016-1948-8

Keywords

Search

Navigation