Preserving Data In The Cloud: Two-Factor Authentication Without Cost And Leaking

Although cloud computing has attracted many research and enterprises by the virtue of the important features such as on-demand resources, Pay-As-you-Go pricing model, and large scale yet powerful resources. Cloud has raised many concerns related to security, data leakage, and sharing of resources. At the heart of the security concern, authentication plays an essential role in current cloud computing systems.Authentication is essential for an effective security, many techniques have been proposed to implement effective authentication. Such techniques include:(1) simple username/password authentication such as credentials;(2) using an extra hardware to obtain and input the authentication info such as tokens and smart cards;(3) using an extra hardware to read a unique authentication info such as biometrics for fingerprints.To this end,2-Factor Authentication (2FA) has been introduced as a key technique that is leveraged in the cloud to provide efficient yet scalable cloud authentication:A user initially sends his username and password to the cloud server as a first factor and if the cloud authenticates it the user can later send his second authentication factor. The second factor mainly relies on tokens, smart card, fingerprint, and voice authentication. On the one hand, tokens cannot resist the Man-in-the-Middle (MITM) seed-tracing and requires a high cost. In addition, the service provider’s security may compromise when tokens are lost or stolen. On the other hand, the personal physiological factor has its own drawbacks as well:when a large number of users tried to authenticate to the system at the same time, the system duffer of unacceptably slow responses. Moreover, the biometric factor requires extra hardware and software.In this dissertation, we first address the problem of the authentication process in the context of a cloud service provider setting. Instead of using the traditional identity of the token such as biometric and token techniques which require extra devices and cost. On the other hand, SMS-token suffers from the issue of coverage area as well as the smart phone requires a cost to charge money and electricity for completing e-transaction. When the mobile phone does not charge money, we cannot complete the e-transaction. The proposed schemes rely on well-known cryptographic tools including Zero-Knowledge Proof, Homomorphic Encryption, and One-Time Password (OTP). The proposed scheme assumes a configuration where users keep their passwords far away from service provider in the cloud. These features have gained a good chance to service provider to reduce time processing. At the same time, the users do not worry about revealing their passwords, where an adversary cannot apply masquerade attack, dictionary attack, guessing attack and replay attack. Security notions of unforgotten password, low cost, and privacy have been essentially represented as part of our scheme.Second, to deal with the issue of password assailing, we adopt Asymmetric Scalar-Product-preserving Encryption (ASPE) and Fiat-Shamir protocol, thereby solving the passwords’breakthrough risks with minimal computation overhead to better fit in cloud environments. It is important to mention that our proposed scheme does not require any special middleware to save software applications or files and can effectively work without applying any synchronized clocks between service provider and user because we employ random numbers instead of timestamps. In the performance appraisal, our presented scheme has been evidenced to achieve sturdy security with lower cost than its previous schemes.Third, given that biometric authentication requires extra devices, comes at extra monetary cost, and suffers from poor performance under heavy concurrency, we propose an alternative remote biometric authentication scheme. The proposed scheme embraces an efficient and secure password based two-factor mutual authentication scheme using Schnorr digital signature and the unique features extracted from a user’s fingerprint. Our scheme does not require extra device or software compared with previous works in biometric field.Fourth, in smart card authentication field, most of the previous studies have led to many weaknesses such as impersonation, password guessing, Denial-Of-Service (DOS), and insider attacks. In addition, their solutions lack of user anonymity, secure password change and have no supplying for revocation when the user’s card is lost or stolen. Accordingly, we propose a secure biometric-based remote authentication scheme to overcome smart card’s drawbacks. Moreover, our scheme has a high efficiency and withstands existing known attacks like password guessing attacks and server impersonate attack.To conclude, our schemes have many important merits which can be summarized as follows:(1) they provide encrypted password’s information which can be saved at the service provider’s side in the cloud;(2) they provide mutual authentication between the user and service provider;(3) they preserve the user’s anonymity;(4) the service provider and a user can achieve authenticated session’s keys;(5) they allow users to freely choose their password;(6) they support the revocation phase when the user loses his authentication keys;(7) they combine three-factor authentication to work in two factors for increasing performance, reducing cost, and resisting security attacks.