Browse > Article
http://dx.doi.org/10.3837/tiis.2013.05.020

IBC-Based Entity Authentication Protocols for Federated Cloud Systems  

Cao, Chenlei (Information Security Center, and National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications)
Zhang, Ru (Information Security Center, and National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications)
Zhang, Mengyi (Information Security Center, and National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications)
Yang, Yixian (Information Security Center, and National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.7, no.5, 2013 , pp. 1291-1312 More about this Journal
Abstract
Cloud computing changes the service models of information systems and accelerates the pace of technological innovation of consumer electronics. However, it also brings new security issues. As one of the important foundations of various cloud security solutions, entity authentication is attracting increasing interest of many researchers. This article proposes a layered security architecture to provide a trust transmission mechanism among cloud systems maintained by different organizations. Based on the security architecture, four protocols are proposed to implement mutual authentication, data sharing and secure data transmission in federated cloud systems. The protocols not only can ensure the confidentiality of the data transferred, but also resist man-in-the-middle attacks and masquerading attacks. Additionally, the security properties of the four protocols have been proved by S-pi calculus formal verification. Finally, the performance of the protocols is investigated in a lab environment and the feasibility of the security architecture has been verified under a hybrid cloud system.
Keywords
Cloud Computing; Layered Security Architecture; Security Protocol; S-pi Calculus; Identity-Based Cryptography;
Citations & Related Records
연도 인용수 순위
  • Reference
1 S. Grzonkowski and P. M. Corcoran, "Security analysis of authentication protocols for next-generation mobile and CE cloud services," in Proc. of 1st IEEE International Conf. Consumer Electron. Berlin, pp. 83-87, 2011.
2 D. Boneh and M. Franklin, "Identity-based encryption from the weil pairing," SIAM Journal on Computing, vol. 32, no. 3, pp. 586-615, 2003.   DOI   ScienceOn
3 M. Abadi and A. D. Gordon "A calculus for cryptographic protocols: the Spi calculus," Information and Computation, vol. 148, no. 1, pp. 1-70, 1999.   DOI   ScienceOn
4 L. Durante, R. Sisto, and A. Valenzano, "Automatic testing equivalence verification of Spi calculus specifications," ACM Trans. Software Engineering and Methodology, vol. 12, no. 2, pp. 222-284, April, 2003.   DOI
5 A. Tiu and J. Dawson, "Automating open bisimulation checking for the Spi calculus," in Proc. of 23rd IEEE Computer Security Foundations Symposium, pp. 307-321, 2010.
6 C. Gentry and A. Silverberg, "Hierarchical ID-based cryptography," in Proc. of ASIACRYPT'02, vol. 2501, pp. 548-566, 2002.
7 D. Boneh and X. Boyen, "Efficient selective-ID secure identity based encryption without random oracles," Lecture Notes in Computer Science vol. 3027, pp. 223-238, 2004.
8 D. Boneh, X. Boyen, and E. J. Goh, "Hierarchical identity based encryption with constant size ciphertext," Lecture Notes in Computer Science, vol. 3494, pp. 440-456, 2005.
9 C. Gentry and S. Halevi, "Hierarchical identity based encryption with polynomially many levels," Lecture Notes in Computer Science, vol. 5444, pp. 437-456, 2009.
10 D. Boneh and X. Boyen, "Efficient selective identity-based encryption without random oracles," Journal of Cryptology, vol. 24, no. 4, pp. 659-693, October, 2011.   DOI
11 H. W. Lim and K. G. Paterson, "Identity-based cryptography for grid security," International Journal of Information Security, vol. 10, no. 1, pp. 15-32, 2011.   DOI
12 H. Cheng, C.Rong, Z. Tan, and Q. Zeng, "Identity based encryption and biometric authentication scheme for secure data access in cloud computing," Chinese Journal of Electronics, vol. 21, no. 2, April, 2012.
13 H. W. Li, Y. S. Dai, T. Ling, and H. M. Yang, "Identity-based authentication for cloud computing," Lecture Notes in Computer Science, vol. 5931, pp. 157-166, 2009.
14 L. S. Kang and X. J. Zhang, "Identity-based authentication in cloud storage sharing," in Proc. of 2nd International Conf. on Multimedia Information Networking and Security, pp. 851-855, 2010.
15 L. Yan, C. M. Rong, and G.S. Zhao, "Strengthen cloud computing security with federal identity management using hierarchical identity-based cryptography," Lecture Notes in Computer Science, vol. 5931, pp. 167-177, 2009.
16 J. Y. Huang, I. E. Liao, and C. K. Chiang, "Efficient identity-based key management for configurable hierarchical cloud computing environment," in Proc. of International Conf. on Parallel and Distributed Systems, pp. 883-887, 2011.
17 C. Schridde, M. Smith, and B. Freisleben, "An identity-based key agreement protocol for the network layer," Lecture Notes in Computer Science, vol. 5229, pp. 409-422, 2008.
18 C. Schridde, T. Dornemann, E. Juhnke, B. Freisleben, and M. Smith, "An identity-based security infrastructure for cloud environments," in Proc. of IEEE International Conf. on Wireless Communications, Networking and Information Security, pp. 644-649, 2010.
19 S. Kamara and K. Lauter, "Cryptographic Cloud Storage," Lecture Notes in Computer Science, vol. 6054, pp. 136-149, 2010.
20 X. Yang, B. Nasser, M. Surridge, and S. Middleton, "A Business-oriented cloud federation model for real-time applications," Future Generation Computer Systems, vol. 28, pp. 1158-1167, October, 2012.   DOI   ScienceOn
21 B. Rochwerger, D. Breitgand, E. Levy, A. Galis, K. Nagin et al., "The RESERVOIR model and architecture for open federated cloud computing," IBM Journal of Research & Development, vol.53 (4), pp.535-545, 2009.
22 D. Villegas, N. Bobroff, I. Roderob, J. Delgado, Y. Liu et al., "Cloud federation in a layered service model," Journal of Computer and System Sciences, vol. 78, pp. 1330-1344, September, 2012.   DOI   ScienceOn
23 C. Neuman, T. Yu, S. Hartman and K. Raeburn, "The Kerberos network authentication service (V5)," http://www.ietf.org/rfc/rfc4120, July, 2005.
24 D. G. Guo, M. Zhang, Y. Zhang and Z. Xu, "Study on cloud computing security," Journal of Software, vol.22, no.1, pp.71-83, January, 2011.   DOI
25 B. Schneier, Applied Cryptography: Protocols, Algorithms and Source Code in C, 2nd Edition, John Wiley & Sons, 1996.
26 D. Recordon and B. Fitzpatrick, "OpenID authentication 2.0," http://openid.net/specs/openid- authentication-2_0.html, December, 2007.
27 S. Sun, K. Hawkey, and K. Beznosov, "Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures," Computers & Security, vol.31, pp. 465-483, June, 2012.
28 The NIST Definition of Cloud Computing, NIST Special Publication 800-145, September, 2011.
29 D. Zissis and D. Lekkas, "Addressing cloud computing security issues," Future Generation Computer Systems, vol. 28, no. 3, pp. 583-592, March, 2012.   DOI   ScienceOn
30 S. Grzonkowski and P. M. Corcoran, "Sharing cloud services: user authentication for social enhancement of home networking," IEEE Trans. Consumer Electron., vol. 57, no. 3, pp. 1424- 1432, August, 2011.   DOI   ScienceOn