Although cloud computing has become one of the basic utility in ICT era with several benefits like rapid elasticity, resource pooling broad network access, and on-demand self-service, it introduces dozens of dirty security threats too. An effective authentication protocol is the basis, topmost prioritized and emergence one for the secure cloud communications. As a result, in this article an effective trust-aware authentication framework is proposed based on n-party multi-linear key pairing functions, trust and reputation aggregation functions and time-based dynamic nonce generation. In addition to formulating an effective authentication protocol, we have analyzed the mutual authentication and formal security strength by using cryptographic GNY belief logic which will prove proposed protocol not only meets intended mutual authentication, but also justifies the security strength against the impersonation and ephemeral secret leakage attacks.

Mutual Authentication, Single Sign-On, Elliptic-Curve, Cloud Service Provider, Identity Provider, Trustee

[1] Shane Mitchell, Nicola V et al. “The Internet of Everything for Cities”, https://www.cisco.com/c/dam/en_us/solutions/industries/docs/gov/everything-for-cities.pdf, June 2013.
[2] Bob Violino, “The dirty dozen: 12 top cloud security threats for 2018”, https://www.csoonline.com/article/3043030/security/12-top-cloud-security-threats-for-2018.html, January 5, 2018.
[3] Holger Schulze, “Cloud security report 2018” https://pages.cloudpassage.com/rs/857-FXQ-213/images/2018-Cloud-Security-Report%20%281%29.pdf.
[4] Tim Mather and SubraKumaraswamy, “Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance”, http://www.di.fc.ul.pt/~nuno/PAPERS/security3.pdf, 2009.
[5] Jaikumar Vijayan, “Amazon downplays report highlighting vulnerabilities in its cloud service”. http://www.computerworld.com/s /article/9140074/Amazon_downplays_report_highlighting_vulnerabilities_in_its_cloud_service, October 2009.
[6] What is OpenID, OAuth2 and Google Sign In? https://www.youtube.com/watch?v=1M6gqoGiO2s&t=25s, DBA publications, April 20, 2017.
[7] Deep Dive into OAuth for Connected Apps, https://www.youtube.com/watch?v=vlrK3YZ_Fj0.
[8] DBA presenters, “What is OpenID, OAuth2 and Google Sign In?” https://www.youtube.com/watch?v=1M6gqoGiO2s&t=25s, DBA publications, April 20, 2017.
[9] OpenID Foundation, “The OpenID User Interface Extension Best Practices for Identity Providers 2009”. [Online]. Available: http://wiki.openid.net/w/page/12995153/Details-of-UX-Best-Practices-for-OPs
[10] J. M. Alves et al. ”Multi-Factor Authentication with OpenId in Virtualized Environments”, IEEE LATIN AMERICA TRANSACTIONS, VOL. 15, NO. 3, MARCH 2017
[11] Chris Messina, “User Authentication with OAuth 2.0”, https://oauth.net/articles/authentication/.
[12] Chris Messina, “OAuth 1.0, OpenID 2.0 and up next: DiSo”, https://medium.com/chris-messina/tagged/oauth, 2007.
[13] Aloysius Low, Seth Rosenblatt, “Serious security flaw in OAuth, Open ID discovered”, https://www.cnet.com/news/serious-security-flaw-in-oauth-and-openid-discovered/, MAY 2, 2014 4:00 AM PDT.
[14] Hargobind Singh, “Deep Dive into OAuth for Connected Apps”, https://www.youtube.com/watch?v=vlrK3YZ_Fj0, October 5, 2015.
[15] Justin Richer, “User Authentication with OAuth 2.0”, https://oauth.net/articles/authentication/, 2012.
[16] Pierluigi Paganini, “One oAuth 2.0 hack, 1 Billion Android App Accounts potentially exposed”, https://securityaffairs.co/wordpress /53081/hacking/oauth-2-0-attack.html. November 5, 2016.
[17] Merritt Maxim, “Tools And Technology: The Identity And Access Management Playbook”, http://www1.janrain.com/rs/253-XLD-026/images/the-forrester-wave-customer-identity-and-access-manageme nt-q2-2017-industry-research.pdf, June 15, 2017.
[18] “Janrain Identity Cloud”, http://www1.janrain.com/rs/253-XLD-026/images/janrain-identity-cloud-datasheet.pdf, 2016.
[19] “Identity and Access Management Resource Guide”, http://certification.salesforce.com/RG_CertifiedIdentityandAccessManagementDesigner .pdf, May 25, 2018.
[20] David Goldsmith, “ForgeRock Identity Platform v5.0”, https://backstage.forgerock.com/docs/platform/5/Platform-5-Platform-Guide.pdf, 2018. https://www.pingidentity.com/content/dam/ping-6-2-assets/Assets/analyst-reports/en/3208-kuppingercole-solutions-custome r-iam.pdf?id=b6322a80-f285-11e3-ac10-0800200c9a66, March 2017.
[21] John Tolbert, “Ping Identity solutions for Customer Identity and Access Management”, https://www.pingidentity.com/content/dam/ping-6-2-assets/Assets/analyst-reports/en/3208-kuppingercole-solutions-custom er-iam.pdf?id=b6322a80-f285-11e3-ac10-0800200c9a66, March 2017.
[22] LoginRadius, “Complete Customer Identity Management” https://www.loginradius.com/press/loginradius-announces-series-a-funding-from-forgepoint-and-microsoft-venture/, July 2018.
[23] Ronny Bjones, “Identity for the 21st Century”, https://www.eema.org/wp-content/uploads/bjones.pdf, 2016.
[24] SaboutNagaraju and LathaParthiban, “SecAuthn: Provably Secure Multi-Factor Authentication for the Cloud Computing Systems”, Indian journal of Science and Technology, Vol 9( 9), March 2016, pp.1-18.
[25] SaboutNagaraju and LathaParthiban, “Trusted framework for online banking in public cloud using multi-factor authentication and privacy protection gateway”,Journal of Cloud Computing: Advances, Systems and Applications (2015) 4:22, pp.1-23.
[26] SaboutNagaraju and S.K.V. Jayakumar, “A Novel Approach for Enabling More Accurate Trust and Reputation Mechanisms with an Efficient and High-Security Remote Authentication in the Cloud Computing Environment”, Indian journal of Science and Technology, Vol 11( 13), April 2018, pp.1-18.
[27] Jia-Lun Tsai and Nai-Wei Lo, “A Privacy-Aware Authentication Scheme for Distributed Mobile Cloud Computing Services”, IEEE Systems Journal, Vol. 9, No. 3, Sep. 2015, pp. 805-15.
[28] Debiao He et al., “Efficient Privacy-Aware Authentication Scheme for Mobile Cloud Computing Services”, IEEE Systems Journal, Vol. 12, No. 2, June 2018, pp. 1621-31.
[29] James Scott, Drew Spaniel, “In 2017, The Insider Threat Epidemic Begins”, https://icitech.org/wp-content/uploads/2017/02/ICIT-Brief-In-2017-The-Insider-Threat-Epidemic-Begins.pdf, February 23, 2017.
[30] L. Gong, R. Needham, and R. Yahalom, “Reasoning about belief in cryptographic protocols” in Proc. 1990 IEEE Computer Society Symp.Research in Security and Privacy, 1990, pp. 234–246.
[31] M. Burrows, M. Abadi, and R. Needham, “A logic of authentication” ACM Trans. Comput. Syst., vol. 23, no. 5, pp. 1–13, 1989.
[32] S. Pearson, “Taking account of privacy when designing cloud computing services” in Proc. CLOUD ICSEWorkshopSoftw. Eng. Challenges CloudComput., 2009, pp. 44–52.
[33] H. Takabi, J. B. D. Joshi, and G. Ahn, “Security and privacy challengesin cloud computing environments” IEEE Security Privacy, vol. 8, no. 6,pp. 24–31, Nov./Dec. 2010.
[34] Z. Xiao and Y. Xiao, “Security and privacy in cloud computing” IEEECommun. Surveys Tuts., vol. 15, no. 2, pp. 843–859, Jul. 2012.
[35] AmlanJyotiChoudhury, Pardeep Kumar, MangalSain, Hyotaek Lim, Hoon Jae-Lee, “A Strong User Authentication Framework for Cloud Computing”, 2011 IEEE Asia -Pacific Services Computing Conference, pp. 110-115, 2011.
[36] J. Yang et al., “A fingerprint recognition scheme based on assemblinginvariant moments for cloud computing communications”, IEEE Syst. J.,vol. 5, no. 4, pp. 574–583, Dec. 2011.
[37] SushmitaRuj, M. Stojmenovic, and A. Nayak, “Decentralized access control with anonymous authentication of data stored in clouds”, IEEE Trans. Parallel Distrib. Syst., vol. 25, no. 2, pp. 384–394, Feb. 2014.
[38] Neil Zhenqiang Gong and Di Wang, “On the Security of Trustee-Based Social Authentications”, IEEE Transactions on Information Forensics And Security, Vol. 9, No. 8, August 2014.
[39] Chin-Ling Chen, Tsai-Tung Yang, Mao-Lun Chiang and Tzay-Farn Shih, “A Privacy Authentication Scheme Based on Cloud for Medical Environment”, J Med Syst (2014) 38:143, pp. 1-16, October 2014.
[40] Hong Liu, HuanshengNing, QingxuXiongand Laurence T. Yang, “Shared Authority Based Privacy-Preserving Authentication Protocol in Cloud Computing”, IEEETransactions On Parallel and Distributed Systems, Vol. 26, No. 1, pp. 241-251, January 2015.
[41] Jun Zhou, Xiaodong Lin, Xiaolei Dong and Zhenfu Cao,“PSMPA: Patient Self-Controllable and Multi-Level Privacy-Preserving Cooperative Authentication in Distributed m-Healthcare Cloud Computing System”, IEEE Transactions On Parallel and Distributed Systems, Vol. 26, No. 6, pp. 1693-1703, June 2015.