Top PDF Preserving Forward Security Authentication with User Revocation

Preserving Forward Security Authentication with User Revocation

Preserving Forward Security Authentication with User Revocation

Data sharing with a large number of participants must take into account several issues, including efficiency, data integrity and privacy of data owner. Ring signature is a promising candidate to construct an anonymous and authentic data sharing system. It allows a data owner to anonymously authenticate his data which can be put into the cloud for storage or analysis purpose. In this paper, we further enhance the security of ID-based ring signature with user revocation system. In that PKG (Private Key Generator) can generate Private Key for all users who are registered in this system as well as PKG can revoked the users whose keys are compromised. Once these users are revoked by PKG then revoked users can not access the existing and future data files from Cloud Server. Due to which we can achieve fine- grained access control over Encrypted Data of Cloud Server.
Show more

6 Read more

Privacy-Preserving Public Auditingfor Shared data With Efficient User Revocation

Privacy-Preserving Public Auditingfor Shared data With Efficient User Revocation

Abstract- Users in a particular group need to compute signatures on the blocks in shared data,so that the shared data integrity can be confirmed publicly,.Various blocks in shared data are usually signed by various vast number of users due to data alterations performed by different users. Once a user is revoked from the group, an existing user must resign the data blocks of the revoked user in order to ensure the security of data. Due to the massive size of shared data in the cloud, the usual process, which permits an existing user to download the corresponding part of shared data and re-sign it during user revocation, is inefficient. With our mechanism, the identity of the signer on each block in shared data is kept private from public verifiers, who are able to efficiently verify shared data integrity without retrieving the entire file. In addition, our mechanism is able to perform multiple auditing tasks simultaneously instead of verifying them one by one. Our experimental results demonstrate the effectiveness and efficiency of our mechanism when auditing shared data integrity.
Show more

5 Read more

Data sharing in cloud computing using forward security Authentication

Data sharing in cloud computing using forward security Authentication

Even worse, the “group" can be defined by the adversary at will due to the spontaneity property of ring signature: The adversary only needs to include the compromised utilize in the “group" of his cull. As a result, the exposure of one user’s secret key renders all aforetime obtained ring signatures invalid (if that utilizer is one of the ring members), since one cannot distinguish whether a ring signature is engendered prior to the key exposure or by which utilizer. Consequently, forward security is an obligatory requisite that an immensely colossal data sharing system must meet. Otherwise, it will lead to an astronomically immense waste of time and resource. While there are sundry designs of forward-secure digital signatures integrating forward security on ring signatures turns out to be arduous. As far as the authors ken, there are only two forward secure ring signature schemes . However, they are both in the traditional public key setting where signature verification involves sumptuous certificate check for every ring member. This is far below copacetic if the size of the ring is immensely colossal, such as the users of an Astute Grid.
Show more

6 Read more

A Unique Scheme for Security Authentication System

A Unique Scheme for Security Authentication System

While using Burrows-Abad-Needham logic, we reveal that our plan provides secure authentication. Additionally, we simulate our plan for that formal security verification while using broadly recognized and used automated validation of Internet security software methods and programs tool, and reveal that our plan is safe against passive and active attacks. Within this paper, we first evaluate He-Wang‟s plan and reveal that their plan is susceptible to a known session specific temporary information attack and impersonation attack. Additionally, we reveal that their plan doesn't provide strong user‟s anonymity. In addition, He-Wang‟s plan cannot supply the user revocation facility once the wise card shedsOrtaken or user‟s authentication parameter is revealed. Aside from these, He-Wang‟s plan has some design flaws, for example wrong password login and it is effects and wrong password update during password change phase. Then we propose a brand new secure multi-server authentication protocol using biometric-based wise card and ECC with increased security benefits. Our plan provides high security together with low communication cost, computational cost, and number of security measures. Consequently, our plan is extremely appropriate for battery-limited mobile products as in comparison with He-Wang‟s plan.
Show more

6 Read more

On The Security Of Data Access Control For Multi Authority Cloud Storage Systems

On The Security Of Data Access Control For Multi Authority Cloud Storage Systems

This work mainly describes about the methods and algorithms, which are used for providing the high end of security in Data Cloud Server system and accessing data effectively and securely. On surveying the different previous works, We analyzed the advantages and disadvantages of each work and finally We derived the new technique, which over comes the drawbacks of previous work by analyzing all the information’s in all state of exploration and by providing the more secured Data Cloud Server environment. Finally We conclude that our scheme provides authority that is responsible for attribute management and key distribution. For proactive broadcasting it need dynamic linking. So java will be more suitable for platform independence and networking concepts. Now a day’s IT Infrastructure is propelling towards Data Cloud Server computing, but the data integrity concerns with identity privacy which must be addressed. The reviewed various privacy preserving mechanisms for static group in Data Cloud Server computing and propose a new idea for identity privacy with efficient user revocation in Data Cloud Server computing environment. Presently this research is under development to find the system for preserving identity privacy for revocation of the user or group member while sharing the data on Data Cloud Server scheme, there is an authority that is responsible for attribute management and key distribution. The authority can be the registration office in a university, the human resource department in a company, etc. The data owner defines the access policies and encrypts data according to the policies. Each user will be issued a secret key reflecting its attributes. A user can decrypt the data only when its attributes satisfy the access policies. We first propose a revocable multi authority scheme, where an efficient and secure revocation method is proposed to solve the attribute revocation problem in the system.
Show more

7 Read more

Preserving user privacy with anonymous authentication in cloud computing

Preserving user privacy with anonymous authentication in cloud computing

The growth of advanced technology in networking and related areas has required technical experts to restructure their existing infrastructure. Cloud computing is a new advanced technology which is composed of four deployment models, five essential characteristics and three service models [1]. With all the elements mentioned above, cloud computing has become the primary focus on government and business organizations such as IBM, Apple, Google, Amazon and others to develop and deploy their system application in order to provide a fast and reliable services to their clients. However, security is one of the crucial areas that need to be given prior attention especially in the process of authenticating the legitimate user within the cloud domain. The cloud service provider should preserve the user ’s privacy and provide data protection in the cloud storage from being attacked by the adversary. Most of the existing authentication schemes usually involved a third party to verify and monitor the transaction process between the cloud service provider and the users [2]. It could lead to issues of transparency, and may be biased in certain situations in which the user cannot measure and control the security level and privacy of their cloud domain.
Show more

8 Read more

Enhanced Privacy ID for Remote Authentication using Direct Anonymous Attestation Scheme

Enhanced Privacy ID for Remote Authentication using Direct Anonymous Attestation Scheme

public key and issues a unique EPID private key to each member. Each member can use this private key to digitally sign a message, and the resulting signature is called an EPID signature. The verifier can use the public key to verify the correctness of a signature, that is, to verify that the EPID signature was indeed created by a member in good standing with a valid private key. The EPID signature, however, does not reveal any information about which unique private key was used to create the signature. EPID can be used for secure on-line banking. On-line banking is increasingly popular and provides great convenience to end users. However, the security of on-line banking is a concern, not only to end users but also to the banks. If the end user runs a platform that has a trusted execution environment and trusted I/O, the end user can conduct business in a relatively secure environment. However, the bank does not know whether the user is running in a secure environment. An anonymous attestation from the user's platform to the bank would give the bank more confidence that the transaction is secure. For example, if a bank user performs some high volume transactions, the bank wants to make sure that the transactions are properly authorized. If the user runs a trusted execution environment, the user can use the EPID scheme to anonymously attest to the bank so that the bank can give a token to the platform for future transactions. The bank would know that the token was being secured in a trusted execution environment. In later transactions, the user enters a password into the trusted execution environment that unlocks the token so that the bank can authenticate the user's environment. This assures the bank of the authenticity of the transaction. This paper is organized as follows: Related work is presented in Section II. We present our privacy preserving enhanced privacy id scheme in Section III. Results and Performance Analysis is discussed in Section IV. We conclude in Section V.
Show more

7 Read more

Forward Security Authentication on Data Sharing Cloud Computing

Forward Security Authentication on Data Sharing Cloud Computing

The number of users in a data sharing system could be huge and a practical system must reduce the computation and communication cost as much as possible securing transactions online transactions typically require: message integrity to ensure messages are unaltered during transit message confidentiality to ensure message content remain secret non-repudiation to ensure that the sending party cannot deny sending the received message and sender authentication to prove sender identity

6 Read more

Security Enhancement in Cloud Computing with Group User Revocation

Security Enhancement in Cloud Computing with Group User Revocation

ABSTRACT: The enhancement of cloud computing make storage outsourcing become an exceeding trend, which results a secure data auditing as cool topic that emerge in research literature. Recently, some researches consider the problem of efficient and secure public data authentication inspection for shared dynamic data. However, these schemes are still not secure against the collusion and leakage of cloud storage server from unauthorized attacker and revoked group users during user revocation in cloud storage system. This paper focuses on auditing the integrity of shared data with dynamic groups in cloud. A new user can be added into the group. Also, an existing group member can be revoked by preserving privacy including backup of data using vector commitment and verifier-local revocation group signature. This scheme supports the public validation, efficient user revocation and also some good properties such as traceability, efficiency, confidently, countability. Finally, the security and experimental analysis show that our scheme is also secure and efficient. This scheme also supports avoid duplication of data which is one of important data compression techniques which is used for removing duplicate copies of repeating data, and have been widely used in cloud storage to reduce the amount of storage space and save bandwidth. To support protection for the confidentiality of sensitive data the convergent encryption technique has been suggested to encrypt the data before outsourcing.
Show more

6 Read more

Cost-Effective Data Sharing with Outsourced Revocation Using Forward Security in Cloud

Cost-Effective Data Sharing with Outsourced Revocation Using Forward Security in Cloud

Key exposure is the main drawback for normal digital signatures. If the secret key of a user is compromised, all signatures of that user become insignificant: future signatures are ineffective and no previously generated signatures can be trusted. When a key leakage is identified, key revocation schemes must be called instantly in order to avoid the generation of any signature using the compromised secret key. But this solution does not solve the problem of forgeability for past signatures.

7 Read more

PRIVACY PRESERVING AUTHENTICATION PROTOCOL IN SHARED AUTHORITY BASED CLOUD COMPUTING USING TRUSTED THIRD PARTY

PRIVACY PRESERVING AUTHENTICATION PROTOCOL IN SHARED AUTHORITY BASED CLOUD COMPUTING USING TRUSTED THIRD PARTY

Cloud service provider give magnificent points of interest to the users to appreciate from the on-demand Cloud applications without considering the local infrastructure restrictions. Amid the information getting to, different users might be in a collaborative relationship, and information presenting gets to be critical on accomplish productive advantages [1]. Thus the existing security solutions mainly concentrate on the authentication to know that a users private data are unable to be unauthorized accessed, but neglect a subtle privacy issue throughout a users challenging the cloud machine to request others for data sharing. The pushed access demand itself may expose the user’s level of privacy no matter whether or not it can obtain the data access permissions. Different plans utilizing characteristic set up encryption have been proposed for access control of outsourced data in cloud computing [2]. It allows clients with limited computational solutions to outsource their large computation workloads to the cloud, and enjoy the massive computational electricity financially, bandwidth, storage, and also appropriate software that may be shared in a pay-per-use manner. Despite the tremendous benefits, security is the main obstacle that helps prevent the wide adoption of this promising computing model, especially for consumers when their confidential info are developed and consumed during the computation. To combat against unauthorized information access, sensitive data must be encrypted before outsourcing techniques to be able to provide end to- end data confidentiality assurance in the cloud and beyond. However, ordinary information encryption techniques essentially prevent cloud from undertaking any meaningful procedure of the underlying cipher text-insurance policy, producing the computation over encrypted data a very hard difficulty. The proposed scheme not merely achieves scalability because of its hierarchical structure. As a result, there do are present different motivations for cloud server to respond unfaithfully also to return inappropriate outcomes, i. e., they might behave beyond the time-honored semi honest model.
Show more

10 Read more

Privacy Preserving Public Auditing For Personal And Shared Data With Efficient User Revocation

Privacy Preserving Public Auditing For Personal And Shared Data With Efficient User Revocation

Abstract - Cloud provides services like data storage and data sharing in a group. Users can remotely store their data on cloud and enjoy the on-demand high quality applications and services from a shared pool of configurable computing resources, without the burden of local data storage and maintenance. But the management of the data and services may not be fully trustworthy on cloud, as users no longer have physical possession of the outsourced personal data so data integrity protection becomes a difficult task. Maintaining the integrity of shared data services where data is shared among number of cloud user, is also a challenging task. This paper gives privacy preserving public auditing system for data storage security in cloud computing and for that it uses homomorphic linear authenticator with random masking technique. Homomorphic authenticable proxy resignature scheme with Panda public auditing mechanism checks shared data integrity along with efficient user revocation. Furthermore, these mechanisms are able to support batch auditing by verifying multiple auditing tasks simultaneously.
Show more

5 Read more

An innovative 
		security architecture and algorithm for social network services

An innovative security architecture and algorithm for social network services

User Authentication prevents unauthorized access of the system from unknown users. The SFSNS architecture is designed to validate users through series of verifications that include the traditional User Identity (UID) with password (PWD)(two factor Font Alpha Numeric(FAN)password and Shape Csode password). After verifies the UID and PWD, Elliptic Curve Cryptography(ECC) encrypts those information using the generated Skey and forwards encrypted UID and PWD and digital signature to the gateway server. The server decrypts the hashed users data using Skey and verifies it using aAdvanced Encryption Standard(AES) key with the database look up. The AES decrypted UID and PWD retrieved from database is checked with gateway server decrypted UID and PWD for client, gateway authentication. Algorithm 1 depicts for client or gateway server authentication.
Show more

5 Read more

PPS: A Privacy-Preserving Security Scheme for Multi-operator Wireless Mesh Networks with Enhanced User Experience

PPS: A Privacy-Preserving Security Scheme for Multi-operator Wireless Mesh Networks with Enhanced User Experience

Abstract. Multi-operator wireless mesh networks (WMNs) have attracted increasingly attentions as a low-cost accessing approach for future large-scale mobile network. Security and privacy are two important objectives during the deployment of multi-operator WMNs. Despite the necessity, limited literature research takes both privacy and user experience into account. This motivates us to develop PPS, a novel privacy-preserving security scheme, for multi-operator WMNs. On one hand, most of the privacy needs are satisfied with the hybrid utilization of a tri-lateral pseudonym and a ticket based on proxy blind signature. On the other hand, the sophisticated unlinkability is implemented where mobile user is able to keep his pseudonym unchanged within the same operator in order to gain better user experience. PPS is presented as a suite of authentication and key agreement protocols built upon the proposed three-tire hierarchical network architecture. Our analysis demonstrates that PPS is secure and outperforms other proposal in terms of communication and computation overhead.
Show more

26 Read more

Cryptanalysis  on  `Robust  Biometrics-Based  Authentication  Scheme  for  Multi-server  Environment'

Cryptanalysis on `Robust Biometrics-Based Authentication Scheme for Multi-server Environment'

Abstract. Authentication plays an important role in an open network environ- ment in order to authenticate two communication parties among each other. Au- thentication protocols should protect the sensitive information against a mali- cious adversary by providing a variety of services, such as authentication, user credentials’ privacy, user revocation and re-registration, when the smart card is lost/stolen or the private key of a user or a server is revealed. Unfortunately, most of the existing multi-server authentication schemes proposed in the liter- ature do not support the fundamental security property such as the revocation and re-registration with same identity. Recently, in 2014, He and Wang proposed a robust and efficient multi-server authentication scheme using biometrics-based smart card and elliptic curve cryptography (ECC). In this paper, we analyze the He-Wang’s scheme and show that He-Wang’s scheme is vulnerable to a known session-specific temporary information attack and impersonation attack. In addi- tion, we show that their scheme does not provide strong user’s anonymity. Fur- thermore, He-Wang’s scheme cannot support the revocation and re-registration property. Apart from these, He-Wang’s scheme has some design flaws, such as wrong password login and its consequences, and wrong password update during password change phase.
Show more

11 Read more

Data Authentication and Security Approach Using Ring Base Forward Security

Data Authentication and Security Approach Using Ring Base Forward Security

Forward secure identity predicated ring signature for data sharing in the cloud architecture that proposed data sharing in an efficient manner. This architecture, provide multiple cloud environment for astronomically immense data sharing in secure way. Client in the diagram represents individual cloud accommodation utilizer. The servers may reside in different physical locations. The CSP decides the servers to store the data depending upon available spaces. Identity predicated ring signature provide the ring formation of users. The authentic data sharing in multiple clouds to provide secure data sharing at sizably voluminous system. The encryption and decryption provide secure data transmission ID- based forward secure ring signature scheme are designed to following ways. The identities and user secret keys are valid into T periods and makes the time intervals public and also set the message space M= { 0,1 }*.
Show more

5 Read more

Multiple Biometric Authentication Based Secure Protocol Using Smartcard Server

Multiple Biometric Authentication Based Secure Protocol Using Smartcard Server

While using Burrows-Abad-Needham logic, we reveal that our plan provides secure authentication. Additionally, we simulate our plan for that formal security verification while using broadly recognized and used automated validation of Internet security software methods and programs tool, and reveal that our plan is safe against passive and active attacks. Within this paper, we first evaluate He-Wang‟s plan and reveal that their plan is susceptible to a known session specific temporary information attack and impersonation attack. Additionally, we reveal that their plan doesn't provide strong user‟s anonymity. In addition, He-Wang‟s plan cannot supply the user revocation facility once the wise card shedsOrtaken or user‟s authentication parameter is revealed. Aside from these, He-Wang‟s plan has some design flaws, for example wrong password login and it is effects and wrong password update during password change phase. Then we propose a brand new secure multi-server authentication protocol using biometric-based wise card and ECC with increased security benefits. Our plan provides high security together with low communication cost, computational cost, and number of security measures. Consequently, our plan is extremely appropriate for battery-limited mobile products as in comparison with He-Wang‟s plan.
Show more

6 Read more

NFC Based Privacy Preserving User Authentication Scheme in Mobile Office

NFC Based Privacy Preserving User Authentication Scheme in Mobile Office

NFC in smartwork environment, which provides the detailed steps for authentication [9]. Won argued that the authentication method is secure, which prevents from unauthorized users by generating session key using random key and comparing. Kim in [10] provided analyses on the environment and security issues on smartwork and near field communication (NFC) environment. After that he defined privacy issues to build the NFC-based security system and investigate requirements to set up the security system. Kim’s research has good point on issuing privacy issues in smartwork environment but that also provide the direction of security research.
Show more

10 Read more

Forwardsecurity using ID-based Ring Authentication on data sharing in cloud

Forwardsecurity using ID-based Ring Authentication on data sharing in cloud

Abstract: - Data sharing has never been easier with the advances of cloud computing, and an accurate analysis onthe shared data provides an array of benefits to both the society and individuals. Data sharing with a large number ofparticipants must take into account several issues, including efficiency, data integrity and privacy of data owner. Ringsignature is a promising candidate to construct an anonymous and authentic data sharing system. It allows a data ownerto anonymously authenticate his data which can be put into the cloud for storage or analysis purpose. Yet the costlycertificate verification in the traditional public key infrastructure (PKI) setting becomes a bottleneck for this solution tobe scalable. Identity-based (ID-based) ring signature, which eliminates the process of certificate verification, can beused instead. In this paper, we further enhance the security of ID-based ring signature by providing forward security: Ifa secret key of any user has been compromised, all previous generated signatures that include this user still remainvalid. This property is especially important to any large scale data sharing system, as itis impossible to ask all data owners to re-authenticate their data even if a secret key of one single user has beencompromised. We provide a concrete and efficient instantiation of our scheme, prove its security and provide animplementation to show its practicality.
Show more

6 Read more

FreeHand Sketch-based Authenticated Security System Using Levenshtein Distance And Coordinates-Similarity

FreeHand Sketch-based Authenticated Security System Using Levenshtein Distance And Coordinates-Similarity

In general human brain can easily remember images than the text. If the text password is small, then it is easy to remember [9], at the same time it is easy for the hackers to guess the small passwords. If the text password is big then, it is not easy to the user to remember. Hence the user might face the problem during the authentication process. Similarly, in biometric system also, the unauthorized person can access other user’s account using artificial fingers. To avoid such issues an additional security feature is appended to the digital online system that is FreeHand Sketch-based image password using Levenshtein Distance for more security. In this methodology, the user can draw his/her own choice of sketch- based image password with any pattern of his/her own choice with the help of a mouse in the desktop/laptop or with the help of a finger in a Smartphone during the registration process. And in this registration process, the user will draw seven similar image passwords. Once the registration gets completed successfully then the user can login with his/her authorized image password. The authorized user gets more than 85% success in login, and these accuracy reports were shown in the experimental results.
Show more

9 Read more

Show all 10000 documents...