An ECC-based mutual data access control protocol for next-generation public cloud

Question

1. What is the origin of the term 'cloud' in cloud computing?

2. What are the main contributions of the research paper?

3. What is the purpose of a hash function?

4. What makes ECC more efficient than Diffie Hellman, DSA, and RSA?

Accepted Answer

The term 'cloud' in cloud computing originated from telecommunications when telecom companies started offering Virtual Private Network (VPN) services. Before VPN, these companies provided point-to-point data over circuits that squandered bandwidth. However, using VPN services, they managed to balance the overall network utilization. The word 'cloud' was used to describe the shared pool of resources in the cloud, similar to how data is stored and accessed in the cloud computing model. This concept was first investigated in 1966, as described in Douglas Parkhill's book 'The Challenge of the Computer Utility' [4].

Accepted Answer

The main contributions of the research paper are: 1. The proposed protocol uses lightweight elliptical curve cryptography (ECC) public key technique to resist potential attacks. 2. The proposed protocol is verifiably protected in the BAN logic against the hardness assumptions of the elliptic curve discrete logarithm problem and the elliptic curve computational Diffie-Hellman problem. 3. The proposed protocol is secure, based on analyzing the automated verification software toolkit ProVerif 2.03. 4. The proposed protocol will have lower communication costs, computation complexity, and less storage overhead than the existing protocols. 5. The proposed protocol significantly balances the performance and security measures often lacking in existing schemes.

Accepted Answer

A hash function is a mathematical function used to check the message's integrity and convert numerical input values into compressed numerical values. It produces a fixed-length output value, making it easy to compute the hash value if the input string is given. However, it is impractical to determine the original message from the hash value. When the same message is converted multiple times, the hash values remain the same, but it is not always the case. Hash functions are commonly used in data integrity checks and cryptographic applications.

Accepted Answer

ECC is more efficient than Diffie Hellman, DSA, and RSA cryptographic protocols due to its smaller key sizes and faster computations. It is defined by an elliptic curve equation and involves two operations: point multiplication and point addition. The careful selection of parameters, such as the prime number q, ensures security. ECC's symmetric nature about the x-axis allows for efficient calculations, making it a preferred choice for secure communication and data encryption.

Accepted Answer

The next-generation public cloud server plays a crucial role in the system model by providing connectivity, data access, storage facilities, data sharing, cookies, and other security services for all its users. It is considered a trusted entity, as without declaring it trusted, it will degrade the overall system. The end user alone cannot be trusted because it can degrade system credibility. To access the next-generation public cloud server, the user sends a request message, and the server sends a challenge message back to check the authenticity of the user. If the user's response is legitimate, the server starts the session with the user. This process is explained in the proposed protocol, as shown in Fig. 1.

Accepted Answer

The DY threat model identifies several possible threats to a system. These include intercepting communication between a user and a public cloud server, capturing open network channel data for manipulation, monitoring broadcast messages among legal peers, launching masquerading, impersonation, and man-in-the-middle attacks, intruding into insecure communication mediums, extracting secret keys, and addressing other system threats such as privacy, server spoofing, insider threats, and session key threats. The model emphasizes the importance of analyzing and examining these threats before implementing them in real-world environments to ensure system security.

Accepted Answer

The security goals introduced by Canetti aim to address the increasing risks in next-generation cloud computing. These goals focus on preventing unauthorized access to user data, protecting sensitive information, and ensuring secure communication. The proposed scheme aims to achieve these security goals (SGs) and compares existing schemes in terms of performance. By authenticating communication peers, the scheme prevents unauthorized access to transmitted information, mitigating risks such as replayed, modified, spoofed, or eavesdropped data. Overall, the security goals emphasize the importance of safeguarding data and communication in cloud computing environments.

Accepted Answer

To prevent offline password guessing attacks, the protocol should implement strong security measures. This includes using encryption techniques to protect user passwords, implementing multi-factor authentication, and regularly updating security protocols. Additionally, the protocol should limit the number of login attempts and implement account lockout mechanisms to prevent unauthorized access. By combining these strategies, the protocol can effectively safeguard sensitive data on next-generation public cloud servers from offline password guessing attacks.

Accepted Answer

The registration procedure involves several steps. Firstly, the user registers itself with the public cloud server, choosing an identity ID, password, and a random number. The user then computes the PID using the chosen parameters. Next, the user sends the ID and PID over a secure channel. The public cloud server generates a random number, computes V1, V2, and V3, and sends them back to the user over a secure channel. Upon receiving the message, the user calculates S1, S2, and S3 using the provided parameters and saves them in memory. This process ensures secure registration and authentication in the proposed protocol.

Accepted Answer

The user generates a random number r*u by multiplying user ID and password. Then, they compute V*2 by dividing PID/u by S1. This process involves generating another random number r*u1, computing V*1 using ID and r*u1, calculating C2 using ID and r*u1, and selecting a timestamp TLA1. Finally, the user computes N using ID, V*1, C2, V*2, and TLA1, and sends S3, V*1, C2, N, and TLA1 to the cloud server over a public channel.

Accepted Answer

The scheme in Table 1 has several vulnerabilities. It is vulnerable to reply, masquerade, DoS, and impersonation attacks. It cannot provide anonymity and is susceptible to insider attacks. The protocol is vulnerable to offline password guessing, DoS, user impersonation attacks, and cannot provide perfect forward secrecy and anonymity. It is unable to provide mutual authentication, perfect message authentication, and is vulnerable to offline password guessing, de-synchronization attacks, and impersonation attacks. The protocol is vulnerable to spoofing, de-synchronization, and impersonation attacks. It is unable to provide perfect message authentication and is vulnerable to offline password guessing, de-synchronization, and impersonation attacks. The protocol is vulnerable to offline password guessing, de-synchronization attacks, and unable to provide perfect forward secrecy. The scheme is also vulnerable to spoofing and de-synchronization attacks. It is unable to provide perfect message authentication and is vulnerable to de-synchronization, spoofing, and impersonation attacks. The protocol is vulnerable to offline password guessing, de-synchronization attacks, and unable to provide mutual authentication. It is unable to provide perfect message authentication and is vulnerable to de-synchronization, spoofing, and impersonation attacks. The scheme is unable to provide perfect message authentication and is vulnerable to de-synchronization, spoofing, and impersonation attacks. The protocol is vulnerable to offline password guessing, de-synchronization attacks, and unable to provide perfect forward secrecy. Overall, the scheme has multiple vulnerabilities that can be exploited by attackers, compromising its security and anonymity.

Accepted Answer

The Session Key Rule states that if you believe message X is fresh and PCS believes X, then you believe they shared a session key. This rule is crucial for establishing secure communication between parties. It ensures that both parties have a shared secret key, which is used to encrypt and decrypt messages during a session. By following this rule, the parties can maintain confidentiality and integrity of their communication. The Session Key Rule is an essential component of secure communication protocols, such as SSL/TLS, which are widely used in internet communication. It helps prevent unauthorized access and ensures that sensitive information remains protected during transmission.

Accepted Answer

The communication cost in the proposed scheme is calculated by summing the messages transmitted between the user (u) and the PCS during login and authentication. For example, Message 1 consists of 160 bits for S3, 160 bits for V, 160 bits for C2, 160 bits for N, and 56 bits for TLA1, resulting in a total of 1016 bits. Message 2 consists of 160 bits for W, 56 bits for X, and 160+160+64 bits for Y, totaling 760 bits. Therefore, the total communication cost of the proposed protocol is 1776 bits. Additionally, a comparison of the communication cost with other schemes is shown in Figure 5, indicating that our scheme is lightweight compared to most existing schemes, except for [69].

Accepted Answer

The computation cost for a one-way hash function, denoted as T h,XOR, is a measure of the resources required to perform the hash function operation. It includes factors such as time complexity, memory usage, and energy consumption. In the context of the provided section, the computation cost for a one-way hash function is an essential metric for evaluating the efficiency of different cryptographic schemes. Lower computation costs indicate faster and more resource-efficient operations, which are desirable in various applications, including secure communications, data storage, and cryptographic protocols. The computation cost for a one-way hash function can vary depending on the specific algorithm used, the input size, and the hardware platform. Therefore, it is crucial to consider the computation cost when comparing different cryptographic schemes and selecting the most suitable one for a given application.

An ECC-based mutual data access control protocol for next-generation public cloud

Chat with Paper

AI Agents for this Paper

Most frequently asked questions

1. What is the origin of the term 'cloud' in cloud computing?

2. What are the main contributions of the research paper?

3. What is the purpose of a hash function?

4. What makes ECC more efficient than Diffie Hellman, DSA, and RSA?

5. What role does the next-generation public cloud server play in the system model?

6. What are the possible threats in the DY threat model?

7. What are the security goals introduced by Canetti?

8. How can the protocol prevent offline password guessing attacks?

9. What is the registration procedure in the proposed protocol?

10. How does the user generate a random number and compute V*2?

11. What are the vulnerabilities of the scheme in Table 1?

12. What is the Session Key Rule?

13. How is the communication cost calculated in the proposed scheme?

14. What is the computation cost for a one-way hash function?

Citations

Secure and Efficient Outsourced Computation in Cloud Computing Environments

A Semantic and Robust Authentication Scheme for User-Based Access Control on Cloud Storage

Lattice-based multi-authority ciphertext-policy attribute-based searchable encryption with attribute revocation for cloud storage

References

On the security of public key protocols

Password authentication with insecure communication

A logic of authentication

The random oracle methodology, revisited

Cloud computing - concepts, architecture and challenges

Related Papers (5)

Privacy protection in cloud using identity based group signature

Secure Administration of SEPA Servers in A Cloud Environment

A Multi-Level access control scheme towards software as a service in cloud computing

A User-Centric Protocol for Conditional Anonymity Revocation

Do you trust the cryptography used in your devices