Attribute-based pseudonymity for privacy-preserving authentication in cloud services
Abstract : Attribute-based authentication is considered a cornerstone component to achieve scalable fine-grained access control in the fast growing market of cloud-based services. Unfortunately, it also poses a privacy concern. Users attributes should not be linked to the users identity and spread across different organizations. To tackle this issue, several solutions have been proposed such as Privacy Attribute-Based Credentials (Privacy-ABCs), which support pseudonym-based authentication with embedded attributes. Privacy-ABCs allow users to establish anonymous accounts with service providers while hiding the identity of the user under a pseudonym. However, Privacy-ABCs require the selective disclosure of the attribute values towards service providers. Other schemes such as Attribute Base Signatures (ABS) and mesh signatures do not require the disclosure of attributes; unfortunately, these schemes do not cater for pseudonym generation in their construction, and hence cannot be used to establish anonymous accounts. In this paper, we propose a pseudonym-based signature scheme that enables unlinkable pseudonym self-generation with embedded attributes, similarly to Privacy-ABCs, and integrates a secret sharing scheme in a similar fashion to ABS and mesh signature schemes for attribute verification. Our proposed scheme also provides verifiable collusion, enabling users to share attributes according to the service providers policies.
? Anonymous authentication provides zeroknowledge proof of identity, allowing data to be securely decoupled from provenance for enhanced privacy.
? Prior work has also explored decoupling document content from format and structure for more secure cloud storage and processing.
? In contrast, information-centric approaches imbue data with self-protecting properties, such as by representing it in a form amenable to direct computation on cyphertexts without decryption.
? AnonymousCloud’s approach of decoupling private data from its provenance information can be viewed as an instance of the last of these approaches.
? Attribute-based cryptography is suitable for addressing fine-grained access problem for cloud computing.
? In recent research works on authentication for cloud environment, many studies focus on addressing the problem of users’ privacy disclosure.
? By using attribute-based signature, their authentication approach could address anonymity and user revocation problems.
? To address the above mentioned problems, this paper introduce an efficient privacy-preserving authentication scheme for cloud computing.
? In addition to users’ privacy protection, fine-grained authorized access is another challenging issues for cloud computing.
• In this paper we proposed an approach to improving data privacy in the cloud by decoupling private data content from metadata concerning its provenance and semantics.
• Our system, Anonymous Cloud, employs Tor onion routing inside cloud providers for customers to anonymously communicate computations and data to the system.
• Anonymous authentication based on publickey cryptography safely links jobs and data to customers for billing purposes without revealing these associations to untrusted computation nodes.
• To maintain a pay-per-use business model, clouds must inevitably track ownership information at some level for billing and auditing purposes.
? We conduct theoretical security analysis, and carry out experiments to prove that the proposed scheme has good performance in terms of computational, communication and storage overheads.
? We also carry out comprehensive performance evaluation and further perform simulation experiments on both Intel and smart phone platforms.
? To address the challenge, this paper proposes an efficient attribute-based authentication scheme.
? In this paper, we consider achieving authorized access and attribute privacy preserving with high efficiency simultaneously.
? In this paper, we provided an efficient privacy preserving attribute-based authentication scheme for secure cloud computing.
|