Anonymous RFID authentication for cloud services
Cloud computing is one of the fastest growing segments of IT industry since the usersâ€™ commitments for investment and operations are minimized, and costs are in direct relation to usage and demand. In general, cloud services are required to authenticate the user and most of the practical cloud services do not provide anonymity of the users. Namely, cloud provider can track the users easily, so privacy and authenticity are two critical aspects of security. Anonymous authentication is a technique enabling users to prove that they have privilege without disclosing real identities. This type of authentication can be useful especially in scenarios where it is sufficient to ensure the server that the claiming parties are indeed registered. Some motivating applications in the cloud for an anonymous authentication protocol are E-commerce, E-voting, E-library, Ecashand mobile agent applications. Many existing anonymous authentication protocols assume absolute trust to the cloud provider in which all private keys are stored. This trust may result in serious security and privacy issues in case of private key leakage from the cloud provider. In this paper, we propose forward secure anonymous and mutual authentication protocols using RFID technology for cloud services. These protocols avoid the trustworthiness to the cloud provider. Meaning that, even if the private keys are obtained from the corrupted tags or from the server owners of these tags cannot be traced from the past authentication actions. In fact, anonymity of the users will still be ensured even the private keys of tags are compromised.
Citation : Bingol, M.A., Birinci, F., Kardas, S. and Kiraz, M.S. (2012) Anonymous RFID Authentication for Cloud Services. International Journal of Information Security Science, 1(2), pp.32–42.
ISSN : 2147-0030
Research Institute : Cyber Technology Institute (CTI)
Peer Reviewed : Yes