Anonymous RFID authentication for cloud services

Date

2012-07-02

Advisors

Journal Title

Journal ISSN

ISSN

2147-0030

DOI

Volume Title

Publisher

Gazi University

Type

Article

Peer reviewed

Yes

Abstract

Cloud computing is one of the fastest growing segments of IT industry since the users’ commitments for investment and operations are minimized, and costs are in direct relation to usage and demand. In general, cloud services are required to authenticate the user and most of the practical cloud services do not provide anonymity of the users. Namely, cloud provider can track the users easily, so privacy and authenticity are two critical aspects of security. Anonymous authentication is a technique enabling users to prove that they have privilege without disclosing real identities. This type of authentication can be useful especially in scenarios where it is sufficient to ensure the server that the claiming parties are indeed registered. Some motivating applications in the cloud for an anonymous authentication protocol are E-commerce, E-voting, E-library, Ecashand mobile agent applications. Many existing anonymous authentication protocols assume absolute trust to the cloud provider in which all private keys are stored. This trust may result in serious security and privacy issues in case of private key leakage from the cloud provider. In this paper, we propose forward secure anonymous and mutual authentication protocols using RFID technology for cloud services. These protocols avoid the trustworthiness to the cloud provider. Meaning that, even if the private keys are obtained from the corrupted tags or from the server owners of these tags cannot be traced from the past authentication actions. In fact, anonymity of the users will still be ensured even the private keys of tags are compromised.

Description

Keywords

anonymity, Authentication, Cloud Services, RFID, threshold cryptosystem

Citation

Bingol, M.A., Birinci, F., Kardas, S. and Kiraz, M.S. (2012) Anonymous RFID Authentication for Cloud Services. International Journal of Information Security Science, 1(2), pp.32–42.

Rights

Research Institute

Cyber Technology Institute (CTI)