A Cloud Authentication Protocol using One-Time Pad

There is a significant increase in the amount of data breaches in corporate servers in the cloud environments. This includes username and password compromise in the cloud and account hijacking, thus leading to severe vulnerabilities of the cloud service provisioning. Traditional authentication schemes rely on the users to use their credentials to gain access to cloud service. However once the credential is compromised, the attacker will gain access to the cloud service easily. This paper proposes a novel scheme that does not require the user to present his credentials, and yet is able to prove ownership of access to the cloud service using a variant of zero-knowledge proof. A challenge-response protocol is devised to authenticate the user, requiring the user to compute a one-time pad (OTP) to authenticate himself to the server without revealing password to the server. A prototype has been implemented to facilitate the authentication of the user when accessing Dropbox, and the experiment results showed that the overhead incurred is insignificant

A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view