Provably secure and lightweight identity-based authenticated data sharing protocol for cyber-physical cloud environment
Secure and efficient file storage and sharing via authenticated physical devices remain challenging to achieve in a cyber-physical cloud environment, particularly due to the diversity of devices used to access the services and data. Thus in this paper, we present a lightweight identity-based authenticated data sharing protocol to provide secure data sharing among geographically dispersed physical devices and clients. The proposed protocol is demonstrated to resist chosen-ciphertext attack (CCA) under the hardness assumption of decisional-Strong Diffie-
Hellman (SDH) problem. We also evaluate the performance of the proposed protocol with existing data sharing protocols in terms of computational overhead, communication overhead, and response time.
The mobile device connects to the mobile network via base stations such as the base transceiver station, access point, or satellite. When a mobile user requests for some tasks to be processed, information (e.g., identity and location) is handover to the central processors connected to the servers for processing. Based on the home agent (HA) and mobile subscriber data stored in the relevant databases, mobile network operators can decide whether to provide or decline requests to access particular services (i.e. Authentication, Authorization, and Accounting – AAA). After the mobile subscriber has been authenticated, the mobile user’s request(s) will be forwarded to the cloud controllers (CC). The latter processes the requests and provides the relevant services.
• It is assumed that the server may be dishonest or not fully trusted. Specifically, both client and server first complete the authorization process by verifying the authenticity of each other, prior to exchanging any confidential data over public networks.
• This allows the hiding of the identity of the client or user, even when an adversary has intercepts some messages from the public channel
• The need to ensure password protection in password-based authentication system is clear, and the client device is usually one of the weaker links.
• A malicious user can attempt to impersonate as either the client or the server to the other party.
• Data integrity assures the receiver that the message has not been modified, an confidentiality ensures that only authorized users/devices can have access to the data.
Thus this proposed protocol provides mutual authentication, and essential features such as client registration, login, mutual authentication, password renewal. The protocol also ensures user anonymity. We also demonstrate its resilience against known security attacks (e.g., insider attack, impersonation attack, session key computation attack), and its correctness using AVISPA simulation tool.Once the physical devices are authenticated, the next phase is secure end-to-end communication. For this, the proposed encryption technique is used on bilinear pairing with a small public parameter-size. We then demonstrate that it is IND-ID-CCA secure based on the decisional-SDH (Strong Diffie-Hellman) assumption.
Thus this paper, a new identity-based authenticated data sharing (IBADS) protocol is designed for cyber-physical cloud systems based on bilinear pairing. In the IBADS, there are two phases. First, a new data owner needs to register. Second, the data owner sends an encrypted message to the untrusted cloud controller using some client devices. We then demonstrated the security and correctness of the protocol, as well as evaluating its performance. In future research, we intend to implement a prototype of the proposed protocol so that we can evaluate its practicability in a real-world setting.