Provably secure and lightweight identity-based authenticated data sharing protocol for cyber-physical cloud environment
Secure and efficient file storage and sharing via authenticated physical devices remain challenging to achieve in a cyber-physical cloud environment, particularly due to the diversity of devices used to access the services and data. Thus in this paper, we present a lightweight identity-based authenticated data sharing protocol to provide secure data sharing among geographically dispersed physical devices and clients. The proposed protocol is demonstrated to resist chosen-ciphertext attack (CCA) under the hardness assumption of decisional-Strong Diffie- Hellman (SDH) problem. We also evaluate the performance of the proposed protocol with existing data sharing protocols in terms of computational overhead, communication overhead, and response time.
Based on the home agent (HA) and mobile subscriber data stored in the relevant databases, mobile network operators can decide whether to provide or decline requests to access particular services (i.e. Authentication, Authorization, and Accounting – AAA). After the mobile subscriber has been authenticated, the mobile user’s request(s) will be forwarded to the cloud controllers (CC). The latter processes the requests and provides the relevant services. There are, however, a number of security challenges for such an environment, such as the following: Mutual Authentication: This is one of the most fundamental security attributes required in CPSs (and generally many other systems). It is assumed that the server may be dishonest or not fully trusted. Specifically, both client and server first complete the authorization process by verifying the authenticity of each other, prior to exchanging any confidential data over public networks. _ Anonymity: This allows the hiding of the identity of the client or user, even when an adversary has intercepted some messages from the public channel. _ Password protection: The need to ensure password protection in password-based authentication system is clear, and the client device is usually one of the weaker links. Specifically, the client or user generally uses lowentropy password to facilitate memorization, and such passwords are vulnerable to password guessing attacks. _ Impersonation resilience: Client-server communication protocol runs are executed over an insecure channel, and thus a malicious user can attempt to impersonate as either the client or the server to the other party. _ Data integrity and confidentiality: A secure protocol should provide strong data integrity and confidentiality for every transmitted message. Data integrity assures the receiver that the message has not been modified, and confidentiality ensures that only authorized users/devices can have access to the data.
The proposed protocol is designed to achieve authentication between a physical device and the cloud controller, and provide a secure end-to-end secure communication in the cloud using IBE scheme. Specifically, 1) Our proposed protocol provides mutual authentication, and essential features such as client registration, login, mutual authentication, password renewal. The protocol also ensures user anonymity. We also demonstrate its resilience against known security attacks (e.g., insider attack, impersonation attack, session key computation attack), and its correctness using AVISPA simulation tool. 2) Once the physical devices are authenticated, the next phase is secure end-to-end communication. For this, the proposed encryption technique is used on bilinear pairing with a small public parameter-size. We then demonstrate that it is IND-ID-CCA secure based on the decisional-SDH (Strong Diffie-Hellman) assumption.
In this paper, a new identity-based authenticated data sharing (IBADS) protocol is designed for cyber-physical cloud systems based on bilinear pairing. In the IBADS, there are two phases. First, a new data owner needs to register. Second, the data owner sends an encrypted message to the untrusted cloud controller using some client devices. We then demonstrated the security and correctness of the protocol, as well as evaluating its performance. In future research, we intend to implement a prototype of the proposed protocol so that we can evaluate its practicability in a real-world setting.
 Nurul Hidayah Ab Rahman, William Bradley Glisson, Yanjiang Yang, and Kim-Kwang Raymond Choo. Forensic-by-design framework for cyber-physical cloud systems. IEEE Cloud Computing, 3(1):50–59, 2016.
 Quang Do, Ben Martini, and Kim-Kwang Raymond Choo. Cyberphysical systems information gathering: A smart home case study. Computer Networks, 138:1–12, 2018.
 Hoang T Dinh, Chonho Lee, Dusit Niyato, and Ping Wang. A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing, 13(18):1587–1611, 2013.
 Qiang Liu, Jiafu Wan, and Keliang Zhou. Cloud manufacturing service system for industrial-cluster-oriented application. 15(3):373–380, 2014.
 Daqiang Zhang, JiafuWan, Qiang Liu, Xin Guan, and Xuedong Liang. A taxonomy of agent technologies for ubiquitous computing environments. KSII Transactions on Internet and Information Systems (TIIS), 6(2):547– 565, 2012.
 Jiafu Wan, Hehua Yan, Di Li, Keliang Zhou, and Lu Zeng. Cyberphysical systems for optimal energy management scheme of autonomous electric vehicle. The Computer Journal, 56(8):947–956, 2013.
 Ragunathan Rajkumar. A cyber–physical future. Proceedings of the IEEE, 100(Special Centennial Issue):1309–1312, 2012.
 Akshay Rajhans, Ajinkya Bhave, Ivan Ruchkin, Bruce H Krogh, David Garlan, Andr´e Platzer, and Bradley Schmerl. Supporting heterogeneity in cyber-physical systems architectures. IEEE Transactions on Automatic Control, 59(12):3178–3193, 2014.
 Burak Demirel, Zhenhua Zou, Pablo Soldati, and Mikael Johansson. Modular design of jointly optimal controllers and forwarding policies for wireless control. IEEE Transactions on Automatic Control, 59(12):3252– 3265, 2014.
 Zhaogang Shu, Jiafu Wan, Daqiang Zhang, and Di Li. Cloud-integrated cyber-physical systems for complex industrial applications. Mobile Networks and Applications, 21(5):865–878, 2016.