A Cloud Authentication Protocol using One-Time Pad

Sim, L. J. H., Ren, S. Q., Keoh, S. L. and Aung, K. M. M. (2017) A Cloud Authentication Protocol using One-Time Pad. In: IEEE Technologies for Smart Nation (TENCON), Marina Bay Sands, Singapore, 22-25 Nov 2016, pp. 2513-2516. ISBN 9781509025978 (doi: 10.1109/TENCON.2016.7848486)

123504.pdf - Accepted Version



There is a significant increase in the amount of data breaches in corporate servers in the cloud environments. This includes username and password compromise in the cloud and account hijacking, thus leading to severe vulnerabilities of the cloud service provisioning. Traditional authentication schemes rely on the users to use their credentials to gain access to cloud service. However once the credential is compromised, the attacker will gain access to the cloud service easily. This paper proposes a novel scheme that does not require the user to present his credentials, and yet is able to prove ownership of access to the cloud service using a variant of zero-knowledge proof. A challenge-response protocol is devised to authenticate the user, requiring the user to compute a one-time pad (OTP) to authenticate himself to the server without revealing password to the server. A prototype has been implemented to facilitate the authentication of the user when accessing Dropbox, and the experiment results showed that the overhead incurred is insignificant.

Item Type:Conference Proceedings
Glasgow Author(s) Enlighten ID:Keoh, Dr Sye Loong
Authors: Sim, L. J. H., Ren, S. Q., Keoh, S. L., and Aung, K. M. M.
College/School:College of Science and Engineering > School of Computing Science
Published Online:09 February 2017
Copyright Holders:Copyright © 2016 IEEE
First Published:First published in 2016 IEEE Region 10 Conference (TENCON): 2513-2516
Publisher Policy:Reproduced in accordance with the publisher copyright policy
Related URLs:

University Staff: Request a correction | Enlighten Editors: Update this record