A Novel Authentication Mechanism for SecureData Access based on Encryption Key Sharing for Cloud Web Application

Abstract

It is becoming increasingly common to outsource data to the Cloud based Web Applications (CWAPP). We recommend that the data owner encrypt his or her data ahead of outsourcing it to the CWAPP to ensure the confidentiality of the data. However, effective access for encrypted information is an essential and complex issue for CWAPP data sharing. In the past many studies are suggesting encryption data access methods as one of the most promising solution for the secure data retrieval through preserving data privacy and access control. However, these mechanisms are exposed to internal attacks and the organization in using CWAPP raises major burden for managing password-authenticated identities for access control of the data shared due to the dynamic and complex nature of operations. This raises major security concerns, especially data confidentiality and security of CWAPP. In this paper, we present a novel authentication mechanism for secure data access based on Encryption Key Sharing for Authorized Access (EKS-AA) for securely data encryption and validate the client authentication before retrieval with a shared data. The EKS is used by the sender to encrypt the keyword and by the receiver to open a data access door. The primary aim of this proposal is to make CWAPP secure from password phishing and intrusive keyword guessing attacks. The experimental evaluation in terms of time complexity measure suggests the effectiveness of the proposal for CWAPP.