An Improved Authentication Scheme for Remote Data Access and Sharing Over Cloud Storage in Cyber-Physical-Social-Systems

Abstract

Cyber-physical-social systems (CPSSs) epitomize an evolving paradigm, including the social, physical, and cyber world. The vital goal of CPSSs is to offer personalized, high-quality, and proactive services for the end-users. An ingenious framework for reliable services is required for CPSSs to achieve this purpose. In this regard, the cloud storage environment of cloud computing (having a great connection with the physical, cyber, and social world) requires a reliable framework for secure communication between cloud and users. Cloud storage provides various services that need scalable, cost-effective, and secure facilities of data management. Public cloud storage bound its users to maintain strict security considerations that are offered by cloud service providers. On the other hand, an opportunity for users is offered by private cloud storage to construct a controlled and self-managed model of data security. This mobile model is responsible for managing the sharing and accessing of data privately. Despite that, it induces new challenges of data security. One censorious problem is to ensure the authenticated and secure model of data-storage for accessing the data under the controlled environment of data accessibility. To tackle this challenge, many protocols have been developed. The problem is that all these protocols are unable to fulfill the required security efficiency and are susceptible to various security attacks. Recently, Tiwari et al. presented an authentication scheme for data sharing and access with a biometric feature. They claimed that their scheme resists significant security attacks. However, in this article, we show that the claim of Tiwari et al. for developing a secure scheme is not valid, and their protocol is insecure against user and server impersonation attacks. Moreover, the protocol of Tiwari et al. do not provide user anonymity. Therefore, we present an enhanced, secure, and convenient scheme for data access. Besides, in order to add the flexible distribution of data that is controlled by data-owner, our protocol provides proxy re-encryption in which the cloud server utilizes the proxy re-encryption key. Then, the data-owner generates the credential token during decryption for controlling user’s accessibility. The security analysis determines that our proposed protocol resists numerous security attacks. Furthermore, performance analysis determines that our protocol has practical computation, communication, and storage costs as compared to various related protocols. Consequently, our introduced protocol achieves not only the security goals but also has performance efficiency comparable to numerous relevant protocols of cloud storage.