Attribute-based authentication on the cloud for thin clients

Abstract

We propose two new authentication schemes for the cloud that support private attribute-based authentication services. The basic scheme is non-anonymous attribute-based authentication scheme. The extended scheme of the basic scheme is fully anonymous attribute-based authentication scheme to realize full anonymity and unlinkability services. In the proposed schemes, a user is authenticated by the remote server if the intersection of the set of his/her assigned attributes and the server’s required attributes exceeds a satisfactory predefined level. Unlike existing attribute-based encryption and signature schemes that require the user to perform significant amount of elliptic curve bilinear pairings and modular exponentiations, and require the user to hold a significantly long decryption/signature key, in our schemes the user is not required to perform any bilinear pairings. With a fixed length private key, independent of the number of attributes, the cloud user performs only few exponentiations by which he/she is able to authenticate himself/herself to the remote server and establish a session key with the server with the condition that he/she satisfies a predefined level of the server’s attributes requirement. Therefore, our schemes are suitable for implementation on devices with limited resources. We provide the rigorous security of the proposed schemes and complexity analysis of our schemes. Finally, the security and performance comparisons of our schemes with the existing related schemes show that our schemes outperform other existing schemes.