A Searchable Encryption Scheme with Biometric Authentication and Authorization for Cloud Environments
- Authentication—the first module has two main components: two-factor authentication and biometric authentication. Each component implements specific services that allow a user to authenticate into the system, and each has different functionalities. Each component is given a sequence diagram that highlights the whole process, and which explains in detail how these are used.
- Searchable encryption scheme—the second module implements a searchable encryption scheme that uses the RSA cryptosystem  in its components and makes use of the homomorphic properties of RSA in the trapdoor generation process and search process. The scheme makes use of the user’s Biometric Identity Record (BIR) or biometric template (BT) for trapdoor generation, adding an extra level of security, which enables only authorized users to search based on a query keyword. A biometric template represents a digital reference of different characteristics that have been generated based on the biometric sample. The trapdoor is exchanged between the user and the cloud server via a digital certificate issued by a trusted authority.
- The system presents an improvement in the 2FA procedure by executing its functionality in such a way as to accept biometric characteristics that can be used later in the process of executing trapdoor functions specific to the searchable encryption scheme (see Figure 2 and Section 2.3 for more details).
- The system includes a 2FA approach and Searchable Encryption Scheme and shows how these two components can work together to gain access to the documents without it being necessary to decrypt them, only using keywords (see Figure 3 for more details and Section 2.3 for explanations). A comparison of several authentication schemes with the proposed idea points out the main advantages and disadvantages (see Section 4.3).
- Security analysis is provided, which shows us that the proposed scheme is secure enough for its purpose (see Section 5).
- Performance analysis points out how efficient the scheme is during different types of attacks that are classified in three scenarios: inside network attacks, outside network attacks, and combined attacks.
- The remainder of the paper is organized as follows:
- Section 1—Introduction. This section gives a short introduction in which we place the current research within the actual context in which cybersecurity plays an important role.
- Section 2—Preliminaries. This section provides an overview of the elements used in the proposed system—namely, the two-factor authentication process, biometric authentication, and searchable encryption.
- Section 3—State-of-the-Art Approach. The section presents the state-of-the-art for regarding similar approaches for searchable encryption.
- Section 4—The Proposed Scheme. The section presents in detail all components of the proposed system, discussing the methods of implementation and the entities involved within the system, while the fourth section discusses the security of the system, its performance, and other practical considerations.
- Section 5—Security Analysis. This section discusses the security analysis and proof. It describes all the required computations needed to demonstrate the security of the proposed authentication scheme.
- Section 6—Performance Analysis. The section’s purpose is to point out the main advantages and disadvantages of our scheme, by comparing our scheme with other existent schemes, and showing how well the proposed scheme performs.
- Section 7—Discussion. The section concludes and summarizes the results achieved. It presents proactive comments based on the results obtained and discusses further approaches on how better results might be achieved.
- Section 8—Conclusions. The section summarizes and describes the main challenges that were experienced during the process of elaborating the current research.
2.1. Searchable Encryption
- Trusted authority (TA). This is an optional entity whose purpose is to generate the parameters of the system, to generate digital certificates, etc.
- Data owner (DO). This entity owns the data, and usually, it encrypts the data and sends the data to the cloud server.
- Data user (DU). This entity queries the data by computing a trapdoor value based on the keywords for which DU desires the corresponding documents and decrypts the data received from the server. Note that a data owner may be a data user.
- Cloud server (CS). Depending on the system architecture, there may be more servers involved in the system. However, there exists at least one server, which stores the data, receives trapdoor values that are used in the search process, runs the search process to find the documents that match the search criteria and returns the results to the data user.
- Classical index structure. In this approach, each document is described by several keywords .
- Inverted index. In this approach, each keyword describes a set of documents .
2.2. Biometric Authentication
2.3. Two-Factor Authentication and Multi-Factor Authentication
- Randomness—Through the generation of a unique code received on a user’s smartphone, we make the permission requirement hard to predict, it is a vital part of the testing process. We started from the idea of predicting the output in such a way as to be able to check our expectations with real output.
- The infrastructure of servers with/or services—If we are using external tools or services, such as the 2FA service from Google (Mountain View, CA, USA) or Microsoft (Redmond, WA, USA) or external devices, it means that we need to pay attention to security because we are dealing with something that is out of our control. Performing tests against such infrastructure or devices can have high costs or testing may not be available within your environment, especially due to the continuous process that is represented by an SMS message or communication subscriber.
- Cloud—User database. The module is responsible for the interaction of the user with the database that holds information about the user and much more. The database is stored in cloud computing. For this scenario, we chose the Microsoft Azure platform (Redmond, WA, USA). In Microsoft Azure, we deployed the CheckUserExistence service, which runs continuously and checks each user who wishes to authenticate.
- Data user. The module is in charge of the authentication process and service for verifying the user identity.
- Data owner. This module verifies for each user all the permissions that are available for the user and decides terms of acceptance.
- Generate random code (service). Based on the user identity, the service computes a hash value of the user identity, and using the hash value, a code is generated and passed further to the Sending SMS with the code module.
- Sending SMS with code (service). This module sends a generated code to the user’s smartphone to be used within the authentication process
- CheckUserExistence represents a service that verifies whether the user exists as enrolled or not. The service runs when the user wishes to authenticate.
- UserAuthenticate class represents the main point of interaction between user credentials as identity, verifying user identity with the help of the CheckUserExistence service, and UserPermissions service.
- UserPermissions represents a service that runs to check the permissions of a user. The permissions are verified using a hash value of the user identity, identified by the userHash variable.
- GenerateCode represents a service that is based on the user hash value obtained from the UserPermissions service, which generates a code, and with the help of the SendingSMSCode service, it is sent further to the user’s smartphone.
- SendingSMSCode represents the final step, which is responsible for obtaining the code from the GenerateCode service to send it to the user and display it on the user’s smartphone.
3. State-of-the-Art Approach
4. The Proposed Scheme
- Searchable Encryption Scheme (SES). Based on UAM and BAM, the searchable encryption is initialized and ready to perform the searching process for the keywords entered by the users. Based on those keywords, a set of documents is returned to the user.
- User Authentication Module (UAM). Its main purpose is to identify the user that wants to authenticate with the system in a cloud environment.
- Biometric Authentication Module (BAM). This module represents an extra security measure, and it intends to certify based on one or more biometric characteristics that verify a user’s proper identity.
4.1. Searchable Encryption Scheme
- Encrypt the keyword with the RSA encryption using the DO’s public key. The value is obtained.
- Instantiate an empty list .
- For each : encrypt using the RSA cryptosystem, obtaining and add to the list .
- Encrypt the DU’s BIR using the RSA-based DO’s public key and obtain .
- Encrypt using the RSA-based DO’s public key and obtain .
- Compute the value .
- Compute the value , and encrypt it
- Resemble the trapdoor value as the pair of .
- After the DU achieves the pair, it asks the TA to release a certificate through which the trapdoor pair is sent to the CS.
- Compute the value .
- Search in the hash table for the value of the key .
- If there is such a key, then extract the value for the key; otherwise, send a proper message to the DU.
- For the extracted key from the hash table, obtain the corresponding value, and then for each encrypted ID of a document, send that encrypted document to the DU.
4.2. Generation of the User ID and User Authentication Process
- Step 1—The user enters credentials (e.g., username and password).
- Step 1.1—The hash value of the credentials is computed and userHash is returned.
- Step 1.1.1—Based on the userHash, a token is generated and returned to the user via smartphone as an SMS, token2.
- Step 2—The user enters the token or acknowledges it.
- Step 2.1—The value of the token from the users is taken and the validation of the token is invoked.
- Step 2.1.1—On the server-side, the token is validated accordingly, and a Boolean value is returned. The Boolean value returned is based on token1 and token2 comparison processes, as can be seen from the constraint. Both values—token1 and token2—are computed as hash values using the SHA algorithm with the 512-bits size length.
- Step 2.1.2—The access is granted to the user for the value that the Boolean variable has.
4.3. Biometric Authentication Process
- Function login(user_id,password). This is the first function (Step 1) that is executed once the user provides the user_id and password. The function is invoked from the AuthenticationService that has an EventListener attached to the user behavior that triggers the execution of the login function.
- The AuthenticationService executes the computeHash (Step 1.1) function for the user_id and password, and the hash value is stored and saved as a userHash variable.
- On SHEBA_UserServer, the function generateTokenID (Step 1.1.1) is called for the hash value obtained in Step 1.1. The token value obtained has to be checked properly to see whether the hash value was corrupted. Observe that a string variable is defined, entitled token2, which holds the SHA-512 value for the tokenID generated before in Step 1.1.1 and returned to the AuthenticationService and returned further to the user’s smartphone.
- In Step 2, the user enters the token value on his smartphone. The function enterTokenID from AuthenticationService receives the token value, and it sends it further to the SHEBA_UserServer by using the sendTokenIDForValidation function. In SHEBA_UserServer, we validate the token by comparing the two tokens: one that is obtained from the user (see Step 2.1) and the one that has been generated on the server (see Step 1.1.1). If the function validatingTokenIDs (Step 2.1.1) returns a bool value, and if the bool value is true, it means that the token provided by the user is the right one; otherwise, it will be returned as false.
- Based on the true value, in Step 2.1.2 with the help of the grantAccessToBiometricPanel function, we give the user access to move forward with the second phase of the authentication process, which consists in providing his biometric characteristic (fingerprint or facial).
- F1—The user identity is claimed based on the user authentication scheme presented above, in Figure 2.
- F2—Based on the user identity and the success of the authentication process, access for the user to the UBA module is granted and is performed. This granting process is accomplished using the function grantAccessToBiometricPanel, which receives as an argument the accessToBiometricPanel, a Boolean value. Depending on the value, true or false, access is granted if the value is true.
- F3—The user can select the biometric characteristic (e.g., fingerprint, facial recognition) by invoking the function chooseBiometricCharacteristicType.
- F4—The CapturingBiometricData service converts the biometric user data into digital data, together with the identity of the user claimed on F1. The final step of this service is to encrypt the claimed identity of the user and XOR-it with the user biometric data.
- F5—Using UserBiometricDataDBService we query the biometric user database (BUDB) using the user digital data and save the result in queryResult. The result is represented by the biometric template of the user.
- F6—In the ComputationService component, we invoke the computeDistance function for queryResult and biometric_user_template arguments. The purpose of the function is to compute the distance as being , where is the user’s digital data, and is the biometric user template.
- F7—The purpose of the AuthenticationService is to check the computed distance using an accuracy level using the function checkDistance for distance as an argument. As long as the is less than the accuracy level, the answer of the authentication server will be true.
4.4. Comparison of Several Authentication Schemes with the Proposed Idea
5. Security Analysis
- obtains the pair of keys , as described in Section 4.1, making publicly available and keeping private .
- A chooses a query keyword from the set and asks for the corresponding trapdoor .
- A chooses two challenge keywords and sends them to , with the constraint of not querying the trapdoor value for them previously. Then, chooses randomly a value and sends to the attacker the value .
- A may continue to ask for trapdoor values, with the constraint of not asking for or .
- At some point, makes available , winning if .
6. Performance Analysis
- Controlled searching. The fact that only authorized users submits search queries is ensured by more components. Firstly, the user must be logged into the system to submit search queries. The login process is a 2FA and then consists of biometric authentication. Secondly, the DU uses the biometric feature to generate the trapdoor value.
- Encrypted query. The pair that resembles the trapdoor is encrypted using the RSA encryption system.
- Query isolation. Using the homomorphic properties of the RSA cryptosystem, the server carries out the search process on the encrypted data; therefore, it learns nothing about the data.
- The user selects the biometric characteristic that they wish to use during the authentication process (e.g., fingerprint, facial recognition). Together with the identity and the acceptance of the user identity, a hash value is used within the cloud infrastructure and big data servers.
- The two pieces of information (user_digital_data and biometric_user_template) are transmitted further to the ComputationService, which runs on a server placed within Searching Cloud (see Figure 6).
- The UserBiometricDataDBService queries the database from the BUDB server for the biometric user template that is linked with the user_digital_data. The output is represented by queryResult.
- Once the biometric user template is received, the ComputationService computes the distance based on the queryResult and biometric_user_template using the computeDistance function. To compute the distance, we used Euclidean distance and Hamming distance. The reason we used both distances was to assess which one was faster on different simulation architectures. Theoretically speaking, we denote the distance as , where is the user’s digital data, and is the biometric user template. Note the fact that in user_digital_data we do not use the claimed identity that the user provided in the first phase; it is an important aspect of computing the distance because the biometric template field from the database does not include in its content the digital data. Digital data are a separate field.
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
- Ransomware Exploits and Supply Chain Attacks Lead the Cyber Trends in the First Half of 2021. Available online: https://pages.checkpoint.com/cyber-attack-2021-trends.html (accessed on 10 January 2022).
- Rivest, R.L.; Shamir, A.; Adleman, L. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 1978, 21, 120–126. [Google Scholar] [CrossRef]
- Bösch, C.; Hartel, P.; Jonker, W.; Peter, A. A Survey of Provably Secure Searchable Encryption. ACM Comput. Surv. 2014, 47, 1–51. [Google Scholar] [CrossRef]
- Handa, R.; Krishna, C.R.; Aggarwal, N. Searchable encryption: A survey on privacy-preserving search schemes on encrypted outsourced data. Concurr. Comput. Pract. Exp. 2019, 31, e5201. [Google Scholar] [CrossRef]
- Jain, A.; Bolle, R.; Pankanti, S. (Eds.) Biometrics: Personal Identification in Networked Society; Springer Science & Business Media: Berlin/Heidelberg, Germany, 2006; Volume 479. [Google Scholar]
- Liu, S.; Silverman, M. A practical guide to biometric security technology. IT Prof. 2001, 3, 27–32. [Google Scholar] [CrossRef]
- IEEE Biometric Databases. Available online: https://ieee-biometrics.org/index.php/resources/biometric-databases (accessed on 3 December 2021).
- Biometric Dataset Collections. Available online: https://citer.clarkson.edu/research-resources/biometric-dataset-collections-2/ (accessed on 3 January 2022).
- Marascu, V.; Stancu, C.; Satulu, V.; Bonciu, A.; Grisolia, C.; Dinescu, G. Material Erosion and Dust Formation during Tungsten Exposure to Hollow-Cathode and Microjet Discharges. Appl. Sci. 2020, 10, 6870. [Google Scholar] [CrossRef]
- Marascu, V.; Lazea–Stoyanova, A.; Bonciu, A.; Satulu, V.; Dinescu, G. Tungsten particles fabrication by a microjet discharge. Mater. Res. Express 2020, 7, 066509. [Google Scholar] [CrossRef]
- Marascu, V.; Lazea-Stoyanova, A.; Stancu, C.; Dinescu, G. The influence of plasma operation parameters on synthesis process of copper particles at atmospheric pressure. Plasma Process. Polym. 2017, 15, e1700091. [Google Scholar] [CrossRef]
- Ryu, R.; Yeom, S.; Kim, S.-H.; Herbert, D. Continuous Multimodal Biometric Authentication Schemes: A Systematic Review. IEEE Access 2021, 9, 34541–34557. [Google Scholar] [CrossRef]
- Sain, M.; Normurodov, O.; Hong, C.; Hui, K.L. A Survey on the Security in Cyber Physical System with Multi-Factor Authentication. In Proceedings of the 2021 23rd International Conference on Advanced Communication Technology (ICACT), Pyeongchang, Korea, 7–10 February 2021; pp. 1–8. [Google Scholar] [CrossRef]
- Bezzateev, S.; Davydov, V.; Ometov, A. On Secret Sharing with Newton’s Polynomial for Multi-Factor Authentication. Cryptography 2020, 4, 34. [Google Scholar] [CrossRef]
- Khalid, H.; Hashim, S.; Ahmad, S.S.; Hashim, F.; Chaudhary, M. SELAMAT: A New Secure and Lightweight Multi-Factor Authentication Scheme for Cross-Platform Industrial IoT Systems. Sensors 2021, 21, 1428. [Google Scholar] [CrossRef]
- Zhang, J.; Zhong, H.; Cui, J.; Xu, Y.; Liu, L. SMAKA: Secure Many-to-Many Authentication and Key Agreement Scheme for Vehicular Networks. IEEE Trans. Inf. Forensics Secur. 2021, 16, 1810–1824. [Google Scholar] [CrossRef]
- Cheng, G.; Chen, Y.; Deng, S.; Gao, H.; Yin, J. A Blockchain-Based Mutual Authentication Scheme for Collaborative Edge Computing. IEEE Trans. Comput. Soc. Syst. 2021, 9, 146–158. [Google Scholar] [CrossRef]
- Kim, D.; Seo, S.; Kim, H.; Lim, W.-G.; Lee, Y. A Study on the Concept of Using Efficient Lightweight Hash Chain to Improve Authentication in VMF Military Standard. Appl. Sci. 2020, 10, 8999. [Google Scholar] [CrossRef]
- Lee, H.; Ryu, J.; Lee, Y.; Won, D. Security Analysis of Blockchain-based User Authentication for Smart Grid Edge Computing Infrastructure. In Proceedings of the 2021 15th International Conference on Ubiquitous Information Management and Communication (IMCOM), Seoul, Korea, 4–6 January 2021; 2021; pp. 1–4. [Google Scholar]
- Xia, X.; Ji, S. An Efficient Anonymous Authentication Scheme for Privacy-preserving in Smart Grid. In Proceedings of the 2021 IEEE Conference on Dependable and Secure Computing (DSC), Aizuwakamatsu, Japan, 30 January–2 February 2021; pp. 1–2. [Google Scholar] [CrossRef]
- Laka, P.; Korzeb, Z.; Mazurczyk, W. Novel user authentication method based on body composition analysis. Ann. Telecommun. 2021, 76, 175–185. [Google Scholar] [CrossRef]
- Ibrahim, D.R.; The, J.S.; Abdullah, R. Multifactor authentication system based on color visual cryptography, facial recognition, and dragonfly optimization. Inf. Secur. J. A Glob. Perspect. 2021, 30, 149–159. [Google Scholar] [CrossRef]
- Wong, A.; Furukawa, M.; Maeda, T. Robustness of Rhythmic-Based Dynamic Hand Gesture with Surface Electromyography (sEMG) for Authentication. Electronics 2020, 9, 2143. [Google Scholar] [CrossRef]
- Yu, Y.; Shi, J.; Li, H.; Li, Y.; Du, X.; Guizani, M. Key-Policy Attribute-Based Encryption With Keyword Search in Virtualized Environments. IEEE J. Sel. Areas Commun. 2020, 38, 1242–1251. [Google Scholar] [CrossRef]
- Khader, D. Introduction to Attribute Based Searchable Encryption. In Communications and Multimedia Security. CMS 2014. Lecture Notes in Computer Science; De Decker, B., Zúquete, A., Eds.; Springer: Berlin/Heidelberg, Germany, 2014; Volume 8735. [Google Scholar] [CrossRef][Green Version]
- Li, J.; Wang, M.; Lu, Y.; Zhang, Y.; Wang, H. ABKS-SKGA: Attribute-based keyword search secure against keyword guessing attack. Comput. Stand. Interfaces 2021, 74, 103471. [Google Scholar] [CrossRef]
- Wang, S.; Yao, L.; Zhang, Y. Attribute-based encryption scheme with multi-keyword search and supporting attribute revocation in cloud storage. PLoS ONE 2018, 13, e0205675. [Google Scholar] [CrossRef]
- Yin, H.; Xiong, Y.; Zhang, J.; Ou, L.; Liao, S.; Qin, Z. A Key-Policy Searchable Attribute-Based Encryption Scheme for Efficient Keyword Search and Fine-Grained Access Control over Encrypted Data. Electronics 2019, 8, 265. [Google Scholar] [CrossRef][Green Version]
- Li, J.; Zhang, Y.; Ning, J.; Huang, X.; Poh, G.S.; Wang, D. Attribute Based Encryption with Privacy Protection and Accountability for CloudIoT. IEEE Trans. Cloud Comput. 2020. [Google Scholar] [CrossRef]
- Cui, Y.; Gao, F.; Shi, Y.; Yin, W.; Panaousis, E.; Liang, K. An Efficient Attribute-Based Multi-Keyword Search Scheme in Encrypted Keyword Generation. IEEE Access 2020, 8, 99024–99036. [Google Scholar] [CrossRef]
- Chi, P.-W.; Wang, M.-W.; Shiu, H.-J. How to Hide the Real Receiver Under the Cover Receiver: CP-ABE With Policy Deniability. Access IEEE 2020, 8, 89866–89881. [Google Scholar] [CrossRef]
- Lee, S.; Jo, H.J.; Choi, W.; Kim, H.; Park, J.H.; Lee, D.H. Fine-Grained Access Con-trol-Enabled Logging Method on ARM TrustZone. Access IEEE 2020, 8, 81348–81364. [Google Scholar] [CrossRef]
- Zhang, L.; Su, J.; Mu, Y. Outsourcing Attributed-Based Ranked Searchable Encryption With Revocation for Cloud Storage. IEEE Access 2020, 8, 104344–104356. [Google Scholar] [CrossRef]
- Zhang, K.; Liu, X.; Li, Y.; Zhang, T.; Yang, S. A Secure Enhanced Key-Policy Attribute-Based Temporary Keyword Search Scheme in the Cloud. IEEE Access 2020, 8, 127845–127855. [Google Scholar] [CrossRef]
- Zhong, Y.; Ma, S.; Huang, Q. Plaintext-Verifiably-Checkable Encryption and Its Extension in Dual-Server Setting. IEEE Access 2020, 8, 132825–132840. [Google Scholar] [CrossRef]
- Du, R.; Zhang, Y.; Li, M. Database Padding for Dynamic Symmetric Searchable Encryption. Secur. Commun. Netw. 2021, 2021, 9703969. [Google Scholar] [CrossRef]
- Fan, K.; Chen, Q.; Su, R.; Zhang, K.; Wang, H.; Li, H.; Yang, Y. MSIAP: A Dynamic Searchable Encryption for Privacy-Protection on Smart Grid with Cloud-Edge-End. IEEE Trans. Cloud Comput. 2021, 1. [Google Scholar] [CrossRef]
- Zuo, C.; Lai, S.; Yuan, X.; Liu, J.K.; Shao, J.; Wang, H. Searchable Encryption for Conjunctive Queries with Extended Forward and Backward Privacy. Cryptology ePrint Archive. 2021. Available online: https://eprint.iacr.org/2021/1585. (accessed on 10 January 2022).
- Zhu, X.; Fu, S.; Hu, H.; Wu, Q.; Liu, B. Efficient boolean SSE: A novel encrypted database (EDB) for biometric authentication. Int. J. Intell. Syst. 2021, 1–19. [Google Scholar] [CrossRef]
- Haghighat, M.; Zonouz, S.; Abdel-Mottaleb, M. Identification Using Encrypted Biometrics. In Proceedings of the International Conference on Computer Analysis of Images and Patterns, York, UK, 27–29 August 2013; Springer International Publishing: Berlin/Heidelberg, Germany, 2013; pp. 440–448. [Google Scholar]
- Cachet, C.; Ahmad, S.; Demarest, L.; Hamlin, A.; Fuller, B. Proximity Searchable Encryption for the Iris Biometric. Cryptology ePrint Archive. 2020. Available online: https://eprint.iacr.org/2020/1174 (accessed on 5 January 2022).
- Zhang, P.; Chui, Y.; Liu, H.; Yang, Z.; Wu, D.; Wang, R. Efficient and Privacy-Preserving Search over Edge-Cloud Collaborative Entity in IoT. IEEE Internet Things J. 2021, 1. [Google Scholar] [CrossRef]
- Gao, H.; Luo, S.; Ma, Z.; Yan, X.; Xu, Y. BFR-SE: A Blockchain-Based Fair and Reliable Searchable Encryption Scheme for IoT with Fine-Grained Access Control in Cloud Environment. Wirel. Commun. Mob. Comput. 2021, 2021, 1–21. [Google Scholar] [CrossRef]
- Zhang, H.; Yang, Z.; Yu, H. Lightweight and Privacy-preserving Search over Encryption Blockchain. In Proceedings of the 2021 7th IEEE International Conference on Network Intelligence and Digital Content (IC-NIDC), Beijing, China, 17–19 November 2021; Institute of Electrical and Electronics Engineers (IEEE): New York, NY, USA, 2021; pp. 423–427. [Google Scholar]
- Stallings, W. Cryptography and Network Security: Principles and Practice; Prentice Hall: Hoboken, NJ, USA, 2019. [Google Scholar]
- Acar, A.; Aksu, H.; Uluagac, A.S.; Conti, M. A survey on homomorphic encryption schemes: Theory and implementation. ACM Comput. Surv. 2018, 51, 1–35. [Google Scholar] [CrossRef]
- Dinesha, H.A.; Agrawal, V.K. Multi-level Authentication Technique for Accessing Cloud Services. In Proceedings of the International Conference on Computing, Communication and Applications (ICCCA), Dindigul, India, 22–24 February 2012; IEEE: New York, NY, USA, 2012; pp. 1–4. [Google Scholar]
- Kapczyński, A.; Sobota, M. Distributed Authentication Systems Enhanced by Quantum Protocols. In Proceedings of the Fifth International Conference on Information Technology: New Generations (itng 2008), Washington, DC, USA, 2008, 7–9 April 2008; Institute of Electrical and Electronics Engineers (IEEE): New York, NY, USA; pp. 928–931. [Google Scholar]
- Srivastava, P.; Singh, S.; Pinto, A.A.; Verma, S.; Chaurasiya, V.K.; Gupta, R. An Architecture Based on Proactive model for Security in Cloud. In Proceedings of the International Conference on Recent Trends in IT, Chennai, India, 3–5 June 2011; IEEE: New York, NY, USA, 2011; pp. 661–666. [Google Scholar]
- Choudhury, A.J.; Kumar, P.; Sain, M.; Lim, H.; Jae-Lee, H. A Strong User Authentication Framework for Cloud Computing. In Proceedings of the Asia-Pacific Services Computing Conference, Yilan, Taiwan, 9–12 December 2008; IEEE Computer Society: New York, NY, USA, 2011; pp. 110–115. [Google Scholar]
- Revar, A.G.; Bhavsar, M.D. Securing User Authentication Using Single Sign-On in Cloud Computing; Institute of Electrical and Electronics Engineers (IEEE): New York, NY, USA, 2011. [Google Scholar]
- Kanjee, M.R.; Divi, K.; Liu, H. A Physiological Authentication Scheme in Secure Healthcare Sensor Networks. In Proceedings of the 2010 7th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON), Boston, MA, USA, 21–25 June 2010. [Google Scholar]
- Zhang, W. 2-Tier Cloud Architecture with Maximized RIA. Res. Inst. Appl. Comput. Technol. IEEE 2010, 6, 52–56. [Google Scholar]
- Zhao, F.; Peng, X.; Zhao, W. Multi-Tier Security Feature Modeling for Service-Oriented Application Integration. In Proceedings of the 2009 Eighth IEEE/ACIS International Conference on Computer and Information Science, Shanghai, China, 1–3 June 2009; IEEE: New York, NY, USA, 2009; pp. 1178–1183. [Google Scholar]
- Enisa Threat Landscape. 2021. Available online: http://tinyurl.com/5n7r3pjr (accessed on 12 January 2021).
- Boneh, D.; Di Crescenzo, G.; Ostrovsky, R.; Persiano, G. Public key encryption with keyword search. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2–6 May 2004; Springer: Berlin/Heidelberg, Germany, 2004; pp. 506–522. [Google Scholar]
- Byun, J.W.; Rhee, H.S.; Park, H.-A.; Lee, D.H. Off-Line Keyword Guessing Attacks on Recent Keyword Search Schemes over Encrypted Data. In Selected Areas in Cryptography; Springer International Publishing: Berlin/Heidelberg, Germany, 2006; pp. 75–83. [Google Scholar]
- Bours, P.; Mondal, S. Performance evaluation of continuous authentication systems. IET Biom. 2015, 4, 220–226. [Google Scholar] [CrossRef]
- Song, D.X.; Wagner, D.; Perrig, A. Practical techniques for searches on encrypted data. In Proceedings of the 2000 IEEE Symposium on Security and Privacy, SP2000, Berkeley, CA, USA, 14–17 May 2000; Institute of Electrical and Electronics Engineers (IEEE): New York, NY, USA, 2000; pp. 44–55. [Google Scholar]
|Authentication Scheme||Type of Attack||Authentication Location||Hardware/Software Requirement||Brute-Force||Dictionary||Random Guessing||Phishing||Environment|
|The proposed scheme||Inside Outside||Server/Client||Dedicated Hardware||Yes||Yes||Yes||Yes||Cloud|
|Multi-factor authentication [47,48]||Inside||Client||N/A||Yes||No||No||No||Client-server|
|Authentication scheme using proactive model ||Inside Outside||Server/Client||N/A||Yes||No||Yes||Yes||Client-server|
|Strong user authentication ||Outside||Client||N/A||Yes||Yes||No||No||Cloud Client-server|
|Single sign-on authentication [51,52]||Outside||Client||N/A||Yes||Yes||No||No||Cloud Client-server|
|SOA (Service Oriented Architecture) [53,54]||Inside Outside||Server/Client||N/A||Yes||No||No||Yes||Cloud|
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Mihailescu, M.I.; Nita, S.L. A Searchable Encryption Scheme with Biometric Authentication and Authorization for Cloud Environments. Cryptography 2022, 6, 8. https://doi.org/10.3390/cryptography6010008
Mihailescu MI, Nita SL. A Searchable Encryption Scheme with Biometric Authentication and Authorization for Cloud Environments. Cryptography. 2022; 6(1):8. https://doi.org/10.3390/cryptography6010008Chicago/Turabian Style
Mihailescu, Marius Iulian, and Stefania Loredana Nita. 2022. "A Searchable Encryption Scheme with Biometric Authentication and Authorization for Cloud Environments" Cryptography 6, no. 1: 8. https://doi.org/10.3390/cryptography6010008