There is a significant increase in the amount ofuddata breaches in corporate servers in the cloud environments.udThis includes username and password compromise in the cloududand account hijacking, thus leading to severe vulnerabilities ofudthe cloud service provisioning. Traditional authentication schemesudrely on the users to use their credentials to gain access to cloududservice. However once the credential is compromised, the attackerudwill gain access to the cloud service easily. This paper proposes a novel scheme that does not require the user to present his credentials, and yet is able to prove ownership of access to the cloud service using a variant of zero-knowledge proof. A challenge-response protocol is devised to authenticate the user, requiring the user to compute a one-time pad (OTP) to authenticate himself to the server without revealing password to the server. A prototype has been implemented to facilitate the authentication of the user when accessing Dropbox, and the experiment results showed that the overhead incurred is insignificant.
展开▼