Skip to main content
Log in

SecAuth-SaaS: a hierarchical certificateless aggregate signature for secure collaborative SaaS authentication in cloud computing

  • Original Research
  • Published:
Journal of Ambient Intelligence and Humanized Computing Aims and scope Submit manuscript

Abstract

Collaborative cloud business models enable a new dimension of business by giving option to the third party software vendors to deploy their software in the cloud for offering software as a service (SaaS) to the users. However, the secure provisioning of resources requires scalable architecture with efficient authentication for configuring the collaborative software services in the cloud. In this paper, we propose a novel hierarchical certificateless aggregate signature to provide a scalable authentication model for SaaS in cloud computing. Our proposed scheme is secure under the adaptive chosen-message attack in the random oracle model with the hardness assumption of Computational Diffie–Hellman (CDH) problem and Decisional Diffie–Hellman (DDH) problem. Furthermore, our proposed scheme is highly efficient regarding low overhead on computation and communication cost.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  • Al-Riyami SS, Paterson KG (2003) Certificateless public key cryptography. In: Proceedings of international conference on the theory and application of cryptology and information security, pp 452–473

  • Armbrust M, Fox A, Griffith R, Joseph AD, Katz R, Konwinski A, Lee G, Patterson D, Rabkin A, Stoica I et al (2010) A view of cloud computing. Commun ACM 53(4):50–58

    Article  Google Scholar 

  • Boneh D, Gentry C, Lynn B, Shacham H (2003) Aggregate and verifiably encrypted signatures from bilinear maps. In: Proceedings of the international conference on the theory and applications of cryptographic techniques, pp 416–432

  • Castro R, Dahab R (2007) Efficient certificateless signatures suitable for aggregation. IACR Cryptol ePrint Arch 2007:454

    Google Scholar 

  • Chen YC, Tso R, Mambo M, Huang K, Horng G (2015) Certificateless aggregate signature with efficient verification. Secur Commun Netw 8(13):2232–2243

    Article  Google Scholar 

  • Choi KY, Park JH, Hwang JY, Lee DH (2007) Efficient certificateless signature schemes. In: Proceedings of the international conference on applied cryptography and network security (ACNS), pp 443–458

  • Chou DC, Chou AY (2007) Analysis of a new information systems outsourcing practice: software-as-a-service business model. Int J Inf Syst Change Manag 2(4):392–405

    Google Scholar 

  • Dara S (2013) Cryptography challenges for computational privacyin public clouds. In: Proceedings of the IEEE international conference on cloud computing in emerging markets (CCEM), pp 1–5

  • Du H, Wen Q, Zhang S (2019) An efficient certificateless aggregate signature scheme without pairings for healthcare wireless sensor network. IEEE Access 7:42683–42693

    Article  Google Scholar 

  • Dutta R, Barua R, Sarkar P (2004) Pairing-based cryptography: a survey. IACR

  • Farahnakian F, Pahikkala T, Liljeberg P, Plosila J (2014) Hierarchical agent-based architecture for resource management in cloud data centers. In: Proceedings of the IEEE 7th international conference on cloud computing (CLOUD), pp 928–929

  • Frey G, Muller M, Ruck HG (1999) The tate pairing and the discrete logarithm applied to elliptic curve cryptosystems. IEEE Trans Inf Theory 45(5):1717–1719

    Article  MathSciNet  Google Scholar 

  • Gentry C, Silverberg A (2002) Hierarchical id-based cryptography. Advances in cryptology—ASIACRYPT 2002. Springer, Berlin, pp 548–566

    Chapter  Google Scholar 

  • Gohad A, Narendra NC, Ramachandran P (2013) Cloud pricing models: A survey and position paper. In: 2013 IEEE international conference on cloud computing in emerging markets (CCEM), IEEE, pp 1–8

  • Gong Z, Long Y, Hong X, Chen K (2007) Two certificateless aggregate signatures from bilinear maps. In: Proceedings of the 8th international conference on software engineering, artificial intelligence, networking, and parallel/distributed computing, pp 188–193

  • He D, Tian M, Chen J (2014) Insecurity of an efficient certificateless aggregate signature with constant pairing computations. Inf Sci 268:458–462

    Article  MathSciNet  Google Scholar 

  • Horng SJ, Tzeng SF, Huang PH, Wang X, Li T, Khan MK (2015) An efficient certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks. Inf Sci 317:48–66

    Article  MathSciNet  Google Scholar 

  • Horwitz J, Lynn B (2002) Toward hierarchical identity-based encryption. In: Proceedings of international conference on the theory and applications of cryptographic techniques, pp 466–481

  • Hu BC, Wong DS, Zhang Z, Deng X (2006) Key replacement attack against a generic construction of certificateless signature. In: Proceedings of Australasian conference on information security and privacy, pp 235–246

  • Huang JY, Liao IE, Chiang CK (2011) Efficient identity-based key management for configurable hierarchical cloud computing environment. In: Proceedings of the IEEE 17th international conference on parallel and distributed systems (ICPADS), pp 883–887

  • Huang X, Mu Y, Susilo W, Wong DS, Wu W (2007) Certificateless signature revisited. In: Proceedings of Australasian conference on information security and privacy, pp 308–322

  • Kumar P, Kumari S, Sharma V, Sangaiah AK, Wei J, Li X (2018) A certificateless aggregate signature scheme for healthcare wireless sensor network. Sustain Comput: Inf Syst 18:80–89

    Google Scholar 

  • Kumar P, Kumari S, Sharma V, Li X, Sangaiah AK, Islam SH (2019) Secure CLS and CL-AS schemes designed for VANETs. J Supercomput 75(6):3076–3098

    Article  Google Scholar 

  • Li H, Dai Y, Yang B (2011) Identity-based cryptography for cloud security. IACR Cryptol ePrint Arch 2011:169

    Google Scholar 

  • Liu JK, Au MH, Susilo W (2007) Self-generated-certificate public key cryptography and certificateless signature/encryption scheme in the standard model. In: Proceedings of the 2nd ACM symposium on Information, computer and communications security, pp 273–283

  • Mell PM, Grance T (2011) Sp 800-145. the nist definition of cloud computing. Tech. rep., National Institute of Standards & Technology

  • Miller VS (2004) The weil pairing, and its efficient calculation. J Cryptol 17(4):235–261

    Article  MathSciNet  Google Scholar 

  • OpenStack (2020) Openstack open source cloud computing software https://www.openstack.org/software/. Accessed 15 Mar 2020

  • Paterson KG, Price G (2003) A comparison between traditional public key infrastructures and identity-based cryptography. Inf Secur Tech Rep 8(3):57–72

    Article  Google Scholar 

  • Qu Y, Mu Q (2018) An efficient certificateless aggregate signature without pairing. Int J Electron Secur Digit Forensics 10(2):188–203

    Article  Google Scholar 

  • Rass S, Slamanig D (2013) Cryptography for security and privacy in cloud computing. Artech House, Norwood

    Google Scholar 

  • Shamir A (1984) Identity-based cryptosystems and signature schemes. In: Workshop on the theory and application of cryptographic techniques, pp 47–53

  • Singhal M, Chandrasekhar S, Ge T, Sandhu R, Krishnan R, Ahn GJ, Bertino E (2013) Collaboration in multicloud computing environments: framework and security issues. Computer 46(2):76–84

    Article  Google Scholar 

  • Wu L, Xu Z, He D, Wang X (2018) New certificateless aggregate signature scheme for healthcare multimedia social network on cloud environment. Security and Communication Networks 2018

  • Xie Y, Li X, Zhang S, Li Y (2019) \(iclas\): an improved certificateless aggregate signature scheme for healthcare wireless sensor networks. IEEE Access 7:15170–15182

    Article  Google Scholar 

  • Xin M, Levina N (2008) Software-as-a-service model: elaborating client-side adoption factors. In: Proceedings of the 29th international conference on information systems, pp 86–100

  • Xiong H, Guan Z, Chen Z, Li F (2013) An efficient certificateless aggregate signature with constant pairing computations. Inf Sci 219:225–235

    Article  MathSciNet  Google Scholar 

  • Xu L, Cao X, Zhang Y, Wu W (2013) Software service signature (s3) for authentication in cloud computing. Clust Comput 16(4):905–914

    Article  Google Scholar 

  • Yang X, Pei X, Chen G, Li T, Wang M, Wang C (2019) A strongly unforgeable certificateless signature scheme and its application in iot environments. Sensors 19(12):2692

    Article  Google Scholar 

  • Yang Z, Sun J, Zhang Y, Wang Y (2015) Understanding saas adoption from the perspective of organizational users: a tripod readiness model. Comput Hum Behav 45:254–264

    Article  Google Scholar 

  • Yap WS, Heng SH, Goi BM (2006) An efficient certificateless signature scheme. In: Proceedings of the international conference on embedded and ubiquitous computing, pp 322–331

  • Yum DH, Lee PJ (2004) Generic construction of certificateless signature. In: Proceedings of Australasian conference on information security and privacy, pp 200–211

  • Zhang J, Zhao X, Mao J (2016) Attack on Chen et al.’s certificateless aggregate signature scheme. Secur Commun Netw 9(1):54–59

    Article  Google Scholar 

  • Zhang L, Zhang F (2008) Security model for certificateless aggregate signature schemes. In: Proceedings of the international conference on computational intelligence and security, CIS’08, vol 2, pp 364–368

  • Zhang L, Zhang F (2009) A new certificateless aggregate signature scheme. Comput Commun 32(6):1079–1085

    Article  MathSciNet  Google Scholar 

  • Zhang L, Qin B, Wu Q, Zhang F (2010) Efficient many-to-one authentication with certificateless aggregate signatures. Comput Netw 54(14):2482–2491

    Article  Google Scholar 

  • Zhang L, Wu Q, Domingo-Ferrer J, Qin B (2010) Hierarchical certificateless signatures. In: Proceedings of the IEEE/IFIP 8th international conference on embedded and ubiquitous computing (EUC), pp 572–577

  • Zhang L, Wu Q, Domingo-Ferrer J, Qin B, Zeng P (2014) Signatures in hierarchical certificateless cryptography: efficient constructions and provable security. Inf Sci 272:223–237

    Article  MathSciNet  Google Scholar 

  • Zhang Y, Deng R, Liu X, Zheng D (2018a) Outsourcing service fair payment based on blockchain and its applications in cloud computing. IEEE Trans Serv Comput. https://doi.org/10.1109/TSC.2018.2864191

  • Zhang Y, Deng RH, Liu X, Zheng D (2018b) Blockchain based efficient and robust fair payment for outsourcing services in cloud computing. Inf Sci 462:262–277

    Article  MathSciNet  Google Scholar 

  • Zhang Y, Deng RH, Zheng D, Li J, Wu P, Cao J (2019) Efficient and robust certificateless signature for data crowdsensing in cloud-assisted industrial iot. IEEE Trans Industr Inf 15(9):5099–5108

    Article  Google Scholar 

  • Zhang Z, Wong DS, Xu J, Feng D (2006) Certificateless public-key signature: security model and efficient construction. In: Proceedings of the international conference on applied cryptography and network security, pp 293–308

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Deepnarayan Tiwari.

Ethics declarations

Conflict of interest

The authors declare that they have no conflicts of interest.

Research involving human participants and/or animals

This article does not contain any studies involving human participants and/or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Tiwari, D., Gangadharan, G.R. SecAuth-SaaS: a hierarchical certificateless aggregate signature for secure collaborative SaaS authentication in cloud computing. J Ambient Intell Human Comput 12, 10539–10563 (2021). https://doi.org/10.1007/s12652-020-02864-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12652-020-02864-5

Keywords

Navigation