A New Authentication Protocol for an Authentication-as-a-Service (AaaS) Cloud using Pedersen Commitment Scheme

While the Public-Key Infrastructure (PKI) model and digital certificates are existing methods to achieve many security requirements, recent limitations and threats make them vulnerable to serious attacks when used without prior trust. Cloud-based services are being widely adopted to offer desirable services for a growing number of devices in different geographic locations, which opens the door to new security threats. Evolving business models are starting to rely on Clouds to offer services as simple as finding a cab to services as sensitive as sharing health records. As a result, the authenticity of entities communicating through Clouds has become an important requirement, which is the initial step for any secure communication. In this paper, we present an Authentication-as-a-Service (AaaS) Cloud that provides strong mutual authentication among communicating parties. It implements a new authentication protocol we developed using the Pedersen commitment scheme, which involves interaction between communicating parties. It avoids the possibility of hash collisions and the overhead of checking digital certificate validity, valid chain of legitimate CAs, and revocation lists. Also, it prevents replay attacks and man-in-the-middle attacks.