Showing papers on "Data Authentication Algorithm published in 2017"

On the Design of Provably Secure Lightweight Remote User Authentication Scheme for Mobile Cloud Computing Services

Abstract: Secure and efficient lightweight user authentication protocol for mobile cloud computing becomes a paramount concern due to the data sharing using Internet among the end users and mobile devices. Mutual authentication of a mobile user and cloud service provider is necessary for accessing of any cloud services. However, resource constraint nature of mobile devices makes this task more challenging. In this paper, we propose a new secure and lightweight mobile user authentication scheme for mobile cloud computing, based on cryptographic hash, bitwise XOR, and fuzzy extractor functions. Through informal security analysis and rigorous formal security analysis using random oracle model, it has been demonstrated that the proposed scheme is secure against possible well-known passive and active attacks and also provides user anonymity. Moreover, we provide formal security verification through ProVerif 1.93 simulation for the proposed scheme. Also, we have done authentication proof of our proposed scheme using the Burrows-Abadi-Needham logic. Since the proposed scheme does not exploit any resource constrained cryptosystem, it has the lowest computation cost in compare to existing related schemes. Furthermore, the proposed scheme does not involve registration center in the authentication process, for which it is having lowest communication cost compared with existing related schemes.

An Efficient User Authentication and User Anonymity Scheme with Provably Security for IoT-Based Medical Care System.

Abstract: In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients’ physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu–Chung’s scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP.

A review on lightweight cryptography algorithms for data security and authentication in IoTs

Abstract: Internet of Things (IoTs) comprises of a cluster of resource constrained devices, sensors and machines connected with each other and communicating over the internet Due to frequent exchange of confidential data over the internet, IoTs become susceptible to various attacks (such as eavesdropping, denial of service, fabrication attacks) and to resolve these attacks security is required In this paper, a brief discussion on the various IoT applications and architectures has been done Further, the security concerns regarding information sharing and attacks have been highlighted To overcome from these attacks safety measures regarding data security and authentication are discussed in detail resulting in use of cryptography as a solution The comparative analysis of various lightweight encryption and authentication algorithms is carried out The comparative analysis results show that the lightweight algorithms have good performance as compared to conventional cryptography algorithm in terms of memory requirement, their operations, and power consumption Also, some research directions defined in which further work can be done on lightweight cryptography algorithms

Game Theoretic Study on Channel-Based Authentication in MIMO Systems

Abstract: In this paper, we investigate the authentication based on radio channel information in multiple-input multiple-output (MIMO) systems and formulate the interactions between a receiver with multiple antennas and a spoofing node as a zero-sum physical (PHY)-layer authentication game. In this game, the receiver chooses the test threshold of the hypothesis test to maximize its Bayesian risk-based utility in the spoofing detection, while the adversary chooses its attack rate, i.e., how often a spoofing signal is sent. We derive the Nash equilibrium (NE) of the static PHY-layer authentication game and present the condition that the NE exists, showing that both the spoofing detection error rates and the spoofing rate decrease with the number of transmit and receive antennas. We propose a PHY-layer spoofing detection algorithm for MIMO systems based on Q-learning, in which the receiver applies the reinforcement learning technique to achieve the optimal test threshold via trials in a dynamic game without knowing the system parameters, such as the channel time variation and spoofing cost. We also use Dyna architecture and prioritized sweeping (Dyna-PS) to improve the spoofing detection in time-variant radio environments. The proposed authentication algorithms are implemented over universal software radio peripherals and evaluated via experiments in an indoor environment. Experimental results show that the Dyna-PS-based spoofing detection algorithm further reduces the spoofing detection error rates and increases the utility of the receiver compared with the Q-learning-based algorithm, and both performances improve with more number of transmit or receive antennas.

A privacy-preserving, mutual puf-based authentication protocol

Abstract: An authentication protocol using a Hardware-Embedded Delay PUF ("HELP"), which derives randomness from within-die path delay variations that occur along the paths within a hardware implementation of a cryptographic primitive, for example, the Advanced Encryption Standard ("AES") algorithm or Secure Hash Algorithm 3 ("SHA-3"). The digitized timing values which represent the path delays are stored in a database on a secure server (verifier) as an alternative to storing PUF response bitstrings thereby enabling the development of an efficient authentication protocol that provides both privacy and mutual authentication.

Efficient Authentication from Hard Learning Problems

Abstract: We construct efficient authentication protocols and message authentication codes (MACs) whose security can be reduced to the learning parity with noise (LPN) problem. Despite a large body of work—starting with the $${\mathsf {HB}}$$ protocol of Hopper and Blum in 2001—until now it was not even known how to construct an efficient authentication protocol from LPN which is secure against man-in-the-middle attacks. A MAC implies such a (two-round) protocol.

An improved password‐based authentication scheme for session initiation protocol using smart cards without verification table

Abstract: SUMMARY Authentication schemes have been widely deployed access control and mobility management in various communication networks. Especially, the schemes that are based on multifactor authentication such as on password and smart card come to be more practical. One of the standard authentication schemes that have been widely used for secure communication over the Internet is session initiation protocol (SIP). The original authentication scheme proposed for SIP was vulnerable to some crucial security weaknesses. To overcome the security problems, various improved authentication schemes have been developed, especially based on elliptic curve cryptography (ECC). Very recently, Zhang et al. proposed an improved authentication scheme for SIP based on ECC using smart cards to overcome the security flaws of the related protocols. Zhang et al. claimed that their protocol is secure against all known security attacks. However, this paper indicates that Zhang et al. protocol is still insecure against impersonation attack. We show that an active attacker can easily masquerade as a legal server to fool users. As a remedy, we also improve Zhang et al. protocol by imposing a little extra computation cost. Copyright © 2014 John Wiley & Sons, Ltd.

An Authentication Protocol for Future Sensor Networks.

Abstract: Authentication is one of the essential security services in Wireless Sensor Networks (WSNs) for ensuring secure data sessions. Sensor node authentication ensures the confidentiality and validity of data collected by the sensor node, whereas user authentication guarantees that only legitimate users can access the sensor data. In a mobile WSN, sensor and user nodes move across the network and exchange data with multiple nodes, thus experiencing the authentication process multiple times. The integration of WSNs with Internet of Things (IoT) brings forth a new kind of WSN architecture along with stricter security requirements; for instance, a sensor node or a user node may need to establish multiple concurrent secure data sessions. With concurrent data sessions, the frequency of the re-authentication process increases in proportion to the number of concurrent connections. Moreover, to establish multiple data sessions, it is essential that a protocol participant have the capability of running multiple instances of the protocol run, which makes the security issue even more challenging. The currently available authentication protocols were designed for the autonomous WSN and do not account for the above requirements. Hence, ensuring a lightweight and efficient authentication protocol has become more crucial. In this paper, we present a novel, lightweight and efficient key exchange and authentication protocol suite called the Secure Mobile Sensor Network (SMSN) Authentication Protocol. In the SMSN a mobile node goes through an initial authentication procedure and receives a re-authentication ticket from the base station. Later a mobile node can use this re-authentication ticket when establishing multiple data exchange sessions and/or when moving across the network. This scheme reduces the communication and computational complexity of the authentication process. We proved the strength of our protocol with rigorous security analysis (including formal analysis using the BAN-logic) and simulated the SMSN and previously proposed schemes in an automated protocol verifier tool. Finally, we compared the computational complexity and communication cost against well-known authentication protocols.

BASIS : A Practical Multi-User Broadcast Authentication Scheme in Wireless Sensor Networks

Abstract: Multi-user broadcast authentication is an important security service in wireless sensor networks (WSNs), as it allows a large number of mobile users of the WSNs to join in and broadcast messages to WSNs dynamically and authentically. To reduce communication cost due to the transmission of public-key certificates, broadcast authentication schemes based on identity (ID)-based cryptography have been proposed, but the schemes suffer from expensive pairing computations. In this paper, to minimize computation and communication costs, we propose a new provably secure pairing-free ID-based signature schemes with message recovery, MR-IBS , and PMR-IBS . We then construct an ID-based multi-user broadcast authentication scheme, BASIS , based on MR-IBS and PMR-IBS for broadcast authentication between users and a sink. We evaluate the practical feasibility of BASIS on WSN hardware platforms, MICAz and Tmote Sky are used in real-life deployments in terms of computation/communication cost and energy consumption. Consequently, BASIS reduces the total energy consumption on Tmote Sky by up to 72% and 17% compared with Bloom filter-based authentication scheme based on a variant of ECDSA with message recovery and IMBAS based on a ID-based signature scheme with message appendix, respectively.

On the design of a secure user authentication and key agreement scheme for wireless sensor networks

Abstract: Summary A wireless sensor network (WSN) typically consists of a large number of resource-constrained sensor nodes and several control or gateway nodes. Ensuring the security of the asymmetric nature of WSN is challenging, and designing secure and efficient user authentication and key agreement schemes for WSNs is an active research area. For example, in 2016, Farash et al. proposed a user authentication and key agreement scheme for WSNs. However, we reveal previously unpublished vulnerabilities in their scheme, which allow an attacker to carry out sensor node spoofing, password guessing, user/sensor node anonymity, and user impersonation attacks. We then present a scheme, which does not suffer from the identified vulnerabilities. To demonstrate the practicality of the scheme, we evaluate the scheme using NS-2 simulator. We then prove the scheme secure using Burrows–Abadi–Needham logic. Copyright © 2016 John Wiley & Sons, Ltd.

Authentication With Block-Chain Algorithm and Text Encryption Protocol in Calculation of Social Network

Abstract: Community detection is an important aspect of social network analysis, but social factors such as user intimacy, influence, and user interaction behavior are often overlooked as important factors. Most of the existing methods are single classification algorithms; multi-classification algorithms that can discover overlapping communities are still incomplete. In former works, we calculated intimacy based on the relationship between users, and divided them into their social communities based on intimacy. However, a malicious user can obtain the other user relationships, thus to infer other users interests, and even pretend to be the another user to cheat others. Therefore the information users concerned about needs to be transferred in the manner of privacy protection. In this paper, we propose an efficient privacy preserving algorithm to preserve the privacy of information in social networks. First, during expansion of communities on the base of mining seed, in order to prevent others from malicious users, we verify their identities after they send a request. We make use of the recognition and nontampering of the block chain to store the user’s public key and bind to the block address, which is used for authentication. At the same time, in order to prevent the honest but curious users from illegal access to other users’ information, we do not send plaintext directly after the authentication, but hash the attributes by mixed hash encryption to make sure that users can only calculate the matching degree rather than know specific information of other users. Analysis shows that our protocol would serve well against different types of attacks.

Efficient Physical-Layer Secret Key Generation and Authentication Schemes Based on Wireless Channel-Phase

Abstract: Exploiting the inherent physical properties of wireless channels to complement or enhance the traditional security mechanisms has attracted prominent attention recently. However, the existing secret key generation schemes suffer from miscellaneous extracting procedure. Many PHY-layer authentication schemes assume that the knowledge of the shared key is preknown. In this paper, we propose PHY-layer secret key generation and authentication schemes for orthogonal frequency-division multiplexing (OFDM) systems. In the secret key generation scheme, to simplify the extracting procedure, only one legitimate party is chosen to probe the channel and quantize the measurements to obtain the preliminary key. The preliminary key is masked by the channel-phase after the mapping and before equalization and distributed to the other party. The final shared key is used for the PHY-layer authentication scheme in which random signals and the shared key masked by the channel-phase are exchanged at the PHY-layer. Then, a binary hypothesis test is formulated for authentication. Simulation results show that the proposed secret key generation scheme outperforms the existing schemes. For the PHY-layer authentication scheme, it is immune to various passive and active attacks and a high successful authentication rate is acquired even at low signal-to-noise ratio region.

Two-factor authentication for the Bitcoin protocol

Abstract: We show how to realize two-factor authentication for a Bitcoin wallet. To do so, we explain how to employ an ECDSA adaption of the two-party signature protocol by MacKenzie and Reiter (Int J Inf Secur 2(3---4):218---239, 2004. doi:10.1007/s10207-004-0041-0) in the context of Bitcoin and present a prototypic implementation of a Bitcoin wallet that offers both: two-factor authentication and verification over a separate channel. Since we use a smart phone as the second authentication factor, our solution can be used with hardware already available to most users and the user experience is quite similar to the existing online banking authentication methods.

Hardware module-based message authentication in intra-vehicle networks

Abstract: The Controller Area Network (CAN) is a widely used industry-standard intra-vehicle broadcast network that connects the Electronic Control Units (ECUs) which control most car systems. The CAN contains substantial vulnerabilities that can be exploited by attackers to gain control of the vehicle, due to its lack of security measures. To prevent an attacker from sending malicious messages through the CAN bus to take over a vehicle, we propose the addition of a secure hardware-based module, or Security ECU (SECU), onto the CAN bus. The SECU can perform key distribution and message verification, as well as corrupting malicious messages before they are fully received by an ECU. Only software modification is needed for existing ECUs, without changing the CAN protocol. This provides backward compatibility with existing CAN systems. Furthermore, we collect 6.673 million CAN bus messages from various cars, and find that the CAN messages collectively have low entropy, with an average of 11.915 bits. This finding motivates our proposal for CAN bus message compression, which allows us to significantly reduce message size to fit the message and its message authentication code (MAC) within one CAN frame, enabling fast authentication. Since ECUs only need to generate the MACs (and not verify them), the delay and computation overhead are also reduced compared to traditional authentication mechanisms. Our authentication mechanism is implemented on a realistic testbed using industry standard MCP2551 CAN transceivers and Raspberry Pi embedded systems. Experimental results demonstrate that our mechanism can achieve real-time message authentication on the CAN bus with minimal latency.

Enabling Telecare Medical Information Systems With Strong Authentication and Anonymity

Abstract: Telecare medical information system (TMIS) is highly desirable to users by allowing them to remotely access medical services or medical information and security, such as authentication and privacy preserving of users is challenging. Recently, some smart card-based password authentication (two-factor authentication) schemes have been proposed. In this paper, we use Chaudhry et al. ’s scheme as a case study and demonstrate that a family of two-factor authentication schemes for the TMIS are not secure against offline dictionary attack and fail to revoke the stolen/lost smart card. Furthermore, an improved two-factor authentication scheme with anonymity has been proposed to remedy the weakness of these schemes. The security analysis of the proposed solution is formally given with the random oracle model and Burrows–Abadi–Needham logic.

Secure and distributed certification system architecture for safety message authentication in VANET

Abstract: Vehicular Ad hoc NETworks (VANETs) are a burgeoning research focus, aimed at creating communication among vehicles to improve the road safety and enhance driving conditions. For such networks, security is one of the most challenging issues due to their nature of wireless transmission and high topology changing frequency. In this paper, we propose a secure and distributed certification system architecture for safety message authentication in VANET, which resists against false public-key certification. To increase the availability of the authentication service, our proposal is designed through a decentralized system, supervised by a root authority. The latter authority delegates to a set of regional certification authorities the privilege of issuing public-key certificates to the vehicles. Each regional certification authority cooperates with its subordinates RSUs to sign public-key certificates using threshold signature. The main purpose of our solution is to ensure the messages authentication while respecting the imposed constraints by the real-time aspect and the nodes mobility. We demonstrate through the practical analysis and simulation results the efficiency of our solution with comparison to other concurrent protocols.

A secure data backup scheme using multi-factor authentication

Abstract: Sensitive data stored in laptops or other mobile devices can easily be lost, stolen, misplaced or corrupted, the remote backup storage technique is used to address these issues; however, the backup server could not be fully trusted, the data should be encrypted in advance. Although the key is more easily protected due to the smaller size compared with the backup data, it is still impossible for ordinary human to remember. A user-centred design data backup scheme is proposed using multi-factor authentication. The user firstly selects a symmetrical key and divides it into three shares, then destroys the key. The key can easily be reconstructed by combining the shares stored in the user's smart card and the laptop. Even if the smart card or laptop is lost, the key can still be recovered with the password and biometrics. The proposed scheme not only achieves the required security goals but also is more robust and practical.

A Secure and Practical Authentication Scheme Using Personal Devices

Abstract: Authentication plays a critical role in securing any online banking system, and many banks and various services have long relied on username/password combos to verify users. Memorizing usernames and passwords for a lot of accounts becomes a cumbersome and inefficient task. Furthermore, legacy authentication methods have failed over and over, and they are not immune against a wide variety of attacks that can be launched against users, networks, or authentication servers. Over the years, data breach reports emphasize that attackers have created numerous high-tech techniques to steal users’ credentials, which can pose a serious threat. In this paper, we propose an efficient and practical user authentication scheme using personal devices that utilize different cryptographic primitives, such as encryption, digital signature, and hashing. The technique benefits from the widespread usage of ubiquitous computing and various intelligent portable and wearable devices that can enable users to execute a secure authentication protocol. Our proposed scheme does not require an authentication server to maintain static username and password tables for identifying and verifying the legitimacy of the login users. It not only is secure against password-related attacks, but also can resist replay attacks, shoulder-surfing attacks, phishing attacks, and data breach incidents.

Secure Authentication in the Grid:A Formal Analysis of DNP3: SAv5

Abstract: Most of the world’s power grids are controlled remotely. Their control messages are sent over potentially insecure channels, driving the need for an authentication mechanism. The main communication mechanism for power grids and other utilities is defined by an IEEE standard, referred to as DNP3; this includes the Secure Authentication v5 (SAv5) protocol, which aims to ensure that messages are authenticated. We provide the first security analysis of the complete DNP3: SAv5 protocol. Previous work has considered the message-passing sub-protocol of SAv5 in isolation, and considered some aspects of the intended security properties. In contrast, we formally model and analyse the complex composition of the protocol’s three sub-protocols. In doing so, we consider the full state machine, and the possibility of cross-protocol attacks. Furthermore, we model fine-grained security properties that closely match the standard’s intended security properties. For our analysis, we leverage the Tamarin prover for the symbolic analysis of security protocols.

Method for issuing authentication information and blockchain-based server using the same

Abstract: A method for issuing authentication information is provided. The method includes steps of: (a) a managing server, if identification information of a specific user is acquired from a user device in response to a request for issuing the authentication information and the identification information is determined to be registered, creating a transaction whose output includes: (i) the specific user's public key and (ii) a hash value of the identification information or its processed value to thereby record or support other device to record it on a blockchain; and (b) the managing server acquiring a transaction ID representing location information of the transaction recorded on the blockchain.

A secure authentication and key agreement scheme for roaming service with user anonymity

Abstract: Summary Nowadays, with the advancement of wireless technologies, global mobility networks offer roaming services for mobile users. Since in global mobility networks the communication channel is public, adversaries can launch different security attacks to breach the security and privacy of data and mobile users. Hence, an authentication and key agreement scheme can be used to provide secure roaming services. It is well known that the conventional authentication schemes are not suitable for global mobility networks, because the authentication server of each network has the credentials of its registered users and thus cannot verify the authenticity of the other mobile users. Hence, for providing secure roaming services, another type of authentication called roaming authentication is required. Hitherto, a large number of authentication protocols have been proposed for global mobility networks. However, most of them have been proved to be insecure against various attacks. This paper proposes a secure and efficient authentication and key agreement scheme for global mobility networks. The proposed scheme is based on the elliptic curve cryptosystem. The correctness of the proposed scheme is verified using Burrows-Abadi-Needham logic. In addition, the security of the proposed scheme is proved using ProVerif. Detailed analyses demonstrate that the proposed scheme not only withstands various security attacks but also improves the efficiency by reducing the computational costs.

LWDSA: light-weight digital signature algorithm for wireless sensor networks

Abstract: The essential security mechanism in wireless sensor networks (WSNs) is authentication, where nodes can authenticate each other before transmitting a valid data to a sink. There are a number of public key authentication procedures available for WSN in recent years. Due to constraints in WSN environment there is a need for light-weight authentication procedure that consumes less power during computation. This proposed work aims at developing a light-weight authentication protocol using MBLAKE2b with elliptic curve digital signature algorithm (ECDSA). The proposed protocol is also tested using the protocol verification tool Scyther and found to be secure in all claims and roles. This proposed algorithm increases the network life time and reduces the computation time, which is essential for the constrained environment like WSNs.

Benchmarking keystroke authentication algorithms

Abstract: Free-text keystroke dynamics is a behavioral biometric that has the strong potential to offer unobtrusive and continuous user authentication Such behavioral biometrics are important as they may serve as an additional layer of protection over other one-stop authentication methods such as the user ID and passwords Unfortunately, evaluation and comparison of keystroke dynamics algorithms are still lacking due to the absence of large, shared free-text datasets In this research, we present a novel keystroke dynamics algorithm, based on kernel density estimation (KDE), and contrast it with two other state-of-the-art algorithms, namely Gunetti & Picardi's and Buffalo's SVM algorithms, using three published datasets, as well as our own new, unconstrained dataset that is an order of magnitude larger than the previous ones We modify the algorithms when necessary such that they have comparable settings, including profile and test sample sizes Both Gunetti & Picardi's and our own KDE algorithms have performed much better than Buffalo's SVM algorithm Although much simpler, the newly developed KDE algorithm is shown to perform similarly as Gunetti & Picardi's algorithm on the three constrained datasets, but the best on our new unconstrained dataset All three algorithms perform significantly better on the three prior datasets, which are constrained in one way or another, than our new dataset, which is truly unconstrained This highlights the importance of our unconstrained dataset in representing the real-world scenarios for keystroke dynamics Lastly, the new KDE algorithm degrades the least in performance on our new dataset

An Efficient and Secure Identity-Based Authentication and Key Agreement Protocol with User Anonymity for Mobile Devices

Abstract: Due to its convenience and simplicity, the mobile application in the mobile devices has been widely used as necessary. As an essential way to provide secured communication between mobile users and servers, the authentication protocol for user devices has stirred active study. However, because mobile devices are limited on computing capability and energy, it still remains a difficult problem for designing a secure and efficient authentication and key agreement protocol for mobile devices. In this paper, we propose a new efficient and secure Identity-based authentication and key agreement protocol using elliptic curve cryptosystem for mobile devices. Security analysis and complexity comparisons show our proposed protocol can fulfill all of security requirements while has lower computation and communication costs than similar protocols for mobile devices.

Lightweight Anonymous Authentication Protocols for RFID Systems

Abstract: Radio-frequency identification (RFID) technologies are making their way into retail products, library books, debit cards, passports, driver licenses, car plates, medical devices, and so on. The widespread use of tags in traditional ways of deployment raises a privacy concern: they make their carriers trackable. To protect the privacy of the tag carriers, we need to invent new mechanisms that keep the usefulness of tags while doing so anonymously. Many tag applications, such as toll payment, require authentication. This paper studies the problem of anonymous authentication. Since low-cost tags have extremely limited hardware resource, we propose an asymmetric design principle that pushes most complexity to more powerful RFID readers. With this principle, we develop a lightweight technique that generates dynamic tokens for anonymous authentication. Instead of implementing complicated and hardware-intensive cryptographic hash functions, our authentication protocol only requires tags to perform several simple and hardware-efficient operations such as bitwise XOR, one-bit left circular shift, and bit flip. The theoretical analysis and randomness tests demonstrate that our protocol can ensure the privacy of the tags. Moreover, our protocol reduces the communication overhead and online computation overhead to $O(1)$ per authentication for both tags and readers, which compares favorably with the prior art.

A novel dual authentication protocol (DAP) for multi-owners in cloud computing

Abstract: Cloud computing has reached the peak of Gartner hype cycle, and now the focus of every industry is the ability to scale with minimal investment. Scalability comes with its own challenges of data privacy and secured communication, and one of the key privacy concern is caused by frequent changes in membership and multiple owner data sharing. To address secured data sharing, a new dual authentication protocol for secure transmission of data with two level of authentication along with precedence based access control List has been proposed. Proven Triple DES algorithm is used for data encryption, wherein data Owners can encrypt data using their Identity with additional security attributes and the encrypted data is stored in cloud. Only the users who satisfies the encrypted attributes can decrypt the original data, and users can be anonymous if they want to be. Our proposed dual authentication protocol for multi-owner makes the system secured and robust and has been verified through multiple scenarios.