Multimedia Tools and Applications

, Volume 75, Issue 21, pp 13057–13076 | Cite as

Enhanced authentication for outsourced educational contents through provable block possession

  • Changhee Hahn
  • Hyunsoo Kwon
  • Daeyoung Kim
  • Junbeom HurEmail author


In recent years, the volume of educational contents has been explosively increased thanks to the rapid development of multimedia technologies. Furthermore, the development of smart devices has made various educational institutes use them as effective learning tools. Since more and more educational contents become available not only at school zone but at a variety of online learning systems, it becomes increasingly unaffordable for a single educational contents provider to store and process them locally. Therefore, many educational contents providers are likely to outsource the contents to cloud storage for cost saving. These phenomena raise one serious concern: how to authenticate educational contents users in a secure and efficient way? The most widely used password-based authentication suffers from numerous drawbacks in terms of security. Multi-factor authentication protocols based on diverse communication channels such as SMS, biometric, hardware token could enhance security, however they inevitably bring poor usability. To this end, we present a data block-based authentication scheme, which provides provable security and guarantees usability invariant such that users do nothing but entering a password. In addition, the proposed scheme supports efficient user revocation. To the best of our knowledge, our scheme is the first data block-based authentication scheme for outsourced educational contents that is provably secure without usability degradation. The experiment on Amazon EC2 cloud shows that the proposed scheme guarantees nearly constant time for user authentication.


Educational contents Two-factor authentication Block aggregation Merkle tree Usability 



This work was supported by the National Research Foundation of Korea(NRF) grant funded by the Korea government(MSIP) (No. 2013R1A2A2A01005559). This research was also supported by the Chung-Ang University Excellent Student Scholarship.


  1. 1.
    Adams A, Sasse M (1999) Users are not the enemy. ACM Commun 42(12):41–46CrossRefGoogle Scholar
  2. 2.
    Ateniese G, Burns R, Curtmola R, Herring J, Kissner L, Peterson Z, Song D (2007) Provable data possession at untrusted stores. In: ACM CCS, vol 07, pp 598–609Google Scholar
  3. 3.
    Barni M, Bianchi T, Catalano D, Raimondo M, Donida R, Failla P, Piva A (2012) Privacy-preserving Fingercode authentication. In: MMSec. ACM, Roma, Italy, pp 2–7Google Scholar
  4. 4.
    Bonneau J, Herley C, Oorschot C, Stajano F (2012) The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. Security and Privacy (SP), 2012. IEEE Symposium on. IEEE:553–567Google Scholar
  5. 5.
    Chiasson S, Oorschot C, Biddle R (2007) Graphical Password Authentication Using Cued Click Points. In: Proceedings European Symposium. Research in Computer Security (ESORICS), pp 359–374Google Scholar
  6. 6.
    Chiasson S, Stobert E, Forget A, Biddle R, Oorschot C (2012) Persuasive cued click-points: Design, implementation, and evaluation of a knowledge-based authentication mechanism. IEEE Trans Dependable Secure Comput 9(2):222–235CrossRefGoogle Scholar
  7. 7.
    Core Concepts - Authentication (2014) Accssed 11 December 2014
  8. 8.
    Czeskis A, Dietz M, Kohno T, Wallach D, Balfanz D (2012) Strengthening user authentication through opportunistic cryptographic identity assertions. In: Proceedings of the 2012 ACM conference on Computer and communications security, pp 404–414Google Scholar
  9. 9.
    Dirik A (2007) Modeling user choice in the PassPoints graphical password scheme. In: Proceedings of the 3rd symposium on Usable privacy and security. ACM, pp 20–28Google Scholar
  10. 10.
    Drimer S, Murdoch J, Anderson R (2009) Optimised to Fail: Card Readers for Online Banking. In: Financial Cryptography and Data Security, pp 184–200Google Scholar
  11. 11.
    Evans D, Huang Y, Katz J, Malka L (2011) Efficient privacyp-reserving biometric identification. In: NDSS, pp 2653–2657Google Scholar
  12. 12.
    Goofit K (2007) Click passwords under investigation. Computer Security ESORICS. Springer Berlin Heidelberg, pp 343–358Google Scholar
  13. 13.
    Google Inc. (2014) Accssed 7 December 2014
  14. 14.
    Halevi S, Harnik D, Pinkas B, Shulman-Peleg A (2011) Proofs of ownership in remote storage systems. In: Proceedings of the 18th ACM conference on Computer and communications security. ACM, pp 491–500Google Scholar
  15. 15.
  16. 16.
    Jain K, Prabhakar S, Hong L, Pankanti S (2000) Filterbank-based fingerprint matching. Image Processing, IEEE Transactions on 9.5, pp 846–859Google Scholar
  17. 17.
  18. 18.
    Morris R, Thompson K (1979) Password security: a case history. ACM Commun 22(11):594–597CrossRefGoogle Scholar
  19. 19.
    NTTDATA (2014) Accssed 6 December 2014
  20. 20.
    OpenID Connect (2014) Accssed 11 December 2014
  21. 21.
    Recordon D, Fitzpatrick B (2014) Accssed 11 December 2014
  22. 22.
  23. 23.
    RSA SecureID (2014) Accssed 7 December 2014
  24. 24.
    Salehi-Abari A, Thorpe J, Oorschot C (2008) On Purely Automated Attacks and Click-Based Graphical Passwords. In: Proceedings Annals Computer Security Applications Conference (ACSAC), pp 111–120Google Scholar
  25. 25.
    Stajano F (2011) Pico: No more passwords!. In Security Protocols XIX. Springer Berlin Heidelberg, pp 49–81Google Scholar
  26. 26.
    Thorpe J, Oorschot C (2007) Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords. In: Proceedings 16th USENIX Security Symposium, pp 103–118Google Scholar
  27. 27.
  28. 28.
    utopia (2014) Accssed 6 December 2014
  29. 29.
    Wiedenbeck S, Waters J, Birget C, Brodskiy A, Memon N (2005) PassPoints: Design and longitudinal evaluation of a graphical password system. International Journal of Human-Computer Studies 63.1, pp 102–127Google Scholar
  30. 30.
    Yuan J, Yu S (2013) Efficient privacy-preserving biometric identification in cloud computing. In: Proceedings of IEEE INFOCOM, pp 2752–2760Google Scholar

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  • Changhee Hahn
    • 1
  • Hyunsoo Kwon
    • 2
  • Daeyoung Kim
    • 1
  • Junbeom Hur
    • 1
    Email author
  1. 1.School of Computer Science and EngineeringChung-Ang UniversitySeoulSouth Korea
  2. 2.Department of Computer Science and EngineeringKorea UniversitySeoulSouth Korea

Personalised recommendations