Using Cryptography in the Cloud for Lightweight Authentication Protocols Based on QR Codes

Secure communication and secure resource sharing using insecure networks, such as the Internet, are usually provided using authentication. The classical approach for user authentication is the username and password pair, which is known to be vulnerable to leaks created by various attack techniques (phishing, keystroke logger, web server database breaking, etc.). The main solution for this has been One Time Passwords, but they have the general disadvantage of needing additional specialized devices, that the user has to use and manage. New solutions have been lately proposed that use QR codes to distribute the authentication process between the computer, the smart phone of the user and the server to which she/he needs to authenticate. This paper makes a step further in distributing the authentication, by proposing the use of cloud cryptography in the process, thus relieving the smart phone from the burden of private key management and of performing high cost cryptographic operations. The paper describes the proposition through a proof-of-concept which is analyzed from the point of view of the advantages thus obtained.