Skip to main content
SpringerLink
Log in

Secured Authentication Using Anonymity and Password-Based Key Derivation Function

  • Conference paper
  • First Online:
Mobile Web and Intelligent Information Systems (MobiWIS 2016)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 9847))

Included in the following conference series:

Abstract

In cloud environment, security is a vital issue that will bring major impact to business operation. Cloud service provider has to ensure that data storage and communication medium is highly secured. In recent years, password-based authentication method has gained attention because of its simplicity, its capability in providing a secured process and its resistance from vulnerabilities. Nevertheless, there still have an issue on providing user identity protection and integrity of data from being abused by an adversary. Most of the current scheme involved third party in verification process and some of the scheme expose user’s identity during authentication process. These can lead to the trust and transparency concern to the user. By exposing user identity will make a chance to the adversary to perform impersonate attack by impersonating legitimate user. Thus, strong cryptography algorithm with secure key exchange protocol is needed to further enhance the authentication process. This paper proposed an enhancement of password-based authentication scheme with anonymity features and key derivation function. The proposed scheme uses the Secure Remote Password (SRP) protocol and Password-Based Key Derivation Function 2 (PBKDF2) to enhance the authentication process. This paper also presents the anonymity description in authentication process which preserves user’s identity information from being exposed. Anonymity is one of imperative feature that could hide identity of users during the authentication process. This is then followed by discussion of comparison of using password-based authentication scheme with other methods of authentication. Finally, this paper presents the flow of the proposed scheme which involved some algorithm modification. This research significantly enhances security level in password-based authentication using anonymity features and PBKDF2 to preserve user’s privacy and to resist from any attack vulnerabilities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abbadi, I.M.: A framework for establishing trust in cloud provenance. Int. J. Inf. Secur. 12(2), 111–128 (2013)

    Article  Google Scholar 

  2. Sengupta, S., Kaulgud, V., Sharma, V.S.: Cloud computing security–trends and research directions. In: 2011 IEEE World Congress on Services, October, pp. 524–531, July 2011

    Google Scholar 

  3. Sood, S.K., Sarje, A.K., Singh, K.: Cryptanalysis of password authentication schemes: current status and key issues. In: Proceedings of International Conference on Methods and Models in Computer Science, ICM2CS 2009 (2009)

    Google Scholar 

  4. Khattak, Z.A., Manan, J.A., Sulaiman, S.: Analysis of open environment sign-in schemes-privacy enhanced & trustworthy approach. J. Adv. Inf. Technol. 2(2), 109–121 (2011)

    Google Scholar 

  5. Sumitra, B., Pethuru, C.R., Misbahuddin, M.: A survey of cloud authentication attacks and solution approaches. Int. J. Innov. Res. Comput. Commun. Eng. 2(10), 6245–6253 (2014)

    Google Scholar 

  6. Chen, N., Jiang, R.: Security analysis and improvement of user authentication framework for cloud computing. J. Netw. 9(1), 198–203 (2014)

    Google Scholar 

  7. Thomas, M.V., Dhole, A., Chandrasekaran, K.: Single sign-on in cloud federation using CloudSim. Int. J. Comput. Netw. Inf. Secur. 7(6), 50–58 (2015)

    Google Scholar 

  8. Izuan, M., Saad, M., Jalil, K.A., Manaf, M.: Preserving user privacy with anonymous authentication in cloud computing. ARPN J. Eng. Appl. Sci. 10(23), 17937–17944 (2015)

    Google Scholar 

  9. N. Co-investigator: Password-authenticated key (PAK) Diffie-Hellman exchange. J. Chem. Inf. Model. 53, 1689–1699 (2013)

    Article  Google Scholar 

  10. Bellovin, S.M., Merrit, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: IEEE Computer Society Symposium on Research in Security and Privacy (1992)

    Google Scholar 

  11. Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)

    Article  MathSciNet  Google Scholar 

  12. Taherdoost, H., Sahibuddin, S., Jalaliyoon, N.: Smart card security; technology and adoption. Int. J. Secur. (IJS) (15), 74–84 (2011)

    Google Scholar 

  13. Chang, C.-C., Wu, T.-C.: Remote password authentication with smart cards. IEEE Trans. Consum. Electron. 139(4), 91–98 (2000)

    MathSciNet  Google Scholar 

  14. Wang, D., Ma, C.G., Zhang, Q.M., Zhao, S.: Secure password-based remote user authentication scheme against smart card security breach. J. Netw. 8(1), 148–155 (2013)

    MathSciNet  Google Scholar 

  15. Konoth, R.K, van der Veen, V., Bos, H.: How anywhere computing just killed your phone-based two-factor authentication. In: Proceedings of the 20th International Conference on Financial Cryptography and Data Security (2016)

    Google Scholar 

  16. Uludag, U., Pankanti, S., Prabhakar, S., Jain, A.K.: Biometric cryptosystems: issues and challenges. Proc. IEEE 92(6), 948–960 (2004)

    Google Scholar 

  17. Li, C.-T., Hwang, M.-S.: An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1), 1–5 (2010)

    Article  Google Scholar 

  18. Wu, T.: The secure remote password protocol. In: Network and Distributed System Security Symposium, NDSS 1998, pp. 97–111 (1998)

    Google Scholar 

  19. Huang, J., Nicol, D.M.: Trust mechanisms for cloud computing. J. Cloud Comput. Adv. Syst. Appl. 2(1), 1–14 (2013)

    Article  Google Scholar 

  20. Yassin, A.A., Jin, H., Ibrahim, A., Qiang, W., Zou, D.: Cloud authentication based on anonymous one-time password. In: Han, Y.-H., Park, D.-S., Jia, W., Yeo, S.-S. (eds.) Ubiquitous Information Technologies and Applications. LNEE, vol. 214, pp. 423–431. Springer, Netherlands (2013)

    Chapter  Google Scholar 

  21. Mishra, R.: Anonymous remote user authentication and key agreement for cloud computing. In: Pant, M., Deep, K., Nagar, A., Bansal, J.C. (eds.) SocProS 2013. AISC, vol. 258, pp. 899–913. Springer, Heidelberg (2014)

    Google Scholar 

  22. Contini, S.: Method to protect passwords in databases for web applications. IACR Cryptology ePrint Achieve, 387 (2015)

    Google Scholar 

  23. Tim Mell, P.G.: NIST definition of cloud computing. Natl. Inst. Stand. Technol. 53, 50 (2009)

    Google Scholar 

  24. Grobauer, B., Walloschek, T., Stocker, E.: Understanding cloud computing vulnerabilities. IEEE Secur. Priv. 9(2), 50–57 (2011)

    Article  Google Scholar 

Download references

Acknowledgment

The authors would like to thank Public Service Department (JPA) for their financial support in funding this research paper.

Author information

Authors and Affiliations

  1. Faculty of Computer and Mathematical Sciences, UiTM Shah Alam, Shah Alam, Selangor, Malaysia

    Mohd Izuan Mohd Saad, Kamarularifin Abd Jalil & Mazani Manaf

Authors
  1. Mohd Izuan Mohd Saad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kamarularifin Abd Jalil
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mazani Manaf
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohd Izuan Mohd Saad .

Editor information

Editors and Affiliations

  1. Oxford Brookes University, Oxford, United Kingdom

    Muhammad Younas

  2. University of Bradford, Bradford, United Kingdom

    Irfan Awan

  3. University of Vienna, Vienna, Austria

    Natalia Kryvinska

  4. University of Vienna, Vienna, Austria

    Christine Strauss

  5. Telenor R&D, Fornebu, Norway

    Do van Thanh

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Saad, M.I.M., Jalil, K.A., Manaf, M. (2016). Secured Authentication Using Anonymity and Password-Based Key Derivation Function. In: Younas, M., Awan, I., Kryvinska, N., Strauss, C., Thanh, D. (eds) Mobile Web and Intelligent Information Systems. MobiWIS 2016. Lecture Notes in Computer Science(), vol 9847. Springer, Cham. https://doi.org/10.1007/978-3-319-44215-0_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-44215-0_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-44214-3

  • Online ISBN: 978-3-319-44215-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation