Abstract
In cloud environment, security is a vital issue that will bring major impact to business operation. Cloud service provider has to ensure that data storage and communication medium is highly secured. In recent years, password-based authentication method has gained attention because of its simplicity, its capability in providing a secured process and its resistance from vulnerabilities. Nevertheless, there still have an issue on providing user identity protection and integrity of data from being abused by an adversary. Most of the current scheme involved third party in verification process and some of the scheme expose user’s identity during authentication process. These can lead to the trust and transparency concern to the user. By exposing user identity will make a chance to the adversary to perform impersonate attack by impersonating legitimate user. Thus, strong cryptography algorithm with secure key exchange protocol is needed to further enhance the authentication process. This paper proposed an enhancement of password-based authentication scheme with anonymity features and key derivation function. The proposed scheme uses the Secure Remote Password (SRP) protocol and Password-Based Key Derivation Function 2 (PBKDF2) to enhance the authentication process. This paper also presents the anonymity description in authentication process which preserves user’s identity information from being exposed. Anonymity is one of imperative feature that could hide identity of users during the authentication process. This is then followed by discussion of comparison of using password-based authentication scheme with other methods of authentication. Finally, this paper presents the flow of the proposed scheme which involved some algorithm modification. This research significantly enhances security level in password-based authentication using anonymity features and PBKDF2 to preserve user’s privacy and to resist from any attack vulnerabilities.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abbadi, I.M.: A framework for establishing trust in cloud provenance. Int. J. Inf. Secur. 12(2), 111–128 (2013)
Sengupta, S., Kaulgud, V., Sharma, V.S.: Cloud computing security–trends and research directions. In: 2011 IEEE World Congress on Services, October, pp. 524–531, July 2011
Sood, S.K., Sarje, A.K., Singh, K.: Cryptanalysis of password authentication schemes: current status and key issues. In: Proceedings of International Conference on Methods and Models in Computer Science, ICM2CS 2009 (2009)
Khattak, Z.A., Manan, J.A., Sulaiman, S.: Analysis of open environment sign-in schemes-privacy enhanced & trustworthy approach. J. Adv. Inf. Technol. 2(2), 109–121 (2011)
Sumitra, B., Pethuru, C.R., Misbahuddin, M.: A survey of cloud authentication attacks and solution approaches. Int. J. Innov. Res. Comput. Commun. Eng. 2(10), 6245–6253 (2014)
Chen, N., Jiang, R.: Security analysis and improvement of user authentication framework for cloud computing. J. Netw. 9(1), 198–203 (2014)
Thomas, M.V., Dhole, A., Chandrasekaran, K.: Single sign-on in cloud federation using CloudSim. Int. J. Comput. Netw. Inf. Secur. 7(6), 50–58 (2015)
Izuan, M., Saad, M., Jalil, K.A., Manaf, M.: Preserving user privacy with anonymous authentication in cloud computing. ARPN J. Eng. Appl. Sci. 10(23), 17937–17944 (2015)
N. Co-investigator: Password-authenticated key (PAK) Diffie-Hellman exchange. J. Chem. Inf. Model. 53, 1689–1699 (2013)
Bellovin, S.M., Merrit, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: IEEE Computer Society Symposium on Research in Security and Privacy (1992)
Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)
Taherdoost, H., Sahibuddin, S., Jalaliyoon, N.: Smart card security; technology and adoption. Int. J. Secur. (IJS) (15), 74–84 (2011)
Chang, C.-C., Wu, T.-C.: Remote password authentication with smart cards. IEEE Trans. Consum. Electron. 139(4), 91–98 (2000)
Wang, D., Ma, C.G., Zhang, Q.M., Zhao, S.: Secure password-based remote user authentication scheme against smart card security breach. J. Netw. 8(1), 148–155 (2013)
Konoth, R.K, van der Veen, V., Bos, H.: How anywhere computing just killed your phone-based two-factor authentication. In: Proceedings of the 20th International Conference on Financial Cryptography and Data Security (2016)
Uludag, U., Pankanti, S., Prabhakar, S., Jain, A.K.: Biometric cryptosystems: issues and challenges. Proc. IEEE 92(6), 948–960 (2004)
Li, C.-T., Hwang, M.-S.: An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1), 1–5 (2010)
Wu, T.: The secure remote password protocol. In: Network and Distributed System Security Symposium, NDSS 1998, pp. 97–111 (1998)
Huang, J., Nicol, D.M.: Trust mechanisms for cloud computing. J. Cloud Comput. Adv. Syst. Appl. 2(1), 1–14 (2013)
Yassin, A.A., Jin, H., Ibrahim, A., Qiang, W., Zou, D.: Cloud authentication based on anonymous one-time password. In: Han, Y.-H., Park, D.-S., Jia, W., Yeo, S.-S. (eds.) Ubiquitous Information Technologies and Applications. LNEE, vol. 214, pp. 423–431. Springer, Netherlands (2013)
Mishra, R.: Anonymous remote user authentication and key agreement for cloud computing. In: Pant, M., Deep, K., Nagar, A., Bansal, J.C. (eds.) SocProS 2013. AISC, vol. 258, pp. 899–913. Springer, Heidelberg (2014)
Contini, S.: Method to protect passwords in databases for web applications. IACR Cryptology ePrint Achieve, 387 (2015)
Tim Mell, P.G.: NIST definition of cloud computing. Natl. Inst. Stand. Technol. 53, 50 (2009)
Grobauer, B., Walloschek, T., Stocker, E.: Understanding cloud computing vulnerabilities. IEEE Secur. Priv. 9(2), 50–57 (2011)
Acknowledgment
The authors would like to thank Public Service Department (JPA) for their financial support in funding this research paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Saad, M.I.M., Jalil, K.A., Manaf, M. (2016). Secured Authentication Using Anonymity and Password-Based Key Derivation Function. In: Younas, M., Awan, I., Kryvinska, N., Strauss, C., Thanh, D. (eds) Mobile Web and Intelligent Information Systems. MobiWIS 2016. Lecture Notes in Computer Science(), vol 9847. Springer, Cham. https://doi.org/10.1007/978-3-319-44215-0_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-44215-0_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-44214-3
Online ISBN: 978-3-319-44215-0
eBook Packages: Computer ScienceComputer Science (R0)