Abstract
Mobile cloud computing blend mobile and cloud computing together with the help of wireless communication technology to achieve benefits for the stakeholders. These stakeholders include mobile users, mobile service operators and cloud service providers. Assorted challenges are also there for the implementation of mobile cloud computing but security and privacy are the dominant concerns. In order to achieve security and privacy of the said system several attempts are taken up. As the underlying system is complex and more prone against security threats, therefore strong authentication and privacy preserving schemes are desired. Three factor biometrics based authentication schemes are considered more secure for such huge and complex systems. Moreover, computational intelligence is getting popular nowadays for designing more vigorous and reliable biometrics based authentication schemes. Very recently, Tsai and Lo proposed an identity based authentication scheme for distributed mobile cloud computing environments. They claimed to achieve single sign on authentication for multiple service providers. Furthermore, they emphasized the usefulness and security of their scheme. However, the analysis in this paper shows that Tsai and Lo’s scheme is insecure against server forgery attack. It is proved that any adversaries having knowledge of just public parameters can forge as a valid service provider. Then an improved scheme is proposed to mitigate the security weakness. The security of proposed scheme is instantiated under random oracle model as well as the protocol validation model of popular automated tool ProVerif.
Similar content being viewed by others
References
Zhangjie, F., Xingming, S., Qi, L., Lu, Z., Jiangang, S.: Achieving efficient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Transact. Commun. 98(1), 190–200 (2015)
Badve, O.P., Gupta, B., Yamaguchi, S., Gou, Z.: Ddos detection and filtering technique in cloud environment using garch model. In: Proceedings of the 2015 IEEE 4th Global Conference on Consumer Electronics (GCCE), pp. 584–586. (2015)
Gupta, B.: Handbook of Research on Modern Cryptographic Solutions for Computer and Cyber Security. IGI Global, Hershey (2016)
Li, J., Li, J., Chen, X., Jia, C., Lou, W.: Identity-based encryption with outsourced revocation in cloud computing. IEEE Transact. Comput. 64(2), 425–437 (2015)
Gupta, B., Badve, O.P.: Taxonomy of dos and ddos attacks and desirable defense mechanism in a cloud computing environment. Neu. Comput. Appl. (2016) doi:10.1007/s00521-016-2317-5
Ren, Y.J., Shen, J., Wang, J., Han, J., Lee, S.Y.: Mutual verifiable provable data auditing in public cloud storage. J. Int. Technol. 16(2), 317–323 (2015)
Dinh, H.T., Lee, C., Niyato, D., Wang, P.: A survey of mobile cloud computing: architecture, applications, and approaches. Wireless Commun. Mob. Comput. 13(18), 1587–1611 (2013)
Xia, Z., Wang, X., Zhang, L., Qin, Z., Sun, X., Ren, K.: A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Transact. Inf. Foren. Secur. 11(11), 2594–2608 (2016)
Wang, Y., Chen, R., Wang, D.C.: A survey of mobile cloud computing applications: perspectives and challenges. Wirel. Person. Commun. 80(4), 1607–1623 (2015)
Fernando, N., Loke, S.W., Rahayu, W.: Mobile cloud computing: a survey. Future Gen. Comput. Syst. 29(1), 84–106 (2013)
Khan, A.N., Kiah, M.M., Khan, S.U., Madani, S.A.: Towards secure mobile cloud computing: a survey. Futur. Gen. Comput. Syst. 29(5), 1278–1299 (2013)
Alizadeh, M., Baharun, S., Zamani, M., Khodadadi, T., Darvishi, M., Gholizadeh, S., Ahmadi, H.: Anonymity and untraceability assessment of authentication protocols in proxy mobile ipv6. Jurnal Teknologi 72(5), 28 (2015)
Alizadeh, M., Zamani, M., Baharun, S., Hassan, W.H., Khodadadi, T.: Security and privacy criteria to evaluate authentication mechanisms in proxy mobile ipv6. Jurnal Teknologi 72(5), 28 (2015)
Alizadeh, M., Zamani, M., Baharun, S., Manaf, A.A., Sakurai, K., Anada, H., Keshavarz, H., Chaudhry, S.A., Khan, M.K.: Cryptanalysis and improvement of “a secure password authentication mechanism for seamless handover in proxy mobile ipv6 networks”. PloS one 10(11), e0142 (2015)
He, D., Zeadally, S., Kumar, N., Lee, J.H.: Anonymous authentication for wireless body area networks with provable security. IEEE Syst. J. 99, 1–12 (2016)
He, D., Zeadally, S., Wu, L.: Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Syst. J. 99, 1–10 (2015)
Li, J., Liu, Z., Chen, X., Xhafa, F., Tan, X., Wong, D.S.: L-encdb: a lightweight framework for privacy-preserving data queries in cloud computing. Knowl. Based Syst. 79, 18–26 (2015)
Tsai, J.L., Lo, N.W., Wu, T.C.: Secure delegation-based authentication protocol for wireless roaming service. Commun. Lett. IEEE 16(7), 1100–1102 (2012)
Wang, D., He, D., Wang, P., Chu, C.H.: Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. Dependable and secure computing. IEEE Transact. 12(4), 428–442 (2015)
Wang, D., Wang, P.: On the anonymity of two-factor authentication schemes for wireless sensor networks: attacks, principle and solutions. Comput. Netw. 73, 41–57 (2014)
Wang, D., Wang, P.A.: Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad. Hoc. Netw. 20, 1–115 (2014)
Xiao, Z., Xiao, Y.: Security and privacy in cloud computing. Commun. Surv. Tutor. IEEE 15(2), 843–859 (2013)
Alizadeh, M., Abolfazli, S., Zamani, M., Baharun, S., Sakurai, K.: Authentication in mobile cloud computing: a survey. J. Netw. Comput. Appl. 61, 59–80 (2016)
Lin, H., Xu, L., Huang, X., Wu, W., Huang, Y.: A trustworthy access control model for mobile cloud computing based on reputation and mechanism design. Ad Hoc Networks 35, 51–64 (2015). doi:10.1016/j.adhoc.2015.07.007. (Special Issue on Big Data Inspired Data Sensing, Processing and Networking Technologies)
Armando, A., Carbone, R., Compagna, L., Cuéllar, J., Pellegrino, G., Sorniotti, A.: An authentication flaw in browser-based single sign-on protocols: impact and remediations. Comput. Secu. 33, 41–58 (2013)
He, D., Kumar, N., Chilamkurti, N.: A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf. Sci. 321, 263–277 (2015)
He, D., Kumar, N., Wang, H., Wang, L., Choo, K.K.R., Vinel, A.: A provably-secure cross-domain handshake scheme with symptoms-matching for mobile healthcare social network. IEEE Transact. Depend. Secure Comput. 1, 99 (2016)
He, D., Zeadally, S.: Authentication protocol for an ambient assisted living system. Commun. Mag. IEEE 53(1), 71–77 (2015)
Tsai, J.L., Lo, N.W.: A privacy-aware authentication scheme for distributed mobile cloud computing services. Syst. J. IEEE 9(3), 805–815 (2015)
Wang, D., Guang, C.: Cryptanalysis of a remote user authentication scheme for mobile client-server environment based on ECC. Inf. Fus. 14(4), 498–503 (2013)
Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for key management-part 1: general. NIST Spec. Publ. 800, 1–147 (2006)
Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)
Miller, V.: Use of elliptic curves in cryptography. In: Proceedings of Advances in Cryptology—CRYPTO’85, pp. 417–426. Springer, Heidelberg (1986)
Du, H., Wen, Q.: An efficient identity-based short signature scheme from bilinear pairings. In: Proceedings of the International Conference on Computational Intelligence and Security, pp. 725–729. IEEE (2007)
Lim, H.W., Robshaw, M.J.: On identity-based cryptography and grid computing. Computational science, pp. 474–477. Springer, Berlin (2004)
Lim, H.W., Robshaw, M.J.A.: A dynamic key infrastructure for grid, pp. 255–264. Springer, Berlin (2005)
Li, H., Dai, Y., Tian, L., Yang, H.: Identity-based authentication for cloud computing, pp. 157–166. Springer, Berlin (2009)
Hughes, D., Shmatikov, V.: Information hiding, anonymity and privacy: a modular approach. J. Comput. Secur. 12(1), 3–36 (2004)
Tsai, J.L., Lo, N.W., Wu, T.C.: Novel anonymous authentication scheme using smart cards. Industrial informatics. IEEE Transact. 9(4), 2004–2013 (2013)
Huang, X., Xiang, Y., Bertino, E., Zhou, J., Xu, L.: Robust multi-factor authentication for fragile communications. Dependable and secure computing. IEEE Transact. 11(6), 568–581 (2014)
Sun, H., Wen, Q., Zhang, H., Jin, Z.: A novel remote user authentication and key agreement scheme for mobile client-server environment. Appl. Math. 7(4), 1365–1374 (2013)
Wang, D., Mei, Y., Ma, C.g., Cui, Z.s.: Comments on an advanced dynamic id-based authentication scheme for cloud computing. In: Proceedings of the Web Information Systems and Mining, pp. 246–253. Springer, Heidelberg (2012)
Yang, X., Huang, X., Liu, J.K.: Efficient handover authentication with user anonymity and untraceability for mobile cloud computing. Futu. Gen. Comput. Syst. 62, 190–195 (2015)
Cao, X., Zhong, S.: Breaking a remote user authentication scheme for multi-server architecture. Commun. Lett. IEEE 10(8), 580–581 (2006)
Dolev, D., Yao, A.C.: On the security of public key protocols. Information theory. IEEE Transact. 29(2), 198–208 (1983)
Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.: On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In: Wagner, D. (ed.) Advances in Cryptology, CRYPTO 2008. Lecture Notes in Computer Science, pp. 203–220. Springer, Berlin (2008)
Xie, Q., Dong, N., Wong, D.S., Hu, B.: Cryptanalysis and security enhancement of a robust two-factor authentication and key agreement protocol. Int. J. Commun. Syst. 29, 478–487 (2014)
Chaudhry, S.A., Naqvi, H., Sher, M., Farash, M.S.: An improved and provably secure privacy preserving authentication protocol for sip. Peer Peer Netw. Appl. 10(1), 1–15 (2015)
Goriparthi, T., Das, M.L., Saxena, A.: An improved bilinear pairing based remote user authentication scheme. Comput. Stand. Interf. 31(1), 181–185 (2009)
De Caro, A., Iovino, V.: jpbc: Java pairing based cryptography. In: Proceedings of the 16th IEEE Symposium on Computers and Communications, ISCC 2011, pp. 850–855. IEEE, Kerkyra, Corfu, Greece, 28 June–1 July 2011
Java pairing based cryptography (jpbc). http://gas.dia.unisa.it/projects/jpbc/#.VcUnwbU0rlw (2015). Accessed 7 Aug 2015
Acknowledgements
Authors would also like to thank Mr. Shahzad Siddique Chaudhry, anonymous reviewers and the guest editors for their valuable and constructive comments.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Chaudhry, S.A., Kim, I.L., Rho, S. et al. An improved anonymous authentication scheme for distributed mobile cloud computing services. Cluster Comput 22 (Suppl 1), 1595–1609 (2019). https://doi.org/10.1007/s10586-017-1088-9
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-017-1088-9