Skip to main content
SpringerLink
Log in

Enhancing security and efficiency in cloud computing authentication and key agreement scheme based on smart card

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

The password-based authentication mechanism is considered as the oldest and the most used method. It is easy to implement, and it does not require any particular configuration or devices. Yet, this solution does not ensure a high level of security when it is used in a large and remote environment such as cloud computing. In such an environment, the cloud user and the authentication remote server use an insecure communication channel to authenticate each other. Consequently, various attacks such as insider attack, password-guessing attack, user impersonation attack, and others can be launched. Smart cards are an alternative to improve this single authentication model by strengthening security and improving the communication process. In our work, we study the Huang et al. proposal. The authors have proposed a smart card-based authentication and key agreement scheme. They have used the elliptic curve to improve security. However, same related work shows that this solution does not resist to impersonation attacks and does not ensure perfect anonymity. Consequently, it does not protect users’ privacy. Thus, we propose an extension of the Huang et al. scheme in order to enforce security requirements. We implement an anonymous, mutual, and secure two-factor authentication and key agreement scheme applied to the cloud computing environment. We use elliptic curve cryptography and a fuzzy verifier to strengthen security. The solution is lightweight and optimizes performance. To prove the safety of the proposed protocol, formal security analysis with random oracle model and Scyther tool is provided. To evaluate its efficiency, a performance evaluation is prepared.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Boyko V, MacKenzie P, Patel S (2000) Provably secure password-authenticated key exchange using diffie-hellman. International Conference on the Theory and Applications of Cryptographic Techniques 1807:156–171

    MATH  Google Scholar 

  2. Lin C-L, Hwang T (2003) A password authentication scheme with secure password updating. Comp Secur 22(1):68–72

    Article  Google Scholar 

  3. Peyravian M, Jeffries C (2006) Secure remote user access over insecure networks. Comp Commun 29(5):660–667

    Article  Google Scholar 

  4. Merdassi I, Bouchaala M, Ghazel C, Leila S (October 2019) Private security for the cloud mobile via a strong authentication method. Coop Design Vis Eng, pages 190–200

  5. Cherdmuangpak N, Anusas-amonkul T, Limthan B (July 2017) Two factor image-based password authentication for junior high school students. International Joint Conference on Computer Science and Software Engineering (JCSSE)

  6. Das R, Manna S, Dutta S (2018) Secure user authentication system using image-based otp and randomize numeric otp based on user unique biometric image and digit repositioning scheme. Commun Devices Comput. pages 83–93

  7. Trupil L, Nishant D (2017) An analytical study of biometric based remote user authentication schemes using smart cards. Comput Electr Eng 59:305–321

    Article  Google Scholar 

  8. Das ML (2009) Two-factor user authentication in wireless sensor networks. IEEE Trans Wirel Commun, pages 1086 – 1090

  9. Lee CC, Li CT, Der Chen S (2011) Two attacks on a two-factor user authentication in wireless sensor networks. Parallel Process Lett, pages 21–26

  10. He D, Gao Y, CHAN S (2010) An enhanced two-factor user authentication scheme in wireless sensor networks. Ad Hoc Sens Wirel Netw, page 361–371

  11. Preeti C, Hari O (2018) An efficient two-factor remote user authentication and session key agreement scheme using rabin cryptosystem. Arab J Sci Eng 43(2):661–673

    Article  Google Scholar 

  12. Morteza N, Reza J, Hamed A (2017) A lightweight authentication and key agreement protocol preserving user anonymity. Multimed Tools Appl 76(11):13401–13423

    Article  Google Scholar 

  13. Trupil L, Mukesh S, Kumar MS (2018) Advanced formal authentication protocol using smart cards for network applicants. Comput Electr Eng 66:50–63

    Article  Google Scholar 

  14. Qu J, Tan XL(2014) Two-factor user authentication with key agreement scheme based on elliptic curve cryptosystem. J Electr Comput Eng

  15. Huang B, Khan MK, Libing W, Muhaya Fahad T, He BD (2015) An efficient remote user authentication with key agreement scheme using elliptic curve cryptography. Wirel Personal Commun 85:225–240

    Article  Google Scholar 

  16. Chaudhry SA, Naqvi H, Mahmood K (2017) An improved remote user authentication scheme using elliptic curve cryptography. Wirel Pers Commun, pp 1–19

  17. Maitra T, Obaidat Mohammad S, Hafizul Islam SK (2016) Security analysis and design of an efficient ecc-based two-factor password authentication scheme. Secur Commun Netw 9:4166–4181

    Article  Google Scholar 

  18. Chenyu W, Wang D, Guoai X, Guo Y (2017) A lightweight password-based authentication protocol using smart card. Int J Commun Syst 30(16):336

    Google Scholar 

  19. Srinivas J, Vinod K, Adesh K (2019) Eseap: Ecc based secure and efficient mutual authentication protocol using smart card. J Inf Secur Appl 51:1–19

    Google Scholar 

  20. Chou CH, Tsai KY, Chung-Fu L (2013) Two id-based authenticated schemes with key agreement for mobile environments. J Supercomput 66(2):973–988

    Article  Google Scholar 

  21. Sabzinejad Farash Mohammad, Ahmadian Attari Mahmoud (2014) A secure and efficient identity-based authenticated key exchange protocol for mobile client-server networks. J Supercomput 69(1):395–411

    Article  Google Scholar 

  22. Yanrong L, Li L, Peng H, Yang Y (2017) An anonymous two-factor authenticated key agreement scheme for session initiation protocol using elliptic curve cryptography. Multimed Tools Appl 76:1801–1815

    Article  Google Scholar 

  23. Memon Imran, Hussain Ibrar, Akhtar Rizwan, Gencai Chen (2015) Enhanced privacy and authentication: an efficient and secure anonymous communication for location based service using asymmetric cryptography scheme. Wirel Pers Commun 84(2):1487–1508

    Article  Google Scholar 

  24. Alavalapati Goutham Reddy, Ashok Kumar Das, Yoon Eun-Jun (2016) A secure anonymous authentication protocol for mobile services on elliptic curve cryptographys. IEEE Access 4:4394–4407

    Article  Google Scholar 

  25. Xie Qi, Wong Duncan S, Wang Guilin (2017) Provably secure dynamic id-based anonymous two factor authenticated key exchange protocol with extended security model. IEEE Trans Inf Forensics Secur 12:1382–1392

    Article  Google Scholar 

  26. Shehzad AC, Husnain N, Taeshik S (2015) Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J Med Syst. pp 1801–1815

  27. Sheetal K, Sood Sandeep K (2015) Secure authentication scheme for iot and cloud servers. Pervasive Mobile Comput 24:210–223

    Article  Google Scholar 

  28. Sharma G, Kalra S (2015) A lightweight multi-factor secure smart card based remote user authentication scheme for cloud-iot applications. J Inf Secur Appl 42:95–106

    Google Scholar 

  29. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51:541–552

    Article  MathSciNet  Google Scholar 

  30. Amin Ruhul, Hafizul Islamb SK, Biswas GP (2016) Design of anonymity preserving three-factor authenticated key exchange protocol for wireless sensor network. Comput Netw 101:42–622

    Article  Google Scholar 

  31. Bellare M, Rogaway P (1993) Random oracles are practical: a paradigm for designing effcient protocols. ACM Conference on Computer and Communications Security, pp 62–73

  32. Wei F, Vijayakumar P, Qi J, Zhang R (2018) A mobile intelligent terminal based anonymous authenticated key exchange protocol for roaming service in global mobility networks. IEEE Trans Sustain Comput 5(2):2377–3782

    Google Scholar 

  33. s Examining smart-card sMauwL. Operational semantics and verification of security protocols. Information Security and Cryptography series, Springer (2012)

  34. Debiao H, Neeraj K, Khurram KM (2018) Efficient privacy-aware authentication scheme for mobile cloud computing services. IEEE Syst J 12(2):1621–1631

    Article  Google Scholar 

  35. Nilesh C, Anand Vijay S, Samrat M (2019) Towards identifying and preventing behavioral side channel attack on recording attack resilient unaided authentication services. Comput Secur 84:193–205

    Article  Google Scholar 

  36. Koblitz N, Menezes A, Vanstone S (2000) The state of elliptic curve cryptography. Designs Codes Cryptogr 19(2–3):173–193

    Article  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. CRISTAL Laboratory, ENSI, University of Manouba, Manouba, Tunisia

    Mariem Bouchaala, Cherif Ghazel & Leila Azouz Saidane

Authors
  1. Mariem Bouchaala
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Cherif Ghazel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Leila Azouz Saidane
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mariem Bouchaala.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bouchaala, M., Ghazel, C. & Saidane, L.A. Enhancing security and efficiency in cloud computing authentication and key agreement scheme based on smart card. J Supercomput 78, 497–522 (2022). https://doi.org/10.1007/s11227-021-03857-7

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-021-03857-7

Keywords

Search

Navigation