Abstract
The password-based authentication mechanism is considered as the oldest and the most used method. It is easy to implement, and it does not require any particular configuration or devices. Yet, this solution does not ensure a high level of security when it is used in a large and remote environment such as cloud computing. In such an environment, the cloud user and the authentication remote server use an insecure communication channel to authenticate each other. Consequently, various attacks such as insider attack, password-guessing attack, user impersonation attack, and others can be launched. Smart cards are an alternative to improve this single authentication model by strengthening security and improving the communication process. In our work, we study the Huang et al. proposal. The authors have proposed a smart card-based authentication and key agreement scheme. They have used the elliptic curve to improve security. However, same related work shows that this solution does not resist to impersonation attacks and does not ensure perfect anonymity. Consequently, it does not protect users’ privacy. Thus, we propose an extension of the Huang et al. scheme in order to enforce security requirements. We implement an anonymous, mutual, and secure two-factor authentication and key agreement scheme applied to the cloud computing environment. We use elliptic curve cryptography and a fuzzy verifier to strengthen security. The solution is lightweight and optimizes performance. To prove the safety of the proposed protocol, formal security analysis with random oracle model and Scyther tool is provided. To evaluate its efficiency, a performance evaluation is prepared.
Similar content being viewed by others
References
Boyko V, MacKenzie P, Patel S (2000) Provably secure password-authenticated key exchange using diffie-hellman. International Conference on the Theory and Applications of Cryptographic Techniques 1807:156–171
Lin C-L, Hwang T (2003) A password authentication scheme with secure password updating. Comp Secur 22(1):68–72
Peyravian M, Jeffries C (2006) Secure remote user access over insecure networks. Comp Commun 29(5):660–667
Merdassi I, Bouchaala M, Ghazel C, Leila S (October 2019) Private security for the cloud mobile via a strong authentication method. Coop Design Vis Eng, pages 190–200
Cherdmuangpak N, Anusas-amonkul T, Limthan B (July 2017) Two factor image-based password authentication for junior high school students. International Joint Conference on Computer Science and Software Engineering (JCSSE)
Das R, Manna S, Dutta S (2018) Secure user authentication system using image-based otp and randomize numeric otp based on user unique biometric image and digit repositioning scheme. Commun Devices Comput. pages 83–93
Trupil L, Nishant D (2017) An analytical study of biometric based remote user authentication schemes using smart cards. Comput Electr Eng 59:305–321
Das ML (2009) Two-factor user authentication in wireless sensor networks. IEEE Trans Wirel Commun, pages 1086 – 1090
Lee CC, Li CT, Der Chen S (2011) Two attacks on a two-factor user authentication in wireless sensor networks. Parallel Process Lett, pages 21–26
He D, Gao Y, CHAN S (2010) An enhanced two-factor user authentication scheme in wireless sensor networks. Ad Hoc Sens Wirel Netw, page 361–371
Preeti C, Hari O (2018) An efficient two-factor remote user authentication and session key agreement scheme using rabin cryptosystem. Arab J Sci Eng 43(2):661–673
Morteza N, Reza J, Hamed A (2017) A lightweight authentication and key agreement protocol preserving user anonymity. Multimed Tools Appl 76(11):13401–13423
Trupil L, Mukesh S, Kumar MS (2018) Advanced formal authentication protocol using smart cards for network applicants. Comput Electr Eng 66:50–63
Qu J, Tan XL(2014) Two-factor user authentication with key agreement scheme based on elliptic curve cryptosystem. J Electr Comput Eng
Huang B, Khan MK, Libing W, Muhaya Fahad T, He BD (2015) An efficient remote user authentication with key agreement scheme using elliptic curve cryptography. Wirel Personal Commun 85:225–240
Chaudhry SA, Naqvi H, Mahmood K (2017) An improved remote user authentication scheme using elliptic curve cryptography. Wirel Pers Commun, pp 1–19
Maitra T, Obaidat Mohammad S, Hafizul Islam SK (2016) Security analysis and design of an efficient ecc-based two-factor password authentication scheme. Secur Commun Netw 9:4166–4181
Chenyu W, Wang D, Guoai X, Guo Y (2017) A lightweight password-based authentication protocol using smart card. Int J Commun Syst 30(16):336
Srinivas J, Vinod K, Adesh K (2019) Eseap: Ecc based secure and efficient mutual authentication protocol using smart card. J Inf Secur Appl 51:1–19
Chou CH, Tsai KY, Chung-Fu L (2013) Two id-based authenticated schemes with key agreement for mobile environments. J Supercomput 66(2):973–988
Sabzinejad Farash Mohammad, Ahmadian Attari Mahmoud (2014) A secure and efficient identity-based authenticated key exchange protocol for mobile client-server networks. J Supercomput 69(1):395–411
Yanrong L, Li L, Peng H, Yang Y (2017) An anonymous two-factor authenticated key agreement scheme for session initiation protocol using elliptic curve cryptography. Multimed Tools Appl 76:1801–1815
Memon Imran, Hussain Ibrar, Akhtar Rizwan, Gencai Chen (2015) Enhanced privacy and authentication: an efficient and secure anonymous communication for location based service using asymmetric cryptography scheme. Wirel Pers Commun 84(2):1487–1508
Alavalapati Goutham Reddy, Ashok Kumar Das, Yoon Eun-Jun (2016) A secure anonymous authentication protocol for mobile services on elliptic curve cryptographys. IEEE Access 4:4394–4407
Xie Qi, Wong Duncan S, Wang Guilin (2017) Provably secure dynamic id-based anonymous two factor authenticated key exchange protocol with extended security model. IEEE Trans Inf Forensics Secur 12:1382–1392
Shehzad AC, Husnain N, Taeshik S (2015) Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J Med Syst. pp 1801–1815
Sheetal K, Sood Sandeep K (2015) Secure authentication scheme for iot and cloud servers. Pervasive Mobile Comput 24:210–223
Sharma G, Kalra S (2015) A lightweight multi-factor secure smart card based remote user authentication scheme for cloud-iot applications. J Inf Secur Appl 42:95–106
Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51:541–552
Amin Ruhul, Hafizul Islamb SK, Biswas GP (2016) Design of anonymity preserving three-factor authenticated key exchange protocol for wireless sensor network. Comput Netw 101:42–622
Bellare M, Rogaway P (1993) Random oracles are practical: a paradigm for designing effcient protocols. ACM Conference on Computer and Communications Security, pp 62–73
Wei F, Vijayakumar P, Qi J, Zhang R (2018) A mobile intelligent terminal based anonymous authenticated key exchange protocol for roaming service in global mobility networks. IEEE Trans Sustain Comput 5(2):2377–3782
s Examining smart-card sMauwL. Operational semantics and verification of security protocols. Information Security and Cryptography series, Springer (2012)
Debiao H, Neeraj K, Khurram KM (2018) Efficient privacy-aware authentication scheme for mobile cloud computing services. IEEE Syst J 12(2):1621–1631
Nilesh C, Anand Vijay S, Samrat M (2019) Towards identifying and preventing behavioral side channel attack on recording attack resilient unaided authentication services. Comput Secur 84:193–205
Koblitz N, Menezes A, Vanstone S (2000) The state of elliptic curve cryptography. Designs Codes Cryptogr 19(2–3):173–193
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Bouchaala, M., Ghazel, C. & Saidane, L.A. Enhancing security and efficiency in cloud computing authentication and key agreement scheme based on smart card. J Supercomput 78, 497–522 (2022). https://doi.org/10.1007/s11227-021-03857-7
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-021-03857-7