Abstract
The development in cloud computing platforms has resulted, hosting many day-to-day service applications in the cloud. To avail the services provided by different cloud service providers (CSPs), the mobile user has to register his/her identity with the CSPs. The mobile user (MU) has to remember multiple identities and credentials to access various CSPs. Many single sign-on schemes have been proposed in the literature to eliminate multiple registrations by mobile users to access CSPs. Most of these schemes rely on a trusted third party known as Registration Authority Center (RAC), which is a centralized entity to manage the identity information of all the mobile users registered with it. The centralized RAC has two operational problems, i.e., RAC has full control over the data it possesses, resulting in the possibility of the data breach and increased risk of single-point-of-failure. In this paper, we propose a blockchain based privacy preserving user authentication protocol for distributed mobile cloud environment, which solves these two traditional problems with centralized registration centers. In proposed protocol, the registration of MU and CSP are performed through public blockchain network for MU to access CSPs and the authentication was performed between MU and CSP through public blockchain. The public blockchain network stores MU and CSPs identity information. Public blockchain network provides integrity to the data stored in it and secures the system from single-point-of-failure. In addition, security analysis and performance analysis were also performed for proposed protocol and it showed that the proposed protocol is secure from all-known attacks with better performance efficiency.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Buyya R, Yeo CS, Venugopal S, Broberg J, Brandic I (2009) Cloud computing and emerging it platforms: Vision, hype, and reality for delivering computing as the 5th utility. Fut Gener Comput Syst 25(6):599–616
Fernando N, Loke SW, Rahayu W (2013) Mobile cloud computing: A survey. Fut Gener Comput Syst 29(1):84–106
Ferrer AJ, Marquès JM, Jorba J (2019) Towards the decentralised cloud: Survey on approaches and challenges for mobile, ad hoc, and edge computing. ACM Comput Surv (CSUR) 51(6):111
Odelu V, Das AK, Goswami A (2015) A secure and efficient ecc-based user anonymity preserving single sign-on scheme for distributed computer networks. Secur Commun Netw 8(9):1732–1751
Odelu V, Das AK, Choo K-KR, Kumar N, Park Y (2017) Efficient and secure time-key based single sign-on authentication for mobile devices. IEEE Access 5:27707–27721
Chaudhry SA, Kim IL, Rho S, Farash MS, Shon T (2019) An improved anonymous authentication scheme for distributed mobile cloud computing services. Clust Comput 22(1):1595–1609
Vivekanandan M, Sastry VN, Reddy US (2019) Biometric based user authentication protocol for mobile cloud environment. In: 2019 IEEE 5th International Conference on Identity, Security, and Behavior Analysis (ISBA). IEEE, Hyderabad, pp 1–6
Vivekanandan M, Sastry VN, Reddy US (2019) Efficient user authentication protocol for distributed multimedia mobile cloud environment. J Ambient Intell Human Comput:1–24
Nakamoto S (31) October 2008.” bitcoin: A peer-to-peer electronic cash system”. also known as the bitcoin whitepaper
Zhang R, Xue R, Liu L (2019) Security and privacy on blockchain. ACM Comput Surv (CSUR) 52(3):1–34
Irshad A, Chaudhry SA, Shafiq M, Usman M, Asif M, Ghani A (2019) A provable and secure mobile user authentication scheme for mobile cloud computing services. Int J Commun Syst 32(14):e3980
Liu W, Wang X, Peng W, Xing Q (2019) Center-less single sign-on with privacy-preserving remote biometric-based id-maka scheme for mobile cloud computing services. IEEE Access 7:137770–137783
Xiong L, Li F, Zeng S, Peng T, Liu Z (2019) A blockchain-based privacy-awareness authentication scheme with efficient revocation for multi-server architectures. IEEE Access 7:125840–125853
Ge C, Susilo W, Liu Z, Xia J, Szalachowski P, Liming F (2020) Secure keyword search and data sharing mechanism for cloud computing. IEEE Transactions on Dependable and Secure Computing
Ge C, Yin C, Liu Z, Fang L, Zhu J, Ling H (2020) A privacy preserve big data analysis system for wearable wireless sensor network. Comput Secur:101887
Ren Y, Zhu F, Sharma PK, Wang T, Wang J, Alfarraj O, Tolba A (2020) Data query mechanism based on hash computing power of blockchain in internet of things. Sensors 20(1):207
Mohsin AH, Zaidan AA, Zaidan BB, Albahri OS, Albahri AS, Alsalem MA, Mohammed KI (2019) Based blockchain-pso-aes techniques in finger vein biometrics: A novel verification secure framework for patient authentication. Comput Stand Interfaces 66:103343
Liu Y-N, Lv S-Z, Xie M, Chen Z-B, Wang P (2019) Dynamic anonymous identity authentication (daia) scheme for vanet. Int J Commun Syst 32(5):e3892
Yao Y, Chang X, Mišić J, Mišić VB, Li L (2019) Bla: Blockchain-assisted lightweight anonymous authentication for distributed vehicular fog services. IEEE Internet Things J. 6(2):3775–3784
Wang J, Wu L, Choo K-KR, He D (2019) Blockchain based anonymous authentication with key management for smart grid edge computing infrastructure. IEEE Transactions on Industrial Informatics (2019)
Odelu V (2019) Imbua: Identity management on blockchain for biometrics-based user authentication. In: International Congress on Blockchain and Applications. Springer, pp 1–10
Irshad A, Chaudhry SA, Alomari OA, Yahya K, Kumar N (2020) A novel pairing-free lightweight authentication protocol for mobile cloud computing framework. IEEE Syst J
Derhab A, Belaoued M, Guerroumi M, Khan FA (2020) Two-factor mutual authentication offloading for mobile cloud computing. IEEE Access 8:28956–28969
Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: International conference on the theory and applications of cryptographic techniques. Springer, pp 523–540
Maurya A, Sastry VN (2017) Fuzzy extractor and elliptic curve based efficient user authentication protocol for wireless sensor networks and internet of things. Information 8(4):136
Hankerson D, Menezes AJ, Vanstone S (2006) Guide to elliptic curve cryptography. Springer Science & Business Media
Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29 (2):198–208
Wazid M, Das AK, Kumar N, Vasilakos AV (2019) Design of secure key management and user authentication scheme for fog computing services. Futur Gener Comput Syst 91:475–492
Burrows M, Abadi M, Needham R (1990) A logic of authentication,? acm transactions in computer systems, vol 8
Bellare M, Rogaway P (1993) Random oracles are practical: A paradigm for designing efficient protocols. In: Proceedings of the 1st ACM conference on Computer and communications security, pp 62–73
Armando A, Basin D, Cuellar J, Rusinowitch M, Viganò L (2006) Avispa: Automated validation of internet security protocols and applications. ERCIM News 64
Cremers C JF (2006) Scyther: Semantics and verification of security protocols. Eindhoven University of Technology Eindhoven, Netherlands
Reddy AG, Das AK, Odelu V, Ahmad A, Shin JS (2019) A privacy preserving three-factor authenticated key agreement protocol for client–server environment. J Ambient Intell Human Comput 10(2):661–680
Sharma G, Kalra S (2020) Advanced lightweight multi-factor remote user authentication scheme for cloud-iot applications. J Ambient Intell Human Comput 11(4):1771–1794
Roy S, Das AK, Chatterjee S, Kumar N, Chattopadhyay S, Rodrigues JJPC (2018) Provably secure fine-grained data access control over multiple cloud servers in mobile cloud computing based healthcare applications. IEEE Trans Ind Inf 15(1):457–468
Barman S, Das AK, Samanta D, Chattopadhyay S, Rodrigues JJPC, Park Y (2018) Provably secure multi-server authentication protocol using fuzzy commitment. IEEE Access 6:38578–38594
Mahmood K, Akram W, Shafiq A, Altaf I, Lodhi MA, Islam SKH (2020) An enhanced and provably secure multi-factor authentication scheme for internet-of-multimedia-things environments. Comput Electr Eng 88:106888
Das AK, Wazid M, Yannam AR, Rodrigues JJPC, Park Y (2019) Provably secure ecc-based device access control and key agreement protocol for iot environment. IEEE Access 7:55382–55397
Team TA, et al. (2006) Avispa v1. 1 user manual. Information Society Technologies Programme, http://avispa-project.org
Wu T-Y, Lee Z, Obaidat MS, Kumari S, Kumar S, Chen C-M (2020) An authenticated key exchange protocol for multi-server architecture in 5g networks. IEEE Access 8:28096–28108
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article belongs to the Topical Collection: Special Issue on Privacy-Preserving Computing
Guest Editors: Kaiping Xue, Zhe Liu, Haojin Zhu, Miao Pan and David S.L. Wei
Appendices
A Appendix
Highlights of proposed protocol
-
We propose a blockchain based privacy preserving user authentication protocol for distributed mobile cloud environment protocol.
-
Proposed protocol provides mutual authentication (MA) between a mobile user (MUi) and cloud service provider (CSPj) without the involvement of RAC.
-
The proposed protocol provides additional security, based on the involvement of blockchain in the login & authentication phase.
-
Proposed protocol provides additional features like one time registration using blockchain, user choice based CSPs registration based on blokchain, user choice based CSPs update phase based on blockchain, forget password, user update, user revocation phase based on blockchain, server revocation phase based on blockchain.
-
Proposed protocol used blockchain for identity verification of mobile user and CSP in authentication.
-
Proposed protocol provides integrity and confidentiality of data stored in blockchain.
-
Proposed protocol was verified using informal security analysis, BAN logic, AVISPA tool and scyther tool.
-
The proposed protocol was secure from all-known attacks and provides better performance.
B BAN logic
We consider F is a statement, P and R are principal and K is a key for proposed protocol.
Notations
-
P∣ ≡ F:P believes F.
-
# F: F is fresh.
-
\(P\mid \sim F\): P once said F.
-
P∣ ⇒ F: P has jurisdiction over F.
-
P ⊲ F: P sees F.
-
\(\left \{ F \right \}_{K}\): F is encrypted K.
-
\(\left (F \right )_{K}\): F is hashed K.
-
\(\left \langle F \right \rangle _{_{K}}\): F is combined K.
-
\(P\overset {K}\leftrightarrow R\): P and R use the common session key K.
Rules
-
R1: Message meaning rule: \(\frac {P\mid \equiv P\overset {K}\leftrightarrow R,P\triangleleft \left \langle F \right \rangle _{_{K}}}{P\mid \equiv R\mid \sim X}\) and \(\frac {P\mid \equiv P\overset {K}\leftrightarrow R,P\triangleleft \left \{ F \right \}_{K}}{P\mid \equiv R\mid \sim X}\)
-
R2: Nonce-verification rule:\(\frac {P\mid \equiv \#(F),P\mid \equiv R\sim F}{P\mid \equiv R\mid \equiv F}\)
-
R3: Jurisdiction rule: \(\frac {P\mid \equiv R\Rightarrow F,P\mid \equiv R\mid \equiv F}{P\mid \equiv F}\)
-
R4: Freshness rule:\(\frac {P\mid \equiv \#F}{S\mid \equiv \# (F,G)}\)
Role of mobile user (HLPSL specification)
Role of cloud service provider (HLPSL specification)
Role of Blockchain (HLPSL specification)
Roles for session, environment and goals (HLPSL specification)
Results of OFMC experiments
Results of CL-AtSe experiments
Macro definition functions for proposed protocol in Scyther Tool
Roles of user, blockchain and cloud service provider in Scyther Tool
Scyther results
Rights and permissions
About this article
Cite this article
Vivekanandan, M., V. N., S. & U., S.R. Blockchain based Privacy Preserving User Authentication Protocol for Distributed Mobile Cloud Environment. Peer-to-Peer Netw. Appl. 14, 1572–1595 (2021). https://doi.org/10.1007/s12083-020-01065-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-020-01065-3