research-article

Entity authentication in a mobile-cloud environment

Authors:

Li YangAuthors Info & Claims

CSIIRW '13: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop

Article No.: 42, Pages 1 - 4

https://doi.org/10.1145/2459976.2460024

Published: 08 January 2013 Publication History

Abstract

Mobile devices are seeing an increase in usage in recent years and mobile security becomes important in part due to the shift of computing landscape towards mobile devices. Security and assurance of mobile computing is vital to the normal functioning in people's lives and our social, economic and political systems. In this paper, we propose and implement a novel system that authenticates users, devices, and a remote server in a mobile computing environment based on fuzzy vault, digital signature and zero-knowledge authentication. Our protocol is robust against the following attacks: 1) sniffing attack; 2) man-in-the-middle; 3) data modification; 4) impersonation; and 5) loss of device. Additionally, our protocol provides usability by using a fuzzy picture password. The strength of our protocol security is enhanced by using sensor data from the mobile device in the process of key generation. Our protocol was implemented and evaluated using Android and Amazon EC2.

References

[1]

Bock, James T. (1996). Visual Authentication. http://websrv.cs.fsu.edu/academics/grad/cnsa/projects/bock.pdf.

[2]

Forouzan, Behrouz A. Cryptography and Network Security. New York: McGraw-Hill, 2008.

Digital Library

[3]

Hook, David. Beginning Cryptography with Java. Indianapolis: Wiley Publishing, 2005.

Digital Library

[4]

Jansen, W., Gavrila, S., Korolev, V., Ayers, R. and Swanstrom, R. (2003). Picture Password: A Visual Login Technique for Mobile Devices. National Institute of Standards and Technology. http://csrc.nist.gov/publications/nistir/nistir-7030.pdf.

[5]

Juels A., and Sudan, M. 2002. A Fuzzy Vault Scheme. In International Symposium on Information Theory.

[6]

Naor, M. and Shamir, A. 1995. Visual Cryptography.

[7]

Advanced Encryption Standard (AES). November 2001. Federal Information Processing Standards Publication 197.

[8]

Naor, M. and Pinkas, B. 1997. Visual Authentication and Identification. In Lecture Notes in Computer Science.

Digital Library

[9]

Rivest R. L., Shamir A. and Adleman, L. 1978. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. In Communications of the ACM.

Digital Library

[10]

Feige, U., Fiat, A., and Shamir, A. 1988. Zero-Knowledge Proofs of Identity. In Journal of Cryptology. (77--94).

Digital Library

[11]

Diffie, W., and Hellman, M. E. 1976. New Directions in Cryptography. In IEEE Transactions on Information Theory. IT-22, 6 (November 1976).

Digital Library

[12]

Diffie, W. The First Ten Years of Public-Key Cryptography. 1988. In Proceedings of the IEEE. Vol 76, 5. (May 1988).

[13]

Erica Ogg, "HP: Number of mobile apps doesn't matter," CNET News, June 29, 2011

[14]

Flurry (June 2011), Mobile Apps Put the Web in Their Rear-view Mirror: http://blog.flurry.com/bid/63907/Mobile-Apps-Put-the-Web-in-Their-Rear-view-Mirror

[15]

2011 Mobile Threat Report, URL: https://www.mylookout.com/mobile-threat-report, retrieved April, 2012.

[16]

Lookout Mobile Security Blog (March 2011), Update: Security Alert: DroidDream Malware Found in Official Android Market: http://blog.mylookout.com/2011/03/security-alert-malware-found-in-official-android-market-droiddream/

Cited By

Abuarqoub A(2019)D-FAP: Dual-Factor Authentication Protocol for Mobile Cloud Connected DevicesJournal of Sensor and Actuator Networks10.3390/jsan90100019:1(1)Online publication date: 20-Dec-2019
https://doi.org/10.3390/jsan9010001
Abuarqoub A(2019)A Lightweight Two-Factor Authentication Scheme for Mobile Cloud ComputingProceedings of the 3rd International Conference on Future Networks and Distributed Systems10.1145/3341325.3342020(1-7)Online publication date: 1-Jul-2019
https://dl.acm.org/doi/10.1145/3341325.3342020
Alcaraz C(2019)Secure Interconnection of IT-OT Networks in Industry 4.0Critical Infrastructure Security and Resilience10.1007/978-3-030-00024-0_11(201-217)Online publication date: 2-Jan-2019
https://doi.org/10.1007/978-3-030-00024-0_11
Show More Cited By

Index Terms

Entity authentication in a mobile-cloud environment
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Cloud Computing for Emerging Mobile Cloud Apps
MOBILECLOUD '15: Proceedings of the 2015 3rd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering

The tutorial will begin with an explanation of the concepts behind cloud computing systems, cloud software architecture, the need for mobile cloud computing as an aspect of the app industry to deal with new mobile app design, network apps, app designing ...
Secure mobile device structure for trust IoT

In the IoT environment, all devices are connected to each other, and mobile device is considered as key device. But hacking into mobile devices is increasing rapidly with the increase in mobile device users. As the market share of Android OS increases, ...
Awareness, Knowledge, and Ability of Mobile Security Among Young Mobile Phone Users

The research literature on awareness, knowledge, and ability of mobile security of young mobile phone users was reviewed in this article. The existing literature suggests that young mobile phone users are usually not aware of potential mobile security ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

CSIIRW '13: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop

January 2013

282 pages

ISBN:9781450316873

DOI:10.1145/2459976

Editors:
Frederick Sheldon
Oak Ridge National Laboratory
,
Annarita Giani
Los Alamos National Laboratory
,
Axel Krings
University of Idaho
,
Robert Abercrombie
Oak Ridge National Laboratory

Copyright © 2013 Authors.

Sponsors

Los Alamos National Labs: Los Alamos National Labs
Sandia National Labs: Sandia National Laboratories
DOE: Department of Energy
Oak Ridge National Laboratory
Lawrence Livermore National Lab.: Lawrence Livermore National Laboratory
BERKELEYLAB: Lawrence National Berkeley Laboratory
Argonne Natl Lab: Argonne National Lab
Idaho National Lab.: Idaho National Laboratory
Pacific Northwest National Laboratory
Nevada National Security Site: Nevada National Security Site

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 January 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CSIIRW '13

Sponsor:

Los Alamos National Labs
Sandia National Labs
DOE
Lawrence Livermore National Lab.
BERKELEYLAB
Argonne Natl Lab
Idaho National Lab.
Nevada National Security Site

CSIIRW '13: Cyber Security and Information Intelligence

January 8 - 10, 2013

Tennessee, Oak Ridge, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
344
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Abuarqoub A(2019)D-FAP: Dual-Factor Authentication Protocol for Mobile Cloud Connected DevicesJournal of Sensor and Actuator Networks10.3390/jsan90100019:1(1)Online publication date: 20-Dec-2019
https://doi.org/10.3390/jsan9010001
Abuarqoub A(2019)A Lightweight Two-Factor Authentication Scheme for Mobile Cloud ComputingProceedings of the 3rd International Conference on Future Networks and Distributed Systems10.1145/3341325.3342020(1-7)Online publication date: 1-Jul-2019
https://dl.acm.org/doi/10.1145/3341325.3342020
Alcaraz C(2019)Secure Interconnection of IT-OT Networks in Industry 4.0Critical Infrastructure Security and Resilience10.1007/978-3-030-00024-0_11(201-217)Online publication date: 2-Jan-2019
https://doi.org/10.1007/978-3-030-00024-0_11
Mohsin JHan LHammoudeh MHegarty R(2017)Two Factor Vs Multi-factor, an Authentication Battle in Mobile Cloud Computing EnvironmentsProceedings of the International Conference on Future Networks and Distributed Systems10.1145/3102304.3102343(1-10)Online publication date: 19-Jul-2017
https://dl.acm.org/doi/10.1145/3102304.3102343
Sim LRen SKeoh SAung K(2016)A cloud authentication protocol using One-Time Pad2016 IEEE Region 10 Conference (TENCON)10.1109/TENCON.2016.7848486(2513-2516)Online publication date: Nov-2016
https://doi.org/10.1109/TENCON.2016.7848486
Alizadeh MAbolfazli SZamani MBaharun SSakurai K(2016)Authentication in mobile cloud computingJournal of Network and Computer Applications10.1016/j.jnca.2015.10.00561:C(59-80)Online publication date: 1-Feb-2016
https://dl.acm.org/doi/10.1016/j.jnca.2015.10.005
Jana DBandyopadhyay D(2013)Management of identity and credentials in mobile cloud environment2013 International Conference on Advanced Computer Science and Information Systems (ICACSIS)10.1109/ICACSIS.2013.6761561(113-118)Online publication date: Sep-2013
https://doi.org/10.1109/ICACSIS.2013.6761561

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten