The number of commercially-available web-based services is growing rapidly nowadays. In particular, cloud computing provides an efficient and economic means of delivering information technology (IT) resources on demand, and is expected to find extensive applications as network bandwidth and virtualization technologies continue to advance. However, cloud computing presents the IT industry not only with exciting opportunities, but also with significant challenges since consumers are reluctant to adopt cloud computing solutions in the absence of firm guarantees regarding the security of their information. Two fundamental issues arise when users applying cloud computing to software as a service (SaaS). First, if enterprise data is to be processed in the cloud, it must be encrypted to ensure its privacy. As a result, efficient key management schemes are required to facilitate the encryption (and corresponding decryption) tasks. Second, as the sophistication of the tools used by malicious users continues to increase, the data processed in the cloud is at increasing risk of attack. Consequently, there is an urgent requirement for robust authentication schemes to ensure that the data can be accessed only by legitimate, authorized users. Network attacks such as phishing or man-in-the-middle (MITM) attacks present a serious obstacle to consumer acceptance of cloud computing services. According to reports released by privacy watchdog groups in the US, more than 148 identity theft incidents, affecting nearly 94 million identities, occurred in 2005 in the US alone (Mark, 2006). Identity theft is therefore one of the most severe threats to the security of online services. As a result, it is imperative that SaaS providers have the means to authenticate the identity of every user attempting to access the system. Due to the non-denial requirements of remote user identity authentication schemes, this is most commonly achieved using some form of biometricsbased method. The term “biometrics” describes a collection of methods for identifying individuals based upon their unique physiological or behavioral characteristics (Furnell et al. 2008). Generally speaking, the physiological characteristics include the individual’s fingerprint, vein pattern, DNA and shape of face, while the behavioral characteristics include the handwriting dynamics, voice and gait. Automated biometric recognition systems are now widely used
[1]
Whitfield Diffie,et al.
Multiuser cryptographic techniques
,
1976,
AFIPS '76.
[2]
M. Rabin.
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
,
1979
.
[3]
Taher ElGamal,et al.
A public key cyryptosystem and signature scheme based on discrete logarithms
,
1985
.
[4]
T. Elgamal.
A public key cryptosystem and a signature scheme based on discrete logarithms
,
1984,
CRYPTO 1984.
[5]
J. K. Lee,et al.
Fingerprint-based remote user authentication scheme using smart cards
,
2002
.
[6]
Kee-Young Yoo,et al.
ID-based password authentication scheme using smart cards and fingerprints
,
2003,
OPSR.
[7]
Chu-Hsing Lin,et al.
A flexible biometrics remote user authentication scheme
,
2004,
Comput. Stand. Interfaces.
[8]
Michael Scott,et al.
Cryptanalysis of an ID-based password authentication scheme using smart cards and fingerprints
,
2004,
OPSR.
[9]
Chris J. Mitchell,et al.
Security of the Lin-Lai smart card based user authentication scheme
,
2005
.
[10]
Naoto Miura,et al.
Extraction of Finger-Vein Patterns Using Maximum Curvature Points in Image Profiles
,
2007,
MVA.
[11]
Kee-Young Yoo,et al.
Efficient nonce-based remote user authentication scheme using smart cards
,
2005,
Appl. Math. Comput..
[12]
Chun-I Fan,et al.
Remote Password Authentication Scheme with Smart Cards and Biometrics 12
,
2006
.
[13]
Jongpil Jeong,et al.
Secure User Authentication Mechanism in Digital Home Network Environments
,
2006,
EUC.
[14]
Andreas Pfitzmann.
Biometrics - How to Put to Use and How Not at All?
,
2008,
TrustBus.
[15]
Ailsa Chapman.
What we can learn from…India
,
2013
.