A Strong Single Sign-on User Authentication Scheme Using Mobile Token Without Verifier Table for Cloud Based Services

Cloud computing is an emerging computing paradigm that offers computational facilities and storage as services dynamically on demand basis via the Internet. The ability to scale resources and the pay-as-you-go usage model has contributed to its growth. However, cloud computing inevitably poses various security challenges and majority of prospective customers are worried about unauthorized access to their data. Service providers need to ensure that only authorized users access the resources, and for this they need to adopt strong user authentication mechanisms. The mechanism should provide users with the flexibility to access multiple services without repeated registration and authentication at each provider. Considering these requirements, this chapter deliberates a Single Sign-on based two-factor authentication protocol for cloud based services. The proposed scheme uses password and a mobile token as authentication factors and does not require a verifier table. The formal verification of the protocol is done using Scyther.

[1]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[2]  Cjf Cas Cremers Scyther : semantics and verification of security protocols , 2006 .

[3]  M. Misbahuddin,et al.  A Simple and Efficient Solution to Remote User Authentication Using Smart Cards , 2006, 2006 Innovations in Information Technology.

[4]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[5]  Rui Jiang,et al.  Advanced Secure User Authentication Framework for Cloud Computing , 2013 .

[6]  Emiliano De Cristofaro,et al.  Two-Factor or not Two-Factor? A Comparative Usability Study of Two-Factor Authentication , 2013, ArXiv.

[7]  M. Hillenbrand,et al.  A single sign-on framework for web-services-based distributed applications , 2005, Proceedings of the 8th International Conference on Telecommunications, 2005. ConTEL 2005..

[8]  Muhammad Sharif,et al.  A Survey of Password Attacks and Comparative Analysis on Methods for Secure Authentication , 2012 .

[9]  Cheng-Chi Lee,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards , 2011, Expert Syst. Appl..

[10]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[11]  Banshidhar Majhi,et al.  An Improved Mutual Authentication Framework for Cloud Computing , 2012 .

[12]  Hyotaek Lim,et al.  A Strong User Authentication Framework for Cloud Computing , 2011, 2011 IEEE Asia-Pacific Services Computing Conference.

[13]  C. D. Jaidhar Enhanced mutual authentication scheme for cloud architecture , 2013, 2013 3rd IEEE International Advance Computing Conference (IACC).

[14]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[15]  Yen-Cheng Chen,et al.  An efficient nonce-based authentication scheme with key agreement , 2005, Appl. Math. Comput..

[16]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[17]  Mohammed Misbahuddin Secure Image Based Multi-Factor Authentication (SIMFA): a novel approach for web based services , 2010 .

[18]  Nenghai Yu,et al.  A Time-Bound Ticket-Based Mutual Authentication Scheme for Cloud Computing , 2011, Int. J. Comput. Commun. Control.