Recently, usage of mobile cloud services has been increasing. In particular, beyond the constraints of a single cloud computing service, studies on the multi-cloud have been actively pursued. A user must authenticate multiple cloud service providers to use additional cloud services in a multi-cloud. In previous studies, an authentication method using single sign-on (SSO) was not available in all cloud services. Cloud services will not be available when the SSO server is not available due to malicious attacks, because all authentication is done via the SSO server. Additionally, using a broker, there is a vulnerability that can expose authentication information for the service provider to a user who did not sign up. In this paper, we propose a secure user authentication protocol using biometric authentication that does not expose user information when using additional cloud services. The proposed protocol can use a single biometric authentication for multi-cloud services without storing authentication information in each cloud service. In terms of key stability (to ensure stability through the key agreement process and the key area), by disabling various attack methods, such as man-in-the-middle attacks and replay attacks, we provide secure mobile cloud services.
[1]
Alessandro Armando,et al.
Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps
,
2008,
FMSE '08.
[2]
Dan Boneh,et al.
The Decision Diffie-Hellman Problem
,
1998,
ANTS.
[3]
P. Murukutla,et al.
Single Sign on for Cloud
,
2012,
2012 International Conference on Computing Sciences.
[4]
Chellammal Surianarayanan,et al.
Cloud Service Brokerage
,
2019
.
[5]
Junggab Son,et al.
An Authentication Scheme for Providing to User Service Transparency in Multicloud Environment
,
2013,
Inscrypt 2013.
[6]
Monica Palmirani,et al.
A Cloud Service Broker with Legal-Rule Compliance Checking and Quality Assurance Capabilities
,
2015,
Cloud Forward.
[7]
James A. Thom,et al.
Cloud Computing Security: From Single to Multi-clouds
,
2012,
2012 45th Hawaii International Conference on System Sciences.
[8]
Chris J. Mitchell,et al.
Security Issues in OAuth 2.0 SSO Implementations
,
2014,
ISC.