New Authentication Scheme to Secure against the Phishing Attack in the Mobile Cloud Computing

A phishing attack is one of the severe threats to the smartphone users. As per the recent lookout report, mobile phishing attack is increasing 85% year to year and going to become a significant threat to the smartphone users. This social engineering attack attempts to get the user’s password by disguising as trusted service provider. Most of the smartphone users are using the Internet services outside of the traditional firewall. Cloud-based documents are one of the primary targets of this phishing attack in mobile cloud computing. Also, most smartphone users are using the cloud storage in their device. To secure against this password attack in a mobile cloud environment, we propose a new authentication scheme to provide novel security to the mobile cloud services. This scheme will verify the user and service provider without transmitting the password using the Zero-knowledge proof based authentication protocol. Moreover, the proposed scheme will provide mutual authentication between the communication entities. The effectiveness of proposed scheme would be verified using protocol verification tool called Scyther.

[1]  Qiang Ye,et al.  MDA: message digest-based authentication for mobile cloud computing , 2016, Journal of Cloud Computing.

[2]  Pethuru Raj,et al.  A Strong Single Sign-on User Authentication Scheme Using Mobile Token Without Verifier Table for Cloud Based Services , 2018, Computer and Network Security Essentials.

[3]  J. Lokesh,et al.  Design of Secure Group Key Management Scheme for Multicast Networks Using Number Theory , 2008, 2008 International Conference on Computational Intelligence for Modelling Control & Automation.

[4]  Hui Guo,et al.  Towards Secure Data Distribution Systems in Mobile Cloud Computing , 2017, IEEE Transactions on Mobile Computing.

[5]  Athanasios V. Vasilakos,et al.  On the Design of Provably Secure Lightweight Remote User Authentication Scheme for Mobile Cloud Computing Services , 2017, IEEE Access.

[6]  Feipei Lai,et al.  Confidentiality Protection of Digital Health Records in Cloud Computing , 2016, Journal of Medical Systems.

[7]  Dijiang Huang,et al.  Mobile Cloud Security: Attribute-Based Access Control , 2018 .

[8]  Bing-Chang Chen,et al.  Mobile user authentication system in cloud environment , 2013, Secur. Commun. Networks.

[9]  Anis Ahmed-Nacer,et al.  Strong authentication for mobile cloud computing , 2016, 2016 13th International Conference on New Technologies for Distributed Systems (NOTERE).

[10]  Muhammad Khurram Khan,et al.  A Standard Mutual Authentication Protocol for Cloud Computing Based Health Care System , 2017, Journal of Medical Systems.

[11]  Mojtaba Alizadeh,et al.  Authentication in mobile cloud computing: A survey , 2016, J. Netw. Comput. Appl..

[12]  Jian Shen,et al.  Efficient Privacy-Aware Authentication Scheme for Mobile Cloud Computing Services , 2018, IEEE Systems Journal.

[13]  Han-Yu Lin,et al.  Efficient mobile dynamic ID authentication and key agreement scheme without trusted servers , 2017, Int. J. Commun. Syst..

[14]  Lamine M. Aouad,et al.  Smartphone Security: An overview of emerging threats. , 2014, IEEE Consumer Electronics Magazine.

[15]  Konstantinos Markantonakis,et al.  Considerations for mobile authentication in the Cloud , 2011, Inf. Secur. Tech. Rep..

[16]  Wenfen Liu,et al.  An Improved Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[17]  Sheetal Kalra,et al.  Advanced password based authentication scheme for wireless sensor networks , 2015, J. Inf. Secur. Appl..

[18]  Jian Ren,et al.  ExpSOS: Secure and Verifiable Outsourcing of Exponentiation Operations for Mobile Cloud Computing , 2016, IEEE Transactions on Information Forensics and Security.

[19]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[20]  Hamid Harroud,et al.  Mobile cloud computing for computation offloading: Issues and challenges , 2018 .

[21]  Cheng-Chi Lee,et al.  A dynamic identity-based user authentication scheme for remote login systems , 2015, Secur. Commun. Networks.

[22]  Dijiang Huang,et al.  Mobile Cloud Offloading Models , 2018 .

[23]  Thomas Coughlin,et al.  Security analysis of authentication protocols for next-generation mobile and CE cloud services , 2011, 2011 IEEE International Conference on Consumer Electronics -Berlin (ICCE-Berlin).

[24]  Pinki Roy,et al.  A new secure authentication scheme for cloud computing environment , 2017, Concurr. Comput. Pract. Exp..

[25]  Paulo R. L. Gondim,et al.  Security in Cloud-Computing-Based Mobile Health , 2016, IT Professional.

[26]  Aeri Lee,et al.  Authentication scheme for smart learning system in the cloud computing environment , 2015, Journal of Computer Virology and Hacking Techniques.

[27]  Brijesh Kumar Chaurasia,et al.  Authentication in Cloud Computing Environment Using Two Factor Authentication , 2013, SocProS.

[28]  A. Kannammal,et al.  Authentication and Encryption for Medical Image Security System , 2014, Int. J. Robotics Autom..