On the Design of Provably Secure Lightweight Remote User Authentication Scheme for Mobile Cloud Computing Services

Secure and efficient lightweight user authentication protocol for mobile cloud computing becomes a paramount concern due to the data sharing using Internet among the end users and mobile devices. Mutual authentication of a mobile user and cloud service provider is necessary for accessing of any cloud services. However, resource constraint nature of mobile devices makes this task more challenging. In this paper, we propose a new secure and lightweight mobile user authentication scheme for mobile cloud computing, based on cryptographic hash, bitwise XOR, and fuzzy extractor functions. Through informal security analysis and rigorous formal security analysis using random oracle model, it has been demonstrated that the proposed scheme is secure against possible well-known passive and active attacks and also provides user anonymity. Moreover, we provide formal security verification through ProVerif 1.93 simulation for the proposed scheme. Also, we have done authentication proof of our proposed scheme using the Burrows-Abadi-Needham logic. Since the proposed scheme does not exploit any resource constrained cryptosystem, it has the lowest computation cost in compare to existing related schemes. Furthermore, the proposed scheme does not involve registration center in the authentication process, for which it is having lowest communication cost compared with existing related schemes.

[1]  Ping Wang,et al.  Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks , 2014, Ad Hoc Networks.

[2]  Chunguang Ma,et al.  Security flaws in two improved remote user authentication schemes using smart cards , 2014, Int. J. Commun. Syst..

[3]  William Stallings,et al.  Cryptography and network security - principles and practice (3. ed.) , 2014 .

[4]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[5]  Xiaolei Dong,et al.  4S: A secure and privacy-preserving key management scheme for cloud-assisted wireless body area network in m-healthcare social networks , 2015, Inf. Sci..

[6]  Sen-Shan Huang,et al.  List-Free ID-Based Mutual Authentication and Key Agreement Protocol for Multiserver Architectures , 2016, IEEE Transactions on Emerging Topics in Computing.

[7]  Palash Sarkar,et al.  A Simple and Generic Construction of Authenticated Encryption with Associated Data , 2010, TSEC.

[8]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[9]  Alessandro Armando,et al.  An authentication flaw in browser-based Single Sign-On protocols: Impact and remediations , 2013, Comput. Secur..

[10]  Ping Wang,et al.  Zipf’s Law in Passwords , 2017, IEEE Transactions on Information Forensics and Security.

[11]  Xiaolei Dong,et al.  Security and privacy for storage and computation in cloud computing , 2014, Inf. Sci..

[12]  Michael Scott,et al.  Implementing Cryptographic Pairings on Smartcards , 2006, CHES.

[13]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[14]  Xiaolei Dong,et al.  Secure and Privacy Preserving Protocol for Cloud-Based Vehicular DTNs , 2015, IEEE Transactions on Information Forensics and Security.

[15]  Ping Wang,et al.  Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound , 2018, IEEE Transactions on Dependable and Secure Computing.

[16]  Debiao He,et al.  Robust Biometrics-Based Authentication Scheme for Multiserver Environment , 2015, IEEE Systems Journal.

[17]  David Pointcheval,et al.  Multi-factor Authenticated Key Exchange , 2008, ACNS.

[18]  Athanasios V. Vasilakos,et al.  Secure Biometric-Based Authentication Scheme Using Chebyshev Chaotic Map for Multi-Server Environment , 2018, IEEE Transactions on Dependable and Secure Computing.

[19]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[20]  Xiong Li,et al.  Provably secure three-factor authentication and key agreement scheme for session initiation protocol , 2016, Secur. Commun. Networks.

[21]  Bruno Blanchet,et al.  Models and Proofs of Protocol Security: A Progress Report , 2009, CAV.

[22]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[23]  Joel J. P. C. Rodrigues,et al.  Secure Three-Factor User Authentication Scheme for Renewable-Energy-Based Smart Grid Environment , 2017, IEEE Transactions on Industrial Informatics.

[24]  Athanasios V. Vasilakos,et al.  Flexible Data Access Control Based on Trust and Reputation in Cloud Computing , 2017, IEEE Transactions on Cloud Computing.

[25]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[26]  Debiao He,et al.  New biometrics-based authentication scheme for multi-server environment in critical systems , 2015, J. Ambient Intell. Humaniz. Comput..

[27]  Vanga Odelu,et al.  A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards , 2015, IEEE Transactions on Information Forensics and Security.

[28]  Qing Zhang,et al.  A Novel Serial Multimodal Biometrics Framework Based on Semisupervised Learning Techniques , 2014, IEEE Transactions on Information Forensics and Security.

[29]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[30]  Robert H. Deng,et al.  A Generic Framework for Three-Factor Authentication: Preserving Security and Privacy in Distributed Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[31]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[32]  Xiaotie Deng,et al.  Anonymous and Authenticated Key Exchange for Roaming Networks , 2007, IEEE Transactions on Wireless Communications.

[33]  Xiong Li,et al.  Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS , 2016, Secur. Commun. Networks.

[34]  Ashok Kumar Das,et al.  Robust Anonymous Mutual Authentication Scheme for n-Times Ubiquitous Mobile Cloud Computing Services , 2017, IEEE Internet of Things Journal.

[35]  Xinyi Huang,et al.  Provably secure authenticated key agreement scheme for distributed mobile cloud computing services , 2017, Future Gener. Comput. Syst..

[36]  Ping Wang,et al.  On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions , 2014, Comput. Networks.

[37]  Julien Bringer,et al.  A Framework for Analyzing Template Security and Privacy in Biometric Authentication Systems , 2012, IEEE Transactions on Information Forensics and Security.

[38]  Jia-Lun Tsai,et al.  A Privacy-Aware Authentication Scheme for Distributed Mobile Cloud Computing Services , 2015, IEEE Systems Journal.

[39]  Xiong Li,et al.  Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards , 2011, J. Netw. Comput. Appl..

[40]  Vanga Odelu,et al.  A secure and efficient ECC-based user anonymity preserving single sign-on scheme for distributed computer networks , 2015, Secur. Commun. Networks.

[41]  Eun-Jun Yoon,et al.  Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem , 2010, The Journal of Supercomputing.

[42]  Dong Hoon Lee,et al.  Efficient Privacy-Preserving Authentication in Wireless Mobile Networks , 2014, IEEE Transactions on Mobile Computing.

[43]  Xiong Li,et al.  An efficient multi-gateway-based three-factor user authentication and key agreement scheme in hierarchical wireless sensor networks , 2016, Secur. Commun. Networks.

[44]  Athanasios V. Vasilakos,et al.  Security in cloud computing: Opportunities and challenges , 2015, Inf. Sci..

[45]  Ping Wang,et al.  The Request for Better Measurement: A Comparative Evaluation of Two-Factor Authentication Schemes , 2016, AsiaCCS.

[46]  Joseph Bonneau,et al.  The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords , 2012, 2012 IEEE Symposium on Security and Privacy.

[47]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[48]  Athanasios V. Vasilakos,et al.  Provably secure three-party authenticated key agreement protocol using smart cards , 2014, Comput. Networks.

[49]  Athanasios V. Vasilakos,et al.  Mobile Cloud Computing: A Survey, State of Art and Future Directions , 2013, Mobile Networks and Applications.

[50]  Rajkumar Buyya,et al.  Cloud-Based Augmentation for Mobile Devices: Motivation, Taxonomies, and Open Challenges , 2013, IEEE Communications Surveys & Tutorials.

[51]  Athanasios V. Vasilakos,et al.  A Novel Authentication and Key Agreement Scheme for Implantable Medical Devices Deployment , 2018, IEEE Journal of Biomedical and Health Informatics.

[52]  Elisa Bertino,et al.  Robust Multi-Factor Authentication for Fragile Communications , 2014, IEEE Transactions on Dependable and Secure Computing.

[53]  Li Xu,et al.  Further Observations on Smart-Card-Based Password-Authenticated Key Agreement in Distributed Systems , 2014, IEEE Transactions on Parallel and Distributed Systems.

[54]  Samiran Chattopadhyay,et al.  Chaotic Map-Based Anonymous User Authentication Scheme With User Biometrics and Fuzzy Extractor for Crowdsourcing Internet of Things , 2018, IEEE Internet of Things Journal.

[55]  Ping Wang,et al.  Targeted Online Password Guessing: An Underestimated Threat , 2016, CCS.

[56]  Paul F. Syverson,et al.  The Logic of Authentication Protocols , 2000, FOSAD.

[57]  Ashok Kumar Das,et al.  Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards , 2011, IET Inf. Secur..