A more secure and privacy-aware anonymous user authentication scheme for distributed mobile cloud computing environments

Now-a-days, the low-power handheld mobile devices make our life more comfortable. With the fast advancement of mobile communication technologies and Internet, mobile users are accessing remote services at home over the Internet. Recently, Tsai and Lo put forwarded a user authentication scheme for distributing mobile cloud environments. Unfortunately, we observed that Tsai and Lo's scheme suffers from user impersonation attack and known session-specific temporary information attack. Besides, the scheme does not support the wrong password and fingerprint detection in the authentication phase. The scheme also violates the user anonymity property. Moreover, the password update functionality is absent in Tsai and Lo's scheme. In order to provide more securities and functionalities, this article put forwarded an enhanced scheme for distributing mobile cloud environments. The simulation on automated validation of Internet security protocols and applications tool ensures that our scheme is secure against the active and passive attacks. Our cryptanalysis gives surety that the scheme can defend related security attacks. We also compare our scheme with the previous schemes with respect to computation cost and security aspects. Copyright © 2016 John Wiley & Sons, Ltd.

[1]  Ling Tian,et al.  Identity-Based Authentication for Cloud Computing , 2009, CloudCom.

[2]  Sk Hafizul Islam,et al.  An improved pairing-free identity-based authenticated key agreement protocol based on ECC , 2012 .

[3]  Sk Hafizul Islam,et al.  Provably Secure and Pairing-Based Strong Designated Verifier Signature Scheme with Message Recovery , 2015 .

[4]  Yuh-Min Tseng,et al.  A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards , 2008, Informatica.

[5]  Xiong Li,et al.  A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps , 2016, Future Gener. Comput. Syst..

[6]  Khalid Mohammed Naji,et al.  Effect of Daily Chewing Soft Buds and Leaves of Catha edulis (Khat) on the Antioxidant Defense System and Oxidative Stress Markers in Blood , 2015 .

[7]  Muhammad Khurram Khan,et al.  Cryptanalysis and improvement of ‘a robust smart‐card‐based remote user password authentication scheme’ , 2014, Int. J. Commun. Syst..

[8]  Wei-Kuan Shih,et al.  Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[9]  Xiong Li,et al.  An improved remote user authentication scheme with key agreement , 2014, Comput. Electr. Eng..

[10]  Qiaoyan Wen,et al.  An Efficient Identity-Based Short Signature Scheme from Bilinear Pairings , 2007 .

[11]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[12]  Debiao He,et al.  Robust Biometrics-Based Authentication Scheme for Multiserver Environment , 2015, IEEE Systems Journal.

[13]  Debiao He,et al.  Security Flaws in a Smart Card Based Authentication Scheme for Multi-server Environment , 2012, Wireless Personal Communications.

[14]  Lijiang Zhang,et al.  A Dynamic ID-Based User Authentication and Key Agreement Scheme for Multi-Server Environment Using Bilinear Pairings , 2008, 2008 Workshop on Power Electronics and Intelligent Transportation System.

[15]  Cheng-Chi Lee,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards , 2011, Expert Syst. Appl..

[16]  Sherali Zeadally,et al.  Authentication protocol for an ambient assisted living system , 2015, IEEE Communications Magazine.

[17]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[18]  G. P. Biswas,et al.  Design of Two-Party Authenticated Key Agreement Protocol Based on ECC and Self-Certified Public Keys , 2015, Wireless Personal Communications.

[19]  Muhammad Sher,et al.  A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography , 2015, Electronic Commerce Research.

[20]  Dingcheng Yang,et al.  Wireless Information and Power Transfer: Optimal Power Control in One-Way and Two-Way Relay System , 2015, Wireless Personal Communications.

[21]  Sk Hafizul Islam,et al.  A provably secure identity-based strong designated verifier proxy signature scheme from bilinear pairings , 2014, J. King Saud Univ. Comput. Inf. Sci..

[22]  N. Asokan,et al.  Untraceability in mobile networks , 1995, MobiCom '95.

[23]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[24]  Jian Shen,et al.  A Novel Routing Protocol Providing Good Transmission Reliability in Underwater Sensor Networks , 2015 .

[25]  Ruhul Amin,et al.  A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usable in TMIS , 2015, Journal of Medical Systems.

[26]  Min-Hua Shao,et al.  A Novel Approach to Dynamic ID-Based Remote User Authentication Scheme for Multi-server Environment , 2010, 2010 Fourth International Conference on Network and System Security.

[27]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[28]  SK Hafizul Islam,et al.  Design and analysis of an improved smartcard‐based remote user password authentication scheme , 2016, Int. J. Commun. Syst..

[29]  Xiong Li,et al.  A more secure digital rights management authentication scheme based on smart card , 2014, Multimedia Tools and Applications.

[30]  Qi Wang,et al.  How do social-based cues influence consumers’ online purchase decisions? An event-related potential study , 2016, Electron. Commer. Res..

[31]  Ruhul Amin,et al.  Design and Analysis of Bilinear Pairing Based Mutual Authentication and Key Agreement Protocol Usable in Multi-server Environment , 2015, Wireless Personal Communications.

[32]  Matthew J. B. Robshaw,et al.  A Dynamic Key Infrastructure for Grid , 2005, EGC.

[33]  Ruhul Amin,et al.  A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks , 2016, Ad Hoc Networks.

[34]  Matthew J. B. Robshaw,et al.  On Identity-Based Cryptography and Grid Computing , 2004, International Conference on Computational Science.

[35]  Mohammad S. Obaidat,et al.  Design and Analysis of an Enhanced Patient-Server Mutual Authentication Protocol for Telecare Medical Information System , 2015, Journal of Medical Systems.

[36]  Jung Hee Cheon,et al.  An Identity-Based Signature from Gap Diffie-Hellman Groups , 2003, Public Key Cryptography.

[37]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[38]  Jin Wang,et al.  A Variable Threshold-Value Authentication Architecture for Wireless Mesh Networks , 2014 .

[39]  Ruhul Amin,et al.  An Improved RSA Based User Authentication and Session Key Agreement Protocol Usable in TMIS , 2015, Journal of Medical Systems.

[40]  Chih-Ming Hsiao,et al.  A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients , 2013, Future Gener. Comput. Syst..

[41]  Ruhul Amin,et al.  A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity , 2015, Journal of Medical Systems.

[42]  Yuanyuan Zhang,et al.  Cryptanalysis and Improvement of an Anonymous Authentication Protocol for Wireless Access Networks , 2013, Wireless Personal Communications.

[43]  Cheng-Chi Lee,et al.  Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks , 2013, Multimedia Systems.

[44]  Naveen K. Chilamkurti,et al.  A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks , 2015, Inf. Sci..

[45]  Jia-Lun Tsai,et al.  A Privacy-Aware Authentication Scheme for Distributed Mobile Cloud Computing Services , 2015, IEEE Systems Journal.

[46]  Fan Wu,et al.  Cryptanalysis and Improvement of a User Authentication Scheme Preserving Uniqueness and Anonymity for Connected Health Care , 2015, Journal of Medical Systems.

[47]  Ruhul Amin,et al.  Cryptanalysis and Design of a Three-Party Authenticated Key Exchange Protocol Using Smart Card , 2015 .

[48]  Sk Hafizul Islam,et al.  AN EFFICIENT AND SECURE STRONG DESIGNATED VERIFIER SIGNATURE SCHEME WITHOUT BILINEAR PAIRINGS , 2013 .

[49]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[50]  Muhammad Khurram Khan,et al.  User authentication schemes for wireless sensor networks: A review , 2015, Ad Hoc Networks.

[51]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[52]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of Authentication and Key Agreement Protocols for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[53]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of Yan et al.’s Biometric-Based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[54]  Muhammad Khurram Khan,et al.  A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security , 2017, Int. J. Commun. Syst..

[55]  S. D. Wolthusen Modeling Network Security Services in Tactical Networks , 2007 .

[56]  Muhammad Sher,et al.  Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems , 2015, Journal of Medical Systems.

[57]  Debiao He,et al.  A new dynamic identity-based authentication protocol for multi-server environment using elliptic curve cryptography , 2012, Secur. Commun. Networks.

[58]  SK Hafizul Islam,et al.  A Provably Secure ID-Based Mutual Authentication and Key Agreement Scheme for Mobile Multi-Server Environment Without ESL Attack , 2014, Wireless Personal Communications.

[59]  Jenq-Shiou Leu,et al.  An anonymous mobile user authentication protocol using self-certified public keys based on multi-server architectures , 2014, The Journal of Supercomputing.

[60]  Chunguang Ma,et al.  Security flaws in two improved remote user authentication schemes using smart cards , 2014, Int. J. Commun. Syst..

[61]  Min-Hua Shao,et al.  A Novel Dynamic ID-based Remote User Authentication and Access Control Scheme for Multi-server Environment , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[62]  Kangseok Kim,et al.  An efficient secure authentication scheme with user anonymity for roaming user in ubiquitous networks , 2013, Peer-to-Peer Networking and Applications.

[63]  SK Hafizul Islam,et al.  Design and analysis of a three party password-based authenticated key exchange protocol using extended chaotic maps , 2015, Inf. Sci..

[64]  Tanmoy Maitra,et al.  An Efficient and Robust User Authentication Scheme for Hierarchical Wireless Sensor Networks without Tamper-Proof Smart Card , 2016, Int. J. Netw. Secur..