An Enhanced User Authentication Protocol Based on Elliptic Curve Cryptosystem in Cloud Computing Environment

With the popularity of cloud computing, information security issues in the cloud environment are becoming more and more prominent. As the first line of defense to ensure cloud computing security, user authentication has attracted extensive attention. Though considerable efforts have been paid for a secure and practical authentication scheme in cloud computing environment, most attempts ended in failure. The design of a secure and efficient user authentication scheme for cloud computing remains a challenge on the one hand and user’s smart card or mobile devices are of limited resource; on the other hand, with the combination of cloud computing and the Internet of Things, applications in cloud environments often need to meet various security requirements and are vulnerable to more attacks. In 2018, Amin et al. proposed an enhanced user authentication scheme in cloud computing, hoping to overcome the identified security flaws of two previous schemes. However, after a scrutinization of their scheme, we revealed that it still suffers from the same attacks (such as no user anonymity, no forward secrecy, and being vulnerable to offline dictionary attack) as the two schemes they compromised. Consequently, we take the scheme of Amin et al. (2018) as a study case, we discussed the inherent reason and the corresponding solutions to authentication schemes for cloud computing environment in detail. Next, we not only proposed an enhanced secure and efficient scheme, but also explained the design rationales for a secure cloud environment protocol. Finally, we applied BAN logic and heuristic analysis to show the security of the protocol and compared our scheme with related schemes. The results manifest the superiority of our scheme.

[1]  Meng Chang Chen,et al.  An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics , 2014, Expert Syst. Appl..

[2]  Ding Wang,et al.  A lightweight password‐based authentication protocol using smart card , 2017, Int. J. Commun. Syst..

[3]  Chun Chen,et al.  A strong user authentication scheme with smart cards for wireless communications , 2011, Comput. Commun..

[4]  Debiao He,et al.  A new dynamic identity-based authentication protocol for multi-server environment using elliptic curve cryptography , 2012, Secur. Commun. Networks.

[5]  Wei Liang,et al.  A new authentication protocol for healthcare applications using wireless medical sensor networks with user anonymity , 2016, Secur. Commun. Networks.

[6]  Jian Shen,et al.  Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems , 2018, J. Ambient Intell. Humaniz. Comput..

[7]  Jen-Ho Yang,et al.  A user authentication scheme on multi-server environments for cloud computing , 2013, 2013 9th International Conference on Information, Communications & Signal Processing.

[8]  Chenyu Wang,et al.  An Enhanced Three-Factor User Authentication Scheme Using Elliptic Curve Cryptosystem for Wireless Sensor Networks , 2017, Sensors.

[9]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[10]  Ping Wang,et al.  Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound , 2018, IEEE Transactions on Dependable and Secure Computing.

[11]  Ashok Kumar Das,et al.  Robust Anonymous Mutual Authentication Scheme for n-Times Ubiquitous Mobile Cloud Computing Services , 2017, IEEE Internet of Things Journal.

[12]  Ping Wang,et al.  Measuring Two-Factor Authentication Schemes for Real-Time Data Access in Industrial Wireless Sensor Networks , 2018, IEEE Transactions on Industrial Informatics.

[13]  Xiong Li,et al.  A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers , 2018, 2018 International Conference on Advances in Computing, Communication Control and Networking (ICACCCN).

[14]  Chunguang Ma,et al.  Security flaws in two improved remote user authentication schemes using smart cards , 2014, Int. J. Commun. Syst..

[15]  Guoai Xu,et al.  A Secure and Anonymous Two-Factor Authentication Protocol in Multiserver Environment , 2018, Secur. Commun. Networks.

[16]  Elisa Bertino,et al.  Robust Multi-Factor Authentication for Fragile Communications , 2014, IEEE Transactions on Dependable and Secure Computing.

[17]  Ping Wang,et al.  On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions , 2014, Comput. Networks.

[18]  Fenghua Li,et al.  Towards Smart Card Based Mutual Authentication Schemes in Cloud Computing , 2015, KSII Trans. Internet Inf. Syst..

[19]  Xiong Li,et al.  Provably secure biometric-based user authentication and key agreement scheme in cloud computing , 2016, Secur. Commun. Networks.

[20]  Xiong Li,et al.  Provably secure user authentication and key agreement scheme for wireless sensor networks , 2016, Secur. Commun. Networks.

[21]  Muhammad Khurram Khan,et al.  Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks , 2016, Comput. Networks.

[22]  Ping Wang,et al.  On the Challenges in Designing Identity-Based Privacy-Preserving Authentication Schemes for Mobile Devices , 2018, IEEE Systems Journal.

[23]  Victor I. Chang,et al.  A light weight authentication protocol for IoT-enabled devices in distributed Cloud Computing environment , 2018, Future Gener. Comput. Syst..

[24]  Lixiang Li,et al.  A Novel Smart Card Based User Authentication and Key Agreement Scheme for Heterogeneous Wireless Sensor Networks , 2017, Wirel. Pers. Commun..

[25]  Peilin Hong,et al.  A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture , 2012, J. Comput. Syst. Sci..

[26]  Xiong Li,et al.  Design of a user anonymous password authentication scheme without smart card , 2016, Int. J. Commun. Syst..

[27]  Muhammad Khurram Khan,et al.  An enhanced multi-server authentication protocol using password and smart-card: cryptanalysis and design , 2016, Secur. Commun. Networks.

[28]  Sherali Zeadally,et al.  Efficient and Anonymous Mobile User Authentication Protocol Using Self-Certified Public Key Cryptography for Multi-Server Architectures , 2016, IEEE Transactions on Information Forensics and Security.

[29]  Kim-Kwang Raymond Choo,et al.  Design of a provably secure biometrics-based multi-cloud-server authentication scheme , 2017, Future Gener. Comput. Syst..

[30]  Chenyu Wang,et al.  Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card , 2017, Secur. Commun. Networks.

[31]  Jian Shen,et al.  An untraceable temporal-credential-based two-factor authentication scheme using ECC for wireless sensor networks , 2016, J. Netw. Comput. Appl..

[32]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[33]  Wei-Kuan Shih,et al.  An Advanced ECC Dynamic ID-Based Remote Mutual Authentication Scheme for Cloud Computing , 2011, 2011 Fifth FTRA International Conference on Multimedia and Ubiquitous Engineering.

[34]  Athanasios V. Vasilakos,et al.  On the Design of Provably Secure Lightweight Remote User Authentication Scheme for Mobile Cloud Computing Services , 2017, IEEE Access.

[35]  Jianfeng Ma,et al.  A Privacy Enhanced Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[36]  Ping Wang,et al.  Zipf’s Law in Passwords , 2017, IEEE Transactions on Information Forensics and Security.

[37]  Jen-Ho Yang,et al.  An ID-Based User Authentication Scheme for Cloud Computing , 2014, 2014 Tenth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[38]  Chunguang Ma,et al.  Comments on an Advanced Dynamic ID-Based Authentication Scheme for Cloud Computing , 2012, WISM.

[39]  Xinyi Huang,et al.  Provably secure authenticated key agreement scheme for distributed mobile cloud computing services , 2017, Future Gener. Comput. Syst..

[40]  Jian Shen,et al.  A lightweight and privacy-preserving mutual authentication scheme for wearable devices assisted by cloud server , 2017, Comput. Electr. Eng..

[41]  Jia-Lun Tsai,et al.  A Privacy-Aware Authentication Scheme for Distributed Mobile Cloud Computing Services , 2015, IEEE Systems Journal.

[42]  Chao Yang,et al.  Efficient end-to-end authentication protocol for wearable health monitoring systems , 2017, Comput. Electr. Eng..