Advanced Secure User Authentication Framework for Cloud Computing

Cloud Computing, as an emerging, virtual, large-scale distributed computing model, has gained increasing attention these years. Meanwhile it also faces many security challenges, one of which is authentication. Lots of researches have been done in this area. Recently, Choudhury et al proposed a user authentication framework to ensure user legitimacy before entering into the cloud. They claimed their scheme could provide identity management, mutual authentication, session key agreement between the user and the cloud server, and demanded user password change. However, we find the scheme will easily suffer from some attacks such as the masquerading attack, the OOB (out of band) attack, and the password change flaw through our analysis. In this paper, we first point out the security vulnerabilities to the Choudhury et al’s scheme, and present the detailed attacks on the scheme. Then, based on some remote user authentication schemes such as Ku-Chen’s scheme and Chen’s scheme, we apply the two-factor authentication technology to propose our advanced secure user authentication framework which can overcome above security shortages. Without sending one time key through secure OOB channel, our new protocol is able to ensure that only legitimate users can Rui Jiang, ADVANCED SECURE USER AUTHENTICATION FRAMEWORK FOR CLOUD COMPUTING 1701 access the cloud service based on smartcard. In addition, our advanced scheme can hold all the merits of the Choudhury et al’s scheme. Formal security analysis, which is based on the strand space model and authentication test, proves that our proposed scheme is secure under standard cryptographic. Also, the simulation results illustrate that our advanced scheme is more efficient on the communication performance than other schemes.

[1]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[2]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[3]  Wei-Kuan Shih,et al.  Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards , 2009, Comput. Commun..

[4]  C.-C. Jay Kuo,et al.  Multimedia storage security in cloud computing: An overview , 2011, 2011 IEEE 13th International Workshop on Multimedia Signal Processing.

[5]  Chris J. Mitchell,et al.  Limitations of challenge-response entity authentication , 1989 .

[6]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[7]  Gail-Joon Ahn,et al.  SecureCloud: Towards a Comprehensive Security Framework for Cloud Computing Environments , 2010, 2010 IEEE 34th Annual Computer Software and Applications Conference Workshops.

[8]  Hyotaek Lim,et al.  A Strong User Authentication Framework for Cloud Computing , 2011, 2011 IEEE Asia-Pacific Services Computing Conference.

[9]  Joshua D. Guttman,et al.  Authentication tests and the structure of bundles , 2002, Theor. Comput. Sci..

[10]  Tzung-Her Chen,et al.  A novel user-participating authentication scheme , 2010, J. Syst. Softw..

[11]  Joshua D. Guttman,et al.  Strand Spaces: Proving Security Protocols Correct , 1999, J. Comput. Secur..

[12]  Cheng-Chi Lee,et al.  A password authentication scheme over insecure networks , 2006, J. Comput. Syst. Sci..

[13]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[14]  Carl K. Chang,et al.  Computer software and applications , 2010, J. Syst. Softw..

[15]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[16]  Cheng-Chi Lee,et al.  A Robust Remote User Authentication Scheme Using Smart Card , 2011, Inf. Technol. Control..

[17]  Chien-Ming Chen,et al.  Cryptanalysis of a Variant of Peyravian-Zunic's Password Authentication Scheme , 2003 .

[18]  W. Marsden I and J , 2012 .