nach oben

The Journal of Supercomputing

Erschienen in:

28.05.2021

Enhancing security and efficiency in cloud computing authentication and key agreement scheme based on smart card

verfasst von: Mariem Bouchaala, Cherif Ghazel, Leila Azouz Saidane

Erschienen in: The Journal of Supercomputing | Ausgabe 1/2022

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The password-based authentication mechanism is considered as the oldest and the most used method. It is easy to implement, and it does not require any particular configuration or devices. Yet, this solution does not ensure a high level of security when it is used in a large and remote environment such as cloud computing. In such an environment, the cloud user and the authentication remote server use an insecure communication channel to authenticate each other. Consequently, various attacks such as insider attack, password-guessing attack, user impersonation attack, and others can be launched. Smart cards are an alternative to improve this single authentication model by strengthening security and improving the communication process. In our work, we study the Huang et al. proposal. The authors have proposed a smart card-based authentication and key agreement scheme. They have used the elliptic curve to improve security. However, same related work shows that this solution does not resist to impersonation attacks and does not ensure perfect anonymity. Consequently, it does not protect users’ privacy. Thus, we propose an extension of the Huang et al. scheme in order to enforce security requirements. We implement an anonymous, mutual, and secure two-factor authentication and key agreement scheme applied to the cloud computing environment. We use elliptic curve cryptography and a fuzzy verifier to strengthen security. The solution is lightweight and optimizes performance. To prove the safety of the proposed protocol, formal security analysis with random oracle model and Scyther tool is provided. To evaluate its efficiency, a performance evaluation is prepared.

Vorheriger Artikel A cost-effective power-aware approach for scheduling cloudlets in cloud computing environments

Nächster Artikel FT-PDC: an enhanced hybrid congestion-aware fault-tolerant routing technique based on path diversity for 3D NoC

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Boyko V, MacKenzie P, Patel S (2000) Provably secure password-authenticated key exchange using diffie-hellman. International Conference on the Theory and Applications of Cryptographic Techniques 1807:156–171MATH

Lin C-L, Hwang T (2003) A password authentication scheme with secure password updating. Comp Secur 22(1):68–72CrossRef

Peyravian M, Jeffries C (2006) Secure remote user access over insecure networks. Comp Commun 29(5):660–667CrossRef

Merdassi I, Bouchaala M, Ghazel C, Leila S (October 2019) Private security for the cloud mobile via a strong authentication method. Coop Design Vis Eng, pages 190–200

Cherdmuangpak N, Anusas-amonkul T, Limthan B (July 2017) Two factor image-based password authentication for junior high school students. International Joint Conference on Computer Science and Software Engineering (JCSSE)

Das R, Manna S, Dutta S (2018) Secure user authentication system using image-based otp and randomize numeric otp based on user unique biometric image and digit repositioning scheme. Commun Devices Comput. pages 83–93

Trupil L, Nishant D (2017) An analytical study of biometric based remote user authentication schemes using smart cards. Comput Electr Eng 59:305–321CrossRef

Das ML (2009) Two-factor user authentication in wireless sensor networks. IEEE Trans Wirel Commun, pages 1086 – 1090

Lee CC, Li CT, Der Chen S (2011) Two attacks on a two-factor user authentication in wireless sensor networks. Parallel Process Lett, pages 21–26

10.

He D, Gao Y, CHAN S (2010) An enhanced two-factor user authentication scheme in wireless sensor networks. Ad Hoc Sens Wirel Netw, page 361–371

11.

Preeti C, Hari O (2018) An efficient two-factor remote user authentication and session key agreement scheme using rabin cryptosystem. Arab J Sci Eng 43(2):661–673CrossRef

12.

Morteza N, Reza J, Hamed A (2017) A lightweight authentication and key agreement protocol preserving user anonymity. Multimed Tools Appl 76(11):13401–13423CrossRef

13.

Trupil L, Mukesh S, Kumar MS (2018) Advanced formal authentication protocol using smart cards for network applicants. Comput Electr Eng 66:50–63CrossRef

14.

Qu J, Tan XL(2014) Two-factor user authentication with key agreement scheme based on elliptic curve cryptosystem. J Electr Comput Eng

15.

Huang B, Khan MK, Libing W, Muhaya Fahad T, He BD (2015) An efficient remote user authentication with key agreement scheme using elliptic curve cryptography. Wirel Personal Commun 85:225–240CrossRef

16.

Chaudhry SA, Naqvi H, Mahmood K (2017) An improved remote user authentication scheme using elliptic curve cryptography. Wirel Pers Commun, pp 1–19

17.

Maitra T, Obaidat Mohammad S, Hafizul Islam SK (2016) Security analysis and design of an efficient ecc-based two-factor password authentication scheme. Secur Commun Netw 9:4166–4181CrossRef

18.

Chenyu W, Wang D, Guoai X, Guo Y (2017) A lightweight password-based authentication protocol using smart card. Int J Commun Syst 30(16):336

19.

Srinivas J, Vinod K, Adesh K (2019) Eseap: Ecc based secure and efficient mutual authentication protocol using smart card. J Inf Secur Appl 51:1–19

20.

Chou CH, Tsai KY, Chung-Fu L (2013) Two id-based authenticated schemes with key agreement for mobile environments. J Supercomput 66(2):973–988CrossRef

21.

Sabzinejad Farash Mohammad, Ahmadian Attari Mahmoud (2014) A secure and efficient identity-based authenticated key exchange protocol for mobile client-server networks. J Supercomput 69(1):395–411CrossRef

22.

Yanrong L, Li L, Peng H, Yang Y (2017) An anonymous two-factor authenticated key agreement scheme for session initiation protocol using elliptic curve cryptography. Multimed Tools Appl 76:1801–1815CrossRef

23.

Memon Imran, Hussain Ibrar, Akhtar Rizwan, Gencai Chen (2015) Enhanced privacy and authentication: an efficient and secure anonymous communication for location based service using asymmetric cryptography scheme. Wirel Pers Commun 84(2):1487–1508CrossRef

24.

Alavalapati Goutham Reddy, Ashok Kumar Das, Yoon Eun-Jun (2016) A secure anonymous authentication protocol for mobile services on elliptic curve cryptographys. IEEE Access 4:4394–4407CrossRef

25.

Xie Qi, Wong Duncan S, Wang Guilin (2017) Provably secure dynamic id-based anonymous two factor authenticated key exchange protocol with extended security model. IEEE Trans Inf Forensics Secur 12:1382–1392CrossRef

26.

Shehzad AC, Husnain N, Taeshik S (2015) Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J Med Syst. pp 1801–1815

27.

Sheetal K, Sood Sandeep K (2015) Secure authentication scheme for iot and cloud servers. Pervasive Mobile Comput 24:210–223CrossRef

28.

Sharma G, Kalra S (2015) A lightweight multi-factor secure smart card based remote user authentication scheme for cloud-iot applications. J Inf Secur Appl 42:95–106

29.

Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51:541–552MathSciNetCrossRef

30.

Amin Ruhul, Hafizul Islamb SK, Biswas GP (2016) Design of anonymity preserving three-factor authenticated key exchange protocol for wireless sensor network. Comput Netw 101:42–622CrossRef

31.

Bellare M, Rogaway P (1993) Random oracles are practical: a paradigm for designing effcient protocols. ACM Conference on Computer and Communications Security, pp 62–73

32.

Wei F, Vijayakumar P, Qi J, Zhang R (2018) A mobile intelligent terminal based anonymous authenticated key exchange protocol for roaming service in global mobility networks. IEEE Trans Sustain Comput 5(2):2377–3782

33.

s Examining smart-card sMauwL. Operational semantics and verification of security protocols. Information Security and Cryptography series, Springer (2012)

34.

Debiao H, Neeraj K, Khurram KM (2018) Efficient privacy-aware authentication scheme for mobile cloud computing services. IEEE Syst J 12(2):1621–1631CrossRef

35.

Nilesh C, Anand Vijay S, Samrat M (2019) Towards identifying and preventing behavioral side channel attack on recording attack resilient unaided authentication services. Comput Secur 84:193–205CrossRef

36.

Koblitz N, Menezes A, Vanstone S (2000) The state of elliptic curve cryptography. Designs Codes Cryptogr 19(2–3):173–193MathSciNetCrossRef

Titel: Enhancing security and efficiency in cloud computing authentication and key agreement scheme based on smart card
verfasst von: Mariem Bouchaala
Cherif Ghazel
Leila Azouz Saidane
Publikationsdatum: 28.05.2021
Verlag: Springer US
Erschienen in: The Journal of Supercomputing / Ausgabe 1/2022
Print ISSN: 0920-8542
Elektronische ISSN: 1573-0484
DOI: https://doi.org/10.1007/s11227-021-03857-7

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 1/2022

Goaling recognition based on intelligent analysis of real-time basketball image of Internet of Things

Efficient detection of silent data corruption in HPC applications with synchronization-free message verification

Maximum Network Lifetime Problem with Time Slots and coverage constraints: heuristic approaches

UMOTS: an uncertainty-aware multi-objective genetic algorithm-based static task scheduling for heterogeneous embedded systems

Reversible multiplier with a column-wise structure and a reduced number of ancilla inputs and garbage outputs

An architecture supervisor scheme toward performance differentiation and optimization in cloud systems

Premium Partner