A robust ticket-based mutual authentication scheme for data security in cloud computing

2014 ◽  
Author(s):  
Mrudula Sarvabhatla ◽  
M. Giri ◽  
Chandra Sekhar Vorugunti
Keyword(s):  
Cloud Computing ◽  
Data Security ◽  
Mutual Authentication ◽  
Authentication Scheme

scholarly journals An Enhanced Lightweight IoT-based Authentication Scheme in Cloud Computing Circumstances

Sensors ◽  
2019 ◽  
Vol 19 (9) ◽  
pp. 2098 ◽  
Author(s):  
Rafael Martínez-Peláez ◽  
Homero Toral-Cruz ◽  
Jorge R. Parra-Michel ◽  
Vicente García ◽  
Luis J. Mena ◽  
...  
Keyword(s):  
Cloud Computing ◽  
Key Agreement ◽  
Mutual Authentication ◽  
Authentication Scheme ◽  
Security Requirements ◽  
The Internet ◽  
Authentication Protocols ◽  
Security Vulnerabilities ◽  
Rapid Deployment ◽  
The Internet Of Things

With the rapid deployment of the Internet of Things and cloud computing, it is necessary to enhance authentication protocols to reduce attacks and security vulnerabilities which affect the correct performance of applications. In 2019 a new lightweight IoT-based authentication scheme in cloud computing circumstances was proposed. According to the authors, their protocol is secure and resists very well-known attacks. However, when we evaluated the protocol we found some security vulnerabilities and drawbacks, making the scheme insecure. Therefore, we propose a new version considering login, mutual authentication and key agreement phases to enhance the security. Moreover, we include a sub-phase called evidence of connection attempt which provides proof about the participation of the user and the server. The new scheme achieves the security requirements and resists very well-known attacks, improving previous works. In addition, the performance evaluation demonstrates that the new scheme requires less communication-cost than previous authentication protocols during the registration and login phases.

scholarly journals New Authentication Scheme to Secure against the Phishing Attack in the Mobile Cloud Computing

2019 ◽  
Vol 2019 ◽  
pp. 1-11 ◽  
Author(s):  
Munivel E ◽  
Kannammal A
Keyword(s):  
Cloud Computing ◽  
Service Provider ◽  
Mobile Cloud Computing ◽  
Mutual Authentication ◽  
Social Engineering ◽  
Cloud Services ◽  
Authentication Scheme ◽  
Protocol Verification ◽  
Mobile Cloud ◽  
Verification Tool

A phishing attack is one of the severe threats to the smartphone users. As per the recent lookout report, mobile phishing attack is increasing 85% year to year and going to become a significant threat to the smartphone users. This social engineering attack attempts to get the user’s password by disguising as trusted service provider. Most of the smartphone users are using the Internet services outside of the traditional firewall. Cloud-based documents are one of the primary targets of this phishing attack in mobile cloud computing. Also, most smartphone users are using the cloud storage in their device. To secure against this password attack in a mobile cloud environment, we propose a new authentication scheme to provide novel security to the mobile cloud services. This scheme will verify the user and service provider without transmitting the password using the Zero-knowledge proof based authentication protocol. Moreover, the proposed scheme will provide mutual authentication between the communication entities. The effectiveness of proposed scheme would be verified using protocol verification tool called Scyther.

scholarly journals A Secure Lightweight Three-Factor Authentication Scheme for IoT in Cloud Computing Environment

Sensors ◽  
2019 ◽  
Vol 19 (16) ◽  
pp. 3598 ◽  
Author(s):  
SungJin Yu ◽  
KiSung Park ◽  
YoungHo Park
Keyword(s):  
Cloud Computing ◽  
Mutual Authentication ◽  
Internet Security ◽  
Authentication Scheme ◽  
Sensitive Information ◽  
Computing Environment ◽  
Session Key ◽  
Cloud Computing Environment ◽  
Smart Healthcare ◽  
Three Factor

With the development of cloud computing and communication technology, users can access the internet of things (IoT) services provided in various environments, including smart home, smart factory, and smart healthcare. However, a user is insecure various types of attacks, because sensitive information is often transmitted via an open channel. Therefore, secure authentication schemes are essential to provide IoT services for legal users. In 2019, Pelaez et al. presented a lightweight IoT-based authentication scheme in cloud computing environment. However, we prove that Pelaez et al.’s scheme cannot prevent various types of attacks such as impersonation, session key disclosure, and replay attacks and cannot provide mutual authentication and anonymity. In this paper, we present a secure and lightweight three-factor authentication scheme for IoT in cloud computing environment to resolve these security problems. The proposed scheme can withstand various attacks and provide secure mutual authentication and anonymity by utilizing secret parameters and biometric. We also show that our scheme achieves secure mutual authentication using Burrows–Abadi–Needham logic analysis. Furthermore, we demonstrate that our scheme resists replay and man-in-the-middle attacks usingthe automated validation of internet security protocols and applications (AVISPA) simulation tool. Finally, we compare the performance and the security features of the proposed scheme with some existing schemes. Consequently, we provide better safety and efficiency than related schemes and the proposed scheme is suitable for practical IoT-based cloud computing environment.

scholarly journals A Time-Bound Ticket-Based Mutual Authentication Scheme for Cloud Computing

2011 ◽  
Vol 6 (2) ◽  
pp. 227 ◽  
Author(s):  
Zhuo Hao ◽  
Sheng Zhong ◽  
Nenghai Yu
Keyword(s):  
Cloud Computing ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Data Integrity ◽  
Authentication Scheme ◽  
Replay Attack ◽  
Good Efficiency ◽  
Password Guessing Attack ◽  
Integrity Checking ◽  
Guessing Attack

<p>Cloud computing is becoming popular quickly. In cloud computing, people store their important data in the cloud, which makes it important to ensure the data integrity and availability. Remote data integrity checking enables the client to perform data integrity verification without access to the complete file. This service brings convenience to clients, but degrades the server’s performance severely. Proper schemes must be designed to reduce the performance degradation.<br /> In this paper, a time-bound ticket-based mutual authentication scheme is proposed for solving this problem. The proposed authentication scheme achieves mutual authentication between the server and the client. The use of timebound tickets reduces the server’s processing overhead efficiently. The correspondence relationship between the digital ticket and the client’s smart card prevents user masquerade attack effectively. By security analysis, we show that the proposed scheme is resistant to masquerade attack, replay attack and password guessing attack. By performance analysis, we show that the proposed scheme has good efficiency. The proposed scheme is very suitable for cloud computing.</p>

scholarly journals A Robust IoT-Based Three-Factor Authentication Scheme for Cloud Computing Resistant to Session Key Exposure

2020 ◽  
Vol 2020 ◽  
pp. 1-15 ◽  
Author(s):  
Feifei Wang ◽  
Guosheng Xu ◽  
Guoai Xu ◽  
Yuejie Wang ◽  
Junhao Peng
Keyword(s):  
Cloud Computing ◽  
Resource Sharing ◽  
Secure Communication ◽  
Formal Analysis ◽  
Mutual Authentication ◽  
Authentication Scheme ◽  
User Privacy ◽  
Session Key ◽  
Three Factor ◽  
Key Exposure

With the development of Internet of Things (IoT) technologies, Internet-enabled devices have been widely used in our daily lives. As a new service paradigm, cloud computing aims at solving the resource-constrained problem of Internet-enabled devices. It is playing an increasingly important role in resource sharing. Due to the complexity and openness of wireless networks, the authentication protocol is crucial for secure communication and user privacy protection. In this paper, we discuss the limitations of a recently introduced IoT-based authentication scheme for cloud computing. Furthermore, we present an enhanced three-factor authentication scheme using chaotic maps. The session key is established based on Chebyshev chaotic-based Diffie–Hellman key exchange. In addition, the session key involves a long-term secret. It ensures that our scheme is secure against all the possible session key exposure attacks. Besides, our scheme can effectively update user password locally. Burrows–Abadi–Needham logic proof confirms that our scheme provides mutual authentication and session key agreement. The formal analysis under random oracle model proves the semantic security of our scheme. The informal analysis shows that our scheme is immune to diverse attacks and has desired features such as three-factor secrecy. Finally, the performance comparisons demonstrate that our scheme provides optimal security features with an acceptable computation and communication overheads.

Sign in / Sign up

Export Citation Format

Share Document