Skip to main content
SpringerLink
Log in

Cryptanalysis and Improvement of a Smart Card Based Mutual Authentication Scheme in Cloud Computing

  • Conference paper
  • First Online:
Cloud Computing and Security (ICCCS 2016)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10039))

Included in the following conference series:

Abstract

Cloud computing enables the users to access and share the data as and when required at anytime from anywhere. Due to its open access, one of the major issues faced by cloud computing is how to prevent the outsourced data from being leaked to unauthorized users. Therefore, mutual authentication between the user and the cloud service provider is a necessity to ensure that sensitive data in the cloud are not available to illegal users. Recently, Li et al. proposed a two-factor authentication protocol based on elliptic curve cryptosystem which enables the cloud users to access their outsourced data. However, we first show that their scheme suffers from the problem of wrong password login. Secondly, their scheme is prone to denial of service attack in the password-changing phase. Thirdly, it fails to provide user revocation when the smart card is lost or stolen. To remedy these flaws, we propose an improved two-factor authentication and key agreement protocol, which not only guards various known attacks, but also provides more desired security properties.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ardagna, A., Asal, R., Damiani, E., et al.: From security to assurance in the cloud: a survey. ACM Comput. Surv. (CSUR) 48(1), 2:1–50 (2015)

    Google Scholar 

  2. Li, H., Yang, Y., Luan, T., Liang, X., Zhou, L., Shen, X.: Enabling fine-grained multi-keyword search supporting classified sub-dictionaries over encrypted cloud data. IEEE Trans. Dependable Secure Comput. 13(3), 312–325 (2015)

    Article  Google Scholar 

  3. Ren, Y., Shen, J., Wang, J., Han, J., Lee, S.: Mutual verifiable provable data auditing in public cloud storage. J. Internet Technol. 16(2), 317–323 (2015)

    Google Scholar 

  4. He, D., Zeadally, S., Wu, L.: Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Syst. J. (2015). doi:10.1109/JSYST.2015.2428620

    Google Scholar 

  5. Jiang, Q., Ma, J., Li, G., Yang, L.: Robust two-factor authentication and key agreement preserving user privacy. Int. J. Netw. Secur. 16(3), 229–240 (2014)

    Google Scholar 

  6. Jiang, Q., Ma, J., Lu, X., Tian, Y.: An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Netw. Appl. 8(6), 1070–1081 (2015)

    Article  Google Scholar 

  7. Shen, J., Tan, H., Moh, S., et al.: Enhanced secure sensor association and key management in wireless body area networks. J. Commun. Netw. 17(5), 453–462 (2015)

    Article  Google Scholar 

  8. Jiang, Q., Wei, F., Fu, S., Ma, J., Li, G., Alelaiwi, A.: Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy. Nonlinear Dyn. 83(4), 2085–2101 (2016)

    Article  MathSciNet  Google Scholar 

  9. Fushan, W., Jianfeng, Ma., Aijun, G., Guangsong, L., Chuangui, Ma.: A provably secure three-party password authenticated key exchange protocol without using server’s public-keys and symmetric cryptosystems. ITC 44(2), 195–206 (2015)

    Article  Google Scholar 

  10. Choudhury, A.J., et al.: A strong user authentication framework for cloud computing. In: Proceedings of IEEE Asia-Pacific Services Computing Conference, 12–15, pp. 110–115 (2011)

    Google Scholar 

  11. Hao, Z., Zhong, S., Yu, N.: A time-bound ticket-based mutual authentication scheme for cloud computing. Int. J. Comput. Commun. Control 6(2), 227–235 (2011)

    Article  Google Scholar 

  12. Pippal, R.S., Jaidhar, C.D., Tapaswi, S.: Enhanced time-bound ticket-based mutual authentication scheme for cloud computing. Informatica 37(2), 149–156 (2013)

    Google Scholar 

  13. Jiang, Q., Khan, M.K., Lu, X., Ma, J., He, D.: A privacy preserving three-factor authentication protocol for e-health clouds. J. Supercomput. (2016). doi:10.1007/s11227-015-1610-x

    Google Scholar 

  14. Hwang, M.S., Sun, T.H.: Using smart card to achieve a single sign-on for multiple cloud services. IETE Tech. Rev. 30(5), 410–416 (2013)

    Article  Google Scholar 

  15. Tsai, J.L., Lo, N.W.: A privacy-aware authentication scheme for distributed mobile cloud computing services. IEEE Syst. J. 9(3), 805–815 (2015)

    Article  Google Scholar 

  16. Qi, J., Jianfeng, Ma., Fushan, W.: On the security of a privacy-aware authentication scheme for distributed mobile cloud computing services. IEEE Syst. J. (2016). doi:10.1109/JSYST.2016.2574719

    Google Scholar 

  17. Li, H., Li, F., Song, C., et al.: Towards smart card based mutual authentication schemes in cloud computing. KSII Trans. Internet Inf. Syst. 9(7), 2719–2735 (2015)

    Google Scholar 

  18. Hankerson, D., Menezes, A., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer Professional Computing. Springer, Berlin (2004)

    MATH  Google Scholar 

  19. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  20. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002)

    Article  MathSciNet  Google Scholar 

  21. Odelu, V., Das, A.K., Goswami, A.: A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans. Inf. Forensics Secur. 10(9), 1953–1966 (2015)

    Article  Google Scholar 

  22. Jiang, Q., Ma, J., Li, G., et al.: An efficient ticket based authentication protocol with unlinkability for wireless access networks. Wireless Pers. Commun. 77(2), 1489–1506 (2014)

    Article  Google Scholar 

  23. Wang, D., He, D., Wang, P., Chu, C.H.: Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans. Dependable Secure Comput. 12(4), 428–442 (2015)

    Article  Google Scholar 

  24. Wang, D., Wang, P.: On the usability of two-factor authentication. In: Tian, J., Jing, J., Srivatsa, M. (eds.) International Conference on Security and Privacy in Communication Networks. LNICS, vol. 152, pp. 141–150. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  25. Li, X., Xiong, Y., Ma, J., Wang, W.: An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J. Netw. Comput. Appl. 35(2), 763–769 (2012)

    Article  Google Scholar 

Download references

Acknowledgements

This work is supported by Supported by National Natural Science Foundation of China (Program No. 61672413, U1405255, U1536202, 61372075, 61472310), National High Technology Research and Development Program (863 Program) (Program No. 2015AA016007), Natural Science Basic Research Plan in Shaanxi Province of China (Program No. 2016JM6005), Fundamental Research Funds for the Central Universities (Program No. JB161501), and Specific project on research and development platform of Shanghai Science and Technology Committee (Program No. 14DZ2294400).

Author information

Authors and Affiliations

  1. School of Cyber Engineering, Xidian University, Xi’an, China

    Qi Jiang, Bingyan Li & Jianfeng Ma

  2. Guizhou Provincial Key Laboratory of Public Big Data, Guiyang, Guizhou, China

    Youliang Tian

  3. The Third Research Institute of Ministry of Public Security, Shanghai, China

    Yuanyuan Yang

Authors
  1. Qi Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bingyan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jianfeng Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Youliang Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yuanyuan Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qi Jiang .

Editor information

Editors and Affiliations

  1. University of Information Science and Technology, Nanjing, China

    Xingming Sun

  2. Michigan State University , EAST LANSING, Michigan, USA

    Alex Liu

  3. National Dong Hwa University , Shoufeng, Taiwan

    Han-Chieh Chao

  4. Purdue University , West Lafayette, Indiana, USA

    Elisa Bertino

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Jiang, Q., Li, B., Ma, J., Tian, Y., Yang, Y. (2016). Cryptanalysis and Improvement of a Smart Card Based Mutual Authentication Scheme in Cloud Computing. In: Sun, X., Liu, A., Chao, HC., Bertino, E. (eds) Cloud Computing and Security. ICCCS 2016. Lecture Notes in Computer Science(), vol 10039. Springer, Cham. https://doi.org/10.1007/978-3-319-48671-0_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-48671-0_28

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-48670-3

  • Online ISBN: 978-3-319-48671-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation