Abstract
Cloud computing enables the users to access and share the data as and when required at anytime from anywhere. Due to its open access, one of the major issues faced by cloud computing is how to prevent the outsourced data from being leaked to unauthorized users. Therefore, mutual authentication between the user and the cloud service provider is a necessity to ensure that sensitive data in the cloud are not available to illegal users. Recently, Li et al. proposed a two-factor authentication protocol based on elliptic curve cryptosystem which enables the cloud users to access their outsourced data. However, we first show that their scheme suffers from the problem of wrong password login. Secondly, their scheme is prone to denial of service attack in the password-changing phase. Thirdly, it fails to provide user revocation when the smart card is lost or stolen. To remedy these flaws, we propose an improved two-factor authentication and key agreement protocol, which not only guards various known attacks, but also provides more desired security properties.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ardagna, A., Asal, R., Damiani, E., et al.: From security to assurance in the cloud: a survey. ACM Comput. Surv. (CSUR) 48(1), 2:1–50 (2015)
Li, H., Yang, Y., Luan, T., Liang, X., Zhou, L., Shen, X.: Enabling fine-grained multi-keyword search supporting classified sub-dictionaries over encrypted cloud data. IEEE Trans. Dependable Secure Comput. 13(3), 312–325 (2015)
Ren, Y., Shen, J., Wang, J., Han, J., Lee, S.: Mutual verifiable provable data auditing in public cloud storage. J. Internet Technol. 16(2), 317–323 (2015)
He, D., Zeadally, S., Wu, L.: Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Syst. J. (2015). doi:10.1109/JSYST.2015.2428620
Jiang, Q., Ma, J., Li, G., Yang, L.: Robust two-factor authentication and key agreement preserving user privacy. Int. J. Netw. Secur. 16(3), 229–240 (2014)
Jiang, Q., Ma, J., Lu, X., Tian, Y.: An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Netw. Appl. 8(6), 1070–1081 (2015)
Shen, J., Tan, H., Moh, S., et al.: Enhanced secure sensor association and key management in wireless body area networks. J. Commun. Netw. 17(5), 453–462 (2015)
Jiang, Q., Wei, F., Fu, S., Ma, J., Li, G., Alelaiwi, A.: Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy. Nonlinear Dyn. 83(4), 2085–2101 (2016)
Fushan, W., Jianfeng, Ma., Aijun, G., Guangsong, L., Chuangui, Ma.: A provably secure three-party password authenticated key exchange protocol without using server’s public-keys and symmetric cryptosystems. ITC 44(2), 195–206 (2015)
Choudhury, A.J., et al.: A strong user authentication framework for cloud computing. In: Proceedings of IEEE Asia-Pacific Services Computing Conference, 12–15, pp. 110–115 (2011)
Hao, Z., Zhong, S., Yu, N.: A time-bound ticket-based mutual authentication scheme for cloud computing. Int. J. Comput. Commun. Control 6(2), 227–235 (2011)
Pippal, R.S., Jaidhar, C.D., Tapaswi, S.: Enhanced time-bound ticket-based mutual authentication scheme for cloud computing. Informatica 37(2), 149–156 (2013)
Jiang, Q., Khan, M.K., Lu, X., Ma, J., He, D.: A privacy preserving three-factor authentication protocol for e-health clouds. J. Supercomput. (2016). doi:10.1007/s11227-015-1610-x
Hwang, M.S., Sun, T.H.: Using smart card to achieve a single sign-on for multiple cloud services. IETE Tech. Rev. 30(5), 410–416 (2013)
Tsai, J.L., Lo, N.W.: A privacy-aware authentication scheme for distributed mobile cloud computing services. IEEE Syst. J. 9(3), 805–815 (2015)
Qi, J., Jianfeng, Ma., Fushan, W.: On the security of a privacy-aware authentication scheme for distributed mobile cloud computing services. IEEE Syst. J. (2016). doi:10.1109/JSYST.2016.2574719
Li, H., Li, F., Song, C., et al.: Towards smart card based mutual authentication schemes in cloud computing. KSII Trans. Internet Inf. Syst. 9(7), 2719–2735 (2015)
Hankerson, D., Menezes, A., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer Professional Computing. Springer, Berlin (2004)
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002)
Odelu, V., Das, A.K., Goswami, A.: A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans. Inf. Forensics Secur. 10(9), 1953–1966 (2015)
Jiang, Q., Ma, J., Li, G., et al.: An efficient ticket based authentication protocol with unlinkability for wireless access networks. Wireless Pers. Commun. 77(2), 1489–1506 (2014)
Wang, D., He, D., Wang, P., Chu, C.H.: Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans. Dependable Secure Comput. 12(4), 428–442 (2015)
Wang, D., Wang, P.: On the usability of two-factor authentication. In: Tian, J., Jing, J., Srivatsa, M. (eds.) International Conference on Security and Privacy in Communication Networks. LNICS, vol. 152, pp. 141–150. Springer, Heidelberg (2014)
Li, X., Xiong, Y., Ma, J., Wang, W.: An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J. Netw. Comput. Appl. 35(2), 763–769 (2012)
Acknowledgements
This work is supported by Supported by National Natural Science Foundation of China (Program No. 61672413, U1405255, U1536202, 61372075, 61472310), National High Technology Research and Development Program (863 Program) (Program No. 2015AA016007), Natural Science Basic Research Plan in Shaanxi Province of China (Program No. 2016JM6005), Fundamental Research Funds for the Central Universities (Program No. JB161501), and Specific project on research and development platform of Shanghai Science and Technology Committee (Program No. 14DZ2294400).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Jiang, Q., Li, B., Ma, J., Tian, Y., Yang, Y. (2016). Cryptanalysis and Improvement of a Smart Card Based Mutual Authentication Scheme in Cloud Computing. In: Sun, X., Liu, A., Chao, HC., Bertino, E. (eds) Cloud Computing and Security. ICCCS 2016. Lecture Notes in Computer Science(), vol 10039. Springer, Cham. https://doi.org/10.1007/978-3-319-48671-0_28
Download citation
DOI: https://doi.org/10.1007/978-3-319-48671-0_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-48670-3
Online ISBN: 978-3-319-48671-0
eBook Packages: Computer ScienceComputer Science (R0)