Traceable Anonymous Authentication and Key Exchange Protocol for Privacy-Aware Cloud Environments

• Published in: IEEE systems journal Vol. 13; no. 2; pp. 1608 - 1617
• Main Author: Lin, Han-Yu
• Format: Journal Article
• Language: English
• Published: New York IEEE 01.06.2019; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Access control; Anonymous authentication; Authentication; Cloud computing; cloud service; Error detection; Exchange schemes; Hardware; key exchange; Password; Passwords; Privacy; privacy-aware; Private networks; Protocols; Servers; Theft; traceable
• ISSN: 1932-8184; 1937-9234
• DOI: 10.1109/JSYST.2018.2828022

Anonymous authentication with key exchange is an important technique for any subject who attempts to access sensitive cloud services without compromising his/her identity. However, most so-called anonymous authentication schemes, also known as dynamic authentication protocols, only consider and offer preauthentication anonymity to resist ID-theft attacks. This motivates the author to propose a new anonymous authentication with key exchange scheme achieving both preauthentication and postauthentication user anonymity. By using a registered security token hardware together with a rememberable password, our scheme allows a user to generate a pseudoidentity for cloud authentication. To reduce communication overheads with cloud servers, our scheme utilizes an offline password update procedure and provides fast error detection in both login and password-update processes. Still, to make our scheme more suitable for privacy-aware cloud environments, the functionality of tracing real identities of anonymous users is provided. Additionally, we formally prove the authenticated key exchange (AKE) security of the proposed scheme in the random oracle model and discuss some potential attacks. The comparison results also clearly reveal that our scheme has better functionalities and security properties among related works.