On the Design of Provably Secure Lightweight Remote User Authentication Scheme for Mobile Cloud Computing Services

Secure and efficient lightweight user authentication protocol for mobile cloud computing becomes a paramount concern due to the data sharing using Internet among the end users and mobile devices. Mutual authentication of a mobile user and cloud service provider is necessary for accessing of any clou...

Full description

Saved in:
Bibliographic Details
Published inIEEE access Vol. 5; pp. 25808 - 25825
Main Authors Roy, Sandip, Chatterjee, Santanu, Das, Ashok Kumar, Chattopadhyay, Samiran, Kumar, Neeraj, Vasilakos, Athanasios V.
Format Journal Article
LanguageEnglish
Published Piscataway IEEE 01.01.2017
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Authentication
BAN logic
Cloud computing
Computational modeling
Constraints
Cryptography
Data retrieval
distributed mobile cloud computing
Electronic devices
End users
Fuzzy logic
Lightweight
Mobile communication
Mobile computing
Mobile handsets
ProVerif simulation
random oracle
Remote mobile user authentication
Security
user anonymity
user biometrics
Online AccessGet full text

Cover

More Information
Summary:Secure and efficient lightweight user authentication protocol for mobile cloud computing becomes a paramount concern due to the data sharing using Internet among the end users and mobile devices. Mutual authentication of a mobile user and cloud service provider is necessary for accessing of any cloud services. However, resource constraint nature of mobile devices makes this task more challenging. In this paper, we propose a new secure and lightweight mobile user authentication scheme for mobile cloud computing, based on cryptographic hash, bitwise XOR, and fuzzy extractor functions. Through informal security analysis and rigorous formal security analysis using random oracle model, it has been demonstrated that the proposed scheme is secure against possible well-known passive and active attacks and also provides user anonymity. Moreover, we provide formal security verification through ProVerif 1.93 simulation for the proposed scheme. Also, we have done authentication proof of our proposed scheme using the Burrows-Abadi-Needham logic. Since the proposed scheme does not exploit any resource constrained cryptosystem, it has the lowest computation cost in compare to existing related schemes. Furthermore, the proposed scheme does not involve registration center in the authentication process, for which it is having lowest communication cost compared with existing related schemes.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2017.2764913