Revisiting Anonymous Two-Factor Authentication Schemes for Cloud Computing

Investigating the security pitfalls of cryptographic protocols is crucial to understanding how to improve security. At ICCCS’17, Wu and Xu proposed an efficient smart-card-based password authentication scheme to cope with the vulnerabilities in Jiang et al.’s scheme. However, in this paper, we revea...

Full description

Saved in:

Bibliographic Details
Published in	Cloud Computing and Security Vol. 11064; pp. 134 - 146
Main Authors	Shen, Yaosheng, Wang, Ding, Wang, Ping
Format	Book Chapter
Language	English
Published	Switzerland Springer International Publishing AG 2018 Springer International Publishing
Series	Lecture Notes in Computer Science
Subjects	Cloud computing Offline password guessing attack Two-factor authentication User untraceability
Online Access	Get full text

Cover

Loading…

Abstract	Investigating the security pitfalls of cryptographic protocols is crucial to understanding how to improve security. At ICCCS’17, Wu and Xu proposed an efficient smart-card-based password authentication scheme to cope with the vulnerabilities in Jiang et al.’s scheme. However, in this paper, we reveal that Wu-Xu’s scheme actually is subject to critical security defects, such as offline password guessing attack and replay attack. Besides security, user friendly is also another great concern. In 2017, Roy et al. found that in most previous two-factor schemes a user has to manage different credentials for different services, and further suggested a user-friendly scheme which is claimed to be suitable for multi-server architecture and robust against various attacks. In this work, we show that Roy et al.’s scheme cannot achieve truly two-factor security and is of poor scalability. Our results invalidate any use of the scrutinized schemes for cloud computing environments.
AbstractList	Investigating the security pitfalls of cryptographic protocols is crucial to understanding how to improve security. At ICCCS’17, Wu and Xu proposed an efficient smart-card-based password authentication scheme to cope with the vulnerabilities in Jiang et al.’s scheme. However, in this paper, we reveal that Wu-Xu’s scheme actually is subject to critical security defects, such as offline password guessing attack and replay attack. Besides security, user friendly is also another great concern. In 2017, Roy et al. found that in most previous two-factor schemes a user has to manage different credentials for different services, and further suggested a user-friendly scheme which is claimed to be suitable for multi-server architecture and robust against various attacks. In this work, we show that Roy et al.’s scheme cannot achieve truly two-factor security and is of poor scalability. Our results invalidate any use of the scrutinized schemes for cloud computing environments.
Author	Wang, Ping Wang, Ding Shen, Yaosheng
Author_xml	– sequence: 1 givenname: Yaosheng surname: Shen fullname: Shen, Yaosheng email: ysshen@pku.edu.cn organization: National Engineering Research Center for Software Engineering, Beijing, China – sequence: 2 givenname: Ding surname: Wang fullname: Wang, Ding email: wangdingg@pku.edu.cn organization: National Engineering Research Center for Software Engineering, Beijing, China – sequence: 3 givenname: Ping surname: Wang fullname: Wang, Ping email: pwang@pku.edu.cn organization: School of Software and Microelectronics, Peking University, Beijing, China
BookMark	eNo1kMtOwzAQRQ0URFv6ByzyAwa_4seyiigPISFBWVuO49BAG4fYAfH3OC14M9a9c-2ZMwOT1rcOgEuMrjBC4loJCSlEFEGUjoJCY3oEFkmmSdxr4hhMMccYUsrUCZj9G1JMwDTdCVSC0TMwwyhnUgqFxTlYhPCeegiSitN8Ch6e3VcTmti0b9kyzfCz80PI1t8eroyNvs-WQ9y4NjbWxMa32YvduJ0LWZ2sYuuHKiv8rhvG_AU4rc02uMVfnYPX1c26uIOPT7f3xfIRdoTRCB2jNeelrMvKWVQaZqscCWkqh02lsGWuYgQzxYlTJTcSEelUZQQvUV0xa-gckMO7oevTt67XpfcfQWOkR3Q6MdJUJwB6j0mP6FKIHUJd7z8HF6J2Y8qm1XqztRvTRdcHzYkcUWkssMY5ob_RI2_W
ContentType	Book Chapter
Copyright	Springer Nature Switzerland AG 2018
Copyright_xml	– notice: Springer Nature Switzerland AG 2018
DBID	FFUUA
DEWEY	4
DOI	10.1007/978-3-030-00009-7_13
DatabaseName	ProQuest Ebook Central - Book Chapters - Demo use only
DatabaseTitleList
DeliveryMethod	fulltext_linktorsrc
Discipline	Computer Science
EISBN	9783030000097 3030000095
EISSN	1611-3349
Editor	Sun, Xingming Bertino, Elisa Pan, Zhaoqing
Editor_xml	– sequence: 1 fullname: Pan, Zhaoqing – sequence: 2 fullname: Bertino, Elisa – sequence: 3 fullname: Sun, Xingming
EndPage	146
ExternalDocumentID	EBC6284887_171_152
GroupedDBID	0D6 0DA 38. AABBV ACOUV AEDXK AEJLV AEKFX AEZAY ALMA_UNASSIGNED_HOLDINGS ANXHU BBABE BICGV BJAWL BUBNW CVGDX CZZ EDOXC FFUUA FOYMO I4C IEZ NQNQZ OEBZI SBO TPJZQ TSXQS Z5O Z7R Z7S Z7U Z7V Z7X Z7Y Z7Z Z81 Z83 Z84 Z85 Z87 Z88 -DT -GH -~X 1SB 29L 2HA 2HV 5QI 875 AASHB ABMNI ACGFS ADCXD AEFIE EJD F5P FEDTE HVGLF LAS LDH P2P RIG RNI RSU SVGTG VI1 ~02
ID	FETCH-LOGICAL-p243t-e43f66b8fbdec0ba4cd5078ade1ad91c4ed4214962e9b6a8028e9da76b0fd4ca3
ISBN	3030000087 9783030000080
ISSN	0302-9743
IngestDate	Tue Jul 29 20:12:29 EDT 2025 Thu May 29 00:54:56 EDT 2025
IsPeerReviewed	true
IsScholarly	true
LCCallNum	QA76.76.A65
Language	English
LinkModel	OpenURL
MergedId	FETCHMERGED-LOGICAL-p243t-e43f66b8fbdec0ba4cd5078ade1ad91c4ed4214962e9b6a8028e9da76b0fd4ca3
OCLC	1054887917
PQID	EBC6284887_171_152
PageCount	13
ParticipantIDs	springer_books_10_1007_978_3_030_00009_7_13 proquest_ebookcentralchapters_6284887_171_152
PublicationCentury	2000
PublicationDate	2018
PublicationDateYYYYMMDD	2018-01-01
PublicationDate_xml	– year: 2018 text: 2018
PublicationDecade	2010
PublicationPlace	Switzerland
PublicationPlace_xml	– name: Switzerland – name: Cham
PublicationSeriesSubtitle	Information Systems and Applications, incl. Internet/Web, and HCI
PublicationSeriesTitle	Lecture Notes in Computer Science
PublicationSeriesTitleAlternate	Lect.Notes Computer
PublicationSubtitle	4th International Conference, ICCCS 2018, Haikou, China, June 8-10, 2018, Revised Selected Papers, Part II
PublicationTitle	Cloud Computing and Security
PublicationYear	2018
Publisher	Springer International Publishing AG Springer International Publishing
Publisher_xml	– name: Springer International Publishing AG – name: Springer International Publishing
RelatedPersons	Kleinberg, Jon M. Mattern, Friedemann Naor, Moni Mitchell, John C. Terzopoulos, Demetri Steffen, Bernhard Pandu Rangan, C. Kanade, Takeo Kittler, Josef Weikum, Gerhard Hutchison, David Tygar, Doug
RelatedPersons_xml	– sequence: 1 givenname: David surname: Hutchison fullname: Hutchison, David organization: Lancaster University, Lancaster, United Kingdom – sequence: 2 givenname: Takeo surname: Kanade fullname: Kanade, Takeo organization: Carnegie Mellon University, Pittsburgh, USA – sequence: 3 givenname: Josef surname: Kittler fullname: Kittler, Josef organization: University of Surrey, Guildford, United Kingdom – sequence: 4 givenname: Jon M. surname: Kleinberg fullname: Kleinberg, Jon M. organization: Cornell University, Ithaca, USA – sequence: 5 givenname: Friedemann surname: Mattern fullname: Mattern, Friedemann organization: ETH Zurich, Zurich, Switzerland – sequence: 6 givenname: John C. surname: Mitchell fullname: Mitchell, John C. organization: Stanford University, Stanford, USA – sequence: 7 givenname: Moni surname: Naor fullname: Naor, Moni organization: Dept Applied Math & Computer Science, Weizmann Institute of Science, Rehovot, Israel – sequence: 8 givenname: C. surname: Pandu Rangan fullname: Pandu Rangan, C. organization: Indian Institute of Technology Madras, Chennai, India – sequence: 9 givenname: Bernhard surname: Steffen fullname: Steffen, Bernhard organization: TU Dortmund University, Dortmund, Germany – sequence: 10 givenname: Demetri surname: Terzopoulos fullname: Terzopoulos, Demetri organization: University of California, Los Angeles, USA – sequence: 11 givenname: Doug surname: Tygar fullname: Tygar, Doug organization: University of California, Berkeley, USA – sequence: 12 givenname: Gerhard surname: Weikum fullname: Weikum, Gerhard organization: Max Planck Institute for Informatics, Saarbrücken, Germany
SSID	ssj0002089635 ssj0002792
Score	1.8741322
Snippet	Investigating the security pitfalls of cryptographic protocols is crucial to understanding how to improve security. At ICCCS’17, Wu and Xu proposed an...
SourceID	springer proquest
SourceType	Publisher
StartPage	134
SubjectTerms	Cloud computing Offline password guessing attack Two-factor authentication User untraceability
Title	Revisiting Anonymous Two-Factor Authentication Schemes for Cloud Computing
URI	http://ebookcentral.proquest.com/lib/SITE_ID/reader.action?docID=6284887&ppg=152 http://link.springer.com/10.1007/978-3-030-00009-7_13
Volume	11064
hasFullText	1
inHoldings	1
isFullTextHit
isPrint
link	http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1LS8QwEA66XsSDb1xf5OCtRNo06eOoy66yiAddxVtImvQkKm5F8Nc7Sd9lL3oppaTtMF-Yzkznm0HoQnKmTZgyktFQEcYzTlQqDQGhwQEG_5UaV-V7H90-sfkLf2kHQzp2SaEus5-VvJL_oArXAFfLkv0Dss1D4QKcA75wBIThOHB--2nWsq_A6_uX9sqpDDXT8LGaRtfdCA-OP-6WNLG-t_h-JzM3asezSTJbMlTm7mxbTmMbONnyw8EruhmCIBlkCOoM4SDH2ElzXd30okr4qvmlL9kzkxA8spVGt1tnAbcS53eSWJQk036P66DsVzvocT29nkTwnQSDJ4I4ELBoHa3HCR-hjavp_O65yZpRPwGLwS1JpxYyLtsotUJ3CJKrZOqFEoO_386pWOygLUs0wZYBAlLuojXztoe26zEbuLK6-2jeIogbBHGLIO4jiCsEMSCIHYK4QfAAPc2mi8ktqUZgkA_KwoIYFuZRpJJcaZP5SrJMgwOfSG0CqdMgY0YzCkFuRE2qIpmAt2hSLeNI-blmmQwP0QgEM0cI8zgwEEwqAxab6ZCnqfS5TmLKcholVI8RqfUi3I_6qjo4K7WwFAOExsirlSfs8qWoO2CD1kUoQOvCaV1YrR__8eknaLPdyqdoVHx-mTNw_wp1Xu2JX4GMV1c
linkProvider	Library Specific Holdings
openUrl	ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.title=Cloud+Computing+and+Security&rft.atitle=Revisiting+Anonymous+Two-Factor+Authentication+Schemes+for+Cloud+Computing&rft.date=2018-01-01&rft.pub=Springer+International+Publishing+AG&rft.isbn=9783030000080&rft.volume=11064&rft_id=info:doi/10.1007%2F978-3-030-00009-7_13&rft.externalDBID=152&rft.externalDocID=EBC6284887_171_152
thumbnail_s	http://utb.summon.serialssolutions.com/2.0.0/image/custom?url=https%3A%2F%2Febookcentral.proquest.com%2Fcovers%2F6284887-l.jpg