A lightweight anonymous authentication scheme for secure cloud computing services

Abstract

Cloud computing represents the latest technology that has revolutionized the world of business. It is a promising solution giving companies the possibility of remotely storing their data and accessing services whenever they are needed and at a lower cost. However, outsourcing IT resources also brings risks, especially for sensitive information in terms of security and privacy, since all data and resources stored in the cloud are managed and controlled by cloud service providers. On the other hand, cloud users would like cloud service providers not to know what services being accessed and how often they are using them. Therefore, designing mechanisms to protect privacy is a major challenge. One promising research area is via authentication mechanisms, which has attracted many researchers in this delicate subject. For this, several solutions have been devised and published recently to tackle this problem. Nevertheless, these solutions often suffer from different types of attacks, high computing and communication costs, and the use of complex key management schemes. To address these shortcomings, we propose an approach that ensures the optimal preservation of the privacy of cloud users to protect their personal data including identities. The suggested approach gives the cloud user the ability to access and use the services provided by cloud service providers anonymously without the providers of those services knowing their identity. We demonstrate the superiority of our proposed approach over several anonymous authentication solutions in terms of computation and communication costs.

This is a preview of subscription content, access via your institution.

We’re sorry, something doesn't seem to be working properly.

Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

References

  1. 1.

    Mansouri Y, Toosi AN, Buyya R (2019) Cost optimization for dynamic replication and migration of data in cloud data centers. IEEE Trans Cloud Comput 7(3):705–718

    Article  Google Scholar 

  2. 2.

    Djellalbia A, Boukerram A (2016) Authentification Anonyme dans un environnement Cloud (Doctoral dissertation, Université Abderrahmane Mira-Bejaia)

  3. 3.

    Probst T (2015) Évaluation et analyse des mécanismes de sécurité des réseaux dans les infrastructures virtuelles de cloud computing (Doctoral dissertation)

  4. 4.

    Karajeh H, Maqableh M, Masa’deh R (2020) Privacy and security issues of cloud computing environment. In: Proceedings of the 23rd IBIMA Conference Vision, pp 1–15

  5. 5.

    Sehgal N K, Bhatt P C P, Acken J M (2020) Cloud computing and information security. In: Cloud computing with security, Springer, Cham, pp 111–141

  6. 6.

    Raj A, Kumar R (2020) An exploration on cloud computing security strategies and issues. In: Inventive communication and computational technologies, Springer, Singapore, pp 549–562

  7. 7.

    Singh V, Pandey S K (2020) Cloud computing: vulnerability and threat indications. In: Performance management of integrated systems and its applications in software engineering, Springer, Singapore, pp 11–20

  8. 8.

    Fujitsu, (2010) Personal data in the cloud: A global survey of consumer attitudes. Available at:http://www.fujitsu.com/downloads/SOL/fai/reports/fujitsu_personal-data-in-the-cloud.pdf. Accessed 01 Nov 2019

  9. 9.

    Chia WY (2009) The classification of e-authentication protocols for targeted applicability (Doctoral dissertation, Monterey. California, Naval Postgraduate School)

  10. 10.

    Qu J, Tan XL (2014) Two-factor user authentication with key agreement scheme based on elliptic curve cryptosystem. J Electr Comput Eng 2014:16

    Google Scholar 

  11. 11.

    Chaudhry SA, Naqvi H, Mahmood K, Ahmad HF, Khan MK (2017) An improved remote user authentication scheme using elliptic curve cryptography. Wireless Pers Commun 96(4):5355–5373

    Article  Google Scholar 

  12. 12.

    Chang CC, Wu HL, Sun CY (2017) Notes on “secure authentication scheme for IoT and cloud servers”. Pervasive Mob Comput 38:275–278

    Article  Google Scholar 

  13. 13.

    Farash MS, Attari MA (2014) A secure and efficient identity-based authenticated key exchange protocol for mobile client-server networks. J Supercomput 69(1):395–411

    Article  Google Scholar 

  14. 14.

    Chaudhry SA, Naqvi H, Shon T, Sher M, Farash MS (2015) Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J Med Syst 39(6):1–11

    Article  Google Scholar 

  15. 15.

    Xie Q, Wong DS, Wang G, Tan X, Chen K, Fang L (2017) Provably secure dynamic ID-based anonymous two-factor authenticated key exchange protocol with extended security model. IEEE Trans Inf Forensics Secur 12(6):1382–1392

    Article  Google Scholar 

  16. 16.

    Lu Y, Li L, Peng H, Yang Y (2017) An anonymous two-factor authenticated key agreement scheme for session initiation protocol using elliptic curve cryptography. Multimedia Tools and Applications 76(2):1801–1815

    Article  Google Scholar 

  17. 17.

    Kumari S, Karuppiah M, Das AK, Li X, Wu F, Kumar N (2018) A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers. J Supercomput 74(12):6428–6453

    Article  Google Scholar 

  18. 18.

    Li X, Qiu W, Zheng D, Chen K, Li J (2009) Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Trans Industr Electron 57(2):793–800

    Article  Google Scholar 

  19. 19.

    Mo J, Hu Z, Chen H, Shen W (2019) An efficient and provably secure anonymous user authentication and key agreement for mobile cloud computing. Wireless Commun Mob Comput. https://doi.org/10.1155/2019/4520685

    Article  Google Scholar 

  20. 20.

    Jiang L, Li X, Cheng L L, Guo D (2013, October). Identity authentication scheme of cloud storage for user anonymity via USB token. In: Anti-Counterfeiting, Security and Identification (ASID), 2013 IEEE International Conference on. IEEE, pp 1–6

  21. 21.

    Yang Y, Golshan A (2017) U.S. Patent No. 9,584,318. Washington, DC: U.S. Patent and Trademark Office

  22. 22.

    Krutz RL, Vines RD (2010) Cloud security: a comprehensive guide to secure cloud computing. Wiley Publishing, New Jersey

    Google Scholar 

  23. 23.

    Subashini S, Kavitha V (2011) A survey on security issues in service delivery models of cloud computing. J Netw Comput Appl 34(1):1–11

    Article  Google Scholar 

  24. 24.

    Obaidat MS, Traore I, Woungang I (2019) Biometric-based physical and cybersecurity systems. Springer, Berlin, pp 165–187

    Google Scholar 

  25. 25.

    Obaidat M, Boudriga N (2007) Security of E-systems and computer networks. Cambridge University Press, Cambridge

    Google Scholar 

  26. 26.

    Hammami H, Brahmi H, Brahmi I, Yahia S B (2016) Security issues in cloud computing and associated alleviation approaches. In 2016 12th International Conference on Signal-Image Technology & Internet-Based Systems (SITIS). IEEE, pp 758–765

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Hamza Hammami.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Hammami, H., Yahia, S.B. & Obaidat, M.S. A lightweight anonymous authentication scheme for secure cloud computing services. J Supercomput 77, 1693–1713 (2021). https://doi.org/10.1007/s11227-020-03313-y

Download citation

Keywords

  • Cloud computing
  • Security
  • Attacks
  • Privacy
  • Anonymous
  • Authentication.