Efficient user authentication protocol for distributed multimedia mobile cloud environment

Abstract

The rapid growth of smart-phone users, mobile services and mobile applications, poses the challenges of storage space, processing capability, and battery lifetime at the users smart phones. Mobile cloud computing helps to overcome these challenges. Presently, when a mobile user wants to subscribe to various Multimedia based cloud service providers (MBCSPs), he/she need to register separately for each of MBCSP. Although one can use single sign-on methods, they are unreliable due to the presence of any untrusted server. Hence, we propose a three-factor mobile user authentication protocol for Distributed Multimedia based cloud services. Our proposed method consists of strong authentication between the mobile user and multimedia-based cloud service providers using session key agreement, choice-based MBCSPs registration, initial mobile user identity registration checking, time of validity for secret key issued by Registration center (RC) to mobile user and time of validity for secret key issued by RC to MBCSPs respectively. We have verified our protocol with various attack scenarios using informal analysis, formal proof using BurrowsAbadiNeedham (BAN) logic and formal security analysis using Automated Validation of Internet Security Protocols and Applications tool (AVISPA) respectively. Our proposed protocol provides better performance and foolproof security.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

References

  1. Amin R, Biswas G (2015) Design and analysis of bilinear pairing based mutual authentication and key agreement protocol usable in multi-server environment. Wirel Personal Commun 84(1):439–462

    Google Scholar 

  2. Amin R, Islam SH, Biswas G, Giri D, Khan MK, Kumar N (2016) A more secure and privacy-aware anonymous user authentication scheme for distributed mobile cloud computing environments. Secur Commun Netw 9(17):4650–4666

    Google Scholar 

  3. Armando A, Basin D, Cuellar J, Rusinowitch M, Viganò L (2006) Avispa: automated validation of internet security protocols and applications. ERCIM News 64:66–67

    MATH  Google Scholar 

  4. Boneh D, Franklin M (2001) Identity-based encryption from the weil pairing. In: Kilian J (ed) Annual international cryptology conference, Springer, Berlin, Heidelberg, pp 213–229

    Google Scholar 

  5. Burrows M, Abadi M, Needham R (1990) A logic of authentication. ACM Trans Comput Syst 8(1):18–36

    MATH  Google Scholar 

  6. Chaudhry SA (2016) A secure biometric based multi-server authentication scheme for social multimedia networks. Multimed Tools Appl 75(20):12705–12725

    Google Scholar 

  7. Chaudhry SA, Kim IL, Rho S, Farash MS, Shon T (2017) An improved anonymous authentication scheme for distributed mobile cloud computing services. Cluster Computing 22(1):1595–1609

    Google Scholar 

  8. Chuang MC, Chen MC (2014) An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst Appl 41(4):1411–1418

    Google Scholar 

  9. Peck DD (1997) Multimedia; A Hands-on introduction. International Thomson Publishing, pp 3–4

  10. Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: International conference on the theory and applications of cryptographic techniques, Springer, pp 523–540

  11. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208

    MathSciNet  MATH  Google Scholar 

  12. Eisenbarth T, Kasper T, Moradi A, Paar C, Salmasizadeh M, Shalmani MTM (2008) On the power of power analysis in the real world: a complete break of the keeloq code hopping scheme. In: Annual international cryptology conference, Springer, pp 203–220

  13. Fujisaki E, Okamoto T (1999) Secure integration of asymmetric and symmetric encryption schemes. In: Annual international cryptology conference, Springer, pp 537–554

  14. He D, Wang D (2014) Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst J 9(3):816–823

    Google Scholar 

  15. He D, Wu S (2013) Security flaws in a smart card based authentication scheme for multi-server environment. Wirel Personal Commun 70(1):323–329

    Google Scholar 

  16. He D, Kumar N, Khan MK, Wang L, Shen J (2016) Efficient privacy-aware authentication scheme for mobile cloud computing services. IEEE Syst J 12(2):1621–1631

    Google Scholar 

  17. Hsiang HC, Shih WK (2009) Improvement of the secure dynamic id based remote user authentication scheme for multi-server environment. Comput Stand Interfaces 31(6):1118–1123

    Google Scholar 

  18. Hsieh WB, Leu JS (2014) An anonymous mobile user authentication protocol using self-certified public keys based on multi-server architectures. J Supercomput 70(1):133–148

    Google Scholar 

  19. Jegadeesan S, Azees M, Kumar PM, Manogaran G, Chilamkurti N, Varatharajan R, Hsu CH (2019) An efficient anonymous mutual authentication technique for providing secure communication in mobile cloud computing for smart city applications. Sustain Cities Soc 49:101522

    Google Scholar 

  20. Jiang Q, Ma J, Wei F (2016) On the security of a privacy-aware authentication scheme for distributed mobile cloud computing services. IEEE Syst J 12(2):2039–2042

    Google Scholar 

  21. Kumar C, Dudyala AK (2015) Bank note authentication using decision tree rules and machine learning techniques. In: 2015 International conference on advances in computer engineering and applications, IEEE, pp 310–314

  22. Lee CC, Lin TH, Chang RX (2011) A secure dynamic id based remote user authentication scheme for multi-server environment using smart cards. Expert Syst Appl 38(11):13863–13870

    Google Scholar 

  23. Li CT, Hwang MS (2010) An efficient biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 33(1):1–5

    Google Scholar 

  24. Li X, Niu JW, Ma J, Wang WD, Liu CL (2011) Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 34(1):73–79

    Google Scholar 

  25. Li X, Xiong Y, Ma J, Wang W (2012) An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J Netw Comput Appl 35(2):763–769

    Google Scholar 

  26. Li X, Ma J, Wang W, Xiong Y, Zhang J (2013) A novel smart card and dynamic id based remote user authentication scheme for multi-server environments. Mathe Comput Model 58(1–2):85–95

    Google Scholar 

  27. Li X, Niu J, Kumari S, Liao J, Liang W (2015) An enhancement of a smart card authentication scheme for multi-server architecture. Wirel Personal Commun 80(1):175–192

    Google Scholar 

  28. Liao YP, Wang SS (2009) A secure dynamic id based remote user authentication scheme for multi-server environment. Comput Stand Interfaces 31(1):24–29

    Google Scholar 

  29. Lu Y, Li L, Peng H, Yang Y (2015a) A biometrics and smart cards-based authentication scheme for multi-server environments. Security Commun Netw 8(17):3219–3228

    Google Scholar 

  30. Lu Y, Li L, Yang X, Yang Y (2015b) Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards. PLoS One 10(5):e0126323

    Google Scholar 

  31. Ma Z, Liu Y, Wang Z, Ge H, Zhao M (2018) A machine learning-based scheme for the security analysis of authentication and key agreement protocols. Neural Comput Appl. https://doi.org/10.1007/s00521-018-3929-8

    Article  Google Scholar 

  32. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    MathSciNet  MATH  Google Scholar 

  33. Mishra D, Das AK, Mukhopadhyay S (2014) A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst Appl 41(18):8129–8143

    Google Scholar 

  34. Naor M, Yung M (1989) Universal one-way hash functions and their cryptographic applications. In: Proceedings of the twenty-first annual ACM symposium on theory of computing, ACM, pp 33–43

  35. Nawrocki P, Sniezynski B (2018) Adaptive service management in mobile cloud computing by means of supervised and reinforcement learning. J Netw Syst Manag 26(1):1–22

    Google Scholar 

  36. Odelu V, Das AK, Goswami A (2015) A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans Inform Forensics Secur 10(9):1953–1966

    Google Scholar 

  37. Pippal RS, Jaidhar C, Tapaswi S (2013) Robust smart card authentication scheme for multi-server architecture. Wirel Personal Commun 72(1):729–745

    Google Scholar 

  38. Reddy AG, Yoon EJ, Das AK, Odelu V, Yoo KY (2017) Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment. IEEE Access 5:3622–3639

    Google Scholar 

  39. Roy S, Chatterjee S, Das AK, Chattopadhyay S, Kumar N, Vasilakos AV (2017) On the design of provably secure lightweight remote user authentication scheme for mobile cloud computing services. IEEE Access 5:25808–25825

    Google Scholar 

  40. Sood SK, Sarje AK, Singh K (2011) A secure dynamic identity based authentication protocol for multi-server architecture. J Netw Comput Appl 34(2):609–618

    Google Scholar 

  41. Tsai JL, Lo NW (2015) A privacy-aware authentication scheme for distributed mobile cloud computing services. IEEE Syst J 9(3):805–815

    Google Scholar 

  42. Wang B, Ma M (2013) A smart card based efficient and secured multi-server authentication scheme. Wirel Personal Commun 68(2):361–378

    Google Scholar 

  43. Wang C, Zhang X, Zheng Z (2016) Cryptanalysis and improvement of a biometric-based multi-server authentication and key agreement scheme. Plos One 11(2):e0149173

    Google Scholar 

  44. Xu D, Chen J, Liu Q (2019) Provably secure anonymous three-factor authentication scheme for multi-server environments. J Am Int Human Comput 10(2):611–627

    Google Scholar 

  45. Xue K, Hong P, Ma C (2014) A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. J Comput Syst Sci 80(1):195–206

    MathSciNet  MATH  Google Scholar 

  46. Yeh KH, Lo NW, Li Y (2011) Cryptanalysis of hsiang-shih’s authentication scheme for multi-server architecture. Int J Commun Syst 24(7):829–836

    Google Scholar 

  47. Zhou B, Buyya R (2018) Augmentation techniques for mobile cloud computing: a taxonomy, survey, and future directions. ACM Comput Surv (CSUR) 51(1):13

    Google Scholar 

  48. Zhu W, Luo C, Wang J, Li S (2011) Multimedia cloud computing. IEEE Signal Process Mag 28(3):59–69

    Google Scholar 

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Manojkumar Vivekanandan.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendix

Appendix

See Appendix Figs. 11, 12, 13, 14.

Fig. 11
figure11

Role for \(MU_{i}\)

Fig. 12
figure12

Role for RC

Fig. 13
figure13

Role for \(MBCSP_{j}\)

Fig. 14
figure14

Role for session and environment

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Vivekanandan, M., Sastry, V.N. & Srinivasulu Reddy, U. Efficient user authentication protocol for distributed multimedia mobile cloud environment. J Ambient Intell Human Comput 11, 1933–1956 (2020). https://doi.org/10.1007/s12652-019-01467-z

Download citation

Keywords

  • AVISPA
  • SK
  • BAN logic
  • MBCSP
  • MCC
  • MSE