Abstract
Cloud computing relies on on-demand sharing of the computing resources and data without the user’s direct involvement in resource management over the network, but it has major security threats. Recently, an it is Elliptic Curve Cryptography (ECC) based three-factor authentication and key negotiation protocol for fog computing has been discussed by Wazid et al. In this paper, we show that the Wazid et al.’s protocol requires high communication as well as storage cost, and also, it is susceptible to the denial-of-service attack, stolen smart card attack, and privileged insider attack. We further propose a new protocol that overcomes these problems. We carry out informal and formal security analysis and also simulate it using the it is Automated Validation of Internet Security Protocols and Applications tool (AVISPA) to prove its robustness against the security threats. Its performance analysis illustrates that it is efficient and lightweight in comparison with the existing schemes.
Similar content being viewed by others
References
Li, H.; Dai, Y.; Tian, L.; Yang, H.: Identity-based authentication for cloud computing. In: IEEE international conference on cloud computing, pp. 157–166, Springer, Berlin (2009)
Sun, H.; Wen, Q.; Zhang, H.; Jin, Z.: A novel remote user authentication and key agreement scheme for mobile client-server environment. Appl. Math. Inf. Sci. 7(4), 1365 (2013)
Li, H.; Li, F.; Song, C.; Yan, Y.: Towards smart card based mutual authentication schemes in cloud computing. TIIS 9(7), 2719–2735 (2015)
Chen, N.; Jiang, R.: Security analysis and improvement of user authentication framework for cloud computing. J. Netw. 9(1), 198 (2014)
Wazid, M.; Das, A.K.; Kumari, S.; Li, X.; Wu, F.: Provably secure biometric-based user authentication and key agreement scheme in cloud computing. Secur. Commun. Netw. 9(17), 4103–4119 (2016)
Hu, P.; Dhelim, S.; Ning, H.; Qiu, T.: Survey on fog computing: architecture, key technologies, applications and open issues. J. Netw. Comput. Appl. 98, 27–42 (2017)
Alrawais, A.; Alhothaily, A.; Hu, C.; Xing, X.; Cheng, X.: An attribute-based encryption scheme to secure fog communications. IEEE Access 5, 9131–9138 (2017)
Mukherjee, M.; Matam, R.; Shu, L.; Maglaras, L.; Ferrag, M.A.; Choudhury, N.; Kumar, V.: Security and privacy in fog computing: Challenges. IEEE Access 5, 19293–19304 (2017)
Koo, D.; Hur, J.: Privacy-preserving deduplication of encrypted data with dynamic ownership management in fog computing. Future Gener. Comput. Syst. 78, 739–752 (2018)
Wang, H.; Wang, Z.; Domingo-Ferrer, J.: Anonymous and secure aggregation scheme in fog-based public cloud computing. Future Gener. Comput. Syst. 78, 712–719 (2018)
Wazid, M.; Das, A.K.; Kumar, N.; Vasilakos, A.V.: Design of secure key management and user authentication scheme for fog computing services. Future Gener. Comput. Syst. 91, 475–492 (2019)
Chandrakar, P.; Om, H.: A secure and privacy preserving remote user authentication protocol for internet of things environment. In: International conference on computational intelligence, communications, and business analytics, pp. 537–551, Springer, Berlin (2017)
Armando, A.; Basin, D.; Boichut, Y.; Chevalier, Y.; Compagna, L.; Cuéllar, J.; Drielsma, P. H.; Héam, P.-C.; Kouchnarenko, O.; Mantovani, J. et al.: The avispa tool for the automated validation of internet security protocols and applications. In: International conference on computer aided verification, pp. 281–285, Springer, Berlin (2005)
Kumar, A.; Om, H.: Lightweight, ecc based rfid authentication scheme for wlan. Int. J. Bus. Data Commun. Netw. (IJBDCN) 12(2), 89–103 (2016)
Stallings, W.: Cryptogr. Netw. Secur. Pearson Education, India (2006)
Paar, C.; Pelzl, J.: Understanding cryptography: a textbook for students and practitioners. Springer Science and Business Media, Berlin (2009)
Ray, S.; Biswas, G.: Establishment of ecc-based initial secrecy usable for ike implementation. In: Proceedings of the world congress on engineering, vol. 1, (2012).
Ku, W.-C.; Chang, S.-T.: Impersonation attack on a dynamic id-based remote user authentication scheme using smart cards. IEICE Trans. Commun. 88(5), 2165–2167 (2005)
Wu, Z.; Gao, S.; Cling, E. S.; Li, H.: A study on replay attack and anti-spoofing for text-dependent speaker verification. In: Signal and information processing association annual summit and conference (APSIPA), 2014 Asia-Pacific, pp. 1–5, IEEE, (2014)
Liu, H.: A new form of dos attack in a cloud and its avoidance mechanism. In: Proceedings of the 2010 ACM workshop on Cloud computing security workshop, pp. 65–76, (2010)
Kumar, V.; Kumar, R.; Pandey, S.: Polynomial based non-interactive session key computation protocol for secure communication in dynamic groups. Int. J. Inf. Technol. 12(1), 283–288 (2020)
Sarvabhatla, M.; Reddy, M. C. M.; Vorugunti, C. S.: A robust remote user authentication scheme resistant to known session specific temporary information attack. In: 2015 Applications and innovations in mobile computing (AIMoC), pp. 164–169, IEEE, (2015)
Salem, M. B.; Hershkop, S.; Stolfo, S. J.: A survey of insider attack detection research. In: Insider attack and cyber security. pp. 69–90, Springer, Berlin (2008)
Alsalhi, I. N., Albermany, S. A.: Authentication of crns by using ban logic
Kilinc, H.H.; Yanik, T.: A survey of sip authentication and key agreement schemes. IEEE Commun. Surv. Tutor. 16(2), 1005–1023 (2013)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Rangwani, D., Om, H. A Secure User Authentication Protocol Based on ECC for Cloud Computing Environment . Arab J Sci Eng 46, 3865–3888 (2021). https://doi.org/10.1007/s13369-020-05276-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13369-020-05276-x