A Secure User Authentication Protocol Based on ECC for Cloud Computing Environment


Cloud computing relies on on-demand sharing of the computing resources and data without the user’s direct involvement in resource management over the network, but it has major security threats. Recently, an it is Elliptic Curve Cryptography (ECC) based three-factor authentication and key negotiation protocol for fog computing has been discussed by Wazid et al. In this paper, we show that the Wazid et al.’s protocol requires high communication as well as storage cost, and also, it is susceptible to the denial-of-service attack, stolen smart card attack, and privileged insider attack. We further propose a new protocol that overcomes these problems. We carry out informal and formal security analysis and also simulate it using the it is Automated Validation of Internet Security Protocols and Applications tool (AVISPA) to prove its robustness against the security threats. Its performance analysis illustrates that it is efficient and lightweight in comparison with the existing schemes.

This is a preview of subscription content, access via your institution.

We’re sorry, something doesn't seem to be working properly.

Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21


  1. 1.

    Li, H.; Dai, Y.; Tian, L.; Yang, H.: Identity-based authentication for cloud computing. In: IEEE international conference on cloud computing, pp. 157–166, Springer, Berlin (2009)

  2. 2.

    Sun, H.; Wen, Q.; Zhang, H.; Jin, Z.: A novel remote user authentication and key agreement scheme for mobile client-server environment. Appl. Math. Inf. Sci. 7(4), 1365 (2013)

    MathSciNet  Article  Google Scholar 

  3. 3.

    Li, H.; Li, F.; Song, C.; Yan, Y.: Towards smart card based mutual authentication schemes in cloud computing. TIIS 9(7), 2719–2735 (2015)

    Google Scholar 

  4. 4.

    Chen, N.; Jiang, R.: Security analysis and improvement of user authentication framework for cloud computing. J. Netw. 9(1), 198 (2014)

    Google Scholar 

  5. 5.

    Wazid, M.; Das, A.K.; Kumari, S.; Li, X.; Wu, F.: Provably secure biometric-based user authentication and key agreement scheme in cloud computing. Secur. Commun. Netw. 9(17), 4103–4119 (2016)

    Article  Google Scholar 

  6. 6.

    Hu, P.; Dhelim, S.; Ning, H.; Qiu, T.: Survey on fog computing: architecture, key technologies, applications and open issues. J. Netw. Comput. Appl. 98, 27–42 (2017)

    Article  Google Scholar 

  7. 7.

    Alrawais, A.; Alhothaily, A.; Hu, C.; Xing, X.; Cheng, X.: An attribute-based encryption scheme to secure fog communications. IEEE Access 5, 9131–9138 (2017)

    Article  Google Scholar 

  8. 8.

    Mukherjee, M.; Matam, R.; Shu, L.; Maglaras, L.; Ferrag, M.A.; Choudhury, N.; Kumar, V.: Security and privacy in fog computing: Challenges. IEEE Access 5, 19293–19304 (2017)

    Article  Google Scholar 

  9. 9.

    Koo, D.; Hur, J.: Privacy-preserving deduplication of encrypted data with dynamic ownership management in fog computing. Future Gener. Comput. Syst. 78, 739–752 (2018)

    Article  Google Scholar 

  10. 10.

    Wang, H.; Wang, Z.; Domingo-Ferrer, J.: Anonymous and secure aggregation scheme in fog-based public cloud computing. Future Gener. Comput. Syst. 78, 712–719 (2018)

    Article  Google Scholar 

  11. 11.

    Wazid, M.; Das, A.K.; Kumar, N.; Vasilakos, A.V.: Design of secure key management and user authentication scheme for fog computing services. Future Gener. Comput. Syst. 91, 475–492 (2019)

    Article  Google Scholar 

  12. 12.

    Chandrakar, P.; Om, H.: A secure and privacy preserving remote user authentication protocol for internet of things environment. In: International conference on computational intelligence, communications, and business analytics, pp. 537–551, Springer, Berlin (2017)

  13. 13.

    Armando, A.; Basin, D.; Boichut, Y.; Chevalier, Y.; Compagna, L.; Cuéllar, J.; Drielsma, P. H.; Héam, P.-C.;  Kouchnarenko, O.; Mantovani, J. et al.: The avispa tool for the automated validation of internet security protocols and applications. In: International conference on computer aided verification, pp. 281–285, Springer, Berlin (2005)

  14. 14.

    Kumar, A.; Om, H.: Lightweight, ecc based rfid authentication scheme for wlan. Int. J. Bus. Data Commun. Netw. (IJBDCN) 12(2), 89–103 (2016)

    Article  Google Scholar 

  15. 15.

    Stallings, W.: Cryptogr. Netw. Secur. Pearson Education, India (2006)

    Google Scholar 

  16. 16.

    Paar, C.; Pelzl, J.: Understanding cryptography: a textbook for students and practitioners. Springer Science and Business Media, Berlin (2009)

    Google Scholar 

  17. 17.

    Ray, S.; Biswas, G.: Establishment of ecc-based initial secrecy usable for ike implementation. In: Proceedings of the world congress on engineering, vol. 1, (2012).

  18. 18.

    Ku, W.-C.; Chang, S.-T.: Impersonation attack on a dynamic id-based remote user authentication scheme using smart cards. IEICE Trans. Commun. 88(5), 2165–2167 (2005)

    Article  Google Scholar 

  19. 19.

    Wu, Z.; Gao, S.; Cling, E. S.; Li, H.: A study on replay attack and anti-spoofing for text-dependent speaker verification. In: Signal and information processing association annual summit and conference (APSIPA), 2014 Asia-Pacific, pp. 1–5, IEEE, (2014)

  20. 20.

    Liu, H.: A new form of dos attack in a cloud and its avoidance mechanism. In: Proceedings of the 2010 ACM workshop on Cloud computing security workshop, pp. 65–76, (2010)

  21. 21.

    Kumar, V.; Kumar, R.; Pandey, S.: Polynomial based non-interactive session key computation protocol for secure communication in dynamic groups. Int. J. Inf. Technol. 12(1), 283–288 (2020)

    MathSciNet  Google Scholar 

  22. 22.

    Sarvabhatla, M.; Reddy, M. C. M.; Vorugunti, C. S.: A robust remote user authentication scheme resistant to known session specific temporary information attack. In: 2015 Applications and innovations in mobile computing (AIMoC), pp. 164–169, IEEE, (2015)

  23. 23.

    Salem, M. B.; Hershkop, S.; Stolfo, S. J.: A survey of insider attack detection research. In: Insider attack and cyber security. pp. 69–90, Springer, Berlin (2008)

  24. 24.

    Alsalhi, I. N., Albermany, S. A.: Authentication of crns by using ban logic

  25. 25.

    Kilinc, H.H.; Yanik, T.: A survey of sip authentication and key agreement schemes. IEEE Commun. Surv. Tutor. 16(2), 1005–1023 (2013)

    Article  Google Scholar 

Download references

Author information



Corresponding author

Correspondence to Diksha Rangwani.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Rangwani, D., Om, H. A Secure User Authentication Protocol Based on ECC for Cloud Computing Environment . Arab J Sci Eng (2021). https://doi.org/10.1007/s13369-020-05276-x

Download citation


  • Authentication
  • Cloud computing
  • ECC
  • Privileged insider attack