Skip to main content
Log in

A Secure User Authentication Protocol Based on ECC for Cloud Computing Environment

  • Research Article-Computer Engineering and Computer Science
  • Published:
Arabian Journal for Science and Engineering Aims and scope Submit manuscript

Abstract

Cloud computing relies on on-demand sharing of the computing resources and data without the user’s direct involvement in resource management over the network, but it has major security threats. Recently, an it is Elliptic Curve Cryptography (ECC) based three-factor authentication and key negotiation protocol for fog computing has been discussed by Wazid et al. In this paper, we show that the Wazid et al.’s protocol requires high communication as well as storage cost, and also, it is susceptible to the denial-of-service attack, stolen smart card attack, and privileged insider attack. We further propose a new protocol that overcomes these problems. We carry out informal and formal security analysis and also simulate it using the it is Automated Validation of Internet Security Protocols and Applications tool (AVISPA) to prove its robustness against the security threats. Its performance analysis illustrates that it is efficient and lightweight in comparison with the existing schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21

Similar content being viewed by others

References

  1. Li, H.; Dai, Y.; Tian, L.; Yang, H.: Identity-based authentication for cloud computing. In: IEEE international conference on cloud computing, pp. 157–166, Springer, Berlin (2009)

  2. Sun, H.; Wen, Q.; Zhang, H.; Jin, Z.: A novel remote user authentication and key agreement scheme for mobile client-server environment. Appl. Math. Inf. Sci. 7(4), 1365 (2013)

    Article  MathSciNet  Google Scholar 

  3. Li, H.; Li, F.; Song, C.; Yan, Y.: Towards smart card based mutual authentication schemes in cloud computing. TIIS 9(7), 2719–2735 (2015)

    Google Scholar 

  4. Chen, N.; Jiang, R.: Security analysis and improvement of user authentication framework for cloud computing. J. Netw. 9(1), 198 (2014)

    Google Scholar 

  5. Wazid, M.; Das, A.K.; Kumari, S.; Li, X.; Wu, F.: Provably secure biometric-based user authentication and key agreement scheme in cloud computing. Secur. Commun. Netw. 9(17), 4103–4119 (2016)

    Article  Google Scholar 

  6. Hu, P.; Dhelim, S.; Ning, H.; Qiu, T.: Survey on fog computing: architecture, key technologies, applications and open issues. J. Netw. Comput. Appl. 98, 27–42 (2017)

    Article  Google Scholar 

  7. Alrawais, A.; Alhothaily, A.; Hu, C.; Xing, X.; Cheng, X.: An attribute-based encryption scheme to secure fog communications. IEEE Access 5, 9131–9138 (2017)

    Article  Google Scholar 

  8. Mukherjee, M.; Matam, R.; Shu, L.; Maglaras, L.; Ferrag, M.A.; Choudhury, N.; Kumar, V.: Security and privacy in fog computing: Challenges. IEEE Access 5, 19293–19304 (2017)

    Article  Google Scholar 

  9. Koo, D.; Hur, J.: Privacy-preserving deduplication of encrypted data with dynamic ownership management in fog computing. Future Gener. Comput. Syst. 78, 739–752 (2018)

    Article  Google Scholar 

  10. Wang, H.; Wang, Z.; Domingo-Ferrer, J.: Anonymous and secure aggregation scheme in fog-based public cloud computing. Future Gener. Comput. Syst. 78, 712–719 (2018)

    Article  Google Scholar 

  11. Wazid, M.; Das, A.K.; Kumar, N.; Vasilakos, A.V.: Design of secure key management and user authentication scheme for fog computing services. Future Gener. Comput. Syst. 91, 475–492 (2019)

    Article  Google Scholar 

  12. Chandrakar, P.; Om, H.: A secure and privacy preserving remote user authentication protocol for internet of things environment. In: International conference on computational intelligence, communications, and business analytics, pp. 537–551, Springer, Berlin (2017)

  13. Armando, A.; Basin, D.; Boichut, Y.; Chevalier, Y.; Compagna, L.; Cuéllar, J.; Drielsma, P. H.; Héam, P.-C.;  Kouchnarenko, O.; Mantovani, J. et al.: The avispa tool for the automated validation of internet security protocols and applications. In: International conference on computer aided verification, pp. 281–285, Springer, Berlin (2005)

  14. Kumar, A.; Om, H.: Lightweight, ecc based rfid authentication scheme for wlan. Int. J. Bus. Data Commun. Netw. (IJBDCN) 12(2), 89–103 (2016)

    Article  Google Scholar 

  15. Stallings, W.: Cryptogr. Netw. Secur. Pearson Education, India (2006)

    Google Scholar 

  16. Paar, C.; Pelzl, J.: Understanding cryptography: a textbook for students and practitioners. Springer Science and Business Media, Berlin (2009)

    MATH  Google Scholar 

  17. Ray, S.; Biswas, G.: Establishment of ecc-based initial secrecy usable for ike implementation. In: Proceedings of the world congress on engineering, vol. 1, (2012).

  18. Ku, W.-C.; Chang, S.-T.: Impersonation attack on a dynamic id-based remote user authentication scheme using smart cards. IEICE Trans. Commun. 88(5), 2165–2167 (2005)

    Article  Google Scholar 

  19. Wu, Z.; Gao, S.; Cling, E. S.; Li, H.: A study on replay attack and anti-spoofing for text-dependent speaker verification. In: Signal and information processing association annual summit and conference (APSIPA), 2014 Asia-Pacific, pp. 1–5, IEEE, (2014)

  20. Liu, H.: A new form of dos attack in a cloud and its avoidance mechanism. In: Proceedings of the 2010 ACM workshop on Cloud computing security workshop, pp. 65–76, (2010)

  21. Kumar, V.; Kumar, R.; Pandey, S.: Polynomial based non-interactive session key computation protocol for secure communication in dynamic groups. Int. J. Inf. Technol. 12(1), 283–288 (2020)

    MathSciNet  Google Scholar 

  22. Sarvabhatla, M.; Reddy, M. C. M.; Vorugunti, C. S.: A robust remote user authentication scheme resistant to known session specific temporary information attack. In: 2015 Applications and innovations in mobile computing (AIMoC), pp. 164–169, IEEE, (2015)

  23. Salem, M. B.; Hershkop, S.; Stolfo, S. J.: A survey of insider attack detection research. In: Insider attack and cyber security. pp. 69–90, Springer, Berlin (2008)

  24. Alsalhi, I. N., Albermany, S. A.: Authentication of crns by using ban logic

  25. Kilinc, H.H.; Yanik, T.: A survey of sip authentication and key agreement schemes. IEEE Commun. Surv. Tutor. 16(2), 1005–1023 (2013)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Diksha Rangwani.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Rangwani, D., Om, H. A Secure User Authentication Protocol Based on ECC for Cloud Computing Environment . Arab J Sci Eng 46, 3865–3888 (2021). https://doi.org/10.1007/s13369-020-05276-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13369-020-05276-x

Keywords

Navigation