Skip to main content
SpringerLink
Log in

A Strong Single Sign-on User Authentication Scheme Using Mobile Token Without Verifier Table for Cloud Based Services

  • Chapter
  • First Online:
Computer and Network Security Essentials

  • 3123 Accesses

Abstract

Cloud computing is an emerging computing paradigm that offers computational facilities and storage as services dynamically on demand basis via the Internet. The ability to scale resources and the pay-as-you-go usage model has contributed to its growth. However, cloud computing inevitably poses various security challenges and majority of prospective customers are worried about unauthorized access to their data. Service providers need to ensure that only authorized users access the resources, and for this they need to adopt strong user authentication mechanisms. The mechanism should provide users with the flexibility to access multiple services without repeated registration and authentication at each provider. Considering these requirements, this chapter deliberates a Single Sign-on based two-factor authentication protocol for cloud based services. The proposed scheme uses password and a mobile token as authentication factors and does not require a verifier table. The formal verification of the protocol is done using Scyther.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. CSA. (2009). Security guidance for critical areas of focus in Cloud Computing V2.1, Prepared by the Cloud Security Alliance.

    Google Scholar 

  2. Weins, K. (2017). Cloud computing trends: State of the cloud survey [Online], Available: http://www.rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2017-state-cloud-survey

  3. Smith, D. M., Natis, Y. V., Petri, G., Bittman, T. J., Knipp, E., Malinverno, P., et al. (2011). Predicts 2012: Cloud computing is becoming a reality (Technical report, as G00226103). Gartner.

    Google Scholar 

  4. Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., et al. (2009). Above the clouds: A Berkeley view of cloud computing (Technical report UCB/EECS-2009-28). Electrical Engineering and Computer Sciences, University of California.

    Google Scholar 

  5. NIST. (2012). NIST cloud computing program [Online], Available: http://www.nist.gov/itl/cloud/

  6. Gens, F. (2009). New IDC IT cloud services survey: Top benefits and challenges, IDC Exchange [Online]. Available: http://blogs.idc.com/ie/?p=730

  7. Gens, F. (2008). IT cloud services user survey, pt.2: Top benefits and challenges, IDC [Online]. Available: http://blogs.idc.com/ie/?p=210

  8. Mell, P., & Grance, T. (2011). The NIST definition of cloud computing (NIST special publication 800-145) [Online]. Available: http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

  9. Barker, E., Barker, W., Burr, W., Polk, W., & Smid, M. (2012). NIST special publication 800-57, Recommendation for key management-part 1: General (revision 3) [Online]. Available: http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf

  10. Meyer, R. (2007). Secure authentication on the Internet, SANS Institute Infosec Reading Room [Online]. Available: https://www.sans.org/reading-room/whitepapers/securecode/secure-authentication-internet-2084

  11. Ponemon, L. (2009). Security of cloud computing users (Ponemon Institute Research Report May 2010). Challenges, IDC Exchange, http://www.ca.com/files/industryresearch/security-cloud-computing-users_235659.pdf

  12. Fujitsu. (2010). Personal data in the cloud: A global survey of consumer attitudes (Technical report). Fujitsu research Institute.

    Google Scholar 

  13. Liang, C. (2011). The five major authentication issues in the current cloud computing environment [Online]. Available: https://chenliangblog.wordpress.com/tag/e-commerce/

  14. Granneman, J. (2012, August). Password-based authentication: A weak link in cloud authentication [Online]. Available: http://searchcloudsecurity.techtarget.com/tip/Password-based-authentication-A-weak-link-in-cloud-authentication

  15. Misbahuddin, M. (2010). Secure image based multi-factor authentication (SIMFA): A novel approach for web based services. PhD thesis, Jawaharlal Nehru Technological University [Online]. Available: http://shodhganga.inflibnet.ac.in/handle/10603/3473

  16. Stallings, W. (2011). Cryptography and network security, principles and practices (5th ed.). Upper Saddle River, NJ: Pearson Publications.

    Google Scholar 

  17. NIST. (2006, April). Verifier impersonation attack, electronic authentication guideline (NIST special publication 800-63, Version 1.0.2).

    Google Scholar 

  18. Raza, M., Iqbal, M., Sharif, M., & Haider, W. (2012). A survey of password attacks and comparative analysis on methods for secure authentication. World Applied Sciences Journal, 19(4), 439–444.

    Google Scholar 

  19. Cristofaro, C. E., Hongle, D., Freudiger, J. F., & Norcie, G. (2014). A comparative study of two factor authentication. In Proceedings on the workshop on usable security USEC’14, San Diego, CA, USA.

    Google Scholar 

  20. Password Cracking. Wikipedia [Online]. Available: https://en.wikipedia.org/wiki/Password_cracking

  21. Dictionary Attack. Wikipedia [Online]. Available: https://en.wikipedia.org/wiki/Dictionary_attack

  22. Lee, C., Lin, T., & Chang, R. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38, 13863–13870.

    Google Scholar 

  23. Misbahuddin, M., Aijaz, A. M., & Shastri, M. H. (2006). A simple and efficient solution to remote user authentication using smart cards. In Proceedings of IEEE innovations in information technology conference (IIT 06), Dubai.

    Google Scholar 

  24. Rainbow Table. Wikipedia [Online]. Available: https://en.wikipedia.org/wiki/Rainbow_table

  25. Kulshrestha, A, & Dubey, S. K. (2014). A literature review on sniffing attacks in computer networks. International Journal of Advanced Engineering Research and Science, 1(2), 32–37.

    Google Scholar 

  26. Ku, W. C., & Chen, S. M. (2004). Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions Consumer Electronics, 50(1), 204–207.

    Article  Google Scholar 

  27. Chen, Y. C., & Yeh, L. Y. (2005). An efficient nonce-based authentication scheme with key agreement. Applied Mathematics and Computation, 169(2), 982–994.

    Article  MathSciNet  MATH  Google Scholar 

  28. Kocher, P., Jaffe, J., & Jun, B. (2010). Differential power analysis. In M. Wiener (Ed.) CRYPTO 1999. LNCS: Vol. 1666 (pp. 388–397). Heidelberg: Springer.

    Google Scholar 

  29. Messerges, T. S., dabbish, E. A., & Sloan, R. H. (2002). Examining smart card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.

    Article  MathSciNet  Google Scholar 

  30. Hao, Z., Zhong, S., & Yu, N. (2011). A time-bound ticket based mutual authentication scheme for cloud computing. International Journal of Computers, Communications & Control, 6(2), 227–235.

    Article  Google Scholar 

  31. Jaidhar, C. D. (2013). Enhance mutual authentication scheme for cloud architecture. In: Proceeding 3rd IEEE International advanced computing conference (IACC).

    Google Scholar 

  32. Choudhary, A. J., Kumar, P., Sain, M., Lim, H., & Lee, H. J. (2011). A strong user authentication framework for cloud computing. In IEEE Asia Pacific services computing conference.

    Google Scholar 

  33. Jiang, R. (2013). Advanced secure user authentication framework for cloud computing. International Journal of Smart Sensing and Intelligent Systems, 6(4), 1700–1724.

    Google Scholar 

  34. Sanjeet, K. N., Subashish, M., & Bansidhar, M. (2012). An improved mutual authentication framework for cloud computing. IJCA, 52(5), 36–41.

    Article  Google Scholar 

  35. OASIS. (2005, February). Security Assertion Mark Up Language (SAML) 2.0 Technical overview, working draft 03. Available: https://www.oasis-open.org/committees/download.php/27819/sstc-saml-tect-overview-2.0-cd-02.pdf

  36. Hillenbrand, M., Gotze, J., Muller, J., & Muller, P. (2005). A single sign-on framework for web-services-based distributed applications. In Proceedings of 8th international conference on telecommunications, ConTEL 2005 (pp. 273–279).

    Google Scholar 

  37. Trosch, J. (2008). Identity federation with SAML 2.0 [Online]. Available http://security.hsr.ch/theses/DA_2008_IdentityFederation_with_SAML_20.pdf

  38. Cremers, C., & Casimier, J. F. (2006). Scyther - Semantics and verification of security protocols. PhD thesis [Online]. Available: http://alexandria.tue.nl/extra2/200612074.pdf

Download references

Author information

Authors and Affiliations

  1. Christ University, Bangalore, India

    Sumitra Binu

  2. C-DAC, Electronic City, Bangalore, India

    Mohammed Misbahuddin

  3. IBM India Pvt. Ltd., Bangalore, India

    Pethuru Raj

Authors
  1. Sumitra Binu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammed Misbahuddin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pethuru Raj
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sumitra Binu .

Editor information

Editors and Affiliations

  1. University of Detroit Mercy, Detroit, Michigan, USA

    Kevin Daimi

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this chapter

Cite this chapter

Binu, S., Misbahuddin, M., Raj, P. (2018). A Strong Single Sign-on User Authentication Scheme Using Mobile Token Without Verifier Table for Cloud Based Services. In: Daimi, K. (eds) Computer and Network Security Essentials. Springer, Cham. https://doi.org/10.1007/978-3-319-58424-9_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-58424-9_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-58423-2

  • Online ISBN: 978-3-319-58424-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation