Secure Three-Factor Anonymous User Authentication Scheme for Cloud Computing Environment

Lee, Hakjun; Kang, Dongwoo; Lee, Youngsook; Won, Dongho

doi:https://doi.org/10.1155/2021/2098530

Wireless Communications and Mobile Computing

On this page

Abstract Introduction Conclusion Appendix Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Security, Trust and Privacy in Internet of Things

View this Special Issue

Research Article | Open Access

Volume 2021 | Article ID 2098530 | https://doi.org/10.1155/2021/2098530

Secure Three-Factor Anonymous User Authentication Scheme for Cloud Computing Environment

Hakjun Lee,¹Dongwoo Kang,²Youngsook Lee,¹and Dongho Won²

Academic Editor: Chien-Ming Chen

Received21 May 2021

Revised28 Jun 2021

Accepted05 Jul 2021

Published27 Jul 2021

Abstract

Cloud computing provides virtualized information technology (IT) resources to ensure the workflow desired by user at any time and location; it allows users to borrow computing resources such as software, storage, and servers, as per their needs without the requirements of complicated network and server configurations. With the generalization of small embedded sensor devices and the commercialization of the Internet of Things (IoT), short- and long-range wireless network technologies are being developed rapidly, and the demand for deployment of cloud computing for IoT is increasing significantly. Cloud computing, together with IoT technology, can be used to collect and analyse large amounts of data generated from sensor devices, and easily manage heterogeneous IoT devices such as software updates, network flow control, and user management. In cloud computing, attacks on users and servers can be a serious threat to user privacy. Thus, various user authentication schemes have been proposed to prevent different types of attacks. In this paper, we discuss the security and functional weakness of the related user authentication schemes used in cloud computing and propose a new elliptic curve cryptography- (ECC-) based three-factor authentication scheme to overcome the security shortcomings of existing authentication schemes. To confirm the security of the proposed scheme, we conducted both formal and informal analyses. Finally, we compared the performance of the proposed scheme with those of related schemes to verify that the proposed scheme can be deployed in the real world.

1. Introduction

With the significant advances in information technology (IT), numerous types of devices can connect to the Internet and have a variety of features that can be used for different purposes. Using these devices with wireless network technologies, such as Wi-Fi, Bluetooth, 5G, 6lowPAN, and LoRa, has allowed the practical deployment of Internet of Things (IoT) [1]. IoT enables the networking of various types of embedded devices, such as home, mobile, and wearable devices, allowing them to communicate with people and objects at any time and location in our daily lives [2].

With combined with cloud computing, IoT technologies can collect and analyse large amounts of data from devices connected to an IoT network with hyperconnectivity and hyperintelligence surpassing the limits of time and space in various areas such as urban life, traffic, welfare, safety, healthcare, manufacturing, energy, finance, and logistics [3, 4]. Cloud computing provides IT resources on demand over the Internet. Cloud computing providers are building and maintaining physical data centers and servers, and users can enjoy the benefits of custom cloud services for greater computing power, storage, and database.

With such advantages, cloud computing is becoming a paradigm for the processing, storage, and utilization of large amounts of data generated by billions of smart devices because it can overcome the limitations of such devices, including low capacity and limited processing capability. The integration of IoT with cloud computing allows for better scalability, interoperability, reliability, efficiency, availability, and security through the utilization of various devices and technologies [5]. In addition, it provides benefits such as easy access, use, and deployment-cost reductions. A cloud computing environment can serve as a stable network environment for connection with IoT devices and provide storage for big data generated from IoT devices to securely keep and process the data for analysis. With these advantages, both individuals and small companies can benefit from cloud services.

In general, there are three types of cloud services [6]:(1)Infrastructure as a service (IaaS): providing the user with an infrastructure including storage and network use(2)Platform as a service (PaaS): providing the user with a platform to develop various applications(3)Software as a service (SaaS): providing the user with software applications

Because cloud computing is deployed in a practical manner, there have been growing concerns regarding its security. As mentioned earlier, clouds are used in various industries and services; thus, cloud servers can collect and process sensitive data, and it can seriously affect user privacy.

Security issues associated with cloud computing include various aspects such as embedded security, application security, trust and conviction, client management, cloud data storage, and operating systems. Among the different security requirements, the first security requirement for the protection of user privacy is user authentication that verifies a user’s identity with a trusted party. There are three authentication factors used to verify the user identity: (i) what you know (e.g., secret information such as a password), (ii) what you have (e.g., things we own such as smart cards), and (iii) who you are (e.g., biometric such as fingerprint or iris data) [7].

In recent years, various user authentication schemes have been proposed [8–12], and user authentication studies using various cryptographic primitives have been proposed to protect a user’s personal information in a cloud environment. However, the investigation into such studies has revealed that the level of security is still insufficient to authenticate and manage users in the current cloud computing environment. Therefore, in this paper, to strengthen the security of previously proposed schemes, we first report problems in the related authentication scheme used in a cloud computing environment and then propose a new authentication scheme to overcome these problems.

1.1. Motivations

Since Lamport [13] first proposed a password-based authentication scheme, many relevant studies on suitable two-factor authentication schemes in various network environments have been proposed to protect user privacy. After the introduction of cloud computing systems, authentication schemes using various encryption technologies, including the Advanced Encryption Standard (AES), hash function, Chebyshev polynomials, and Elliptic Curve Cryptography (ECC), began to be studied to provide secure user authentication and improve security and efficiency.

Amin et al. [14] proposed a user authentication scheme for a distributed IoT cloud environment. However, Wang et al. [15] found that Amin et al.’s scheme has some weaknesses—it is vulnerable to a stolen smart card attack, violates user anonymity and forward secrecy, has a time synchronization problem, and provides an insecure identity update phase. Wang et al. [15] also proposed a new authentication scheme to eliminate the security concern associated with Amin et al.’s scheme [14] by applying ECC to share the session key between the user and the cloud server. Nevertheless, their scheme does not provide a session key verification at the end of the authentication phase—an invalid session key may be generated between the user and the cloud server without detecting communication errors that may occur while sharing the parameters for the establishment of a session key.

In 2017, Kumari et al. [16] proposed a biometrics-based three-factor authentication scheme in a multicloud server environment using ECC and proved that the scheme is secure for cloud computing environments, but it does not provide an identity update phase.

In 2019, Zhou et al. [17] proposed a lightweight authentication scheme for an IoT-cloud architecture using only hash and exclusive-OR (XOR) operations; it is relatively lightweight in comparison with other schemes [14, 18] and satisfies some of the security properties required for cloud computing. However, Martínez-Peláez et al. [19] reported that Wang et al.’s scheme [15] has security vulnerabilities to insider attacks, man-in-the-middle attacks through a replay attack, and user impersonation attacks. Martínez-Peláez et al. [19] then proposed a new lightweight authentication scheme to provide secure access to user by improving the scheme developed by Zhou et al. [17]. However, Yu et al. [20] found that Martínez-Peláez et al.’s scheme [19] is vulnerable to impersonation attacks, session key-disclosure attacks, and replay attacks and that it does not ensure user anonymity. Yu et al. [20] then proposed a lightweight three-factor-based authentication scheme for IoT use in a cloud computing environment to enhance the level of security. In their scheme, the cloud server changes the identity of the user during each session. However, users cannot recover or update their own identity themselves.

In this paper, based on the same network model used in the abovementioned related schemes for cloud computing, we propose a new three-factor user authentication scheme to enhance the level of security and efficiently manage users by eliminating the security and functional flaws of the related schemes. In the proposed scheme, we selected the ECC from various cryptographic building blocks, which has various advantages. For example, the safety of the ECC system increases exponentially with the key length and has a shorter key length and faster operation speed than those of the RSA algorithm. This is particularly effective in applications where the processing capacity is limited; these include memory, smart cards, and wireless communication terminals [21]. ECC has been standardized for digital signature algorithms and key exchanges (e.g., ANSI X9.62 and X9.63) and is widely accepted in various network communication standards such as IPsec (RFC 2409) and TLS (RFC 4492).

1.2. Organization of the Paper

The remainder of this paper is organized as follows. Section 2 presents the preliminaries for security considerations and background of the network model. In Section 3, we detail a secure three-factor anonymous user authentication scheme for a cloud computing environment. We describe the informal and formal security analyses in Sections 4 and 5, respectively. In Section 6, we evaluate the performance of the proposed scheme. Finally, we provide some concluding remarks in Section 7.

2. Preliminary

2.1. Network Model

The network model of the proposed protocol in the IoT environment is based on the cloud server environment adopted in the protocol described in [16–20], as shown in Figure 1. There are three participants in this model:(1)Registration authority (): is a trusted authority that creates all system parameters and issues them to users and cloud servers through the registration process(2)User (): wishes to access and enjoy the services provided by the cloud server using IoT device. For this purpose, the shares the session key with the cloud server(3)Cloud server (): provides IoT cloud services to users

This network model is for a cloud server-centric service in which the cloud server collects and processes information from IoT devices and shares it with users. For example, a real-world scenario for this is as follows: Alex’s grandfather has dementia, and his family is concerned about his grandfather’s health and fear of getting lost when he goes out. The smartwatch worn by the grandfather can check the health condition through the built-in sensor and transmits the GPS information to the cloud server. Alex’s family wants to use a service that can trace and check the location and health of their grandfather in real time. To this end, Alex’s family and grandfather () first register their identifier with the registration authority () to sign up for this IoT-based cloud service. RA issues security parameters to be used when establishing session key with (assume that is already registered). Information about the grandfather is sensitive. It should be shared only with the family. To this end, Alex creates a group through the interface provided by the cloud platform, adds family members as group members, and adds the devices of grandpa’s smartwatch and family’s smartphone to set permission to access information shared by registered devices. and generate the session key through the authentication process; the family and grandfather can safely share information.

2.2. Elliptic Curve Cryptography

In this study, we apply an elliptic curve cryptography to the proposed scheme, which provides a high level of security with a small key size [22]. ECC is based on the logarithm problems expressed in the point addition and multiplication of elliptic curves.

An elliptic curve is given by mod over a finite field , where is the prime order and such that and mod . The point multiplication over is defined through a repetitive addition as , where is a point on and is a random integer. The security of ECC relies on the following assumption:(1)Elliptic curve discrete logarithm problem (ECDLP): given , , it is computationally infeasible to find within polynomial time(2)Elliptic curve computational Diffie-Hellman problem (ECCDHP): given , it is computationally infeasible to find in polynomial time

2.3. Bio-Hash Function

In the proposed scheme, we use a bio-hash function. In 2004, Jin et al. [23] proposed a solution to the problem of false resection in which a genuine user is misidentified for various reasons, such as when experiencing dry or cracked skin. The bio-hash maps the biometric features to a binary string with a user-specific tokenized pseudo-random number. In three-factor authentication, many researchers use a bio-hash to identify the biometric features of the users [24–26]. It is a simple and efficient tool for resource-constrained devices such as IoT sensor devices.

2.4. Adversarial Model

For a security analysis in this paper, we consider the adversarial model as follows [27–29]:(1)The attacker can control the public communication channel by interrupting, returning, amending, eliminating, or transmitting newly forged messages(2)The attacker can extract the security parameters in the smart device using a side-channel attack(3)The attacker can guess the user’s identity and password by enumerating all possible items in polynomial time. The time of such an attack conducted to determine the correct identity and password is linear to the dictionary size

3. Proposed Scheme

In this section, we propose an improved three-factor authentication scheme in the cloud environment. Our scheme consists of (1) a registration phase, (2) a login and authentication phase, (3) a password change phase, and (4) an identity update phase. All notations used in this paper are listed in Table 1.

3.1. User Registration Phase

In this phase, registers with and shares secret parameters for later login and authentication using IoT smart device. The registration phase of shown in Figure 2 is as follows.(1) who wants to register in enters , and , and computes and (2) sends a registration request through a secure channel(3)After receiving the registration request message from , first searches for in to check whether the user’s is already registered. If does not exist in , selects a random number and computes , and (4)Here, stores into and issues . Then, stores them to IoT smart device

3.2. Registration Phase for Cloud Server

In this phase, registers with and initials the system parameter. The registration phase of shown in Figure 3 is as follows.(1) selects and sends it to (2) computes and sends it to

3.3. Login and Authentication Phase

To access a cloud server , begins a login and authentication protocol on the public channel through the support of . In this phase, confirms the legitimacy of and ; thus, they establish a session key for future communication. To this end, the following steps, shown in Figure 4, are executed.(1) enters , and , and computes . If are not equal, terminates the login phase; otherwise, it chooses a random number , and computes (2) sends the login request message to (3) chooses a random number and computes , and (4) sends the login request message to (5) computes If are not equal, terminates the login phase; otherwise, it computes . If are not equal, terminates the login phase; otherwise, it computes and (6) sends the response message to (7) computes and checks whether and are equal. If they are equal, computes , and (8) sends the message to (9) computes , and . If and are equal, and have successfully shared the session key with each other; otherwise, the login authentication step has failed

3.4. Password Change Phase

In this phase, can change to a new password offline. The password change phase shown in Figure 5 is as follows:(1) enters , and , and computes (2)If are equal, updates and with and by calculating , and , respectively

3.5. Identity Update Phase

When users want to change their identity or phone number, they need to update their identity. In the proposed scheme, can perform an identity update process through by entering the old identity and new identity , shown in Figure 6, as follows:(1) enters and , and computes (2)If are equal, chooses a random number , and computes (3) sends the request message to (4) computes If are not equal, rejects the request and sets . Once it exceeds the present value, is suspended(5)Otherwise, updates with in and computes (6) sends to (7) computes and checks whether and are equal. If so, computes and and updates and with and , respectively

This section provides a security comparison with other relevant schemes [15, 16, 19, 30]. For detailed procedures of the compared schemes, see Appendices A, B, C, and D.(1)Wang et al. [15]: Wang et al. scheme does not provide the verification process of session key. In their scheme, after sends and check the legitimacy of , generates a session key . Here, after considers that the session key has been shared with , the authentication process is terminated. However, does not check whether the is same as generated by . If the session key is created incorrectly due to some error, the session key establishment process has to be executed again(2)Kumari et al. [16] and Wang et al. [30]: their scheme consists of registration, login, authentication, and password change steps. However, it does not provide an identity update process for the user. This process is necessary when the mobile phone number of changes or the identity has to be changed for security reasons(3)Martínez-Peláez et al. [19]: in their scheme, the adversary can extractor the secret parameters from the smart card of the user and intercept from message . Then, the adversary can compute real identity . From now on, by creating and , an attacker can construct a malicious message that can easily impersonate a user. After that, the message generated by the attacker is delivered to the cloud server and the and processed. Eventually, the attacker will share the session key with the cloud server. In the aftermath of this attack, the attacker can acquire , , , , , and . Therefore, their scheme cannot resist user impersonation attacks and replay attacks, and violates mutual authentication and user anonymity. In addition, their scheme does not support the three-factor authentication and the identity update for user

In Table 2, we summarize the results of an informal analysis wherein the proposed scheme is compared with other relevant schemes. In the next section, we prove that our scheme satisfies all the security properties mentioned in Table 2.

5. Informal Analysis of the Proposed Scheme

In this section, we describe an informal analysis of the proposed scheme and show that it satisfies the desired security features and is secure against known attacks. In Table 2, we summarize the results of an informal analysis wherein the proposed scheme is compared with other relevant schemes.

5.1. User Anonymity

In the user authentication phase of our scheme, the user’s is protected in and is preserved by the user’s secret value . The attacker must know two values, and , to know the user’s from messages sent over a public channel. The value is under the ECCDH problem, and the is unique to each individual. Therefore, it is extremely difficult for an attacker to determine these two values, and thus, the proposed scheme guarantees user anonymity.

5.2. User Untraceability

In the login authentication phase, sends a message to and receives a message from on a public channel that an attacker can eavesdrop on. In message , , , and contain a random number , and in message , and include random numbers and . Because both random numbers are changed during each session, and it is difficult to solve the ECCDH problem, the connection between the messages in each session cannot be determined, and the user activity cannot be tracked. Thus, the proposed scheme ensures user untraceability.

5.3. Resistance to Stolen-Device Attack

According to the attacker model, the attacker may extract the secret parameters by applying a side-channel attack if the attacker acquires a user’s IoT smart device. In this attack, an attacker attempts to guess and using the two values, , to impersonate a user or obtain the user’s personal information. The attacker needs to know the value to obtain the user’s and . However, the user’s biometric information is unique to each individual. Therefore, the proposed scheme resists a stolen-device attack.

5.4. Mutual Authentication and Session Key Agreement

In the proposed scheme, and establish a session key through mutual authentication based on the support of . First, authenticates by validating included in . The value of included in contains the server’s private keys and stored in the user list maintained by . In addition, must calculate correctly at the login stage to verify its legitimacy to . Moreover, verifies its identity to the by validating the value of contained in message . To do so, must include a valid that contains the secret key of in .

If and are authenticated, the calculates and (both can be calculated by a valid ) and includes these two values in and , respectively. After receiving message , calculates and compares it with the received to check the validity of the . Then, multiplies by its random nonce to generate a value of , calculates the session key and for the verification of session key, and sends to .

After receiving message , multiplies by its random nonce to compute , and calculates session key and verification value for the session key.

Because the validity of received from is confirmed through the soundness of by adding into , even if is generated by multiplying any random nonce of the malicious attacker by , the validation process for generated by a malicious is not passed. Therefore, the proposed scheme supports mutual authentication between , , and and provides a secure session key establishment between and .

5.5. Verification of Session Key

In the proposed scheme, calculates including the session key calculated by itself and transmits it to . Then, also calculates the session key calculated by itself and compares whether it is the same as . Therefore, the proposed scheme can prevent session key disagreement that may occur due to communication errors.

5.6. Resistance to User-Impersonation Attack

For an attacker to conduct a user impersonation attack, the attacker must either maliciously control the session key establishment process or extract secret parameters from the user’s IoT smart device. However, as mentioned earlier, the proposed scheme guarantees mutual authentication and protection from stolen-device attacks. Therefore, the proposed scheme provides a safe protection technique using biometrics and under the ECCDH problem against user impersonation attacks.

5.7. Resistance to Replay Attack

To establish a malicious session by pretending to be a participant in the communication, an attacker must know the random number or to create a session key by eavesdropping on the messages sent and received over the public channel and then reuse them. However, with the proposed scheme, the random numbers included in the session key are protected from the ECCDH problem. Even if an attacker attempts to connect a malicious session by replaying the message, communication in the next step cannot be continued without knowing the secret parameter or random nonce. Therefore, the proposed scheme resists a replay attack.

5.8. Local User Verification

In the login and authentication phase of the proposed scheme, the user first enters , , and to calculate and then checks whether is equal to stored in the IoT smart device. Only who have passed this local user verification procedure can perform the next mutual authentication phase. Because cannot log in without inputs of the user’s legitimate personal information, the proposed scheme can block unauthorized access in the local area.

5.9. Resistance to Privileged-Insider Attack

In the registration phase of the proposed scheme, the user sends , , and to the . To perform the privileged-insider attack, here, the insider of the needs to guess of . However, the user’s is protected by , and thus, the malicious insider cannot impersonate to communicate with . In addition, the proposed scheme can change locally in ’s IoT smart device without an intervention of . Therefore, the proposed scheme is safe from an insider attack.

5.10. Forward Secrecy

With the proposed scheme, the session key is not transmitted directly. Instead, the user and agree on the session key by calculating the secret parameters constituting the session key. Here, the session key shared between them includes a different random nonce for each session. Therefore, it is difficult for an attacker to attempt to guess the session key by collecting the session key verification value . Therefore, the proposed scheme guarantees forward secrecy.

5.11. Resistance to Stolen-Verifier Attack

In the proposed scheme, the personal login information of , including and , is not directly transmitted to . retains in the database. Even if the attacker misappropriates , the attacker cannot obtain the real identity of because it is protected by the secret parameter . Therefore, the proposed scheme is secure against stolen-verifier attacks.

5.12. User-Friendly Password Change

In the proposed scheme, the user can change to a new password by applying the user’s information offline without interacting with the server. Therefore, the proposed scheme supports a change in the password in a user-friendly manner.

5.13. Providing Identity Update Phase

In the proposed scheme, users can request to change their identity. Thus, the user can set a new identity when he or she wants, such as changing his or her mobile phone number. When receives a request from the user, calculates new secret parameters for and stores them in the , so that the user’s legitimacy can be authenticated at a later login and authentication step.

6. Formal Analysis of the Proposed Scheme

6.1. ProVerif

To prove the security of the proposed scheme, we adapted ProVerif [31], which is an automated tool used to analyse cryptographic protocols. ProVerif supports an analysis of protocols based on various cryptographic primitives such as symmetric and asymmetric cryptography, digital signatures, and hash functions. ProVerif is widely used by many researchers [32–35] to validate a security analysis of the key agreement and authentication schemes for various network environments. In this section, we introduce the ProVerif code and present the analysis results to verify the proposed scheme’s security.

We present the process of predefined identifiers and the definitions of the proposed scheme in Figure 7. Here, we define the public and secure channels used among , , and ; the cryptographic parameters and operations; and the start and end of communication between nodes to be verified for the correspondence relationship of the messages.

We define the overall process code for the proposed scheme, as shown in Figure 8. We model the registration phase in lines 37-41 and the login and authentication phase in lines 42-58.

We define the overall process code for the proposed scheme, as shown in Figure 9. We model the registration phase in lines 60-64 and the login and authentication phase in lines 65-82.

Figure 10 shows the overall process code for the proposed scheme. We model the registration phase in lines 84-94 and the login and authentication phase in lines 95-113.

The code shown in Figure 11 is intended to model the attacker’s capabilities and verify the equivalencies of inter-process communication. The code in lines 115 and 116 checks whether the session keys and are secure against the attacker. The code in lines 117-119 verifies whether the internodal relationships of the proposed scheme are accurate during the procedure.

The execution of all codes described earlier verifies the effectiveness and availability of the simulated events and queries and generates the results of the simulation, as presented in Figure 12. This indicates that , , and in the proposed scheme achieve a successful mutual authentication and securely establish the session key. Furthermore, it can be considered that the proposed scheme is secure against simulated attacks.

6.2. BAN Logic

Burrows-Abadi-Needham (BAN) logic [36] is used to prove the trust of each party in the authentication protocol on the formal logic. We utilize this logic to prove that and share a valid and fresh session key through mutual authentication. We define the notations of BAN logic as follows:(1) sees condition (2) condition is believed by (3) it makes a fresh (4) expresses the condition (5) and share a secret key (6) condition is handled by (7) is encrypted under key

We define five rules of BAN logic to prove the mutual authentication of the proposed scheme.(1)Rule 1: message-meaning rule if trusts that key is shared with , sees combined with and trusts once said (2)Rule 2: nonce-verification rule if trusts that freshness of and trusts once said , then trusts that trusts (3)Rule 3: belief rule if trusts and , are also trusted by (4)Rule 4: freshness-conjuncatenation rule if the freshness of is trusted by , then can trust the freshness of the full condition(5)Rule 5: jurisdiction rule if trusts that has jurisdiction over , and trusts that trusts a condition , then also trusts

We must satisfy the following four goals:(1)Goal 1: (2)Goal 2: (3)Goal 3: (4)Goal 4:

The four messages transmitted in the proposed scheme can be converted into the idealized form as follows:(1)Using , . This is reduced to :()(2)Using , . This is reduced to (3)Using , . This is reduced to :()(4)Using , . This is reduced to

To derive the goals of the proposed scheme, we define the following assumptions.(1)(2)(3)(4)(5)(6)(7)(8)(9)(10)

We describe the main proof of the proposed scheme using the BAN logic rules, messages, and assumptions as follows:(1)From , we obtain (2)From and rule 1, we obtain (3)From and rule 4, we obtain (4)From , , and rule 2, we obtain (5)From , we obtain (6)From and rule 1, we obtain (7)From and rule 4, we obtain (8)From , , and rule 2, we obtain (9)From , we obtain (10)From and rule 1, we obtain (11)From and rule 4, we obtain (12)From , , and rule 2, we obtain (13)From , we obtain (14)From and rule 1, we obtain (15)From and rule 4, we obtain (16)From , , and rule 2, we obtain (17)From , , and SK, we obtain (goal 1)(18)From , , and SK, we obtain (goal 2)(19)From , , and rule 5, we obtain (goal 3)(20)From , , and rule 5, we obtain (goal 4)

From goals 1, 2, 3, and 4 that we achieved earlier, we see that and establish a session key through a secure mutual authentication.

7. Performance Analysis

In this section, we compare the computational and communication costs for the proposed scheme with those of other related schemes for cloud computing environments. We considered the computational cost and number of communications occurring during the login and authentication process. As described by Kocarev and Lian [37], we consider the execution time of cryptographic operations as follows:(1)160-bit elliptic multiplication operation: (2)128-bit Advanced Encryption Standard (AES) algorithm: (3)128-bit hash function: (4)128-bit Chebyshev polynomial computation:

We summarize the results of the comparison in terms of the computational time and communication costs in Table 3. The results reveal that Martínez-Peláez et al.’s scheme [19] is significantly faster in terms of computational time than the other schemes. However, as described in Section 1.2, Yu et al. [20] revealed that Martínez-Peláez et al.’s scheme [19] is vulnerable to various attacks. Wang et al.’s scheme [30] applies a Chebyshev chaotic map as cryptography primitive to strengthen the security of the session key. However, their scheme does not provide the identity update phase. The securities of schemes proposed by Kumari et al. [16] and Wang et al. [15] are based on the ECC for which the communication participants agree on the session key. However, Wang et al.’s scheme [15] does not provide the session key verification procedure to check its validation, and Kumari et al. [16] do not design the identity update phase in their scheme. Meanwhile, our scheme has slightly higher computational costs than those of Kumari et al.’s [16] and Wang et al.’s scheme [30], although the proposed scheme satisfies all security requirements, as mentioned in Section 5.

According to the results of previous analysis [28, 38], we assume that the lengths of the identity, random number, and timestamp are 128, 64, and 32 bits, respectively, for a comparison of the communication costs. The hash function produces 160 bits; the block size of the symmetric encryption is 128 bits; the size of the Chebyshev polynomial is 128 bits; the size of the point multiplication on the elliptic curve is 160 bits.

Table 3 also provides data from the comparisons of the communication costs. The total communication cost of the proposed scheme is 1792 bits, whereas those of Amin et al.’s [14], Kumari et al.’s [16], Martínez-Peláez et al.’s [19], and Wang et al.’s schemes [30] are 2080, 2304, 3200, and 1696 bits, respectively. Table 3 shows that the scheme proposed by Wang et al. [30] requires the lowest communication cost, whereas the proposed scheme has the second-lowest communication cost. However, as shown in Table 2, Wang et al.’s scheme [30] does not support the identity update phase. Therefore, the proposed scheme is a more practical option in a cloud computing environment.

8. Conclusion

In this study, we conducted an informal analysis to demonstrate the security of the proposed scheme against various known attacks. In addition, using ProVerif and BAN logic, we applied a formal analysis to prove that the user and cloud server establish a session key through secure mutual authentication. Moreover, we conducted an analysis of the proposed scheme in terms of the security features and performance; we compared it with those of existing related schemes and proved that our proposed scheme ensures better safety and efficiency in user management and that it is suitable for use in a practical cloud computing environment.

Appendix

A. Wang et al.’s Authentication Scheme [15]

Wang et al.’s authentication scheme is shown in Figures 13–16.

B. Kumari et al.’s Authentication Scheme [16]

Kumari et al.’s authentication scheme is shown in Figures 17–20.

C. Martínez-Peláez et al.’s Authentication Scheme [19]

Martínez-Peláez et al.’s authentication scheme is shown in Figures 21–24.

D. Wang et al.’s Authentication Scheme [30]

Wang et al.’s authentication scheme is shown in Figures 25–28.

Data Availability

The data used to support the findings of this study are included within the article.

Conflicts of Interest

The authors declare that there is no conflict of interest regarding the publication of this paper.

Acknowledgments

This work was supported by an Institute of Information & Communications Technology Planning Evaluation (IITP) grant funded by the Korea government (MSIT) (No. 2020-0-00258, Development of On-chain-based Electronic Contract Application Platform Using Zero-Knowledge Proof).

References

S. K. Goudos, P. I. Dallas, S. Chatziefthymiou, and S. Kyriazakos, “A survey of IoT key enabling and future technologies: 5G, mobile IoT, sematic web and applications,” Wireless Personal Communications, vol. 97, no. 2, pp. 1645–1675, 2017.
View at: Publisher Site | Google Scholar
S. Moganedi and J. Mtsweni, “Beyond the convenience of the Internet of Things: security and privacy concerns,” in 2017 IST-Africa Week Conference (IST-Africa), pp. 1–10, Windhoek, Namibia, May 2017.
View at: Publisher Site | Google Scholar
B. Farahani, F. Firouzi, V. Chang, M. Badaroglu, N. Constant, and K. Mankodiya, “Towards fog-driven IoT eHealth: promises and challenges of IoT in medicine and healthcare,” Future Generation Computer Systems, vol. 78, pp. 659–676, 2018.
View at: Publisher Site | Google Scholar
A. J. C. Trappey, C. V. Trappey, C.-Y. Fan, A. P. T. Hsu, X. K. Li, and I. J. Y. Lee, “IoT patent roadmap for smart logistic service provision in the context of Industry 4.0,” Journal of the Chinese Institute of Engineers, vol. 40, no. 7, pp. 593–602, 2017.
View at: Publisher Site | Google Scholar
A. Botta, W. de Donato, V. Persico, and A. Pescapé, “Integration of cloud computing and Internet of Things: a survey,” Future Generation Computer Systems, vol. 56, pp. 684–700, 2016.
View at: Publisher Site | Google Scholar
A. Rashid and A. Chaturvedi, “Cloud computing characteristics and services a brief review,” International Journal of Computer Sciences and Engineering, vol. 7, no. 2, pp. 421–426, 2019.
View at: Publisher Site | Google Scholar
A. C. Weaver, “Biometric authentication,” Computer, vol. 39, no. 2, pp. 96-97, 2006.
View at: Publisher Site | Google Scholar
M. Kim, J. Moon, D. Won, and N. Park, “Revisit of password-authenticated key exchange protocol for healthcare support wireless communication,” Electronics, vol. 9, no. 5, p. 733, 2020.
View at: Publisher Site | Google Scholar
Y. Park, K. S. Park, and Y. H. Park, “Secure user authentication scheme with novel server mutual verification for multiserver environments,” International Journal of Communication Systems, vol. 32, no. 7, article e3929, 2019.
View at: Publisher Site | Google Scholar
S. Banerjee, V. Odelu, A. K. Das et al., “A provably secure and lightweight anonymous user authenticated session key exchange scheme for Internet of Things deployment,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8739–8752, 2019.
View at: Publisher Site | Google Scholar
A. Irshad, S. A. Chaudhry, M. Sher et al., “An anonymous and efficient multiserver authenticated key agreement with off-line registration centre,” IEEE Systems Journal, vol. 13, no. 1, pp. 436–446, 2018.
View at: Publisher Site | Google Scholar
D. Kang, J. Jung, D. Lee, H. Kim, and D. Won, “Security analysis and enhanced user authentication in proxy mobile IPv6 networks,” PLoS One, vol. 12, no. 7, article e0181031, 2017.
View at: Publisher Site | Google Scholar
L. Lamport, “Password authentication with insecure communication,” Communications of the ACM, vol. 24, no. 11, pp. 770–772, 1981.
View at: Publisher Site | Google Scholar
R. Amin, N. Kumar, G. Biswas, R. Iqbal, and V. Chang, “A light weight authentication protocol for IoT-enabled devices in distributed cloud computing environment,” Future Generation Computer Systems, vol. 78, pp. 1005–1019, 2018.
View at: Publisher Site | Google Scholar
C. Wang, K. Ding, B. Li et al., “An enhanced user authentication protocol based on elliptic curve cryptosystem in cloud computing environment,” Wireless Communications and Mobile Computing, vol. 2018, Article ID 3048697, 13 pages, 2018.
View at: Publisher Site | Google Scholar
S. Kumari, X. Li, F. Wu, A. K. Das, K. K. R. Choo, and J. Shen, “Design of a provably secure biometrics-based multi-cloud-server authentication scheme,” Future Generation Computer Systems, vol. 68, pp. 320–330, 2017.
View at: Publisher Site | Google Scholar
L. Zhou, X. Li, K. H. Yeh, C. Su, and W. Chiu, “Lightweight IoT-based authentication scheme in cloud computing circumstance,” Future Generation Computer Systems, vol. 91, pp. 244–251, 2019.
View at: Publisher Site | Google Scholar
T. Maitra, S. K. H. Islam, R. Amin, D. Giri, M. K. Khan, and N. Kumar, “An enhanced multi-server authentication protocol using password and smart-card: cryptanalysis and design,” Security and Communication Networks, vol. 9, no. 17, pp. 4615–4638, 2016.
View at: Publisher Site | Google Scholar
R. Martínez-Peláez, H. Toral-Cruz, J. R. Parra-Michel et al., “An enhanced lightweight IoT-based authentication scheme in cloud computing circumstances,” Sensors, vol. 19, no. 9, p. 2098, 2019.
View at: Publisher Site | Google Scholar
S. Yu, K. S. Park, and Y. H. Park, “A secure lightweight three-factor authentication scheme for IoT in cloud computing environment,” Sensors, vol. 19, no. 16, p. 3598, 2019.
View at: Publisher Site | Google Scholar
M. Alam, I. Jahan, L. J. Rosario, and I. Jerin, “A comparative study of RSA and ECC and implementation of ECC on embedded systems,” Algorithms, vol. 1, p. 2, 2016.
View at: Google Scholar
N. Koblitz, “Elliptic curve cryptosystems,” Mathematics of Computation, vol. 48, no. 177, pp. 203–209, 1987.
View at: Publisher Site | Google Scholar
A. T. B. Jin, D. N. C. Ling, and A. Goh, “Biohashing: two factor authentication featuring fingerprint data and tokenised random number,” Pattern Recognition, vol. 37, no. 11, pp. 2245–2255, 2004.
View at: Publisher Site | Google Scholar
I. Khan, S. A. Chaudhry, M. Sher, J. I. Khan, and M. K. Khan, “An anonymous and provably secure biometric-based authentication scheme using chaotic maps for accessing medical drop box data,” The Journal of Supercomputing, vol. 74, no. 8, pp. 3685–3703, 2018.
View at: Publisher Site | Google Scholar
D. Mishra, P. Vijayakumar, V. Sureshkumar, R. Amin, S. K. H. Islam, and P. Gope, “Efficient authentication protocol for secure multimedia communications in IoT-enabled wireless sensor networks,” Multimedia Tools and Applications, vol. 77, no. 14, pp. 18295–18325, 2018.
View at: Publisher Site | Google Scholar
R. Amin and G. P. Biswas, “A novel user authentication and key agreement protocol for accessing multi-medical server usable in tmis,” Journal of Medical Systems, vol. 39, no. 3, p. 33, 2015.
View at: Publisher Site | Google Scholar
J. Moon, Y. Lee, J. Kim, and D. Won, “Improving an anonymous and provably secure authentication protocol for a mobile user,” Security and Communication Networks, vol. 2017, article 1378128, 13 pages, 2017.
View at: Publisher Site | Google Scholar
M. Karuppiah, A. K. Das, X. Li et al., “Secure remote user mutual authentication scheme with key agreement for cloud environment,” Mobile Networks and Applications, vol. 24, no. 3, pp. 1046–1062, 2019.
View at: Publisher Site | Google Scholar
D. Wang, Q. Gu, H. Cheng, and P. Wang, “The request for better measurement: a comparative evaluation of two-factor authentication schemes,” in Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 475–486, Xi’an, China, May 2016.
View at: Publisher Site | Google Scholar
F. Wang, G. Xu, G. Xu, Y. Wang, and J. Peng, “A robust IoT-based three-factor authentication scheme for cloud computing resistant to session key exposure,” Wireless Communications and Mobile Computing, vol. 2020, Article ID 3805058, 15 pages, 2020.
View at: Publisher Site | Google Scholar
B. Blanchet, “Modeling and verifying security protocols with the applied Pi calculus and ProVerif,” Foundations and Trends® in Privacy and Security, vol. 1, no. 1-2, pp. 1–135, 2016.
View at: Publisher Site | Google Scholar
S. A. Chaudhry, M. T. Khan, M. K. Khan, and T. Shon, “A multiserver biometric authentication scheme for tmis using elliptic curve cryptography,” Journal of Medical Systems, vol. 40, no. 11, p. 230, 2016.
View at: Publisher Site | Google Scholar
Q. Xie, B. Hu, X. Tan, M. Bao, and X. Yu, “Robust anonymous two-factor authentication scheme for roaming service in global mobility network,” Wireless Personal Communications, vol. 74, no. 2, pp. 601–614, 2014.
View at: Publisher Site | Google Scholar
Q. Jiang, Z. Chen, B. Li, J. Shen, L. Yang, and J. Ma, “Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems,” Journal of Ambient Intelligence and Humanized Computing, vol. 9, no. 4, pp. 1061–1073, 2018.
View at: Publisher Site | Google Scholar
J. Ryu, H. Lee, H. Kim, and D. Won, “Secure and efficient three-factor protocol for wireless sensor networks,” Sensors, vol. 18, no. 12, p. 4481, 2018.
View at: Publisher Site | Google Scholar
M. Burrows, M. Abadi, and R. M. Needham, “A logic of authentication,” Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences, vol. 426, no. 1871, pp. 233–271, 1989.
View at: Google Scholar
L. Kocarev and S. Lian, Chaos-Based Cryptography: Theory, Algorithms and Applications, Springer Science & Business Media, 2011.
View at: Publisher Site
Y. Zhao, S. Li, L. Jiang, and T. Liu, “Security-enhanced three-factor remote user authentication scheme based on Chebyshev chaotic maps,” International Journal of Distributed Sensor Networks, vol. 15, no. 4, 2019.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2021 Hakjun Lee et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

1078

Downloads

834

Citations

Wireless Communications and Mobile Computing

Security, Trust and Privacy in Internet of Things

Secure Three-Factor Anonymous User Authentication Scheme for Cloud Computing Environment

Abstract

1. Introduction

1.1. Motivations

1.2. Organization of the Paper

2. Preliminary

2.1. Network Model

2.2. Elliptic Curve Cryptography

2.3. Bio-Hash Function

2.4. Adversarial Model

3. Proposed Scheme

3.1. User Registration Phase

3.2. Registration Phase for Cloud Server

3.3. Login and Authentication Phase

3.4. Password Change Phase

3.5. Identity Update Phase

4. Security Comparison with the Related Scheme

5. Informal Analysis of the Proposed Scheme

5.1. User Anonymity

5.2. User Untraceability

5.3. Resistance to Stolen-Device Attack

5.4. Mutual Authentication and Session Key Agreement

5.5. Verification of Session Key

5.6. Resistance to User-Impersonation Attack

5.7. Resistance to Replay Attack

5.8. Local User Verification

5.9. Resistance to Privileged-Insider Attack

5.10. Forward Secrecy

5.11. Resistance to Stolen-Verifier Attack

5.12. User-Friendly Password Change

5.13. Providing Identity Update Phase

6. Formal Analysis of the Proposed Scheme

6.1. ProVerif

6.2. BAN Logic

7. Performance Analysis

8. Conclusion

Appendix

A. Wang et al.’s Authentication Scheme [15]

B. Kumari et al.’s Authentication Scheme [16]

C. Martínez-Peláez et al.’s Authentication Scheme [19]

D. Wang et al.’s Authentication Scheme [30]

Data Availability

Conflicts of Interest

Acknowledgments

References

Copyright