EFFICIENT PRIVACY-AWARE AUTHENTICATION SCHEME FOR MOBILE CLOUD COMPUTING SERVICES
With the exponential increase of the mobile devices and the fast development of cloud computing, a new computing paradigm called mobile cloud computing (MCC) is put forward to
solve the limitation of the mobile device’s storage, communication, and computation. Through mobile devices, users can enjoy various cloud computing services during their mobility. However, it is difficult to ensure security and protect privacy due to the openness of wireless communication in the new computing paradigm. Recently, Tsai and Lo proposed a privacy-aware authentication (PAA) scheme to solve the identification problem in MCC services and proved that their scheme was able to resist many kinds of existing attacks. Unfortunately, we found that Tsai and Lo’s scheme cannot resist the service provider impersonation attack, i.e., an adversary can impersonate the service provider to the user. Also, the adversary can extract the user’s real identity during executing the service provider impersonation attack. To address the above problems, in this paper, we construct a new PAA scheme for MCC services by using an identity-based signature scheme. Security analysis shows that the proposed PAA scheme is able to address the serious security problems existing in Tsai and Lo’s scheme and can meet security requirements for MCC services. The performance evaluation shows that the proposed PAA scheme has less computation and communication costs compared with Tsai and Lo’s PAA scheme.
Index Terms—Anonymity, authentication scheme, mobile cloud
computing (MCC), privacy, provable security.
DUE to the deployment of wireless communication technologies and the popularity of mobile devices (such as laptop, intelligent mobile phone, and tablet PC), we can access the Internet services during mobility. This brings much convenience to our daily life as we can enjoy many kinds of network services anywhere and anytime.With users’ increasing demand of high services quality, a huge amount of data should be processed in time by his/her mobile device. However, the mobile devices’ resources (such as storage, computation, and communication capabilities) are limited and they cannot satisfy users’ requirement. This weakness has become a performance bottleneck of various applications based on mobile devices. In the past several years, the cloud computing developed rapidly as one of the powerful network technologies. Through the resource visualization technology, the cloud computing is able to provide convenient and cheap services to users’ in a pay-as-you-go mode . For example, we can get some cloud storage services freely from many famous cloud service providers (CSPs) such as Baidu and Google. A new digital ecosystem called the mobile cloud computing (MCC) emerged recently, where the mobile computing is integrated with cloud computing platforms. With this integration, the resourceconstrained problems of mobile devices could be addressed successfully.With the increase of MCC services’ types, the distributed MCC is also employed in practical applications, where many kinds of CSPs are able to provide different types of cloud services to users’ , . A typical architecture of MCC services is illustrated
To achieve mutual authentication (MA) in open networks, Lamport proposed the first authentication scheme for the single server environment. However, Lamport’s scheme is not able to resist the replay attack and the impersonation attack. In order to improve security, several password-based authentication schemes are proposed. Compared with Lamport’s scheme, those schemes have many advantages. However, each server in those schemes has to maintain a verifier table to achieve the MA. The adversary may impersonate the user or the server when he/she steals verifier tables. Besides, those above schemes suffer from the denial of service attack if the adversary modifies the verifier table maliciously. To remove the serious weaknesses, it is necessary to design authentication schemes without any verifier table. Hwang and Li designed the first authentication scheme by using both the password and the smart card. Compared with previous authentication schemes, no verifier table is needed in their scheme. Therefore, Hwang and Li’s scheme has better security. To get better performance, Sun proposed an efficient scheme based on Hwang and Li’s work. However, neitherHwang and Li’s scheme nor Sun’s scheme achieve the MA. To achieve better security and performance, many authentication schemes using both the password and the smart card were proposed in the last decades. However, those schemes cannot be directly used in MCC services environment because many CSP exist in MCC services environment and the user has to register in every CSP repeatedly. The user not only has to put extra efforts in remembering many passwords and identities, but also wastes a lot of time to execute repeated registration. To solve the two weaknesses, the concept of the authentication scheme for multiserver environment was introduced recently, where the user just needs to register in the registration center.
Due to highly dynamic nature of mobile devices in the MCC environment, the traditional authentication schemes are not suitable for various services in this environment. To solve the security problem in MCC services, Tsai and Lo proposed an efficient PAA scheme for the MCC services by using the bilinear pairing. This paper points out that Tsai and Lo’s PAA scheme is vulnerable to a serious attack and is not able to support user anonymity. To solve such serious weaknesses, the paper proposes a new PAA scheme for MCC services. Security analysis shows that our proposed PAA scheme can solve the security problem existing in Tsai and Lo’s PAA scheme. Besides, the performance analysis shows that our proposed PAA scheme has better performance than their PAA scheme. In the future, we will explore more attributes of the proposed scheme, which can be applied for secure service access in MCC environment.
 M. Satyanarayanan, “Fundamental challenges in mobile computing,” in Proc. 15th Annu. ACM Symp. Princ. Distrib. Comput., 1996, pp. 1–7.
 Z. Fu, X. Sun, Q. Liu, L. Zhou, and J. Shu, “Achieving efficient cloud arch services: Multi-keyword ranked search over encrypted cloud data supporting parallel computing,” IEICE Trans. Commun., vol. 98, no. 1, pp. 190–200, 2015.
 Z. Xia, X. Wang, X. Sun, and Q. Wang, “A secure and dynamic multikeyword ranked search scheme over encrypted cloud data,” IEEE Trans. Parallel Distrib. Syst., vol. 27, no. 2, pp. 340–352, Feb. 2016.
 M. Armbrust et al., “A view of cloud computing,” Commun. ACM, vol. 53, no. 4, pp. 50–58, 2010.
 A. Lin and N.-C. Chen, “Cloud computing as an innovation: Percepetion, attitude, and adoption,” Int. J. Inf. Manag., vol. 32, no. 6, pp. 533–540, 2012.
 Z. Fu, K. Ren, J. Shu, X. Sun, and F. Huang, “Enabling personalized search over encrypted outsourced data with efficiency improvement,” IEEE Trans. Parallel Distrib. Syst., vol. 27, no. 9, pp. 2546–2559, Sep. 2016.
 Y. Ren, J. Shen, J. Wang, J. Han, and S. Lee, “Mutual verifiable provable data auditing in public cloud storage,” J. Internet Technol., vol. 16, no. 2, pp. 317–323, 2015.
 L. Lamport, “Password authentication with insecure communication,” Commun. ACM, vol. 24, no. 11, pp. 770–772, 1981.
 E.-J. Yoon, K.-Y. Yoo, C. Kim, Y.-S. Hong, M. Jo, and H.-H. Chen, “A secure and efficient sip authentication scheme for converged VOIP networks,” Comput. Commun., vol. 33, no. 14, pp. 1674–1681, 2010.
 R. Arshad and N. Ikram, “Elliptic curve cryptography based mutual authentication scheme for session initiation protocol,” Multimedia Tools Appl., vol. 66, no. 2, pp. 165–178, 2013.