An improved authentication protocol for distributed mobile cloud computing services: Fid-Bau Portal

An improved authentication protocol for distributed mobile cloud computing services

Jannati, Hoda / Bahrak, Behnam

Abstract Cloud computing is a popular network access model for the transparent and ubiquitous sharing of services and computing resources among customers by service providers. In the critical infrastructure domain, cloud computing is used by governments for applications such as revenue collection to improve operations and achieve cost savings. Although cloud computing systems promise convenience, they threaten the privacy of users who transfer their applications to the cloud. In order to prevent illegal access, it is imperative that cloud providers implement secure authentication schemes.Tsai and Lo have recently proposed an efficient authentication protocol based on a bilinear pairing cryptosystem for use in distributed mobile cloud computing services. They claim that the protocol provides mutual authentication and privacy to users, and also generates and exchanges session keys for each pair of communicating parties. This paper analyzes the security of the authentication protocol and demonstrates that the protocol is vulnerable to impersonation attacks and does not provide user anonymity and untraceability to users. The improved protocol presented in this paper prevents impersonation attacks and provides user anonymity and untraceability with only slight performance degradation.