SpringerLink
Log in

A novel ECC-based provably secure and privacy-preserving multi-factor authentication protocol for cloud computing

  • Regular Paper
  • Published:
Computing Aims and scope Submit manuscript

Abstract

The widespread adoption of cloud computing enables the end-users to leverage convenient sharing, unlimited storage and on-demand access to big data. The extensive combination of servers, networks, users and resources necessitate secure mutual authentication protocol to verify the legitimacy of users for cloud services. Recently, Sahoo et al. and Chen et al. proposed multi-factor mutual authentication and key agreement (MAKA) protocols. However, we identify that Sahoo et al.’s protocol is prone to user linkability, replay and denial-of-service (DoS) attacks. Also, Chen et al.’s protocol is vulnerable to user linkability and known session-specific temporary information (KSSTI) attack. To mitigate these vulnerabilities, we propose a novel elliptic curve cryptography (ECC) based provably secure and privacy-preserving multi-factor authentication protocol for cloud environment. Our protocol delivers user anonymity, unlinkability, perfect forward secrecy, session key security as security and privacy authentication features. The security of our protocol is proved theoretically under Real-Or-Random (ROR) model. We validate the correctness properties of our protocol under Scyther security verification tool. The informal security analysis illustrates that our protocol resists various security attacks such as replay, DoS, KSSTI, user impersonation, server spoofing, password-guessing and privileged insider. Finally, we compare our protocol with Sahoo et al., Chen et al. and other existing relevant protocols regarding security features, communication, and computation overheads. The results illustrate that our protocol exhibits high security with reasonable communication and computational overheads than other existing relevant protocols.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Subramanian N, Jeyaraj A (2018) Recent security challenges in cloud computing. Computers Electric Eng 71:28–42. https://doi.org/10.1016/j.compeleceng.2018.06.006

    Article  Google Scholar 

  2. Roy S, Chatterjee S, Das AK, Chattopadhyay S, Kumar N, Vasilakos AV (2017) On the design of provably secure lightweight remote user authentication scheme for mobile cloud computing services. IEEE Access 5:25808–25825. https://doi.org/10.1109/ACCESS.2017.2764913

    Article  Google Scholar 

  3. Ibrahim M, Iqbal MA, Aleem M, Islam MA (2018) Sim-cumulus: an academic cloud for the provisioning of network-simulation-as-a-service (nsaas), IEEE Access 6:27313–27323

  4. Ibrahim M, Imran M, Jamil F, Lee YJ, Kim D-H (2021) Eama: efficient adaptive migration algorithm for cloud data centers (cdcs). Symmetry 13(4):690

    Article  Google Scholar 

  5. Arasan A, Sadaiyandi R, Al-Turjman F, Rajasekaran AS, Karuppuswamy KS (2021) Computationally efficient and secure anonymous authentication scheme for cloud users. Pers Ubiquitous Comput. https://doi.org/10.1007/s00779-021-01566-9

    Article  Google Scholar 

  6. Prabha KM, Saraswathi PV (2020) Suppressed k-anonymity multi-factor authentication based schmidt-samoa cryptography for privacy preserved data access in cloud computing. Computer Commun 158:85–94. https://doi.org/10.1016/j.comcom.2020.04.057

    Article  Google Scholar 

  7. Singh A, Chatterjee K (2017) Cloud security issues and challenges: a survey. J Netw Computer Appl 79:88–115. https://doi.org/10.1016/j.jnca.2016.11.027

    Article  Google Scholar 

  8. Tabrizchi H, Rafsanjani MK (2020) A survey on security challenges in cloud computing: issues, threats, and solutions. J Supercomput 76(12):9493–9532. https://doi.org/10.1007/s11227-020-03213-1

    Article  Google Scholar 

  9. Gwoboa H (1995) Password authentication without using a password table. Information Process Lett 55(5):247–250. https://doi.org/10.1016/0020-0190(95)00087-S

    Article  MATH  Google Scholar 

  10. Fan L, Li JH, Zhu HW (2002) An enhancement of timestamp-based password authentication scheme. Computers Secur 21(7):665–667. https://doi.org/10.1016/S0167-4048(02)01118-5

    Article  Google Scholar 

  11. Lin CW, Tsai CS, Hwang MS (2006) A new strong-password authentication scheme using one-way hash functions. J Computer Syst Sci Int 45(4):623–626. https://doi.org/10.1134/S1064230706040137

    Article  MathSciNet  MATH  Google Scholar 

  12. Farash MS, Attari MA (2014) An efficient client-client password-based authentication scheme with provable security. J Supercomput 70(2):1002–1022. https://doi.org/10.1007/s11227-014-1273-z

    Article  Google Scholar 

  13. Jia X, He D, Kumar N, Choo KKR (2019) Authenticated key agreement scheme for fog-driven IoT healthcare system. Wirel Netw 25(8):4737–4750. https://doi.org/10.1007/s11276-018-1759-3

    Article  Google Scholar 

  14. Yang Y, Deng RH, Bao F (2006) A practical password-based two-server authentication and key exchange system. IEEE Transactions Depend Secure Comput 3(2):105–114. https://doi.org/10.1109/TDSC.2006.16

    Article  Google Scholar 

  15. Kim HS, Choi JY (2009) Enhanced password-based simple three-party key exchange protocol. Computers Electric Eng 35(1):107–114. https://doi.org/10.1016/j.compeleceng.2008.05.007

    Article  MATH  Google Scholar 

  16. Amin R, Biswas G (2015) Cryptanalysis and design of a three-party authenticated key exchange protocol using smart card. Arabian J Sci Eng 40(11):3135–3149. https://doi.org/10.1007/s13369-015-1743-5

    Article  MathSciNet  MATH  Google Scholar 

  17. Tsai JL, Lo NW, Wu TC (2012) Novel anonymous authentication scheme using smart cards. IEEE Transactions Indus Informatics 9(4):2004–2013. https://doi.org/10.1109/TII.2012.2230639

    Article  Google Scholar 

  18. Leu JS, Hsieh WB (2013) Efficient and secure dynamic id-based remote user authentication scheme for distributed systems using smart cards. IET Information Secur 8(2):104–113. https://doi.org/10.1049/iet-ifs.2012.0206

    Article  Google Scholar 

  19. Chen BL, Kuo WC, Wuu LC (2014) Robust smart-card-based remote user password authentication scheme. Int J Commun Syst 27(2):377–389. https://doi.org/10.1002/dac.2368

    Article  Google Scholar 

  20. Giri D, Maitra T, Amin R, Srivastava P (2015) An efficient and robust rsa-based remote user authentication for telecare medical information systems. J Med Syst 39(1):1–9. https://doi.org/10.1007/s10916-014-0145-7

    Article  Google Scholar 

  21. Maitra T, Obaidat MS, Islam SH, Giri D, Amin R (2016) Security analysis and design of an efficient ECC-based two-factor password authentication scheme. Secur Commun Netw 9(17):4166–4181. https://doi.org/10.1002/sec.1596

    Article  Google Scholar 

  22. Sun HM (2000) An efficient remote use authentication scheme using smart cards. IEEE Transactions Consumer Electron 46(4):958–961. https://doi.org/10.1109/30.920446

    Article  Google Scholar 

  23. Lu R, Cao Z (2005) Efficient remote user authentication scheme using smart card. Computer Netw 49(4):535–540. https://doi.org/10.1016/j.comnet.2005.01.013

    Article  MATH  Google Scholar 

  24. Xu J, Zhu WT, Feng DG (2009) An improved smart card based password authentication scheme with provable security. Computer Stand Interfaces 31(4):723–728. https://doi.org/10.1016/j.csi.2008.09.006

    Article  Google Scholar 

  25. Guo D, Wen F (2014) Analysis and improvement of a robust smart card based-authentication scheme for multi-server architecture. Wirel Pers Commun 78(1):475–490. https://doi.org/10.1007/s11277-014-1762-7

    Article  Google Scholar 

  26. Tan Z (2016) A privacy-preserving multi-server authenticated key-agreement scheme based on chebyshev chaotic maps. Secur Commun Netw 9(11):1384–1397. https://doi.org/10.1002/sec.1424

    Article  Google Scholar 

  27. Ma CG, Wang D, Zhao SD (2014) Security flaws in two improved remote user authentication schemes using smart cards. Int J Commun Syst 27(10):2215–2227. https://doi.org/10.1002/dac.2468

    Article  Google Scholar 

  28. **e Q, Wong DS, Wang G, Tan X, Chen K, Fang L (2017) Provably secure dynamic id-based anonymous two-factor authenticated key exchange protocol with extended security model. IEEE Transactions Information Forensic Secur 12(6):1382–1392. https://doi.org/10.1109/TIFS.2017.2659640

    Article  Google Scholar 

  29. Wen F, Susilo W, Yang G (2015) Analysis and improvement on a biometric-based remote user authentication scheme using smart cards. Wirel Pers Commun 80(4):1747–1760. https://doi.org/10.1007/s11277-014-2111-6

    Article  Google Scholar 

  30. Irshad A, Sher M, Chaudhry SA, **e Q, Kumari S, Wu F (2018) An improved and secure chaotic map based authenticated key agreement in multi-server architecture. Multimedia Tools Appl 77(1):1167–1204. https://doi.org/10.1007/s11042-016-4236-y

    Article  Google Scholar 

  31. Chaudhry SA, Naqvi H, Farash MS, Shon T, Sher M (2018) An improved and robust biometrics-based three factor authentication scheme for multiserver environments. J Supercomput 74(8):3504–3520. https://doi.org/10.1007/s11227-015-1601-y

    Article  Google Scholar 

  32. Masdari M, Ahmadzadeh S (2017) A survey and taxonomy of the authentication schemes in telecare medicine information systems. J Netw Computer Appl 87:1–19. https://doi.org/10.1016/j.jnca.2017.03.003

    Article  Google Scholar 

  33. He D, Kumar N, Chilamkurti N, Lee JH (2014) Lightweight ECC based RFID authentication integrated with an id verifier transfer protocol. J Med Syst 38(10):1–6. https://doi.org/10.1007/s10916-014-0116-z

    Article  Google Scholar 

  34. Singh S, Jeong YS, Park JH (2016) A survey on cloud computing security: issues, threats, and solutions. J Netw Computer Appl 75:200–222. https://doi.org/10.1016/j.jnca.2016.09.002

    Article  Google Scholar 

  35. Fan CI, Lin YH (2009) Provably secure remote truly three-factor authentication scheme with privacy protection on biometrics. IEEE Transactions Information Forensics Secur 4(4):933–945. https://doi.org/10.1109/TIFS.2009.2031942

    Article  Google Scholar 

  36. Li CT, Hwang MS (2010) An efficient biometrics-based remote user authentication scheme using smart cards. J Netw Computer Appl 33(1):1–5. https://doi.org/10.1016/j.jnca.2009.08.001

    Article  Google Scholar 

  37. Li X, Niu JW, Ma J, Wang W-D, Liu CL (2011) Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J Netw Computer Appl 34(1):73–79. https://doi.org/10.1016/j.jnca.2010.09.003

    Article  Google Scholar 

  38. Das AK (2011) Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Information Secur 5(3):145–151. https://doi.org/10.1049/iet-ifs.2010.0125

    Article  Google Scholar 

  39. An Y (2012) Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards. J Biomed Biotechnol. https://doi.org/10.1155/2012/519723

    Article  Google Scholar 

  40. Li X, Niu J, Khan MK, Liao J, Zhao X (2016) Robust three-factor remote user authentication scheme with key agreement for multimedia systems. Secur Commun Netw 9(13):1916–1927. https://doi.org/10.1002/sec.961

    Article  Google Scholar 

  41. Mishra D, Kumari S, Khan MK, Mukhopadhyay S (2017) An anonymous biometric-based remote user-authenticated key agreement scheme for multimedia systems. Int J Commun Syst. https://doi.org/10.1002/dac.2946

    Article  Google Scholar 

  42. Zhou L, Li X, Yeh KH, Su C, Chiu W (2019) Lightweight IoT-based authentication scheme in cloud computing circumstance. Future Gener Computer Syst 91:244–251. https://doi.org/10.1016/j.future.2018.08.038

    Article  Google Scholar 

  43. Martínez-Peláez R, Toral-Cruz H, Parra Michel JR, García V, Mena LJ, Félix VG, Ochoa Brust A (2019) An enhanced lightweight iot-based authentication scheme in cloud computing circumstances. Sensors 19(9):2098. https://doi.org/10.3390/s19092098

    Article  Google Scholar 

  44. Wang F, Xu G, Xu G, Wang Y, Peng J (2020) A robust IoT-based three-factor authentication scheme for cloud computing resistant to session key exposure. Wireless Commun Mobile Comput. https://doi.org/10.1155/2020/3805058

    Article  Google Scholar 

  45. Lee H, Kang D, Lee Y, Won D (2021) Secure three-factor anonymous user authentication scheme for cloud computing environment. Wireless Commun Mobile Comput. https://doi.org/10.1155/2021/2098530

    Article  Google Scholar 

  46. Kumari A, Jangirala S, Abbasi MY, Kumar V, Alam M (2020) ESEAP: ECC based secure and efficient mutual authentication protocol using smart card. J Information Secur Appl. https://doi.org/10.1016/j.jisa.2019.102443

    Article  Google Scholar 

  47. Safkhani M, Bagheri N, Kumari S, Tavakoli H, Kumar S, Chen J (2020) RESEAP: an ECC-based authentication and key agreement scheme for IoT applications. IEEE Access 8:200851–200862. https://doi.org/10.1109/ACCESS.2020.3034447

    Article  Google Scholar 

  48. Ali Z, Hussain S, Rehman RHU, Munshi A, Liaqat M, Kumar N, Chaudhry SA (2020) ITSSAKA-MS: an improved three-factor symmetric-key based secure aka scheme for multi-server environments. IEEE Access 8:107993–108003. https://doi.org/10.1109/ACCESS.2020.3000716

    Article  Google Scholar 

  49. Yu S, Park Y (2020) Comments on “ITSSAKA-MS: An improved three-factor symmetric-key based secure aka scheme for multi-server environments’’. IEEE Access 8:193375–193379. https://doi.org/10.1109/ACCESS.2020.3032959

    Article  Google Scholar 

  50. Chen CL, Lee CC, Hsu CY (2012) Mobile device integration of a fingerprint biometric remote authentication scheme. Int J Commun Syst 25(5):585–597. https://doi.org/10.1002/dac.1277

    Article  Google Scholar 

  51. Yeh HL, Chen TH, Hu KJ, Shih WK (2013) Robust elliptic curve cryptography-based three factor user authentication providing privacy of biometric data. IET Information Secur 7(3):247–252. https://doi.org/10.1049/iet-ifs.2011.0348

    Article  Google Scholar 

  52. Khan MK, Kumari S, Gupta MK (2014) More efficient key-hash based fingerprint remote authentication scheme using mobile device. Computing 96(9):793–816. https://doi.org/10.1007/s00607-013-0308-2

    Article  MathSciNet  Google Scholar 

  53. Wu F, Xu L, Kumari S, Li X (2015) A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client-server networks. Computers Electric Eng 45:274–285. https://doi.org/10.1016/j.compeleceng.2015.02.015

    Article  Google Scholar 

  54. Jiang Q, Khan MK, Lu X, Ma J, He D (2016) A privacy preserving three-factor authentication protocol for e-health clouds. J Supercomput 72(10):3826–3849. https://doi.org/10.1007/s11227-015-1610-x

    Article  Google Scholar 

  55. Mir O, Nikooghadam M (2015) A secure biometrics based authentication with key agreement scheme in telemedicine networks for e-health services. Wirel Pers Commun 83(4):2439–2461. https://doi.org/10.1007/s11277-015-2538-4

    Article  Google Scholar 

  56. Chaudhry SA, Naqvi H, Khan MK (2018) An enhanced lightweight anonymous biometric based authentication scheme for tmis. Multimedia Tools Appl 77(5):5503–5524. https://doi.org/10.1007/s11042-017-4464-9

    Article  Google Scholar 

  57. Qi M, Chen J (2018) New robust biometrics-based mutual authentication scheme with key agreement using elliptic curve cryptography. Multimedia Tools Appl 77(18):23335–23351. https://doi.org/10.1007/s11042-018-5683-4

    Article  Google Scholar 

  58. Sahoo SS, Mohanty S, Majhi B (2020) Improved biometric-based mutual authentication and key agreement scheme using ECC. Wirel Pers Commun 111(2):991–1017. https://doi.org/10.1007/s11277-019-06897-8

    Article  Google Scholar 

  59. Chen Y, Chen J (2021) A secure three-factor-based authentication with key agreement protocol for e-health clouds. J Supercomput 77(4):3359–3380. https://doi.org/10.1007/s11227-020-03395-8

    Article  MathSciNet  Google Scholar 

  60. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Transactions Information Theory 29(2):198–208. https://doi.org/10.1109/TIT.1983.1056650

    Article  MathSciNet  MATH  Google Scholar 

  61. Sahoo SS, Mohanty S, Majhi B (2021) A secure three factor based authentication scheme for health care systems using IoT enabled devices. J Ambient Intell Humanized Comput 12(1):1419–1434. https://doi.org/10.1007/s12652-020-02213-6

    Article  Google Scholar 

  62. Dua A, Kumar N, Das AK, Susilo W (2017) Secure message communication protocol among vehicles in smart city. IEEE Transactions Veh Technol 67(5):4359–4373. https://doi.org/10.1109/TVT.2017.2780183

    Article  Google Scholar 

  63. He D, Kumar N, Lee JH (2016) Privacy-preserving data aggregation scheme against internal attackers in smart grids. Wirel Netw 22(2):491–502. https://doi.org/10.1007/s11276-015-0983-3

    Article  Google Scholar 

  64. Cremers C J (2008) The Scyther Tool: verification, falsification, and analysis of security protocols, in: International Conference on Computer Aided Verification, Springer, pp. 414–418, https://doi.org/10.1007/978-3-540-70545-1_38

  65. Cremers CJF (2006) Scyther: Semantics and verification of security protocols, Eindhoven university of Technology Eindhoven. Netherlands. https://doi.org/10.6100/IR614943

Download references

Funding

No funding was received to assist with the preparation of this manuscript.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Sardar Vallabhbhai National Institute of Technology, Surat, Gujarat, 395007, India

    Shivangi Shukla & Sankita J. Patel

Authors
  1. Shivangi Shukla
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sankita J. Patel
    View author publications

    You can also search for this author in PubMed Google Scholar

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Shukla, S., Patel, S.J. A novel ECC-based provably secure and privacy-preserving multi-factor authentication protocol for cloud computing. Computing 104, 1173–1202 (2022). https://doi.org/10.1007/s00607-021-01041-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00607-021-01041-6

Keywords

Mathematics Subject Classification

Search

Navigation