Research On Authentication Protocol In Mobile Cloud Computing

In recent years,various information systems based on mobile cloud computing have developed rapidly.The migration of resource-intensive computing and storage from mobile terminals to the cloud can not only improve terminal performance significantly,but also reduce the energy consumption and expand terminal computing as well as the storage capabilities effectively.Along with the popularity of mobile cloud computing information systems,the security of mobile cloud platforms has also attracted widespread attention in the academic community.Mobile cloud computing has the characteristics of limited resources,complex network heterogeneity and high data privacy protection,which results in more threats and challenges to mobile cloud environment.As the first safeguard for information platforms,identity authentication has become an effective technology to protect the security of mobile cloud computing.In the mobile cloud environment,mobile communication is highly vulnerable to the eavesdropping and tampering due to the low computing capability of the terminal.So the traditional remote authentication schemes are inadaptable,and new protocols conforming to the mobile cloud environment are urgently expected.In this paper,the author mainly studies the authentication protocols in two types of mobile clouds: one is for mobile users,and the other for mobile terminal devices.Due to the lack of threat model and evaluation criteria,existing authentication protocols for mobile cloud are still under the threats of multiple attacks,and hence cannot guard the security effectively.Here,the two-factor,multi-factor and terminal RFID authentications of mobile cloud computing are studied on the basis of public key cryptographic techniques,biometric authentication techniques and formal security analysis.The main contributions are as follows.1.Password-based remote authentication protocols in traditional envrionments are analyzed.Firstly,the classification and security targets are proposed,and common attacks are summarized.Secondly,six typical protocols for remote user identity authentication are analyzed from the perspectives of cryptographic techniques and network environments,as a result,some security loopholes are pointed out,including failure in forward security,incapability of preventing smart card replication,and vulnerability to the offline guess attacks,impersonation attacks as well as DoS attacks.The results show that existing password-based remote authentication protocols can hardly achieve the ideal security requirements,so a secure protocol is still await now.Combined with common attacks,the root causes of the above loopholes are analyzed,providing a theoretical basis for subsequent research on mobile cloud authentication protocols.2.According to the characteristics of mobile cloud computing environment,a twofactor authentication security model of mobile cloud environment is established,and a two-factor user authentication protocol using password and NFC technology is proposed.Firstly,the security model and the targets of the two-factor authentication protocols are proposed,and then two types of authentication scenarios based on NFC technology are defined.Secondly,based on the above model and hypothesis,a twofactor authentication protocol(PAKE-NFC)is proposed on the basis of password and NFC,which closes the loopholes within the protocols of Wang et al.and Xie.This protocol uses DSA signature and discrete logarithm to protect the authentication security.Finally,this protocol is heuristically and formally analyzed with the ECCROM model and BAN logic.The results show that the PAKE-NFC protocol can realize two-way authentication and forward security,and can resist some typical attacks,including session key control attacks and offline password guessing attacks.It meets the lightweight computing requirements of the mobile terminal and does not require additional devices.So it has good availability and can be applied to cloud platforms such as mobile cloud social networking,mobile cloud home and mobile cloud storage.3.Taking mobile medical cloud(which is generally in need of higher seurity)for example,the security model and evaluation indexes of the three-factor user authentication protocols are established,and a concrete protocol based on biological characteristics is proposed.Firstly,a security model for three-factor authentication in mobile medical cloud and and 16 evaluation standards are established,which provides an important basis for the reasonable assessments of relerant protocols.Secondly,the threats of internal attacks and offline password guessing attacks in Das medical authentication protocol are cleared away,and a password-based three-factor authentication protocol(PAKE-BIO)for mobile medical cloud environment is proposed on the baiss of intelligent terminal and biometric features.Based on the 16 evaluation standards,the PAKE-BIO protocol is heuristically analyzed.Besides,the formal analysis and simulation of the protocol are carried out with BAN logic and AVISAP.The results show that the PAKE-BIO protocol is secure and can resist common attacks,including internal attacks,server spoofing attacks,password guessing attacks,and smart device loss attacks.It realizes anonymous user identity and unlinkability,and hence protects user provacy effectively.Finally,performance analysis shows that,compared with other protocols in the medical field,the PAKE-BIO protocol not only reaches identity anonymity and relevant security requirements,but also provides better performance in computing and communication,fully meeting the above evaluation standards.4.The terminal RFID authentication in mobile cloud environment is studied.Firstly,the cloud-based RFID mutual authentication protocol of Fan et al.is analyzed,and some defects including the vulnerability to reader's impersonation attack and excessive overhead of tag calculation,are pointed out.Secondly,the existing low-cost untrackable authentication protocols are improved,and the untrackability of the improved one is strictly proven.Finally,based on the above research,a low-cost RFID mutual authentication protocol in the mobile cloud environment,MCC-LCAP,is proposed.Security and performance analysis show that the MCC-LCAP protocol provides good performance under the premise of meeting security requirements,and is suitable for ubiquitous RFID terminal authentication in mobile cloud scenarios.