As a new pattern of computing paradigm, cloud computing enables the users to transfer their work to the cloud. The tremendous storage and computing resources provided by the cloud liberate the users from the shortage of local resources. However, as the adoption of cloud computing is emerging rapidly, the security and privacy issues are still significant challenges. In cloud environment, a user accesses to the cloud server through open networks. Thus a variety of attacks can be launched if a secure channel is not established. Furthermore, user’s sensitive personal information may be revealed if user’s identity is exposed to an attacker during the agreement procedure. Therefore, user anonymity is also an important concern in cloud environment. In this paper, we first show several weaknesses of an existing anonymous remote user authentication and key agreement protocol for cloud computing, then we propose a new one. The new protocol enables a user and a cloud server to authenticate each other anonymously and establish a secure channel between them. Thus, only the user and the cloud server may learn the messages exchanged and no entity except themselves can learn the real identities of the message senders. |