Research On User Authentication And Security Transmission For Mobile Cloud Computing

The mobile cloud computing is the deep fusion of the mobile Internet and the cloud computing,which provides more mobile cloud services to customers.At the same time,compared to the traditional cloud service,mobile computing brings broader and more complex security and privacy protection problem.The mobile cloud computing environment puts forward new requirements on the security,convenience and privacy protection of identity authentication.In allusion to the identity authentication in the mobile cloud computing environment,this paper focuses on two aspects.On the one hand,this paper proposes a method named MTSAS(Multifactor Two-Server Authentication Scheme),specific to the security problem caused by the fingerprint information leakage of server-side in the mobile payment scenario.The MTSAS enhances the security level of the user's fingerprint information as well as reduces the user's password dependency.On the other hand,in order to make sure the security of data's transmission,as well as to solve the conflict between the resource-constrained mobile terminal and the requirement that users need to transmit large amounts of data,this paper proposes a scheme named FREDP(File Remotely keyed Encryption and Data Protection).The FREDP transfers the storage and computing burden in the mobile terminal to the trusted third party—the private clouds.In this way,the FREDP improves the confidentiality of the encryption key.At the same time,it ensures the security of user data transmission.The MTSAS implements the local storage of the fingerprint information and the local verification of the user identity to improve the security of the user fingerprint information.Firstly,we fully analyze user's authentication requirements and select password,DVC(Dynamic Verification Code)and fingerprint as authentication factors.Secondly,the server side adopts the mode of the two-server to share the security risk and guarantee the stability and robustness of server services.Thirdly,we design detailed procedures of the user authentication.We distinguish basic authentication and transaction authentication based on the user authentication scenario.Basic authentication provides weak authentication based on user name and password to emphasize convenience.And transaction authentication adopts multi-factor authentication to ensure high-level security in the transaction process.Fourthly,the security of the MTSAS is formally proved by the BAN.Finally,MTSAS is implemented based on the FIDO UAF framework.We design two control experiments to test the performance of the proposed scheme in two aspects,including single factor and multi-factor,single server and two-server.The FREDP transfers the storage and computing burden in the mobile terminal to the trusted third party—the private clouds.And the private clouds are not permitted to know the encryption key to ensure the confidentiality of the encryption key and the security of data transmission.Firstly of all,the private clouds,playing a role as "computing device",collaborate with the mobile terminal's encryption key to complete the remotely keyed encryption process to generate the ciphertext and the integrity verification table.After that,the private clouds share the ciphertext to the public clouds.Next,the private clouds act as “verification device” to verify the integrity of the ciphertext in the public clouds regularly.At last,when the mobile terminal user needs to use the data in the public clouds,the public clouds transfer the ciphertext back to the private clouds.The process of private clouds cooperating with the mobile terminal to complete the remotely keyed decryption,gets the plaintext,which can ensure the security of user using data.What's more,we prove the security of the FREDP by the formal proof method and we design an experiment to verify the correctness and performance of the FREDP.