Efficient password-based two factors authentication in cloud computing

Abstract

Security threats are considered the main barrier that precluded potential users from reaping the compelling benefits of the cloud computing model. Unfortunately, traditional password authentication jeopardizes user privacy. Anonymous password authentication (APA) represents a promising method to maintain users' privacy. However, the major handicap that faces the deployment of APA is the high computation cost and inherent shortcomings of conventional password schemes. In our proposed scheme, we present a new setting where users do not need to register their passwords to service provider. They are supplied with the necessary credential information from the data owner. Furthermore, for enabling the service provider to know the authorized users, data owner provides the service provider with some secret identity information that is derived from the pair (username/password) of each user. Our approach shows good results in terms of high scalability which makes our scheme more suitable to the cloud environment, strong authentication that withstands different known attacks.