A novel and provably secure mutual authentication protocol for cloud environment using elliptic curve cryptography and fuzzy verifier

Abstract

Cloud computing is an emerging paradigm that enables on-demand data storage without considering the local infrastructure limitations of end-users. The extensive growth in number of servers, resources, and networks intensifies security and privacy concerns in clouds. This necessitates secure mutual authentication and key agreement mechanism to verify the legitimacy of participating entities. In accordance, several authentication protocols have been designed to authenticate end-users over insecure channels. This article presents security analysis of recent protocols that claim to render security and privacy features. We demonstrate that Kaur et al.'s protocol is vulnerable to replay attack, Dharminder et al.'s protocol is prone to user traceability and known session-specific temporary information (KSSTI) attacks, and Bouchaala et al.'s protocol is prone to replay and KSSTI attacks. To withstand the aforementioned attacks, we propose an enhanced protocol based on fuzzy verifier and elliptic curve cryptography for clouds. Our protocol safeguards against security attacks while providing privacy functionalities. The security analysis is illustrated under real-or-random model, and correctness is verified under the Scyther security verification tool. Finally, comparative analysis with existing protocols shows that our protocol delivers robust security with reasonable computational and communication overheads than state-of-the-art protocols.