A robust mutual authentication scheme for data security in cloud architecture

摘要

Emerging markets looks cloud computing as a facilitator to lower their investments related to ICT. Unlimited throughput, on demand and elastic nature of cloud attracted the medium and large scale organizations to adopt it and move their critical data, software resources to cloud. Outsourcing of critical data to third party results in lots of security issues like user authentication, integrity of data etc. and need to be addressed very effectively. In 2011, Hao et al of SUNY, have proposed a time-bound ticket-based mutual authentication scheme and claimed that their scheme is secure. In 2013, Jaidhar et al claimed that Hao et al scheme is vulnerable to DoS attack and proposed an improved scheme. In this paper, we will show that Jaidhar et al scheme is still vulnerable to all major cryptographic attacks like offline password guessing attack, user impersonation attack, server masquerade attack etc. As a part of our contribution, we propose an improved mutual authentication scheme, which is secure and resistant to all major cryptographic attacks.