On the Security of a Privacy-Aware Authentication Scheme for Distributed Mobile Cloud Computing Services

On the Security of a Privacy-Aware Authentication Scheme for Distributed Mobile Cloud Computing Services

Recently, Tsai and Lo proposed a privacy aware authentication scheme for distributed mobile cloud computing services. It is claimed that the scheme achieves mutual authentication and withstands all major security threats. However, we first identify that their scheme fails to achieve mutual authentic...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE systems journal 2018-06, Vol.12 (2), p.2039-2042
Hauptverfasser: Jiang, Qi, Ma, Jianfeng, Wei, Fushan
Format: Artikel
Sprache:eng
Schlagworte:
Access control
Authentication
bilinear pairing
Biometrics
Biometrics (access control)
Cloud computing
Cybersecurity
Design defects
mobile cloud computing
Mobile communication
Mobile computing
Privacy
security
Silicon
Smart cards
user anonymity
user untraceability
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Recently, Tsai and Lo proposed a privacy aware authentication scheme for distributed mobile cloud computing services. It is claimed that the scheme achieves mutual authentication and withstands all major security threats. However, we first identify that their scheme fails to achieve mutual authentication, because it is vulnerable to the service provider impersonation attack. Beside this major defect, it also suffers from some minor design flaws, including the problem of biometrics misuse, wrong password, and fingerprint login, no user revocation facility when the smart card is lost/stolen. Some suggestions are provided to avoid these design flaws in the future design of authentication schemes.
ISSN:1932-8184
1937-9234
DOI:10.1109/JSYST.2016.2574719