| Abstract |
In mobile cloud computing, mobile devices generally share data with cloud servers through untrusted wireless networks, which leads to security risks. Therefore, it is extremely important to design a secure and effective authentication protocol to ensure the legitimacy of data access in mobile cloud computing. However, existing authentication protocols for mobile environment have various security vulnerabilities, such as failure to resist impersonation attack, ephemeral secret leakage attack and privileged insider attack. Moreover, mobile devices are restricted in computing, communication, and storage resources. Hence, designing a security and efficiency balanced authentication protocol has become a primary challenge for mobile cloud computing. In this paper, we first put forward an enhanced lightweight biometric-based three-factor anonymous authentication protocol for mobile cloud computing, which is based on hash operations, XOR operations, and fuzzy extractor functions. Second, we adopt the automated security verification tool ProVerif to verify security features and robustness, and analyze informal security. Third, we compare the security and complexity of the proposed protocol with other relevant protocols. The results demonstrate that our protocol has lower computation and communication costs while maintaining security. © 2019 IEEE. |
