Cryptanalysis and Improvement of a Smart Card Based Mutual Authentication Scheme in Cloud Computing

Cloud computing enables the users to access and share the data as and when required at anytime from anywhere. Due to its open access, one of the major issues faced by cloud computing is how to prevent the outsourced data from being leaked to unauthorized users. Therefore, mutual authentication between the user and the cloud service provider is a necessity to ensure that sensitive data in the cloud are not available to illegal users. Recently, Li et al. proposed a two-factor authentication protocol based on elliptic curve cryptosystem which enables the cloud users to access their outsourced data. However, we first show that their scheme suffers from the problem of wrong password login. Secondly, their scheme is prone to denial of service attack in the password-changing phase. Thirdly, it fails to provide user revocation when the smart card is lost or stolen. To remedy these flaws, we propose an improved two-factor authentication and key agreement protocol, which not only guards various known attacks, but also provides more desired security properties.