Secured Authentication Using Anonymity and Password-Based Key Derivation Function

In cloud environment, security is a vital issue that will bring major impact to business operation. Cloud service provider has to ensure that data storage and communication medium is highly secured. In recent years, password-based authentication method has gained attention because of its simplicity, its capability in providing a secured process and its resistance from vulnerabilities. Nevertheless, there still have an issue on providing user identity protection and integrity of data from being abused by an adversary. Most of the current scheme involved third party in verification process and some of the scheme expose user's identity during authentication process. These can lead to the trust and transparency concern to the user. By exposing user identity will make a chance to the adversary to perform impersonate attack by impersonating legitimate user. Thus, strong cryptography algorithm with secure key exchange protocol is needed to further enhance the authentication process. This paper proposed an enhancement of password-based authentication scheme with anonymity features and key derivation function. The proposed scheme uses the Secure Remote Password (SRP) protocol and Password-Based Key Derivation Function 2 (PBKDF2) to enhance the authentication process. This paper also presents the anonymity description in authentication process which preserves user's identity information from being exposed. Anonymity is one of imperative feature that could hide identity of users during the authentication process. This is then followed by discussion of comparison of using password-based authentication scheme with other methods of authentication. Finally, this paper presents the flow of the proposed scheme which involved some algorithm modification. This research significantly enhances security level in password-based authentication using anonymity features and PBKDF2 to preserve user's privacy and to resist from any attack vulnerabilities.