Enhancing security and efficiency in cloud computing authentication and key agreement scheme based on smart card

The password-based authentication mechanism is considered as the oldest and the most used method. It is easy to implement, and it does not require any particular configuration or devices. Yet, this solution does not ensure a high level of security when it is used in a large and remote environment such as cloud computing. In such an environment, the cloud user and the authentication remote server use an insecure communication channel to authenticate each other. Consequently, various attacks such as insider attack, password-guessing attack, user impersonation attack, and others can be launched. Smart cards are an alternative to improve this single authentication model by strengthening security and improving the communication process. In our work, we study the Huang et al. proposal. The authors have proposed a smart card-based authentication and key agreement scheme. They have used the elliptic curve to improve security. However, same related work shows that this solution does not resist to impersonation attacks and does not ensure perfect anonymity. Consequently, it does not protect users’ privacy. Thus, we propose an extension of the Huang et al. scheme in order to enforce security requirements. We implement an anonymous, mutual, and secure two-factor authentication and key agreement scheme applied to the cloud computing environment. We use elliptic curve cryptography and a fuzzy verifier to strengthen security. The solution is lightweight and optimizes performance. To prove the safety of the proposed protocol, formal security analysis with random oracle model and Scyther tool is provided. To evaluate its efficiency, a performance evaluation is prepared.