New Authentication Scheme to Secure against the Phishing …downloads.hindawi.com/journals/scn/2019/5141395.pdf · 2019-07-30 · pk(U) PublicKeyofUser sk(S) PrivateKeyofCSP pk(S)

Research ArticleNew Authentication Scheme to Secure against the PhishingAttack in the Mobile Cloud Computing

Munivel E and Kannammal A

Department of Electronics and Communication Engineering PSG College of Technology Coimbatore India

Correspondence should be addressed to Munivel E mailtomunivelgmailcom

Received 13 December 2018 Revised 11 March 2019 Accepted 7 April 2019 Published 8 May 2019

Academic Editor Stelvio Cimato

Copyright copy 2019 Munivel E andKannammalAThis is an open access article distributed under theCreative CommonsAttributionLicensewhichpermits unrestricteduse distribution and reproduction in anymedium provided the original work is properly cited

A phishing attack is one of the severe threats to the smartphone users As per the recent lookout report mobile phishing attackis increasing 85 year to year and going to become a significant threat to the smartphone users This social engineering attackattempts to get the userrsquos password by disguising as trusted service provider Most of the smartphone users are using the Internetservices outside of the traditional firewall Cloud-based documents are one of the primary targets of this phishing attack in mobilecloud computing Also most smartphone users are using the cloud storage in their device To secure against this password attackin a mobile cloud environment we propose a new authentication scheme to provide novel security to the mobile cloud servicesThis scheme will verify the user and service provider without transmitting the password using the Zero-knowledge proof basedauthentication protocol Moreover the proposed scheme will provide mutual authentication between the communication entitiesThe effectiveness of proposed scheme would be verified using protocol verification tool called Scyther

1 Introduction

Mobile cloud is a hybrid computing technology whichcombines the advantages of cloud computing and the cellulartechnology to develop new paradigm called mobile cloudcomputing (MCC) [1] Figure 1 shows the general view ofmobile cloud computing MCC is the technology will help toexceed the hardware limitation like computation storage andnetworking in the end-user mobile devices [2ndash4]

Authentication is one of the critical security challengesin mobile cloud environment Authentication is an approachto verify the originality of user identity In mobile cloudcomputing user identity can be verified using mobile deviceandor one or more other authentication approaches In therecent scenario maximum protocols are sharing or sendingthe password in the form of hash value or the encryptedform to the verifier or the authentication server [1 5ndash7]The transmitting password can get captured by the intruderHence this will encourage the phishers to develop fakewebsite or service to capture the user password

The objective of this paper is not to send the user pass-word to the authentication server or cloud service providersduring any stage of communication process Hence this

paper aims to not allow delivering the user password out ofend-user device even to the trusted third party

11 Related Work Authentication is an essential securityservice in any system or network communications [8ndash10]It is classified as user authentication remote authenticationmutual authentication message authentication and implicitauthentication [11 12] The current authentication reviewshows the different attributes based on password hashvalue identity digital signature hierarchical model mobilenumber group key and biometric [13]

In 1981 Lamport et al [3] proposed an authenticationscheme to send the hash value of the password instead ofa real password to a remote server to verify the authenti-cation process In 2014 Chaurasia et al [7] introduced anauthentication as a service in cloud environment In thismethod Chaurasia et al [7] uses two-factor authenticationscheme to verify the users betweendifferent group of servicesAlso the actual user identity is not sharing instead sharesthe hash value of user identity between the communicationentities Recent years cloud and mobile computing graduallydeveloped with the help of latest wireless technologies

HindawiSecurity and Communication NetworksVolume 2019 Article ID 5141395 11 pageshttpsdoiorg10115520195141395

2 Security and Communication Networks

Mobile

Devices

WirelessCommunication

Computational

CloudMeans

Cloud Infrastructure

Figure 1 General view of mobile cloud computing

Hence in 2017 Roy et al [14] proposed a new methodto use mobile-based authentication in cloud computing Inthis scheme Roy et al [14] introduced universal subscriberidentity module (USIM) based identity verification methodThis scheme used USIM as a primary identity to initiate theauthentication process However when the mobile devicegets stolen authentication will get disabled and the entireprocess will get revoked [10] In 2012 Grzonkowski et al[15] introduced improved authentication scheme based onthe smart card based authentication protocol This methodentirely depends on the smart card generator (SCG) SCGworking as a trusted third party and also this scheme wasusing the secure channel to share the session between thecommunication entities

In 2013 Mohil et al [16] proposed a scheme based onPIN number and the preconfigured voice prints to verifythe identity of authentication user However this method isproved to use more computation Hence it is not useful dueto more computation and power usage in a mobile device

In 2015 Lin et al [12] introduced secure method inthe smart learning application in the cloud environmentThis scheme registers the user with original user ID in theauthentication server (AS)This scheme sends the hash valueof password to the authentication server in the encryptedform The AS decrypts and can get the hash value of thepassword This scheme was secure against the man-in-the-middle attack but not safe against the phishing attack due topassword sharing between the communication entities

In 2016 Kalra et al [17] and Huang et al [18] proposedstrong authentication based one-time password (OTP) andMessage Digest value This [17] scheme uses USIM with asecure channel to share the user identity Hence this schemeis not defined when the mobile device is missed or stolenThis [18] scheme uses the traditional password to verify theauthentication phase but the chance of cracking password inthe server side Hence this is prone to phishing attack by theserver side

Dynamic identity-based authentication technique is pro-posed by Li et al [19] to secure the user identity In thistechnique real user identity is mapped with new dynamicidentity in every communication But Li et al [19] did notconcentrate on the password security Still user password issharing as a hash value to the remote server in the registrationphase Also in Stage II authentication received hash value ofthe user is verified with the stored hash value from the remote

server as Ramport et al [3] authentication Hence in thisscheme the user password may prone to crack by the remoteserver

The new secure authentication was proposed by Zhou etal [20] using the smart card generator But cloud serviceproviders using the master key to verify the user and dataowner The initial authentication is based on validating thehash value of identity and password This scheme is notsharing the identification of the communicating entities inall the stage of authentication Also the intruder may disturbthe communication with fake hash value to make null everytime to consume computation in a mobile device All thesefindings may be prone to phishing attack along with replayattack and man-in-the-middle attack in a mobile device

To achieve mutual authentication in mobile cloud com-puting Grzonkowski et al [21] He et al [22] and Mileret al [23] are proposed different authentication protocolsin the mobile cloud service environment According to theMiler et al [23] scheme the user ID is sharing using thesecure channel but the SCG generates the public key of theuser and sends along with the randomly generated nonceto secure against the replay attack However the sessionkey is not encrypting or not sending over a secure channelAuthentication phase not carrying the sender and receiversID along with the session key Hence Miler et al [23] schemeprone to man-in-the middle attack and phishing attack

Smart card based or the trusted third party based authen-tications are the most common technique to prevent illegalaccess in an insecure mobile cloud environment [6] Manyauthentication protocols proposed [13 18 24ndash27] to verify theoriginality of end user However most of these protocols maynot be satisfying the security against a phishing attack

Phishing attack is an essential problem in the currentgeneration of mobile cloud authentication services [22]Hence to improve the security as noted earlier mobile cloudauthentication systems are vulnerable to various types ofsecurity attacks Such attacks do not only affect the userrsquosidentity but also affect the device performance [28]

In this paper we endeavour to progress the mobilecloud computing security by introducing new authenticationscheme based on Zero-knowledge proof technique

The proposed scheme is aimed to secure against thereplay man-in-the-middle denial of service server-sidespoofing and phishing attacks Malicious Insider and othergeneric attacks in the mobile cloud environment without

Security and Communication Networks 3

sharing the real username and password to the any ofcommunication entities

12 Our Contribution In the paper we present the outline ofour proposed authentication protocol To achieve the securityagainst the phishing attack we are not going to transfer theactual password to the authentication server or cloud serviceproviders or any other communication entities during theregistration and authentication stage Here summarizing thesignificant contributions of our paper as follows

First we review the He et al [22] scheme in mobile cloudcomputing In some cases this scheme is compromising thephishing attack Moreover also we show that this schemeis not entirely satisfying the user anonymity Hash value ofthe user password knew by the trusted third party or theauthentication server

Second we propose a new authentication scheme tosecure against phishing attack without sharing the real user-name and password to the authentication server and cloudservice providers Moreover the new scheme supports themutual authentication with Zero-knowledge of proof

Finally we provide detail security verification methods toprove our proposed scheme is secure and efficient and alsomeets the requirements of mobile cloud services

13 Organization of the Paper This paper is organized intosix sections the second section presents the preliminaries ofproposed authentication scheme The third section reviewsthe brief He et al [22] scheme and presents its securityproblemsThe fourth section presents the details of proposedmobile cloud authentication scheme with different phaseslike initial registration user registration and authenticationphases The fifth section presents the analysis of proposedsecurity scheme nonformal verification The sixth sectioncompares with similar schemes list the code and display theformal verification result by the Scyther And the last seventhsection explains the performance analysis of the proposedscheme and its efficiency

2 Preliminaries

21 Zero-Knowledge Proof TheZero-knowledge protocol is amethod based proof of verifying the originality of the proverwithout disclosing further knowledge about the prover to theverifier [23]The Zero-knowledge protocol is based on Zero-knowledge proofs and can be classified as interactive Zero-knowledge and noninteractive Zero-knowledge based on theworking methods [24] The interactive Zero-knowledge pro-tocol uses multiple authentication steps of communicationsbetween the prover and verifier The noninteractive Zero-knowledge protocol uses only one communication messagecalled proof between the prover and verifier [24]The proper-ties of Zero-knowledge proof can be distinguished as follows

(i) Completeness ldquoIf the requested statement is correct thehonest verifier will prove that the requested statement is trueto the honest verifierrdquo

Trusted Third Party (TTP)

Cloud Service Provider (CSP)

Mutual AuthenticationMobile Cloud User (U)

User ID

Verificat

ion CSP ID Verification

Figure 2 System model

(ii) Soundness ldquoIf the requested statement is false there isno way to fake the result to the verifier that the requestedstatement is truerdquo

(iii) Zero-Knowledge ldquoIf the requested statement is right theverifier may not know anything about the prover other thanthat the requested statement is truerdquo

22 System Model A typical authentication network modelof the proposed mobile cloud scheme is shown in Figure 2Here we are using three participants in the proposed scheme

(i) Cloud User (U) Heshe is a mobile cloud user Hesheis registering as a new user with the TTP using one-timepassword to confirm the original identity Then the user usesits user ID and password to generate the public key with usingmobile application and then sends the mobile number userID and public key with client URL to the TTP

(ii) Trusted ird Party (TTP) TTP is working as authentica-tion server (AS) responsible for verifying requested user andthe cloud service provider (CSP) After initial verification itis receiving the public key from the cloud user

(iii) Cloud Service Provider (CSP) CSP provides serviceslike storage computation and communication service to themobile cloud user It verifies the user request with its URI IfURI is on the approved list it will ask the TTP for verificationThenTTP verifies the mobile number and the user ID Finallythe user ID TTP nonce and public key will send to CSP toconfirm the cloud user

3 Review of He et al Scheme (2017)

This section describes the privacy aware authenticationscheme in mobile cloud environment proposed by [22]This protocol is developed based on identity-based signaturescheme partially and also this scheme includes three phases(1) system setup phase (2) registration phase and (3) authen-tication phase Notations used in this protocol scheme arelisted in Table 1


Table 1 Notation and Description

Notation Description Concatenationoplus XOR Operationh(U) Hash Value of User IDh(PW) Hash Value of PasswordU Mobile Cloud UserS Cloud Service ProviderAS Authentication ServerUid Client URI with Mobile Nosk(U) Private Key of Userpk(U) Public Key of Usersk(S) Private Key of CSPpk(S) Public Key of CSPNs Fresh Authentication IDR Random Value Gen by UserNa Nu1 Nu2 Nu3 Fresh Nonceh() Hash Function

31 System Setup Phase Smart card generator (SCG) is atrusted third party (TTP) in this scheme SCG is generatingits private and public keys using bilinear pairing

(1) Smart card generator selects a random nonce s as amaster key

(2) Smart card generator generates the public key K+SCGbased on the master key s

(3) SCG selects five hash values based on the group G1and G2

(4) Finally it publishes its parameter by using public keyand its hash values and also saves its secret key s

32 Registration Phase In this phase user U and the cloudservice provider (CSP) registering with the SCG to get theirprivate key through the following steps over a secure channel

(1) User U sends his user ID to the SCG(2) SCG generates the userrsquos private key by using its

master key I and sends the private key KndashU to therequested user through the secure channel

(3) CSP sends its ID to SCG through the secure channel(4) SCG generates the CSP private key by using its

master key s and sends the private key KndashCSP to therequested user through the secure channel

33 Authentication Phase

Step 1 User enters a password only and does not enter ausername or user ID However client device calculates thehash value of user ID and password Moreover encrypts byusing its session key and finally the user sends to the cloudservice provider as follows

119880 997888rarr 119862119878119875 119868119863119880119894 119875119882119880119894119870119878119906119894 (1)

Step 2 Cloud service provider (CSP) selects a random noncea and computes A with nonce a and prime P and A sends tothe user

119862119878119875 997888rarr 119880 119860 (2)Step 3 In this step user Ui selects random nonce

119887 119903 isin 119885lowast119902 (3)and computes B as follows

119861 = 119892119887 (4)

The session key 119870119894119895 and other functions are computed asfollows

119870119894119895 = ℎ2 (119860 119861 119860119887) (5)

1198702 = 119887 (119875119901119906119887 + ℎ1 (119868119863119862119878119875119895) 119875) (6)

119877 = 119892119903 (7)

120596119880119894 = ℎ3 (119868119863119880119894 119868119863119862119878119875119895 119860 119861 119870119894119895 1198702 119877) (8)

Ξ119880119894 = (119903 + 120596119880119894) 119878119880119894 (9)

119862119894 = ℎ4 (119861) oplus (119868119863119880119894 120596119880119894 Ξ119880119894) (10)

User 119880119894 sends 1198702 119862119894 to 119862119878119875119895119880 997888rarr 119862119878119875 1198702 119862119894 (11)

Cloud service provider 119862119878119875119895 computes session key and otherfunctions 119861119870119894119895 119883 and 119861119870119894119895 119883119877 as follows

119861 = 1198702 119878119862119878119875119895 (12)

119870119894119895 = ℎ2 (119860 119861 119861119886) (13)

119883 = (119868119863119880119894 120596119880119894 Ξ119880119894) (14)

119884 = ℎ4 (119861) oplus 119862 (15)

119883 = 119884 (16)

(119868119863119880119894 120596119880119894 Ξ119880119894) = ℎ4 (119861) oplus 119862 (17)

119877 = Ξ119880119894 119875119901119906119887 + ℎ1 (119868119863119906119894) 119875 119892minus120596119880119894 (18)

Cloud service provider 119862119878119875119895 verifies the following

120596119880119894 = ℎ3 (119868119863119880119894 119868119863119888119904119901119895 119860 119861 119870119894119895 1198702 119877) (19)

If not matching119862119878119875119895 rejects the service request or else cloudservice provider 119862119878119875119895 computes 119863119894 as follows

119863119894 = ℎ4 (119868119863119862119878119875119895 119868119863119880119894 119860 119870119895119894 1198702 119861) (20)

Finally 119862119878119875119895 sends 119863119894 to 119880119894119862119878119875 997888rarr 119880 119863119894 (21)

119880119894 Checks whether 119863119894 is equal to ℎ4(119868119863119862119878119875119895 119868119863119880119894 119860 119870119895119894 1198702 119861) and119880119894 confirm the119862119878119875119895 Else119880119894 terminates theservice


34 Analysis of He et al Scheme In the login phase of this[22] scheme the user enters the only username As per(1) user encrypts the hash value username and passwordHowever this step does not have a precise definition of howthe username is taken and may be taken from the securememory of the mobile device

The first finding is if the user is taking the encrypted hashvalue from the mobile device secure memory then how thisscheme will resist the stolen mobile device attack because itdoes not have any method to verify that the username andpassword are entered by the user or malicious software

The second finding is that in the login phase the usersends the encrypted hash values of username and passwordto the cloud service provider (CSP) to verify the sender andthe receiver not mentioning anything in the communicationThis may be prone to man-in-the-middle attack

119880 997888rarr 119862119878119875 119868119863119880119894 119875119882119880119894119870119878119906119894 (22)

The third finding is that this scheme allows sending thepassword to the cloud service provider Once the cloudservice provider decrypts it can know the hash value andmaytry to crack the password Hence the phishing attack remainsopen in this scheme

This [22] scheme uses smart card generator as trustedthird party in the initial phase However it is not usingthe trusted party to ensure the mobile user and the cloudservice provider in the authentication phase The resistanceof spoofed client attack and spoofed cloud service providerattack are unanswered in this scheme

4 Proposed Scheme

The proposed authentication scheme has three phases Thefirst phase creates a group called G and its members TTPshares the elements of the group to the communicationentities The second phase handles the registration of clouduser and CSPwith the authentication server or a trusted thirdparty The third phase verifies the cloud user and the serviceprovider to achieve the mutual authentication

41 Initial Registration The given group G is having set ofvalues G0 G1 are carrier set of random elements of group G[2 23 24 29] Hence the public key may be the G G0

Group G is a carrier set cordiality of the order of Group|119866| Hence the digital payment like Bitcoin which uses thesec256k1 group based on elliptic curve Element size of thisgroup is 256-bit strings which is very hard in this type ofgroup [21]

42 Registration Phase The second phase accepts the reg-istration of cloud user and cloud service provider by theauthentication server

The new user generates a request with the authenticationserver (AS) with its mobile number being of original identityAS verifies the available list of available registered mobilenumbers If the number is new the AS sends the OTP orelse terminates the communication The entered OTPwill get

Mobile Cloud User (U)

Authentication Server (AS) ndash TTP

New Registration Request

If Req is new Generate amp Sends OTP

Verification Success

Verifying OTP

Registering Pub Key Mobile No amp URL

Figure 3 User registration with authentication server (TTP)

verified with AS Once OTP is verified then the user entersthe new user ID and password the mobile browser generatesthe hash value of the user ID as H1 and generates a hash valueof password as H2 Client browser generates the public keyP using the hash value of the user password H2 Finally theuser sends the hash value of user ID H1 and public key Palong with mobile number (as Client URL ) to register in thetrusted user list of AS over the secure channel as explainedin Figure 3 All the above communications are happeningover the secure channel between user and AS In Figure 4cloud service provider service and domain registration withauthentication server (TTP) and new cloud service provider(CSP) generate a new request to AS AS verifies the existenceof the new domain in the existing list If free the AS acceptsthe request and generates the domain tagwith the newuniqueone-time key Domain tag sends to the CSP Moreover theCSP has to keep the tag in the document root of its domainand verifies with the AS If AS verifies the domain tag acceptsthe registration request and stores the hash value of domainrsquosURI in the trusted list and shares the CSP public key to AS allof the above communications are happening over the securechannel between AS and CSP

43 Authentication Phase In this phase authenticationserver (AS) mobile cloud user (U) and cloud serviceprovider (CSP) are participating in verifying the user andCSP through theAS to achievemutual authenticationwithoutrevealing the real password between the communicationentities The proposed authentication is using the mobilenumber as an original identity to register the user Oncethe user is registered successfully as per Section 42 theAS will generate the unique link to the client as followsUser mobile number is 9xxx7 when this user registers withthe authentication server myauthin they will get uniqueweb URI called client URI as 9xxx7myauthin The AS willmaintain the mobile number client URI hash value of userID and public key of user as client profile like Table 2

User U sends the service request to CSP with hishermobile identity to the Cloud service provider (CSP)

Once the userrsquos public key is shared from the AS to CSPafter verifying the user and CSP as per the communicationexplained in Figure 5 second stage of protocol will workas per the following steps of equation and also is explainedoverall in Figure 6


Table 2 Sample Client Profile in AS

Sl No Mobile No Hash value Pub Key URI Allowed Services1 9xxx7 0A 04 1B 94 User Pub-Key 9xxx7myauthin httpsmobilecloudsr1s3amazonawscom

User (U) TTP (AS)

USNu1h(Uid)

SUh(Nu1)USASh(Uid)sk(S)

ASUSASh(Nu2) USh(Na)pk(S)pk(U)

UASNu2UASNu2h(Uid )USASh(Uid)sk(S)sk(U)

CSP (S)

USNu3USh(Na)pk(S)sk(U)SASSASUh(Uid)h(Na)Ns1sk(S)

ASSUh(Uid)pk(U)pk(S)SUh(Nu3)pk(U)

Figure 4 Cloud service provider and service and domain registration with authentication server (TTP)


Authentication Server (AS) - TTP


Sends Unique Domain Tag

Reg Pub Key amp Domain URI

Verify amp Stores the Tag

Figure 5 Proposed Stage I authentication protocol







Figure 6 Proposed Stage II authentication protocol against phishing attack


Step 1 UserU requests the service or visits the serviceHencethe user enters the login and clicks the register button

119880minus gt 119878 119880 119878Re119902 (23)Step 2 Cloud service provider S sends the random token Nsas authentication ID to the userrsquos request after verifying theclientrsquos URI

119878minus gt 119880 119878 119880119873119904 (24)Step 3 User enters user ID and password in the clientbrowser Browser plug-in generates the hash value of userID and password Based on this hash values the browsergenerates the value x as follows Hence the password is notleaving the client browser

119909 = ℎ (119875119882119906) (25)

Then the user computes 119875119906 (public key of user U) with using119909 and the shared group 1198920

119875119906 = 1198921199090 (26)Then the user generates the randomvalue 119903 isin 119892 and calculates119876

119876 = 1198920119903119909 (27)By using Q user calculates the value C and Zx as follows

119862 = ℎ (119875119906119876119873119904) (28)

119885119909 = 119877119909 minus 119862119909 (29)Finally the user sends the C and Zx to the server

119880minus gt 119878 119862 119885119909 (30)

The server S calculates the value Q as follows(1) Server receives 119862 and 119885119909(2)The server has the users Ns public key 119875119906 and shared

group element 1198920

The server calculates Q

119876 = 1198751199061198621198920119885119909 (31)Then the server S checks whether the 119862 = ℎ(119875119906 119876119873119904)

In this proposed protocol the random value is generatedby the user but this value is constructed by the server S withusing above functions as follows

As per (27) and (29) 119876 = 1198920119903119909 and 119885119909 = 119877119909 minus 119862119909We can prove the following with using simple substitu-

tion (27) 119876 = 1198920119903119909 and (31) 119876 = 1198751199061198621198920119885119909Hence 1198920119903119909 = 1198751199061198621198920119885119909

1198920119903119909 = (1198920119909)119888 1198920(119903119909minus119888119909) (32)

1198920119903119909 = 11989201198881199091198920119903119909minus119888119909 (33)

1198920119903119909 = 1198920119888119909+119903119909minus119888119909 (34)

1198920119903119909 = 1198920119903119909 (35)

Now userrsquos random value r is constructed by the server S toverify that the user is genuine and also user is proved that theserverrsquos random value Ns is known by the user to achieve themutual authentication

5 Security Analysis and Verification

The proposed scheme is nonformally proved to resist againstthe significant attacks like phishing attack replay attackimpersonation attack and other generic attacks explained inthe following subsections

51 Phishing Attack The proposed authentication schemeis not sending the password to the server It is generatingthe public key by using the hash value of the password Asexplained in (25) to (29) we compute the 119862 and 119885119909 valuesand send to the CSP In the CSP side 119862 and 119885119909 construct andverify the user identity with available public key Hence thisscheme is resistance against the phishing attack [22 28]

52 Strong Replay Attack In this proposed scheme nonceNu1 Nu2 Nu3 and Na are used to check that the com-munication is fresh in both the stages of authentication aswell as shown in Figures 5 and 6 The Ns is used as freshauthentication ID in Stage I authentication For an examplein our Stage I authentication user U sends Nu1 (nonce toavoid replay attack) and the hash value of actual user-identityh(Uid) (to avoid user anonymity attack) to the server Sas (USNu1h(Uid)) an authentication request to avoid thereplay and user anonymity

53 Server Impersonation Attack The proposed scheme isresistance against the user impersonation attack Not only isthis scheme using the user ID but also it is using the userprofile as URI which includes the mobile number and URIor user like 9xxx7myauthin When a request comes fromany user the server verifies the client URI first If the userURI is correct then only the server accepts the request forimpersonation and masquerade attack [10]

54 Generic Attacks Also the proposed scheme satisfies thegeneric attack like denial of service attack by specifying theactive participants of each communication [21] Man-in-the-middle attack is satisfying by every communication which iscarrying the actual sender and the receiver identity [11 15] Itis carrying the serverURI and the clientURI in every step andalso its getting verified by the server using the userrsquos profile

55 Forward Secrecy and Mutual Authentication The pro-posed scheme is using the asymmetric key cryptosystem toverify the communication entities to maintain the forwardsecrecy and to achieve the mutual authentication [18 20 2330] Even the key is generated by the end user to avoid theserver impersonation attack (USNu3USh(Na)pk(S)sk(U))

6 Comparison and Formal Verification

In this section we compare the proposed authenticationschemes with significant security protocols listed in Table 3and also the formal verification is donewith Scyther [18 31] toprove Stage I is secure against the significant attacks FinallyStage II authentication also is verified and listed


Table 3 Comparing Resistance of Attacks

Sl No Scheme [7] [1] [2] [8] [9] [10] [11] [12] [13] [15] Ours1 Formal Security Proof No No Yes No No No Yes Yes Yes No Yes2 Forward Secrecy Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes3 Login Phase Efficiency Yes No Yes No Yes Yes Yes Yes Yes Yes Yes4 Resistant to DoS Attack Yes No Yes No Yes Yes Yes Yes Yes Yes Yes5 Resistant to Password Guessing Attack No No Yes Yes No No No Yes Yes Yes Yes6 Resistant to Phishing Attack No No No No No No No No No Yes Yes7 Resistant to Privileged Insider Attack Yes No No Yes Yes No Yes Yes Yes Yes Yes8 Resistant to Server Impersonation Attack No Yes No Yes Yes No Yes Yes Yes Yes Yes9 Resistant to Stolen Mobile Device Attack No No No No No No No Yes Yes Yes Yes10 Resistant to Strong Reply Attack Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes11 Resistant to Strong User Anonymity Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes12 Resistant to User Impersonation Attack Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes13 Secure Mutual Authentication Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes14 Verification using Scyther or Other Tools No No No No No No Yes No No No Yes

61 Formal Verification The proposed authentication proto-col is verified using the automated protocol verification toolcalled Scyther developed by Cremers et al [31] Scyther ishaving the features like unbounded verification attack find-ing and visualisation also supporting the classical propertieslike secrecy agreement aliveness and synchronisation [2931]The proposed protocol can bewritten in security protocoldescription language Mutual authentication between theuser AS and CSP is verified in Scyther as follows

lowast Stage I Authentication Protocol lowastconst Fresh Functionconst hash Functionhashfunction hconst pk Functionconst sk Functioninversekeys (pksk)const hUidprotocol KeyShareProto (USAS)role Ufresh Nu1Nu2Nu3 Noncefresh Ns1NaNonce

send 1 (USNu1h(Uid))recv 2 (SUh(Nu1)USASh(Uid)sk(S))send 3 (UASNu2UASNu2h(Uid)USASh(Uid)sk(S)sk(U))recv 4 (ASUSASh(Nu2)USh(Na)pk(S)pk(U))send 5 (USNu3USh(Na)pk(S)sk(U))recv 8 (SUh(Nu3)pk(U))role Sfresh Nu1Nu2Nu3 Noncefresh Ns1NaNoncerecv 1 (USNu1h(Uid))

send 2 (SUh(Nu1)USASh(Uid)sk(S))recv 5 (USNu3USh(Na)pk(S)sk(U))send 6 (SASSASUh(Uid)h(Na)Ns1sk(S))recv 7 (ASSUh(Uid)pk(U)pk(S))send 8 (SUh(Nu3)pk(U))role ASfresh Nu1Nu2Nu3 Noncefresh Ns1NaNonce

recv 3 (UASNu2UASNu2h(Uid)USASh(Uid)sk(S)sk(U))send 4 (ASUSASh(Nu2)USh(Na)pk(S)pk(U))recv 6 (SASSASUh(Uid)h(Na)Ns1sk(S))send 7 (ASSUh(Uid)pk(U)pk(S))

Our Stage I authentication protocol is verified by ScytherThe source code of Stage I is listed above and the output isshown in Figure 7

lowast Stage II Authentication Protocol lowast const Fresh Function

protocol AuthProto (US)role Ufresh NsNonceconst Reqconst Cconst Zx

send 1 (USReq)recv 2 (SUNs)send 3 (USCZx)claim(USecretC)


Figure 7 Proposed Stage I authentication protocol autoverificationusing Scyther

claim(USecretZx)claim(UAlive)claim(UWeakagree)claim(UCommitSNs)claim(UNiagree)claim(UNisynch)role Sfresh NsNonceconst Reqconst Cconst Zx

recv 1(USReq)send 2 (SUNs)recv 3 (USCZx)

claim(SSecretC)claim(SSecretZx)claim(SAlive)claim(SWeakagree)claim(SCommitUNs)claim(SNiagree)claim(SNisynch)

Stage II authentication protocol is also verified by Scytherverification tool The source code of Stage II is also listed andthe output is shown in Figure 8

7 Performance Analysis

In the trusted third party based authentication schemesperformance is one of the important factors to concentrate

Table 4 Performance Analysis with Recent Schemes

Sl No Schemes No of Bits No of Messages1 Lee et al [2] 1184 72 Dey et al [11] 1280 43 Lin et al [12] 1536 44 Roy et al [14] 864 25 Binu et al [29] 2304 76 Our Scheme 576 3

on As we know performance is having close relation withthe security Most of the third party based authenticationprotocols are using two-stage authentication process Stage Iis registration phase or initial authentication phase and StageII is login and authentication phase Mostly the registrationphase or Stage I authentication is a one-time process atthe time of registering the user Hence to calculate theperformance of our proposed authentication scheme in termsof computation and number of communications we consideronly Stage II authentication In the proposed scheme weassumed the size of identity is 32 bits and hash size is 160 bits(we use SHA-1) As wementioned above registration or Stageone authentication is happening only once Hence we con-sider only Stage two authentication (login and authenticationphase) for calculating the computation and communicationDuring Stage two Step 1 user sends the authenticationrequest as mentioned in (23) the size of the identity and therequest is 96 bits Step 2 CSP verifies as mentioned in (24)the size of the user identity and fresh authentication ID isagain 96 bits only Step 3 user device calculates the valuesC and Zx as explained in (25) to (29) and then sends theC and Zx to CSP size of the identity is 64 and the hashvalues of CZx are 160+160 Last communication message sizeis 384 (32+32+160+160) bits Hence the total transmissionsize is 576 bits in 3 communications Also Table 4 showsthe proposed scheme is more efficient than the recent similarauthentication schemes

In the proposed authentication scheme performanceanalysis we use few cryptographic operations and its nota-tions as follows

(i) Hash function as 119879ℎ(ii) Multiplication or key generation or verification as119879119898

We used SHA-1 to calculate hash function 119879ℎ used ECC formultiplication and used key generation and verification 119879119898to compute the119862 and119885119909 values As per the equation numbersfrom (25) to (29) 5 equations are used to compute the values119862 and 119885119909 We use 2 119879ℎ 2 119879119898 in mobile device We ignoredthe cost of XOR operations due to negligible computationload Table 5 explains and compares the computation cost ofmultiplication 119879119898 and hash function 119879ℎ with recent similarschemes

As we know the computation capacity of smartphoneis growing day by day Nowadays octa-core processor with3GB RAM smartphone cost is under $100 Moderate to highend smartphone is having 8GB RAM Hence our scheme isworking good in recent smartphones Also we are testing our


Figure 8 Proposed Stage II authentication protocol verification using Scyther

Table 5 Computation Cost Analysis with Recent Schemes

Sl No Scheme Cost of Computation1 Lee et al [2] 4119879ℎ+31198791198982 Dey et al [11] 5119879ℎ+41198791198983 Lin et al [12] 10119879ℎ+21198791198984 Roy et al [14] 9119879ℎ+11198791198985 Binu et al [29] 9119879ℎ+31198791198986 Our Scheme 2119879ℎ+2119879119898

scheme to use Dynamic Computation Offloading techniquein our future work to get best performance while using ourscheme in the Low Powered Device Due to this reasonwe did not explain the execution time of recent similarschemes Tables 4 and 5 show that our scheme is using lessnumber of message communications with tiny data betweencommunication entities Also our scheme uses less numberof mathematical functions to achieve best computation costand efficient security in mobile devices

8 Conclusion

The traditional authentication methods are not suitable formobile cloud computing due to its dynamic nature andsupport of various cloud services In this paper we presentednew authentication scheme to secure the user password fromthe phishing attack The proposed authentication scheme isnot sending the password in any form of the existing methodslike hash value and encrypted key or a digital signatureto verify the identity of mobile user and the cloud serviceprovider In this scheme we have used the Zero-knowledgeproof technique to satisfy the authentication process Alsothe proposed scheme verified by the University of Oxford

developed protocol verification tool Scyther The securityverification and the experimental result brought about anexhibit that the proposed scheme is more secure against thephishing attack in the mobile cloud computing In the futurewe would like to explore more attributes to provide efficientmobile cloud authentication in the multicloud environmentwith Dynamic Computational Offloading Technique

Data Availability

The formal verification of Scyther code Stage I and Stage IIauthentication used during the current study is included inthe article

Conflicts of Interest

The authors declare that there are no conflicts of interestregarding the publication of this research paper

Acknowledgments

This research work is partially supported by Ministry ofElectronics and IT Govt of Indiarsquos Information SecurityEducation Awareness Project Phase II

References

[1] M Alizadeh S Abolfazli M Zamani S Baaaharun and KSakurai ldquoAuthentication in mobile cloud computing a surveyrdquoJournal of Network and Computer Applications vol 61 pp 59ndash80 2016

[2] A Lee ldquoAuthentication scheme for smart learning system in thecloud computing environmentrdquo Journal of Computer Virologyand Hacking Techniques vol 11 no 3 pp 149ndash155 2015


[3] L Lamport ldquoPassword authenticationwith insecure communi-cationrdquo Communications of the ACM vol 24 no 11 pp 770ndash772 1981

[4] Z Ahmad K E Mayes S Dong and K Markantonakis ldquoCon-siderations formobile authentication in theCloudrdquo InformationSecurity Technical Report vol 16 no 3-4 pp 123ndash130 2011

[5] K AkherfiM Gerndt andHHarroud ldquoMobile cloud comput-ing for computation offloading issues and challengesrdquo AppliedComputing and Informatics vol 14 no 1 pp 1ndash16 2016

[6] A Kannammal and S Subha Rani ldquoAuthentication and encryp-tion for medical image security systemrdquo International Journal ofRobotics and Automation vol 29 no 4 pp 448ndash455 2014

[7] B K Chaurasia A Shahi and S Verma ldquoAuthentication incloud computing environment using two factor authenticationrdquoin Proceedings of the ird International Conference on SoComputing for Problem Solving vol 259 of Advances in Intelli-gent Systems and Computing pp 779ndash785 Springer NewDelhiIndia 2014

[8] J Wei X Hu andW Liu ldquoAn improved authentication schemefor telecare medicine information systemsrdquo Journal of MedicalSystems vol 36 no 6 pp 3597ndash3604 2012

[9] H-T Yeh B-C Chen and Y-C Wu ldquoMobile user authentica-tion system in cloud environmentrdquo Security and Communica-tion Networks vol 6 no 9 pp 1161ndash1168 2013

[10] AAhmed-Nacer andMA-N Samovar ldquoStrong authenticationfor mobile cloud computingrdquo in Proceedings of the 13th Interna-tional Conference on New Technologies for Distributed SystemsFrance 2016

[11] S Dey S Sampalli and Q Ye ldquoMDA message digest-basedauthentication for mobile cloud computingrdquo Journal of CloudComputing vol 5 no 1 p 18 2016

[12] H Lin ldquoEfficient mobile dynamic ID authentication and keyagreement scheme without trusted serversrdquo International Jour-nal of Communication Systems vol 30 no 1 Article ID e28182017

[13] S Namasudra and P Roy ldquoA new secure authentication schemefor cloud computing environmentrdquo Concurrency ComputationPractice and Experience vol 29 no 20 p e3864 2017

[14] S Roy S Chatterjee A K Das S Chattopadhyay N Kumarand A V Vasilakos ldquoOn the design of provably securelightweight remote user authentication scheme formobile cloudcomputing servicesrdquo IEEE Access vol 5 pp 25808ndash25825 2017

[15] S Grzonkowski P M Corcoran and T Coughlin ldquoSecurityanalysis of authentication protocols for next-generationmobileand CE cloud servicesrdquo in Proceedings of the IEEE InternationalConference on Consumer Electronics pp 83ndash87 Berlin Ger-many 2011

[16] P Mohit R Amin A Karati G P Biswas and M K Khan ldquoAstandard mutual authentication protocol for cloud computingbased health care systemrdquo Journal of Medical Systems vol 41no 4 p 50 2017

[17] S Kalra and S K Sood ldquoAdvanced password based authentica-tion scheme for wireless sensor networksrdquo Journal of Informa-tion Security and Applications vol 20 pp 37ndash46 2015

[18] D Huang and H Wu ldquoMobile cloud security attribute-basedaccess controlrdquoMobile Cloud Computing pp 181ndash211 2018

[19] C-T Li C-C Lee and C-Y Weng ldquoA dynamic identity-baseduser authentication scheme for remote login systemsrdquo Securityand Communication Networks vol 8 no 18 pp 3372ndash33822015

[20] K ZhouM H Afifi and J Ren ldquoExpSOS secure and verifiableoutsourcing of exponentiation operations for mobile cloudcomputingrdquo IEEE Transactions on Information Forensics andSecurity vol 12 no 11 pp 2518ndash2531 2017

[21] S Grzonkowski A Mosquera L Aouad and D MorssldquoSmartphone security an overview of emerging threatsrdquo IEEEConsumer Electronics Magazine vol 3 no 4 pp 40ndash44 2014

[22] D He N Kumar M K Khan L Wang and J Shen ldquoEfficientprivacy-aware authentication scheme formobile cloud comput-ing servicesrdquo IEEE Systems Journal vol 99 pp 1ndash11 2017

[23] A Miller ldquoZero-knowledge proof notation and vocabularyrdquo inLecture 7 - Zero Knowledge Proofs ECECS 598AM Cryptocur-rency Security pp 1ndash4 2016

[24] B Lum Jia Jun ldquoImplementing zero-knowledge authenticationwith zero knowledgerdquo in Proceedings of the PyCon Asia-Pacific2010

[25] E Munivel and J Lokesh ldquoDesign of secure group key man-agement scheme for multicast networks using number theoryrdquoin Proceedings of the 2008 International Conference on Com-putational Intelligence for Modelling Control and AutomationCIMCA 2008 pp 124ndash129 Austria December 2008

[26] J Zhang Z Zhang and H Guo ldquoTowards secure data distribu-tion systems in mobile cloud computingrdquo IEEE Transactions onMobile Computing vol 16 no 11 pp 3222ndash3235 2017

[27] S L Albuquerque and P R L Gondim ldquoSecurity in cloud-computing-based mobile healthrdquo IT Professional vol 18 no 3pp 37ndash44 2016

[28] D Huang and H Wu ldquoMobile cloud offloading modelsrdquo inMobile Cloud Computing pp 115ndash152 Morgan Kaufmann 2018

[29] S Binu M Misbahuddin and P Raj ldquoA strong single sign-on user authentication scheme using mobile token withoutverifier table for cloud based servicesrdquo in Computer and Net-work Security Essentials K Daimi Ed pp 237ndash261 SpringerInternational Publishing Cham Switzerland 2018

[30] S Chen D L Chiang C Liu et al ldquoConfidentiality protectionof digital health records in cloud computingrdquo Journal ofMedicalSystems vol 40 no 5 2016

[31] C J F Cremers ldquoThe scyther tool verification falsification andanalysis of security protocolsrdquo in Computer Aided VerificationSpringer Berlin Germany 2008

International Journal of

AerospaceEngineeringHindawiwwwhindawicom Volume 2018

RoboticsJournal of

Hindawiwwwhindawicom Volume 2018


Active and Passive Electronic Components

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics

Hindawiwwwhindawicom

Volume 2018

Hindawi Publishing Corporation httpwwwhindawicom Volume 2013Hindawiwwwhindawicom

The Scientific World Journal

Volume 2018

Control Scienceand Engineering

Journal of



Journal ofEngineeringVolume 2018

SensorsJournal of



RotatingMachinery


Modelling ampSimulationin EngineeringHindawiwwwhindawicom Volume 2018


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation


Hindawi

wwwhindawicom Volume 2018

Advances in

Multimedia

Submit your manuscripts atwwwhindawicom


Mobile

Devices

WirelessCommunication

Computational

CloudMeans

Cloud Infrastructure

Figure 1 General view of mobile cloud computing

Hence in 2017 Roy et al [14] proposed a new methodto use mobile-based authentication in cloud computing Inthis scheme Roy et al [14] introduced universal subscriberidentity module (USIM) based identity verification methodThis scheme used USIM as a primary identity to initiate theauthentication process However when the mobile devicegets stolen authentication will get disabled and the entireprocess will get revoked [10] In 2012 Grzonkowski et al[15] introduced improved authentication scheme based onthe smart card based authentication protocol This methodentirely depends on the smart card generator (SCG) SCGworking as a trusted third party and also this scheme wasusing the secure channel to share the session between thecommunication entities

In 2013 Mohil et al [16] proposed a scheme based onPIN number and the preconfigured voice prints to verifythe identity of authentication user However this method isproved to use more computation Hence it is not useful dueto more computation and power usage in a mobile device

In 2015 Lin et al [12] introduced secure method inthe smart learning application in the cloud environmentThis scheme registers the user with original user ID in theauthentication server (AS)This scheme sends the hash valueof password to the authentication server in the encryptedform The AS decrypts and can get the hash value of thepassword This scheme was secure against the man-in-the-middle attack but not safe against the phishing attack due topassword sharing between the communication entities

In 2016 Kalra et al [17] and Huang et al [18] proposedstrong authentication based one-time password (OTP) andMessage Digest value This [17] scheme uses USIM with asecure channel to share the user identity Hence this schemeis not defined when the mobile device is missed or stolenThis [18] scheme uses the traditional password to verify theauthentication phase but the chance of cracking password inthe server side Hence this is prone to phishing attack by theserver side

Dynamic identity-based authentication technique is pro-posed by Li et al [19] to secure the user identity In thistechnique real user identity is mapped with new dynamicidentity in every communication But Li et al [19] did notconcentrate on the password security Still user password issharing as a hash value to the remote server in the registrationphase Also in Stage II authentication received hash value ofthe user is verified with the stored hash value from the remote

server as Ramport et al [3] authentication Hence in thisscheme the user password may prone to crack by the remoteserver

The new secure authentication was proposed by Zhou etal [20] using the smart card generator But cloud serviceproviders using the master key to verify the user and dataowner The initial authentication is based on validating thehash value of identity and password This scheme is notsharing the identification of the communicating entities inall the stage of authentication Also the intruder may disturbthe communication with fake hash value to make null everytime to consume computation in a mobile device All thesefindings may be prone to phishing attack along with replayattack and man-in-the-middle attack in a mobile device

To achieve mutual authentication in mobile cloud com-puting Grzonkowski et al [21] He et al [22] and Mileret al [23] are proposed different authentication protocolsin the mobile cloud service environment According to theMiler et al [23] scheme the user ID is sharing using thesecure channel but the SCG generates the public key of theuser and sends along with the randomly generated nonceto secure against the replay attack However the sessionkey is not encrypting or not sending over a secure channelAuthentication phase not carrying the sender and receiversID along with the session key Hence Miler et al [23] schemeprone to man-in-the middle attack and phishing attack

Smart card based or the trusted third party based authen-tications are the most common technique to prevent illegalaccess in an insecure mobile cloud environment [6] Manyauthentication protocols proposed [13 18 24ndash27] to verify theoriginality of end user However most of these protocols maynot be satisfying the security against a phishing attack

Phishing attack is an essential problem in the currentgeneration of mobile cloud authentication services [22]Hence to improve the security as noted earlier mobile cloudauthentication systems are vulnerable to various types ofsecurity attacks Such attacks do not only affect the userrsquosidentity but also affect the device performance [28]

In this paper we endeavour to progress the mobilecloud computing security by introducing new authenticationscheme based on Zero-knowledge proof technique

The proposed scheme is aimed to secure against thereplay man-in-the-middle denial of service server-sidespoofing and phishing attacks Malicious Insider and othergeneric attacks in the mobile cloud environment without








2 Preliminaries






User ID

Verificat


























119880 997888rarr 119862119878119875 119868119863119880119894 119875119882119880119894119870119878119906119894 (1)




119861 = 119892119887 (4)


119870119894119895 = ℎ2 (119860 119861 119860119887) (5)

1198702 = 119887 (119875119901119906119887 + ℎ1 (119868119863119862119878119875119895) 119875) (6)

119877 = 119892119903 (7)

120596119880119894 = ℎ3 (119868119863119880119894 119868119863119862119878119875119895 119860 119861 119870119894119895 1198702 119877) (8)

Ξ119880119894 = (119903 + 120596119880119894) 119878119880119894 (9)

119862119894 = ℎ4 (119861) oplus (119868119863119880119894 120596119880119894 Ξ119880119894) (10)



119861 = 1198702 119878119862119878119875119895 (12)

119870119894119895 = ℎ2 (119860 119861 119861119886) (13)

119883 = (119868119863119880119894 120596119880119894 Ξ119880119894) (14)

119884 = ℎ4 (119861) oplus 119862 (15)

119883 = 119884 (16)

(119868119863119880119894 120596119880119894 Ξ119880119894) = ℎ4 (119861) oplus 119862 (17)

119877 = Ξ119880119894 119875119901119906119887 + ℎ1 (119868119863119906119894) 119875 119892minus120596119880119894 (18)


120596119880119894 = ℎ3 (119868119863119880119894 119868119863119888119904119901119895 119860 119861 119870119894119895 1198702 119877) (19)


119863119894 = ℎ4 (119868119863119862119878119875119895 119868119863119880119894 119860 119870119895119894 1198702 119861) (20)







119880 997888rarr 119862119878119875 119868119863119880119894 119875119882119880119894119870119878119906119894 (22)



4 Proposed Scheme











Verifying OTP










User (U) TTP (AS)

USNu1h(Uid)




CSP (S)






















119909 = ℎ (119875119882119906) (25)




119862 = ℎ (119875119906119876119873119904) (28)


119880minus gt 119878 119862 119885119909 (30)







tion (27) 119876 = 1198920119903119909 and (31) 119876 = 1198751199061198621198920119885119909Hence 1198920119903119909 = 1198751199061198621198920119885119909

1198920119903119909 = (1198920119909)119888 1198920(119903119909minus119888119909) (32)

1198920119903119909 = 11989201198881199091198920119903119909minus119888119909 (33)

1198920119903119909 = 1198920119888119909+119903119909minus119888119909 (34)

1198920119903119909 = 1198920119903119909 (35)











































8 Conclusion



Data Availability




Acknowledgments


References



































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia









2 Preliminaries






User ID

Verificat


























119880 997888rarr 119862119878119875 119868119863119880119894 119875119882119880119894119870119878119906119894 (1)




119861 = 119892119887 (4)


119870119894119895 = ℎ2 (119860 119861 119860119887) (5)

1198702 = 119887 (119875119901119906119887 + ℎ1 (119868119863119862119878119875119895) 119875) (6)

119877 = 119892119903 (7)

120596119880119894 = ℎ3 (119868119863119880119894 119868119863119862119878119875119895 119860 119861 119870119894119895 1198702 119877) (8)

Ξ119880119894 = (119903 + 120596119880119894) 119878119880119894 (9)

119862119894 = ℎ4 (119861) oplus (119868119863119880119894 120596119880119894 Ξ119880119894) (10)



119861 = 1198702 119878119862119878119875119895 (12)

119870119894119895 = ℎ2 (119860 119861 119861119886) (13)

119883 = (119868119863119880119894 120596119880119894 Ξ119880119894) (14)

119884 = ℎ4 (119861) oplus 119862 (15)

119883 = 119884 (16)

(119868119863119880119894 120596119880119894 Ξ119880119894) = ℎ4 (119861) oplus 119862 (17)

119877 = Ξ119880119894 119875119901119906119887 + ℎ1 (119868119863119906119894) 119875 119892minus120596119880119894 (18)


120596119880119894 = ℎ3 (119868119863119880119894 119868119863119888119904119901119895 119860 119861 119870119894119895 1198702 119877) (19)


119863119894 = ℎ4 (119868119863119862119878119875119895 119868119863119880119894 119860 119870119895119894 1198702 119861) (20)







119880 997888rarr 119862119878119875 119868119863119880119894 119875119882119880119894119870119878119906119894 (22)



4 Proposed Scheme











Verifying OTP










User (U) TTP (AS)

USNu1h(Uid)




CSP (S)






















119909 = ℎ (119875119882119906) (25)




119862 = ℎ (119875119906119876119873119904) (28)


119880minus gt 119878 119862 119885119909 (30)







tion (27) 119876 = 1198920119903119909 and (31) 119876 = 1198751199061198621198920119885119909Hence 1198920119903119909 = 1198751199061198621198920119885119909

1198920119903119909 = (1198920119909)119888 1198920(119903119909minus119888119909) (32)

1198920119903119909 = 11989201198881199091198920119903119909minus119888119909 (33)

1198920119903119909 = 1198920119888119909+119903119909minus119888119909 (34)

1198920119903119909 = 1198920119903119909 (35)











































8 Conclusion



Data Availability




Acknowledgments


References



































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia

















119880 997888rarr 119862119878119875 119868119863119880119894 119875119882119880119894119870119878119906119894 (1)




119861 = 119892119887 (4)


119870119894119895 = ℎ2 (119860 119861 119860119887) (5)

1198702 = 119887 (119875119901119906119887 + ℎ1 (119868119863119862119878119875119895) 119875) (6)

119877 = 119892119903 (7)

120596119880119894 = ℎ3 (119868119863119880119894 119868119863119862119878119875119895 119860 119861 119870119894119895 1198702 119877) (8)

Ξ119880119894 = (119903 + 120596119880119894) 119878119880119894 (9)

119862119894 = ℎ4 (119861) oplus (119868119863119880119894 120596119880119894 Ξ119880119894) (10)



119861 = 1198702 119878119862119878119875119895 (12)

119870119894119895 = ℎ2 (119860 119861 119861119886) (13)

119883 = (119868119863119880119894 120596119880119894 Ξ119880119894) (14)

119884 = ℎ4 (119861) oplus 119862 (15)

119883 = 119884 (16)

(119868119863119880119894 120596119880119894 Ξ119880119894) = ℎ4 (119861) oplus 119862 (17)

119877 = Ξ119880119894 119875119901119906119887 + ℎ1 (119868119863119906119894) 119875 119892minus120596119880119894 (18)


120596119880119894 = ℎ3 (119868119863119880119894 119868119863119888119904119901119895 119860 119861 119870119894119895 1198702 119877) (19)


119863119894 = ℎ4 (119868119863119862119878119875119895 119868119863119880119894 119860 119870119895119894 1198702 119861) (20)







119880 997888rarr 119862119878119875 119868119863119880119894 119875119882119880119894119870119878119906119894 (22)



4 Proposed Scheme











Verifying OTP










User (U) TTP (AS)

USNu1h(Uid)




CSP (S)






















119909 = ℎ (119875119882119906) (25)




119862 = ℎ (119875119906119876119873119904) (28)


119880minus gt 119878 119862 119885119909 (30)







tion (27) 119876 = 1198920119903119909 and (31) 119876 = 1198751199061198621198920119885119909Hence 1198920119903119909 = 1198751199061198621198920119885119909

1198920119903119909 = (1198920119909)119888 1198920(119903119909minus119888119909) (32)

1198920119903119909 = 11989201198881199091198920119903119909minus119888119909 (33)

1198920119903119909 = 1198920119888119909+119903119909minus119888119909 (34)

1198920119903119909 = 1198920119903119909 (35)











































8 Conclusion



Data Availability




Acknowledgments


References



































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia






119880 997888rarr 119862119878119875 119868119863119880119894 119875119882119880119894119870119878119906119894 (22)



4 Proposed Scheme











Verifying OTP










User (U) TTP (AS)

USNu1h(Uid)




CSP (S)






















119909 = ℎ (119875119882119906) (25)




119862 = ℎ (119875119906119876119873119904) (28)


119880minus gt 119878 119862 119885119909 (30)







tion (27) 119876 = 1198920119903119909 and (31) 119876 = 1198751199061198621198920119885119909Hence 1198920119903119909 = 1198751199061198621198920119885119909

1198920119903119909 = (1198920119909)119888 1198920(119903119909minus119888119909) (32)

1198920119903119909 = 11989201198881199091198920119903119909minus119888119909 (33)

1198920119903119909 = 1198920119888119909+119903119909minus119888119909 (34)

1198920119903119909 = 1198920119903119909 (35)











































8 Conclusion



Data Availability




Acknowledgments


References



































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia





User (U) TTP (AS)

USNu1h(Uid)




CSP (S)






















119909 = ℎ (119875119882119906) (25)




119862 = ℎ (119875119906119876119873119904) (28)


119880minus gt 119878 119862 119885119909 (30)







tion (27) 119876 = 1198920119903119909 and (31) 119876 = 1198751199061198621198920119885119909Hence 1198920119903119909 = 1198751199061198621198920119885119909

1198920119903119909 = (1198920119909)119888 1198920(119903119909minus119888119909) (32)

1198920119903119909 = 11989201198881199091198920119903119909minus119888119909 (33)

1198920119903119909 = 1198920119888119909+119903119909minus119888119909 (34)

1198920119903119909 = 1198920119903119909 (35)











































8 Conclusion



Data Availability




Acknowledgments


References



































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia






119909 = ℎ (119875119882119906) (25)




119862 = ℎ (119875119906119876119873119904) (28)


119880minus gt 119878 119862 119885119909 (30)







tion (27) 119876 = 1198920119903119909 and (31) 119876 = 1198751199061198621198920119885119909Hence 1198920119903119909 = 1198751199061198621198920119885119909

1198920119903119909 = (1198920119909)119888 1198920(119903119909minus119888119909) (32)

1198920119903119909 = 11989201198881199091198920119903119909minus119888119909 (33)

1198920119903119909 = 1198920119888119909+119903119909minus119888119909 (34)

1198920119903119909 = 1198920119903119909 (35)











































8 Conclusion



Data Availability




Acknowledgments


References



































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia


































8 Conclusion



Data Availability




Acknowledgments


References



































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia






















8 Conclusion



Data Availability




Acknowledgments


References



































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia







8 Conclusion



Data Availability




Acknowledgments


References



































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia


































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia




RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia


Documents

New Authentication Scheme to Secure against the Phishing …downloads.hindawi.com/journals/scn/2019/5141395.pdf · 2019-07-30 · pk(U) PublicKeyofUser sk(S) PrivateKeyofCSP pk(S)