A new two-server authentication and key agreement protocol for accessing secure cloud services

Abstract

Emerging Cloud computing paradigm came up with the on-demand ubiquitous service sharing facility via the Internet. In this synergy, the cloud service providers provide various services, namely, Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) to their clients. In such a provision, both the end parties demand proper auditing so that the resources can be legitimately utilized, and meanwhile the privacy is also preserved. In order to achieve this goal, there is a need for designing an efficient and robust authentication mechanism. Though other existing authentication protocols, such as Kerberos, Open Authorization (OAuth) and OpenID are proposed in the literature, they are vulnerable to various security threats such as replay, online dictionary, offline dictionary, stolen-verifier, impersonation, denial-of-service, privileged-insider and man-in-the-middle attacks. In this paper, we aim to propose an authentication protocol which overcomes these security loopholes in the existing protocols. In the proposed protocol, a new dynamic password-based two-server authentication and key exchange mechanism is proposed with the help of both public and private key cryptography. Moreover, to achieve strong user anonymity property, a new multi-factor authentication scheme with identity preservation has been also introduced. The security analysis using both the formal security using the broadly-accepted Real-Or-Random (ROR) model and the informal security show that the proposed protocol protects several well-known attacks. In addition, the formal security verification using the widely-used Automated Validation of Internet Security Protocols and Applications (AVISPA) ensures that the scheme is resilient against replay as well as man-in-the-middle attacks. Finally, the performance study contemplates that the overheads incurred in the protocol is reasonable and comparable to that of other existing state-of-art authentication protocols. High security along with comparable overheads make the proposed protocol to be robust and practical for a secure access to the cloud services.