Cryptanalysis and improvement of a cloud based login and authentication protocol

Abstract

Outsourcing services to cloud server (CS) becomes popular in these years. However, the outsourced services often involve with sensitive activity and CS naturally becomes a target of varieties of attacks. Even worse, CS itself can misuse the outsourced services for illegal profit. Traditional online banking system also can make use of a cloud framework to provide economical and high-speed online services to the consumers, which makes the financial dealing easy and convenient. Most of the banking organizations provide services through passbook, ATM, mobile banking, electronic banking (e-banking) etc. Among these, the e-banking and mobile banking are more convenient and becomes essential. Therefore, it is critical to provide an efficient, reliable and more importantly, secure e-banking services to the consumers. The cloud environment is suitable paradigm to a new, small and medium scale banking organization as it eliminates the requirement for them to start with small resources and increase gradually as the service demand rises. However, security is one of the main concerns since it deals with many sensitive data of the valuable customers. In addition to this, the access of various data needs to be restricted to prevent any unauthorized transaction. Nagaraju et al. presented a framework to achieve reliability and security in public cloud based online banking using multi-factor authentication concept. Unfortunately, the login and authentication protocol of this framework is prone to impersonation attack. In this paper, we have revised the framework to avoid this attack.