LASUA: A Lightweight Authentication Scheme with User Anonymity for IoT-Enabled Mobile Cloud

Abstract

Mobile Cloud Computing (MCC) also known as on-demand computing uses cloud computing to deliver applications to mobile devices. This new computational paradigm model which plays a big part in the Internet of Things (IoT), has increased its popularity even more during Covid-19 pandemic and became a necessity when schools, businesses and hospitals must work remotely. We can access and process remote data which are stored over the cloud server in real-time by connecting to a wireless network. For accessing any cloud server, a mutual authentication and key agreement between a mobile user and a cloud server provider is required. However, existing authentication schemes for MCC fail to provide user anonymity, server anonymity and user untraceability. Therefore, we propose a Lightweight Authentication Scheme with User Anonymity (LASUA) which artfully employs Elliptic Curve Cryptography (ECC), random number, time stamps, one-way hash functions, concatenation, XOR operations and fuzzy extractor for biometric to enable various security features including anonymity and resistance against various attacks. LASUA utilises the hardness of ECC to provide top-notch security with low computation and communication cost, a perfect solution for resource constrained devices.