Abstract
Security analysts have shown that it is possible to compromise the mobile two-factor authentication applications that employ SMS-based authentication. In this paper, we consider that offloading mobile applications to the cloud, which is resource-rich and provides a more secure environment, represents a good solution when energy limitation and security constraints are raised. To this end, we propose an offloading architecture for the two-factor mutual authentication applications, and a novel two-factor mutual authentication scheme based on a novel mechanism, named virtual smart card. We also propose a decision-making process to offload the authentication application and its virtual smart card, based on three conditions: security, mobile device's residual energy, and energy cost. We analytically derive the lower-bound on the mobile application running time from the energy cost formula to perform offloading. We analyze and verify the security properties of the proposed architecture, and provide evaluation results of the two-factor mutual authentication protocol and the offloading decision-making process.
Highlights
These days, mobile devices have become an essential part of our daily lives, due to the plethora of mobile applications that are capable to run different applications including social networking, gaming, and online banking
We propose a decision making process that offloads the authentication application according to three conditions: security, mobile device’s residual energy, and energy cost
We propose a novel two-factor mutual authentication scheme based on a novel mechanism, named virtual smart card
Summary
These days, mobile devices have become an essential part of our daily lives, due to the plethora of mobile applications that are capable to run different applications including social networking, gaming, and online banking. To deal with the above two issues, we consider that offloading mobile applications to the cloud, which is resource-rich and can provide a more secure environment, presents a good solution when energy limitation and security constraints are raised. Most of the mobile two-factor authentication applications employ SMS-based authentication, i.e., to access an account, the users are required to provide something they know (password) and something they have (one-time verification code sent to the mobile device). A. Derhab et al.: Two-Factor Mutual Authentication Offloading for Mobile Cloud Computing login credentials of the user and the SMS verification code, which is sent by the authentication server [12], [13]. We propose offloading the two-factor mutual authentication application to a more secure environment (i.e., cloud). OFFLOADING ARCHITECTURE FOR THE TWO-FACTOR MUTUAL AUTHENTICATION APPLICATION we present the attack and security models, as well as the offloading architecture of the proposed two-factor mutual authentication protocol
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.