AU2021101451A4 - Biometric based authentication protocol for mobile cloud data security - Google Patents
Biometric based authentication protocol for mobile cloud data security Download PDFInfo
- Publication number
- AU2021101451A4 AU2021101451A4 AU2021101451A AU2021101451A AU2021101451A4 AU 2021101451 A4 AU2021101451 A4 AU 2021101451A4 AU 2021101451 A AU2021101451 A AU 2021101451A AU 2021101451 A AU2021101451 A AU 2021101451A AU 2021101451 A4 AU2021101451 A4 AU 2021101451A4
- Authority
- AU
- Australia
- Prior art keywords
- mobile
- security
- authentication protocol
- data
- mobile cloud
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Bioethics (AREA)
- Biomedical Technology (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
BIOMETRIC BASED AUTHENTICATION PROTOCOL FOR
MOBILE CLOUD DATA SECURITY
In mobile cloud computing, sharing of data between the mobile devices and the
cloud servers is generally through untrusted wireless networks leading to risk of
security to the shared data. Hence there is demand for designing an effective and
secure authentication protocol for ensuring data access legitimacy in the field of
mobile cloud computing. Existing protocols for authentication in mobile
environment is vulnerable to several security issues, failing to provide resistance to
impersonation attack, insider privileged attack and secret ephemeral leakage attack,
restricting the usage of mobile devices in communication, computing and storage
resources. In this invention, we propose a biometric based anonymous lightweight
three factor authentication protocol based on fuzzy extractor functions, XOR
operation and hash operations in mobile cloud computing. The security features
are verified using ProVerif - automated security verification tool which analyzes
robustness and informal security. Data security is maintained by the proposed
system with low cost of communication and lower computation.
M
A* 0
Registration Center (RC)
Mutual authentication '
Public channel
Mobile User (MU) Cloud Server (MCS)
Figure 1. Proposed Framework of Biometric Based Authentication Protocol for Mobile Cloud
Data Security
8
Description
In mobile cloud computing, sharing of data between the mobile devices and the
cloud servers is generally through untrusted wireless networks leading to risk of
security to the shared data. Hence there is demand for designing an effective and
secure authentication protocol for ensuring data access legitimacy in the field of
mobile cloud computing. Existing protocols for authentication in mobile
environment is vulnerable to several security issues, failing to provide resistance to
impersonation attack, insider privileged attack and secret ephemeral leakage attack,
restricting the usage of mobile devices in communication, computing and storage
resources. In this invention, we propose a biometric based anonymous lightweight
three factor authentication protocol based on fuzzy extractor functions, XOR
operation and hash operations in mobile cloud computing. The security features
are verified using ProVerif - automated security verification tool which analyzes
robustness and informal security. Data security is maintained by the proposed
system with low cost of communication and lower computation.
Registration Center (RC) A* 0
Mutual authentication
' Public channel
Mobile User (MU) Cloud Server (MCS)
Figure 1. Proposed Framework of Biometric Based Authentication Protocol for Mobile Cloud Data Security
(See Section 10; rule 13)
The following specification particularly describes the invention and the manner in which it is to be performed
BIOMETRIC BASED AUTHENTICATION PROTOCOL FOR MOBILE CLOUD DATA SECURITY Description of the system In the proposed biometric based authentication protocol for mobile cloud data security, anonymous three factors are involved with fuzzy extractor for processing the biological information of the user. Following are the symbol description:
Symbols Description MU Mobile device MCS Cloud server RC Registration center IDuu,ID4I Identity of a mobile user PID,PID , PID* Dynamic identity of a mobile user IDcs Identity of a cloud server SC Smart card owned by a mobile user B Biometric information of a mobile user Gen(.) Fuzzy extractor generation procedure Rep(.) Fuzzy extractor reproduction procedure a The biometric key # The public reproduction parameter m, m*, 8, a*, t Random numbers K Master key of the MCS PW,PW' Password of a mobile user PWnew New password of a mobile user h(.) The secure one-way hash function SK Session key between the MU and the MCS XOR operation E =? F Determine if E is equal to F (X,y) Concatenation of data z and data y V-+W : C Entity V sends the message to W through a public channel C
The user information is processed by Fuzzy extraction which is a production technology based on biometric key extracting random uniform string a in a fault tolerant manner from the biometric input B. Slight changes in B will not change extracted a. Two functions are involved in this technology: 1. Gen(.) - random generator function for extracting biometric key a with public reproduction parameter p, where Gen(B) = (a,)
2. Req(.) - Deterministic function for recovering biometric key a from B. The proposed protocol involves four phases namely registration phase, login phase, authentication and key agreement phase and password change phase. Registration Phase:
1) A user freely selects a username IDmu and a password PW, and imprints his own biometric information B on a specific device. 2) The MU conducts (a,#)= Gen(B), where a is the biometric key and # is the public reproduction parameter. 3) The MU computes DIDmu = h(IDuy, a), and submits the message < DIDu > to the RC via a secure channel. 4) The MCS also registers with the RC. The MCS first chooses an identity IDcs and a master key K, and then calculates DIDcs = h(IDcs, K). 5) The MCS sends the message < DIDcs > to the RC. 6) After the RC receives the registration request message < DIDu > from the MU, it chooses a random number s and calculates PID = DIDAu s = h(IDu, a)EDs. 7) The RC generates a random number m for the MCS which requesting registration, and then calculates MK = h(DIDcs, m) = h(h(IDcs, K), m), MP = PID D MK. 8) The RC stores < MP, m, s > in the smart card, and then sends it to the MU. 9) The RC saves the tuple < DIDmu, DIDcs > in its own memory. 10) The RC delivers the message < PID, MK > to the MCS. 11) After the MU receives the SC, it calculates PPW= h(PW, s,a), WD = h(IDMu, PW) s. 12) The MU removes the random number s from the SC, and stores the parameters WD, PPW and # in the SC. Thus, the parameters currently stored in the SC are WD, PPW, #,MP and m. 13) The MCS calculates SV = h(PID,MK), and stores the tuple < PID, SV > in its database.
Login Phase:
Legality of the user is verified at this phase using user biometrics. Steps involved: 1) The user inserts the SC into a card reader, enters the username ID'u and the password PW', and imprints the personal biometrics B'. By using the fuzzy extractor reproduction procedure [41 and the stored #, the SC calculates a = Req(B', 3). 2) The SC calculates s' = h(ID'A , PW') WD. 3) The SC verifies PPW =? h(PW', s', a). If the condi tion holds, the authentication phase will begin. Otherwise, the SC terminates the login phase. Authentication and Key Agreement Phase Mutual authentication between MU and MCS is done in this phase without the requirement of RC, once after which secret session key is established for current communication. The steps involved in this phase are 1) The SC calculates PID' = h(a,ID'A) 0 s' and MK' = PID' D MP based on the ID'a uand the PW' input by the user. 2) The SC selects a new random number s* and calculates S= s'I s*, PID* =PID' D -y = h(ID ' C, ) (D s*, X = PID* @ h(MK'), Y = MK' Y. 3) The SC delivers the authentication request message < X, Y, m > to the MCS through a public channel. 4) After receiving the authentication request message from the MU, the MCS calculates MK' = h(h(KIDcs),in), PID*'=X 0 h(MK') with its own master key K. 5) The MCS calculates Y E MK', PID' = PID*
6) The MCS then searches its database for the tuple < PID, SV > based on the PID'. 7) The MCS verifies SV =? h(PID',MK'). If the condition is satisfied, the MCS believes that the parameter X, Y, m is from the legal MU, and successfully authenticates the MU.
8) The MCS chooses a random number t and calculates m* = h(t, y'). 9) The MCS calculates MK* = h(h(KIDcs),im*), MP = MK* e PID*',SV* = h(PID*', MK*), DR=h(MK')e t, DSR=MK' MK* m*. 10) The MCS calculates the session key SK = h(y', t, MK*). 11) The MCS replaces < PID, SV > in the database with < PID*', SV* >. 12) The MCS sends the message < MP*, DR, DSR > to the MU via a public channel. 13) The SC uses the local MK' and s* to calculate t= h(MK') @ DR, m*' = h(t',y), MK*' = PID* e MP*. 14) The SC verifies DSR =? MK'E MK*' D m'. If the condition is met, the SC authenticates the MCS. Otherwise, the SC aborts this process. 15) The SC calculates the session key shared with the MCS: SK =h(-,t',MK*'). 16) Finally, the SC calculates WD*= WD E y = h(ID u, PW') Ds*, PPW* - h(PW', s*, a), and then replaces < WD, PPW, MP, m > in memory with < WD*, PPW*, MP*, m*' >. Once after executing the authentication phase, data encryption is done by mobile device or cloud server using session key once after which the encrypted data is sent through unsecured channel. The receiver decrypts the received data with the same session key ensuring data reliability, availability and integrity.
Password Changing Phase: 1) A user inputs the username ID' , the existing password PW' and personal biometrics B'. Using the fuzzy extractor reproduction procedure and the stored #, the SC calculates a = Req(B', #). 2) The SC calculates s' = h(ID', PW') ED WD. 3) The SC verifies PPW =? h(PW', s', a). If the con dition is satisfied, the user is allowed to update the password, and the following steps will be performed. Otherwise, the SC terminates this phase.
4) A user enters a new password PW,,., and the SC com putes WDnew = h(ID'Au, PWne) e s', PPWn,, = h( s', a, PWeW). 5) The SC replaces < WD, PPW > in memory with < WDnew, PPWnew >.
The invention is herein described, with the accompanying block diagrams,
Figure 1. Proposed Framework of Biometric Based Authentication Protocol for Mobile Cloud Data Security
Claims (6)
1. An lightweight enhanced three factor biometric based anonymous
authentication protocol for mobile cloud computing is proposed in this
invention.
2. The proposed invention ensures security for mobile cloud computing data
based on user biometric based authentication protocol.
3. Before transmission of data, mutual authentication is done between cloud
server and mobile user.
4. This protocol involves fuzzy extractor operations, hash functions and bitwise
XOR operations which are necessary for mobile devices with resource
constraint.
5. Formal verification and security analysis is done by ProVerif such that
proposed protocol is robust and able to defend various known attacks.
6. This protocol also performs verification of local password, able to solve lack
of anonymity and attacks from vulnerability to impersonation.
Figure 1. Proposed Framework of Biometric Based Authentication Protocol for Mobile Cloud Data Security
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2021101451A AU2021101451A4 (en) | 2021-03-21 | 2021-03-21 | Biometric based authentication protocol for mobile cloud data security |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2021101451A AU2021101451A4 (en) | 2021-03-21 | 2021-03-21 | Biometric based authentication protocol for mobile cloud data security |
Publications (1)
Publication Number | Publication Date |
---|---|
AU2021101451A4 true AU2021101451A4 (en) | 2021-05-13 |
Family
ID=75829108
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
AU2021101451A Ceased AU2021101451A4 (en) | 2021-03-21 | 2021-03-21 | Biometric based authentication protocol for mobile cloud data security |
Country Status (1)
Country | Link |
---|---|
AU (1) | AU2021101451A4 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116506845A (en) * | 2023-06-19 | 2023-07-28 | 暨南大学 | Privacy-protected Internet of vehicles crowd sensing excitation method and system |
-
2021
- 2021-03-21 AU AU2021101451A patent/AU2021101451A4/en not_active Ceased
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116506845A (en) * | 2023-06-19 | 2023-07-28 | 暨南大学 | Privacy-protected Internet of vehicles crowd sensing excitation method and system |
CN116506845B (en) * | 2023-06-19 | 2023-09-15 | 暨南大学 | Privacy-protected Internet of vehicles crowd sensing excitation method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Bagga et al. | On the design of mutual authentication and key agreement protocol in internet of vehicles-enabled intelligent transportation system | |
Wazid et al. | AKM-IoV: Authenticated key management protocol in fog computing-based Internet of vehicles deployment | |
Das et al. | Biometrics-based privacy-preserving user authentication scheme for cloud-based industrial Internet of Things deployment | |
Zhang et al. | SMAKA: Secure many-to-many authentication and key agreement scheme for vehicular networks | |
Kaur et al. | Blockchain-based lightweight authentication mechanism for vehicular fog infrastructure | |
Chattaraj et al. | A new two-server authentication and key agreement protocol for accessing secure cloud services | |
Nashwan | AAA-WSN: Anonymous access authentication scheme for wireless sensor networks in big data environment | |
CN112351037B (en) | Information processing method and device for secure communication | |
CN107294725A (en) | A kind of three factor authentication methods under environment of multi-server | |
CN113849815B (en) | Unified identity authentication platform based on zero trust and confidential calculation | |
CN113572765B (en) | Lightweight identity authentication key negotiation method for resource-limited terminal | |
Bouchaala et al. | Enhancing security and efficiency in cloud computing authentication and key agreement scheme based on smart card | |
Nikooghadam et al. | Perfect forward secrecy via an ECC-based authentication scheme for SIP in VoIP | |
Kara et al. | A Password-Based Mutual Authentication Protocol via Zero-Knowledge Proof Solution | |
CN116388995A (en) | Lightweight smart grid authentication method based on PUF | |
Karmakar et al. | A PUF and Fuzzy Extractor-Based UAV-Ground Station and UAV-UAV authentication mechanism with intelligent adaptation of secure sessions | |
Kumar et al. | A conditional privacy-preserving and desynchronization-resistant authentication protocol for vehicular ad hoc network | |
He et al. | A lightweight authentication and key exchange protocol with anonymity for IoT | |
AU2021101451A4 (en) | Biometric based authentication protocol for mobile cloud data security | |
Salvakkam et al. | Design of fully homomorphic multikey encryption scheme for secured cloud access and storage environment | |
Lee et al. | Secure and anonymous authentication scheme for mobile edge computing environments | |
Agal et al. | Non-interactive zero-knowledge proof based authentication | |
CN114095229A (en) | Method, device and system for constructing data transmission protocol of energy Internet | |
Sood | Dynamic identity based authentication protocol for two-server architecture | |
Kumar et al. | Secure and efficient cache-based authentication scheme for vehicular ad-hoc networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FGI | Letters patent sealed or granted (innovation patent) | ||
MK22 | Patent ceased section 143a(d), or expired - non payment of renewal fee or expiry |