AU2021101451A4 - Biometric based authentication protocol for mobile cloud data security - Google Patents

Biometric based authentication protocol for mobile cloud data security Download PDF

Info

Publication number
AU2021101451A4
AU2021101451A4 AU2021101451A AU2021101451A AU2021101451A4 AU 2021101451 A4 AU2021101451 A4 AU 2021101451A4 AU 2021101451 A AU2021101451 A AU 2021101451A AU 2021101451 A AU2021101451 A AU 2021101451A AU 2021101451 A4 AU2021101451 A4 AU 2021101451A4
Authority
AU
Australia
Prior art keywords
mobile
security
authentication protocol
data
mobile cloud
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
AU2021101451A
Inventor
Radhika K. R.
Chandrakala G. Raju
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
K R Radhika Dr
Raju Chandrakala G Mrs
Original Assignee
K R Radhika Dr
Raju Chandrakala G Mrs
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by K R Radhika Dr, Raju Chandrakala G Mrs filed Critical K R Radhika Dr
Priority to AU2021101451A priority Critical patent/AU2021101451A4/en
Application granted granted Critical
Publication of AU2021101451A4 publication Critical patent/AU2021101451A4/en
Ceased legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Bioethics (AREA)
  • Biomedical Technology (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

BIOMETRIC BASED AUTHENTICATION PROTOCOL FOR MOBILE CLOUD DATA SECURITY In mobile cloud computing, sharing of data between the mobile devices and the cloud servers is generally through untrusted wireless networks leading to risk of security to the shared data. Hence there is demand for designing an effective and secure authentication protocol for ensuring data access legitimacy in the field of mobile cloud computing. Existing protocols for authentication in mobile environment is vulnerable to several security issues, failing to provide resistance to impersonation attack, insider privileged attack and secret ephemeral leakage attack, restricting the usage of mobile devices in communication, computing and storage resources. In this invention, we propose a biometric based anonymous lightweight three factor authentication protocol based on fuzzy extractor functions, XOR operation and hash operations in mobile cloud computing. The security features are verified using ProVerif - automated security verification tool which analyzes robustness and informal security. Data security is maintained by the proposed system with low cost of communication and lower computation. M A* 0 Registration Center (RC) Mutual authentication ' Public channel Mobile User (MU) Cloud Server (MCS) Figure 1. Proposed Framework of Biometric Based Authentication Protocol for Mobile Cloud Data Security 8

Description

BIOMETRIC BASED AUTHENTICATION PROTOCOL FOR MOBILE CLOUD DATA SECURITY
In mobile cloud computing, sharing of data between the mobile devices and the
cloud servers is generally through untrusted wireless networks leading to risk of
security to the shared data. Hence there is demand for designing an effective and
secure authentication protocol for ensuring data access legitimacy in the field of
mobile cloud computing. Existing protocols for authentication in mobile
environment is vulnerable to several security issues, failing to provide resistance to
impersonation attack, insider privileged attack and secret ephemeral leakage attack,
restricting the usage of mobile devices in communication, computing and storage
resources. In this invention, we propose a biometric based anonymous lightweight
three factor authentication protocol based on fuzzy extractor functions, XOR
operation and hash operations in mobile cloud computing. The security features
are verified using ProVerif - automated security verification tool which analyzes
robustness and informal security. Data security is maintained by the proposed
system with low cost of communication and lower computation.
M
Registration Center (RC) A* 0
Mutual authentication
' Public channel
Mobile User (MU) Cloud Server (MCS)
Figure 1. Proposed Framework of Biometric Based Authentication Protocol for Mobile Cloud Data Security
COMPLETE SPECIFICATION
(See Section 10; rule 13)
TITLE OF THE INVENTION BIOMETRIC BASED AUTHENTICATION PROTOCOL FOR MOBILE CLOUD DATA SECURITY APPLICANT
The following specification particularly describes the invention and the manner in which it is to be performed
BIOMETRIC BASED AUTHENTICATION PROTOCOL FOR MOBILE CLOUD DATA SECURITY Description of the system In the proposed biometric based authentication protocol for mobile cloud data security, anonymous three factors are involved with fuzzy extractor for processing the biological information of the user. Following are the symbol description:
Symbols Description MU Mobile device MCS Cloud server RC Registration center IDuu,ID4I Identity of a mobile user PID,PID , PID* Dynamic identity of a mobile user IDcs Identity of a cloud server SC Smart card owned by a mobile user B Biometric information of a mobile user Gen(.) Fuzzy extractor generation procedure Rep(.) Fuzzy extractor reproduction procedure a The biometric key # The public reproduction parameter m, m*, 8, a*, t Random numbers K Master key of the MCS PW,PW' Password of a mobile user PWnew New password of a mobile user h(.) The secure one-way hash function SK Session key between the MU and the MCS XOR operation E =? F Determine if E is equal to F (X,y) Concatenation of data z and data y V-+W : C Entity V sends the message to W through a public channel C
The user information is processed by Fuzzy extraction which is a production technology based on biometric key extracting random uniform string a in a fault tolerant manner from the biometric input B. Slight changes in B will not change extracted a. Two functions are involved in this technology: 1. Gen(.) - random generator function for extracting biometric key a with public reproduction parameter p, where Gen(B) = (a,)
2. Req(.) - Deterministic function for recovering biometric key a from B. The proposed protocol involves four phases namely registration phase, login phase, authentication and key agreement phase and password change phase. Registration Phase:
1) A user freely selects a username IDmu and a password PW, and imprints his own biometric information B on a specific device. 2) The MU conducts (a,#)= Gen(B), where a is the biometric key and # is the public reproduction parameter. 3) The MU computes DIDmu = h(IDuy, a), and submits the message < DIDu > to the RC via a secure channel. 4) The MCS also registers with the RC. The MCS first chooses an identity IDcs and a master key K, and then calculates DIDcs = h(IDcs, K). 5) The MCS sends the message < DIDcs > to the RC. 6) After the RC receives the registration request message < DIDu > from the MU, it chooses a random number s and calculates PID = DIDAu s = h(IDu, a)EDs. 7) The RC generates a random number m for the MCS which requesting registration, and then calculates MK = h(DIDcs, m) = h(h(IDcs, K), m), MP = PID D MK. 8) The RC stores < MP, m, s > in the smart card, and then sends it to the MU. 9) The RC saves the tuple < DIDmu, DIDcs > in its own memory. 10) The RC delivers the message < PID, MK > to the MCS. 11) After the MU receives the SC, it calculates PPW= h(PW, s,a), WD = h(IDMu, PW) s. 12) The MU removes the random number s from the SC, and stores the parameters WD, PPW and # in the SC. Thus, the parameters currently stored in the SC are WD, PPW, #,MP and m. 13) The MCS calculates SV = h(PID,MK), and stores the tuple < PID, SV > in its database.
Login Phase:
Legality of the user is verified at this phase using user biometrics. Steps involved: 1) The user inserts the SC into a card reader, enters the username ID'u and the password PW', and imprints the personal biometrics B'. By using the fuzzy extractor reproduction procedure [41 and the stored #, the SC calculates a = Req(B', 3). 2) The SC calculates s' = h(ID'A , PW') WD. 3) The SC verifies PPW =? h(PW', s', a). If the condi tion holds, the authentication phase will begin. Otherwise, the SC terminates the login phase. Authentication and Key Agreement Phase Mutual authentication between MU and MCS is done in this phase without the requirement of RC, once after which secret session key is established for current communication. The steps involved in this phase are 1) The SC calculates PID' = h(a,ID'A) 0 s' and MK' = PID' D MP based on the ID'a uand the PW' input by the user. 2) The SC selects a new random number s* and calculates S= s'I s*, PID* =PID' D -y = h(ID ' C, ) (D s*, X = PID* @ h(MK'), Y = MK' Y. 3) The SC delivers the authentication request message < X, Y, m > to the MCS through a public channel. 4) After receiving the authentication request message from the MU, the MCS calculates MK' = h(h(KIDcs),in), PID*'=X 0 h(MK') with its own master key K. 5) The MCS calculates Y E MK', PID' = PID*
6) The MCS then searches its database for the tuple < PID, SV > based on the PID'. 7) The MCS verifies SV =? h(PID',MK'). If the condition is satisfied, the MCS believes that the parameter X, Y, m is from the legal MU, and successfully authenticates the MU.
8) The MCS chooses a random number t and calculates m* = h(t, y'). 9) The MCS calculates MK* = h(h(KIDcs),im*), MP = MK* e PID*',SV* = h(PID*', MK*), DR=h(MK')e t, DSR=MK' MK* m*. 10) The MCS calculates the session key SK = h(y', t, MK*). 11) The MCS replaces < PID, SV > in the database with < PID*', SV* >. 12) The MCS sends the message < MP*, DR, DSR > to the MU via a public channel. 13) The SC uses the local MK' and s* to calculate t= h(MK') @ DR, m*' = h(t',y), MK*' = PID* e MP*. 14) The SC verifies DSR =? MK'E MK*' D m'. If the condition is met, the SC authenticates the MCS. Otherwise, the SC aborts this process. 15) The SC calculates the session key shared with the MCS: SK =h(-,t',MK*'). 16) Finally, the SC calculates WD*= WD E y = h(ID u, PW') Ds*, PPW* - h(PW', s*, a), and then replaces < WD, PPW, MP, m > in memory with < WD*, PPW*, MP*, m*' >. Once after executing the authentication phase, data encryption is done by mobile device or cloud server using session key once after which the encrypted data is sent through unsecured channel. The receiver decrypts the received data with the same session key ensuring data reliability, availability and integrity.
Password Changing Phase: 1) A user inputs the username ID' , the existing password PW' and personal biometrics B'. Using the fuzzy extractor reproduction procedure and the stored #, the SC calculates a = Req(B', #). 2) The SC calculates s' = h(ID', PW') ED WD. 3) The SC verifies PPW =? h(PW', s', a). If the con dition is satisfied, the user is allowed to update the password, and the following steps will be performed. Otherwise, the SC terminates this phase.
4) A user enters a new password PW,,., and the SC com putes WDnew = h(ID'Au, PWne) e s', PPWn,, = h( s', a, PWeW). 5) The SC replaces < WD, PPW > in memory with < WDnew, PPWnew >.
The invention is herein described, with the accompanying block diagrams,
Figure 1. Proposed Framework of Biometric Based Authentication Protocol for Mobile Cloud Data Security

Claims (6)

CLAIMS We Claim:
1. An lightweight enhanced three factor biometric based anonymous
authentication protocol for mobile cloud computing is proposed in this
invention.
2. The proposed invention ensures security for mobile cloud computing data
based on user biometric based authentication protocol.
3. Before transmission of data, mutual authentication is done between cloud
server and mobile user.
4. This protocol involves fuzzy extractor operations, hash functions and bitwise
XOR operations which are necessary for mobile devices with resource
constraint.
5. Formal verification and security analysis is done by ProVerif such that
proposed protocol is robust and able to defend various known attacks.
6. This protocol also performs verification of local password, able to solve lack
of anonymity and attacks from vulnerability to impersonation.
Figure 1. Proposed Framework of Biometric Based Authentication Protocol for Mobile Cloud Data Security
AU2021101451A 2021-03-21 2021-03-21 Biometric based authentication protocol for mobile cloud data security Ceased AU2021101451A4 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2021101451A AU2021101451A4 (en) 2021-03-21 2021-03-21 Biometric based authentication protocol for mobile cloud data security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
AU2021101451A AU2021101451A4 (en) 2021-03-21 2021-03-21 Biometric based authentication protocol for mobile cloud data security

Publications (1)

Publication Number Publication Date
AU2021101451A4 true AU2021101451A4 (en) 2021-05-13

Family

ID=75829108

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2021101451A Ceased AU2021101451A4 (en) 2021-03-21 2021-03-21 Biometric based authentication protocol for mobile cloud data security

Country Status (1)

Country Link
AU (1) AU2021101451A4 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116506845A (en) * 2023-06-19 2023-07-28 暨南大学 Privacy-protected Internet of vehicles crowd sensing excitation method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116506845A (en) * 2023-06-19 2023-07-28 暨南大学 Privacy-protected Internet of vehicles crowd sensing excitation method and system
CN116506845B (en) * 2023-06-19 2023-09-15 暨南大学 Privacy-protected Internet of vehicles crowd sensing excitation method and system

Similar Documents

Publication Publication Date Title
Bagga et al. On the design of mutual authentication and key agreement protocol in internet of vehicles-enabled intelligent transportation system
Wazid et al. AKM-IoV: Authenticated key management protocol in fog computing-based Internet of vehicles deployment
Das et al. Biometrics-based privacy-preserving user authentication scheme for cloud-based industrial Internet of Things deployment
Zhang et al. SMAKA: Secure many-to-many authentication and key agreement scheme for vehicular networks
Kaur et al. Blockchain-based lightweight authentication mechanism for vehicular fog infrastructure
Chattaraj et al. A new two-server authentication and key agreement protocol for accessing secure cloud services
Nashwan AAA-WSN: Anonymous access authentication scheme for wireless sensor networks in big data environment
CN112351037B (en) Information processing method and device for secure communication
CN107294725A (en) A kind of three factor authentication methods under environment of multi-server
CN113849815B (en) Unified identity authentication platform based on zero trust and confidential calculation
CN113572765B (en) Lightweight identity authentication key negotiation method for resource-limited terminal
Bouchaala et al. Enhancing security and efficiency in cloud computing authentication and key agreement scheme based on smart card
Nikooghadam et al. Perfect forward secrecy via an ECC-based authentication scheme for SIP in VoIP
Kara et al. A Password-Based Mutual Authentication Protocol via Zero-Knowledge Proof Solution
CN116388995A (en) Lightweight smart grid authentication method based on PUF
Karmakar et al. A PUF and Fuzzy Extractor-Based UAV-Ground Station and UAV-UAV authentication mechanism with intelligent adaptation of secure sessions
Kumar et al. A conditional privacy-preserving and desynchronization-resistant authentication protocol for vehicular ad hoc network
He et al. A lightweight authentication and key exchange protocol with anonymity for IoT
AU2021101451A4 (en) Biometric based authentication protocol for mobile cloud data security
Salvakkam et al. Design of fully homomorphic multikey encryption scheme for secured cloud access and storage environment
Lee et al. Secure and anonymous authentication scheme for mobile edge computing environments
Agal et al. Non-interactive zero-knowledge proof based authentication
CN114095229A (en) Method, device and system for constructing data transmission protocol of energy Internet
Sood Dynamic identity based authentication protocol for two-server architecture
Kumar et al. Secure and efficient cache-based authentication scheme for vehicular ad-hoc networks

Legal Events

Date Code Title Description
FGI Letters patent sealed or granted (innovation patent)
MK22 Patent ceased section 143a(d), or expired - non payment of renewal fee or expiry