To avail cloud services namely Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a
Service (IaaS), etc. via insecure channel, it is necessary to establish a symmetric key between end user and remote
Cloud Service Server (CSS). In such a provision, both the end parties demand proper auditing so that resources
are legitimately used, and privacies are maintained. To achieve this, there is a need for a robust authentication
mechanism. Towards the solution, a number of single server authenticated key agreement protocols have been
reported recently. However, they are vulnerable to many security threats such as identity compromisation,
impersonation, man-in-the-middle, replay, byzantine, offline dictionary and privileged-insider attacks. In addition
to this, most of the existing protocols adopt the single server based authentication strategy which are prone to
single point of vulnerability and single point of failure issues. This work proposes an efficient password-based
two-server authentication and key exchange protocol addressing the major limitations in the existing protocols.
The formal verification of the proposed protocol using Automated Validation of Internet Security Protocols and
Applications (AVISPA) proofs that it is provably secure. The informal security analysis substantiates that the
proposed scheme has successfully addressed the existing issues. The performance study contemplates that the
overhead of the protocol is reasonable and comparable with other schemes. The proposed protocol can be
considered as a robust authentication protocol for a secure access to the cloud services.
Key words: Key agreement, Authentication protocol, User privacy, Cloud data security, Privacy-preserving protocol
|
