Secure Three-Factor Anonymous User Authentication Scheme for Cloud Computing Environment

Abstract

Cloud computing provides virtualized information technology (IT) resources to ensure the workflow desired by user at any time and location; it allows users to borrow computing resources such as software, storage, and servers, as per their needs without the requirements of complicated network and server configurations. With the generalization of small embedded sensor devices and the commercialization of the Internet of Things (IoT), short- and long-range wireless network technologies are being developed rapidly, and the demand for deployment of cloud computing for IoT is increasing significantly. Cloud computing, together with IoT technology, can be used to collect and analyse large amounts of data generated from sensor devices, and easily manage heterogeneous IoT devices such as software updates, network flow control, and user management. In cloud computing, attacks on users and servers can be a serious threat to user privacy. Thus, various user authentication schemes have been proposed to prevent different types of attacks. In this paper, we discuss the security and functional weakness of the related user authentication schemes used in cloud computing and propose a new elliptic curve cryptography- (ECC-) based three-factor authentication scheme to overcome the security shortcomings of existing authentication schemes. To confirm the security of the proposed scheme, we conducted both formal and informal analyses. Finally, we compared the performance of the proposed scheme with those of related schemes to verify that the proposed scheme can be deployed in the real world.