AN EFFICIENT TWO-SERVER AUTHENTICATION AND KEY EXCHANGE PROTOCOL FOR ACCESSING SECURE CLOUD SERVICES

摘要

To avail cloud services; namely, Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as aService (IaaS), …etc. via insecure channel, it is necessary to establish a symmetric key between end user andremote Cloud Service Server (CSS). In such a provision, both the end parties demand proper auditing so thatresources are legitimately used and privacies are maintained. To achieve this, there is a need for a robustauthentication mechanism. Towards the solution, a number of single server authenticated key agreement protocolshave been reported recently. However, they are vulnerable to many security threats, such as identitycompromization, impersonation, man-in-the-middle, replay, byzantine, offline dictionary and privileged-insiderattacks. In addition to this, most of the existing protocols adopt the single server-based authentication strategy,which are prone to single point of vulnerability and single point of failure issues. This work proposes an efficientpassword-based two-server authentication and key exchange protocol addressing the major limitations in theexisting protocols. The formal verification of the proposed protocol using Automated Validation of InternetSecurity Protocols and Applications (AVISPA) proofs that it is provably secure. The informal security analysissubstantiates that the proposed scheme has successfully addressed the existing issues. The performance studycontemplates that the overhead of the protocol is reasonable and comparable with those of other schemes. Theproposed protocol can be considered as a robust authentication protocol for a secure access to the cloud services.