A more secure and privacy-aware anonymous user authentication scheme for distributed mobile cloud computing environments

Now-a-days, the low-power handheld mobile devices make our life more comfortable. With the fast advancement of mobile communication technologies and Internet, mobile users are accessing remote services at home over the Internet. Recently, Tsai and Lo put forwarded a user authentication scheme for distributing mobile cloud environments. Unfortunately, we observed that Tsai and Lo's scheme suffers from user impersonation attack and known session-specific temporary information attack. Besides, the scheme does not support the wrong password and fingerprint detection in the authentication phase. The scheme also violates the user anonymity property. Moreover, the password update functionality is absent in Tsai and Lo's scheme. In order to provide more securities and functionalities, this article put forwarded an enhanced scheme for distributing mobile cloud environments. The simulation on automated validation of Internet security protocols and applications tool ensures that our scheme is secure against the active and passive attacks. Our cryptanalysis gives surety that the scheme can defend related security attacks. We also compare our scheme with the previous schemes with respect to computation cost and security aspects. Copyright (C) 2016 John Wiley & Sons, Ltd.