A Mobile Based Remote User Authentication Scheme without Verifier Table for Cloud Based Services

The emerging Cloud computing technology, offering computing resources as a service is gaining increasing attention of both the public and private sector. For the whole hearted adoption of Cloud, the service providers need to ensure that only valid users gain access to the services and data residing within the provider's premises. Ensuring secure access to sensitive resources within the Cloud requires a strong user authentication mechanism using multiple authentication factors. The mechanisms should also consider the increasing needs of Internet access through smart phones and other mobile devices and facilitate access through a variety of devices. Traditionally, a user needs to maintain separate user accounts for each Service Provider whose service he/she desires to use and this may cause inconvenience to users. Single Sign on (SSO) addresses this issue by permitting users to create one login credential and access multiple services hosted in different domains. In this scenario, a compromise of the single credential can result in account take over at many other sites. This points out to the requirement of strengthening the authentication mechanism by using more than one factor. This paper proposes a SSO based remote user authentication scheme for a Cloud environment. The proposed protocol uses password and mobile token and does not require the server to maintain a verifier table. The protocol is verified using automated security Protocol verification tool, Scyther and the results prove that the protocol provides protection against man -in -the -middle attack, replay attack and secrecy of the user's credentials.