Efficient anonymous user authentication on server without secure channel during registration

Abstract

Cloud computing offers a simple way to provide access to servers, storage, databases and a broad set of application services over the Internet. Its popularity is growing spectacularly. Consequently, there is a need for strong authentication schemes, offering besides privacy also anonymity to the users during these actions. Therefore, this paper presents two userfriendly authentication protocols, able to derive the required security material at user side without the need of a secure channel between user and registration center. The second protocol has the added functionality to guarantee unforgeability and non repudiation of the request. Simple elliptic curve operations, together with hashes and symmetric key encryption algorithms are used. The proposed protocols are two-factor based, requiring password and smartphone, and are very efficient to be executed on the smartphone due to a small amount of computations.