Center-less Single Sign-on with Privacy-preserving Remote Biometric-based ID-MAKA Scheme for Mobile Cloud Computing Services

Identity-based mutual authentication and key agreement (ID-MAKA) between a mobile user and cloud service provider is necessary for accessing any cloud services. In recent years, there are a large number of ID-MAKA schemes had been proposed on mobile cloud computing services to make authentication and accessing process more usability, security, and scalability. In this paper, we propose a new ID-MAKA scheme for mobile cloud computing, which firstly achieves remote biometric-based authentication(remote servers authenticate user’s biometrics), single sign-on (a single credential and single registration for accessing multiple servers) and center-less authentication(the registration center does not participate in the access procedure) in one scheme. In order to realize this target, we design a ZK-token based on ECC and cryptographic hash function, and then artfully employ it to introduce the fuzzy extractor technology and zero-knowledge technology into our scheme. Therefore, the user can access multiple cloud computing servers by registering only once in the registration center, and cloud computing servers can complete the biometric-based remote authentication and key agreement for the user without the registration center participating. In this way, our scheme greatly improves usability, scalability, and security compared to other existing solutions. We give a formal security proof for our scheme by using Real-Or-Random(RoR) model and Burrows-Abadi-Needham (BAN) logic to show that the present scheme is secure and security analysis for other known attacks. Finally, according to the experiment result, our scheme has lower computation and communication cost compared with most existing related schemes.