Traceable Anonymous Authentication and Key Exchange Protocol for Privacy-Aware Cloud Environments

Abstract

Anonymous authentication with key exchange is an important technique for any subject who attempts to access sensitive cloud services without compromising his/her identity. However, most so-called anonymous authentication schemes, also known as dynamic authentication protocols, only consider and offer preauthentication anonymity to resist ID-theft attacks. This motivates the author to propose a new anonymous authentication with key exchange scheme achieving both preauthentication and postauthentication user anonymity. By using a registered security token hardware together with a rememberable password, our scheme allows a user to generate a pseudoidentity for cloud authentication. To reduce communication overheads with cloud servers, our scheme utilizes an offline password update procedure and provides fast error detection in both login and password-update processes. Still, to make our scheme more suitable for privacy-aware cloud environments, the functionality of tracing real identities of anonymous users is provided. Additionally, we formally prove the authenticated key exchange (AKE) security of the proposed scheme in the random oracle model and discuss some potential attacks. The comparison results also clearly reveal that our scheme has better functionalities and security properties among related works.