Biblio

The current paper is proposing a three-factor authentication (3FA) scheme based on three components. In the first component a token and a password will be generated (this module represents the kernel of the three-factor authentication scheme - 3FA). In the second component a pass-code will be generated, using to the token resulted in the first phase. We will use RSA for encryption and decryption of the generated values (token and pass-code). For the token ID and passcode the user will use his smartphone. The third component uses a searchable encryption scheme, whose purpose is to retrieve the documents of the user from the cloud server, based on a keyword and his/her fingerprint. The documents are stored encrypted on a mistrust server (cloud environment) and searchable encryption will help us to search specific information and to access those documents in an encrypted content. We will introduce also a software simulation developed in C\# 8.0 for our scheme and a source code analysis for the main algorithms.

Authentication is achieved by using different techniques, like using smart-card, identity password and biometric techniques. Some of the proposed schemes use a single factor for authentication while others combine multiple ways to provide multi-factor authentication for better security. lately, a new scheme for multi-factor authentication was presented by Cao and Ge and claimed that their scheme is highly secure and can withstand against all known attacks. In this paper, it is revealed that their scheme is still vulnerable and have some loopholes in term of reflection attack. Therefore, an improved scheme is proposed to overcome the security weaknesses of Cao and Ge's scheme. The proposed scheme resists security attacks and secure. Formal testing is carried out under a broadly-accepted simulated tool ProVerif which demonstrates that the proposed scheme is well secure.

Mobile devices offer a convenient way of accessing our digital lives and many of those devices hold sensitive data that needs protecting. Mobile and wireless communications networks, combined with cloud computing as Mobile Cloud Computing (MCC), have emerged as a new way to provide a rich computational environment for mobile users, and business opportunities for cloud providers and network operators. It is the convenience of the cloud service and the ability to sync across multiple platforms/devices that has become the attraction to cloud computing. However, privacy, security and trust issues may still be a barrier that impedes the adoption of MCC by some undecided potential users. Those users still need to be convinced of the security of mobile devices, wireless networks and cloud computing. This paper is the result of a comprehensive review of one typical secure measure-authentication methodology research, spanning a period of five years from 2012–2017. MCC capabilities for sharing distributed resources is discussed. Authentication in MCC is divided in to two categories and the advantages of one category over its counterpart are presented, in the process of attempting to identify the most secure authentication scheme.

In large-scale systems, user authentication usually needs the assistance from a remote central authentication server via networks. The authentication service however could be slow or unavailable due to natural disasters or various cyber attacks on communication channels. This has raised serious concerns in systems which need robust authentication in emergency situations. The contribution of this paper is two-fold. In a slow connection situation, we present a secure generic multi-factor authentication protocol to speed up the whole authentication process. Compared with another generic protocol in the literature, the new proposal provides the same function with significant improvements in computation and communication. Another authentication mechanism, which we name stand-alone authentication, can authenticate users when the connection to the central server is down. We investigate several issues in stand-alone authentication and show how to add it on multi-factor authentication protocols in an efficient and generic way.