Informatica 37 (2013) 149-156 149
Enhanced Time-Bound Ticket-Based Mutual Authentication Scheme for Cloud Computing
Ravi Singh Pippal
Radharaman Institute of Research and Technology, Bhopal, India E-mail: ravesingh@gmail.com
Jaidhar C. D.
Defence Institute of Advanced Technology, Girinagar, Pune, India E-mail: jaidharcd@diat.ac.in
Shashikala Tapaswi
ABV-Indian Institute of Information Technology and Management, Gwalior, India E-mail: stapaswi@iiitm.ac.in
Keywords: authentication, cloud computing, cryptanalysis, impersonation attack, smart card Received: December 3, 2012
Cloud computing is a recently developed technology for complex systems with services sharing among various registered users. Therefore, proper mutual authentication is needed between users and cloud server prior to avail the services provided by cloud servers. Recently, Hao et al. [26] proposed time-bound ticket-based mutual authentication scheme for cloud computing. However, this paper shows that their scheme is vulnerable to Denial-of-Service attack and insecure password change phase. Besides, enhanced scheme is proposed to overcome these security pitfalls. Moreover, performance comparison of both the schemes proves that the enhanced scheme is more efficient in comparison with Hao et al.'s scheme.
Povzetek: V tem clanku je predlagana okrepljena shema medsebojne avtentifikacije aplikacij v oblaku, ki odpravi nekatere varnostne slabosti.
1 Introduction
Cloud computing is a new computing paradigm and got wide popularity from both industries as well as academia since 2007. It is employed because of its powerful computing and storage capabilities necessary in a distributed environment [1]. Its attractive characteristics include on-demand self-service, measured service, location independent resource pooling, ubiquitous network access and rapid elasticity. Three types of service offered by cloud computing are Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). Several firms like Google, Amazon, Microsoft, IBM and Yahoo are the ancestors that offer services for Internet users. Some more firms like Facebook, Salesforce, Myspace, Youtube, etc. are also started offering cloud computing services.
Users who are acquainted to use Internet can avail the computing resources, storage space and software services as per their demands to solve their problems. Further, users can also store their data in cloud servers and the same can be accessed from anywhere over the Internet as on-demand. This offers great flexibility for remote users.
Although, it provides a number of advantages such as cost reduction, dynamic resource provisioning, increased
flexibility, low capital expenditures and time saving for new service deployment. However, still it is not matured enough to preserve data confidentiality as well as integrity. Many security issues, like data security either in store form or transmission form, application security, monitoring and metering need to be addressed and so on. Number of security issues have been discussed [2, 3, 4, 5, 6] and few research works address the security issues [7, 8, 9, 10].
One of the primary security needs is user authentication. Several authentication schemes have been proposed in the literature but most widely used one is password based authentication scheme [11, 12, 13, 14]. However, single factor password based authentication is not secure enough in the present scenario. Two factor authentication is a better option using password as one and smart card as other factor. Smart card is a tamper resistant integrated circuit card with memory to store personal information and a processor capable of performing computations [15].
In this context, many password based smart card authentication schemes have been proposed in order to avoid the use of the verification tables [16,17,18,19]. Subsequently, authentication based on smart card has been employed continuously in several applications like healthcare [20], key exchange in IPTV broadcasting [21,22], wireless networks
150 Informatica 37 (2013) 149-156	R.S. Pippal et al.
[23], authentication in multi-server environment [24], wireless sensor networks [25] and many more.
1.1 Contribution of this Paper
Cloud servers authenticate the remote users prior to offer any services to them. Recently, Hao et al. [26] proposed time-bound ticket-based mutual authentication scheme for cloud computing. It is claimed that the scheme resists lost smart card attacks, offline password guessing attack, lost ticket attack, masquerade attack and replay attack. In addition, it provides mutual authentication and secure session key generation. This paper shows vulnerabilities of Hao et al. 's scheme, i.e. vulnerable to Denial-of-Service attack and insecure password change phase. To resist these weaknesses, this paper proposes an enhancement to Hao et al.'s scheme.
The rest of this paper is organized as follows. Section 2 gives review of Hao et al. 's scheme. Security pitfalls of Hao et al. 's scheme is shown in section 3. Section 4 describes the proposed enhanced mutual authentication scheme. An in-depth security analysis and performance comparison is discussed in section 5. Finally, section 6 concludes the paper.
2 Review of Hao et al. 's Scheme
2.1 Registration Phase
This phase is invoked when a new user registers with the cloud server. The cloud server issues't' tickets, in which each ticket can be used only once. In this phase, Ui selects IDi, PWi and a random number b, computes IPBi = H(IDi || H(PWi e b)) and submits {IDi, IPBi,t} to S over a secure channel, where't' is the number of digital tickets needed by Ui.
Upon receiving the registration request and ticket fee from Ui, S generates t tickets for Ui. jth ticket of Ui and its validity is represented as {(TIDj VP(j)), j = 1,2, ..t}. S computes
Wi = IPBi 0 H(IDi,Ki)
a(j) = Hk2 (IDi y TIDj) y VP(j))
(j)


(j)
aij) 0 IPBi
T(j) has two parts,
T(j) = (T(j)i T(j)2)
in which
T(
(j)i
(TID(j\VP(j))
j = (j
(j)
S also computes Zi = HK2 (IDi)eIPBi and issues a smart card to Ui by storing {IDi, t, Wi, Zi, T(j)} into smart card memory over secure channel. After receiving, Ui stores b into smart card memory.
This section describes Hao et al.'s time-bound ticket-based mutual authentication scheme for cloud computing [26] (see Figure 1). The scheme consists of four phases: Registration phase, Verification request phase, Mutual authentication phase and Password change phase. The notations used throughout this paper are summarized in Table 1.
Table 1: Notations used in this paper
Symbols	Their meaning
Ui	Remote user
IDi	Identity of U^i
PWi	Password chosen by Ui
S	Cloud server
Ua	Attacker
PWa	Password chosen by Ua
t	Number of digital tickets needed by Ui
T (j) i	jth ticket of Ui
TID(j)	jth ticket ID
VP (j) i	Valid period of t(j)
ki,k2	Two long term secret keys of S
H(.)	Cryptographic hash function
Hk(-)	Keyed hash function
y	Concatenation
®	Bitwise XOR operation
ru	Random nonce generated by Ui
rs	Random nonce generated by S
ra	Random nonce generated by Ua
Kc/Ks	Shared session key between Ui and S
2.2	Verification Request Phase
As Ui receives t tickets, these tickets can be used to perform data verification at most t times. Suppose, for kth verification request, Ui inserts the smart card to the card reader and keys in IDi and PWi. The smart card generates a nonce ru and computes
IPBi = H(IDi || H(PWi © b))
Hi = Wi © IPBi
Ci = ru © Hi C2 = H(ru) © T(k)2 © IPBi
Ui sends the verification request {IDi, T(k)1 ,C1, C2} to S in order to pass the mutual authentication phase.
2.3	Mutual Authentication Phase
Once the verification request has been received, S first checks the validity of IDi to accept/reject the verification
request. S rejects the request when it finds invalidity oth-
(k)
erwise checks whether TIDi is on the bulletin board or not. If it's on the bulletin board, S rejects Ui's request and
terminates the process. S checks whether the current date
(k)
is within the range of VP( ) or not. If not, S rejects Ui's request and terminates the process. If all these conditions hold, S computes
Do = H (IDi ,Ki)
Enhanced Time-Bound Ticket-Based Mutual...
Informatica 37 (2013) 149-156 151
Ui_s
_Registration Phase_
Select /Z>3f PWj and a random number b Compute /P^ = H (IDi || H(PWi © &))
Submit [IDuIPBif i}to5	{IDirIPBjr t}
*	Generate t tickets for
Compute Wt = IPBf© H(lDifK±X cif = HKn [lDi || Twf || VPf) pf = af © IPB}, Tf = (T®\Tf2) rp1 = [Tinf fVP:f^ T{f2 = pf, Zi = HK7(IDi) © IPBt [Smart Card] Issue smart card by storing	rZifT(f' J into its memoiy
Store b into smart card memory_
_Veiifif ation Request and Mutual Authentication Phase_
Insert the smart card and keys in/D, and PWt
Generate a random nonce ru, compute IPB{ = H [lD{ || H(PWi © Z?)^ Hi = Wi®IPBi,C± = ru © H^ C2 — H(_ru)® Tf)2® IPB^ Send{/DiV2f'V^CaJto S	{iDplf^C^Cj}
-*	Ye rily t he v alidity o f ID ^
Verify whet lie r T ID t is on bulletin board and current date is within range of VP;
If true, compute D0 = H(IDU K^), D±= © Z>0, D2 = H(Dt)® C2 Veiift whether HK7 (iDj || Tiof- || VPf}) = D2 or not If true, generate a random nonce rs Compute C3 = D0® rs, C4 = H(rUfrs\ Ks = H(D0,|| rs) iC^Ci)	Send {C3,C4} to Ut
Compute D3= C3® Hu Kc = H(HU ru |[ rs) +
Verify whether HjrUfD2) = Ci__	_
Both parties agree upon the common session key Kc — H\ Hi? ru || rs) - HyH{IDuK^f ru || r5) - Ks
Figure 1: Hao et al.'s Scheme
Di = Ci © Do D2 = H(Di ) © C2
S computes Hk2 (IDi || TID(k) || Vp(k)) and checks whether it is equal to D2 or not. If true, S generates a random nonce rs, computes C3 = D0 © rs, C4 = H(ru, rs ) and sends the message {C3, C4} to Ui. S also computes Ks = H (D0, ru || rs ) as the session key.
After getting the message {C3, C4} from S, Ui computes D3 = C3 © Hi and compares H(ru, D3 ) with C4. If true, Ui authenticates S successfully otherwise terminates the session. Subsequently, Ui computes Kc = H(Hi ,ru || rs). Both parties agree upon the common session key Kc = H (Hi ,ru || rs ) = H (H (IDi ,Ki ),ru || rs ) = Ks.
2.4 Password Change Phase
This phase is invoked when Ui wants to change the password. Ui inserts the smart card to the card reader and keys the credentials such as IDi and PWi. The smart card generates a nonce ru and computes
IPBi = H (IDi || H (PWi © b))
Ci = ru © Wi © IPBi
C2 = H (ru ) © Zi © IPBi
The smart card sends {update, IDi, C1, C2} to S, in which, update denotes that it's a password change request. After receiving, S checks the validity of IDi to accept/reject the request. If it is invalid, then S rejects the
request otherwise computes
Di = Ci © H(IDi ,Ki)
D2 = H(Di) © C2 S computes HK2 (IDi) and checks whether it is equal to D2 or not. If true, S generates a random nonce rs, computes C3 = H(IDi ) © rs, C4 = H(ru ,rs) and sends the message {C3, C4} to Ui. Upon receiving the message {C3, C4}, smart card computes D3 = C3 © Wi © IPBi and compares H (rM, D3) with C4. If true, Ui authenticates S successfully otherwise terminates the session. Subsequently, smart card prompts Ui to enter a new password PWi16^. Then, smart card computes
IpBnew = H(ID, || H(PWnew © b))
wnew = Wi © IPBi © IPBnew = H(IDi ,Ki) © IPBnew znew = Zi © IPBi © IPBnew = hk2 (IDi) © IPBnew
ipr© iPBnew
The smart card updates Tij')2 to Tij )2
(j)
for all remaining tickets which yields ai © IPBnew.
3 Weakness in Hao et al. 's Scheme
This section provides security flaws in Hao et al. 's scheme. They are (a) exposed to Denial-of-Service attack due to lack of early wrong password detection prior to verification request creation and (b) inefficient password change phase. It is assumed that the attacker Ua is able to intercept all the messages exchanged between Ui and S.
152 Informatica 37 (2013) 149-156
R.S. Pippal et al.
3.1 Denial-of-Service Attack
xj = Hx(IDi y TID(j' Il VP(j)) © H(IDi,x)
(j)

To check whether or not the requested user is a legitimate bearer of smart card, entered password must be verified at the smart card level before login request creation [27]. In this scheme, if Ua gets U's smart card by any means, he or she can create invalid login request by entering wrong password which is verified only at the cloud server side not at the user side.
Assume, Ua gets/steals U's smart card, inserts the smart card into the card reader and enters the wrong password PWa as well as /A. Smart card creates an invalid login request without verifying the correctness of entered password or identifier. The smart card generates a nonce ra and computes
IPBa = H(IDa II H(PWa 0 b)) Ha = Wi 0 IPBa = IPBi 0 H(IDi, Kl) 0 IPBa
C\a = ra 0 Ha = Ta 0 IPBi 0 H(IDi ,Kl) 0 IPBa
C2a = H(Ta) 0 T0 IPBa
Ua sends the verification request {/A, Tj(k)1, Ci a, C2a } to S. This request fails to pass the authentication phase at the cloud server side. As a result, load on S increases which leads to Denial-of-Service attack. To overcome this attack, both password and identifier must be verified at the user side prior to compute verification request.
3.2 Insecure Password Change Phase
Communication is needed between S and U during the password change phase. Password change at the user side without interacting with S strengthen the security and reduces the load on S. Further, password change phase leads to Denial-of-Service attack because of non existence of earlier password as well as identifier verification before the update request creation [27].
4 Proposed Enhanced Mutual Authentication Scheme
This section describes proposed enhanced mutual authentication scheme over Hao et al.'s scheme (see Figure 2). The scheme consists of four phases: Registration phase, Verification request phase, Mutual authentication phase and Password change phase. The details of these phases are as follows:
4.1 Registration Phase
In this phase, U selects /A, PWj and a random number b, computes H(PWj © b) and submits {/A, H(PWj © b), t} to S over a secure channel, where 't' is the number of digital tickets needed by U. Upon receiving the registration request and ticket fee from U, S generates t tickets for U. jticket of U and its validity is represented as
{(T/Ar
where 'x' is long term secret key of S. Tj(j) has two parts,
i(j), Vp(j)), j = 1,2, ..t}. S computes
T
j) — (T(j)1 t(j)2 )
in which
T(
(j)1 = (TID(j\VP(j)) T(j)2 = x (j)
S issues a smart card over secure channel to U by storing {/A, t, Wi, into smart card memory. After receiving, U stores b into smart card memory.
4.2 Verification Request Phase
As U receives t tickets, these tickets can be used to perform data verification at most t times. Assume for verification request, U inserts the smart card to the card reader and keys the credentials, /Di and PW/. The smart card computes W/ = H(/Di || H(PW/ © b)) and compares it with the stored Wj. If true, U is the valid owner of smart card.
The smart card generates a nonce ru and computes
Y = HT(fc)2 (T.(k)2 || ru). U sends the verification request
{/A,T(fc)1,Yi,ru} to S.
4.3 Mutual Authentication Phase
Upon
receiving
the
verification
{/A,T(fc)1,Yj,r„}; S first checks the validity of /A to accept/reject the verification request. S rejects the
request when it finds invalidity otherwise checks whether
(k)
T/A is on the bulletin board or not. If it's on the bulletin board, S rejects U's request and terminates the
process. S checks whether the current date is within the
(k)
range of VP/ or not. If not, S rejects U's request and terminates the process. If all these conditions hold, S computes X
Hx(/A || T/A(k) || VPj(k)) © H(/A,x). S com-
request
(k)
putes Y/ = HX(k) (X
(k) | ru) and checks whether it is equal to received Yj or not. If true, S authenticates U otherwise rejects the request. S generates a random nonce rs, computes Zj = HX(k) (ru || rs || X(k)) and sends the message {/Ai,Zi,rs} to Uj. S also computes Ks = H(/A || || rs || Xj(k)) as the session key.
After getting the message {/A, Zj, rs} from S, U computes Zj = Ht(k)2 (ru || rs || T.(k)2) and compares it with the received Zj. If true, U authenticates S successfully otherwise terminates the session. Subsequently, U computes Kc = H(/A || r„ || rs || T(k)2). Both parties agree upon the common session key Kc = H(/A || || rs ||
Wi = H (IDi || H (PWi © b))
T(k)2) = H (/A y r„ y rs
X (k)) = Ks.
Enhanced Time-Bound Ticket-Based Mutual...
Informatica 37 (2013) 149-156 153
Ui_*
_Registration Phase_
Select IDu PWif and a random number bs compute /ffPR^© i>) Submit {lDuH{PWi © b), t} to 5 {lDirH{PWi © b), t}
*	Generate t tickets for Uf
Compute Wi = ff(/D, || H(PWt© b)) Xf = Hx (ID, || TIDf || VP®)® H{lDvx\ if = (t®1,^2) T(f}1 = (TwfrVpf^Tf2 = xf {Smart Card] Issue smart card by storing \lDut: WirT'Pj into its memory Store b into smart card memory
_Verification Request ami Mutual Authentication Phase_
Insert the smart card and keys in/D,1 and PW{ Verify whether W\ = H(ID\ || H{PW\ © b)) = Wi or not If true, generate a nonce ru, compute Y, = H(r^ 2 || ru)
Send [lDifT[mfYitru] to 5	[lDpT^\Yuru]
-Ve rily t he v alidity 0 f ID^
¡'tr')	iff"]
Verify whether TID, is on bulletin board and current date is within range of VP, If true ? compute xf'} = H^ID, || Tiuf- || VP'f^) © H(lDux) Verify whether Y\ = H(j£p° || r J = Y{ 01 not If true? generate a random nonce rs Compute Zj = H^(ru || r,	Ks = H{lDg |[ru || rs \\xf*)
[ID uZifrs}	Send {IDitZitr^ to Ut
Compute Kc = H(lD{ \\ru ||rf || jf]2) ^ * Verify whether Z\ = H^yz(ru \\rs || r^2) - Zf or not t/4 and 5 agree upon shared session key Kc = H\ IDi || rlt || rs || Tf}2) = HilDj || T u || rs || X,k)) = Ks
Figure 2: Proposed Enhanced Mutual Authentication Scheme
4.4 Password Change Phase
This phase is invoked when Ui wants to change the password. Ui inserts the smart card to the card reader and keys the credentials such as IDi and PW/. The smart card computes W[ = H(IDi || H(PWi © b)) and compares it with the stored Wi. If true, Ui is the legitimate bearer of smart card.
Subsequently, smart card prompts Ui to enter a new password PWinew. Then, smart card computes Wpew = H(IDi || H(PWnew © b)). The smart card updates Wi to Winew in the smart card memory.
5 Security Analysis and Performance Comparison
This section discusses security analysis of the proposed enhanced mutual authentication scheme and provides performance analysis in comparison with Hao et al.'s scheme.
5.1 Impersonation Attack
Suppose, Ua has complete hold on the insecure communication channel and can intercept all the communicating messages transmitted between Ui and S. Ua is unable to create a forged verification request as the value of T(k)2 is needed to compute fake Yi. Further, it is not possible to get T(k)2 from intercepted T(k^1 without knowing 'x',
long term secret key of S. Moreover, without the infor-
(k)2
mation about Ti J , Ua cannot masquerade as a legitimate S. Hence, Ua is unable to forge the verification request to impersonate a valid Ui or forge the response message to impersonate a legitimate S.
5.2 Password Guessing Attack
One of the most important features provided by any authentication scheme is the security of passwords of users. The scheme must be structured in such a way that no one can guess the password. In the proposed scheme, password is used only in the card holder verification. It is not used in the calculation of any of the verification request parameters. Hence, there is no chance of offline password guessing attack. To resist online password guessing attack, the number of attempts made by user can be limited to some fixed value.
5.3 Replay Attack
An adversary may try to act as an authentic user by resend-ing previously intercepted messages. This scheme uses unique ticket ID TIDi and random nonces ru and rs which are different from session to session. As a consequence, Ua cannot enter the system by resending previously transmitted messages to impersonate legal Ui.
Assume that the intercepted verification request
154 Informatica 37 (2013) 149-156
R.S. Pippal et al.
, r„} is replayed to pass the mutual authentication phase. Upon receiving the verification request, S
first checks the validity of /D, and then checks whether
(k)
T7D> is on the bulletin board or not. Obviously, S will
(k)
find that T7D,- is on the bulletin board. S rejects the service request and terminates the process.
5.4	Reflection and Parallel Session Attack
To resist reflection and parallel session attacks, the given scheme employs asymmetric structure of communicating messages, i.e., {/Di; Ti(k)1, Y, r„} and {/Di; Z, rs}. There is no symmetry in the values of Y = HT(k)2 (Tp)2 ||
r„) and Z, = HX(fc) (r„ || rs || Xi(k)). Hence, U0 is unable to launch parallel session attack by replaying cloud server response message as the user verification request or reflection attack by resending user verification request as the cloud server response message.
5.5	Privileged Insider Attack
For remembrance, many users employ same password to access different servers. Nevertheless, a privileged insider of server can get this password and then try to utilize it for personal benefit. In the given scheme, U sends H(PWi © b) to S instead of PW, to resist privileged insider attack. Hence, this scheme provides security against privileged insider attack.
5.6	Valid Period Extending Attack
In the proposed scheme, no one can use the ticket after the expiration date. It helps to control the database growth maintained by S. Let us suppose, U wants to reuse the ticket Tj(k). Ui changes VPj(k) to VPi(k') (by including the current date) and sends {/D,, Tp )1, Yj, ru} to S. Once received, S computes
X(k') = Hx(/Dj || T/D(k) || VPi(k')) © H(/Dj,x). Obviously, S finds Y' = HX(k') (Xf ) || ru) = Y and rejects the request. Hence, the enhanced scheme is able to prevent the user from extending the expiration date of any ticket.
5.7	Early Wrong Password Detection
To provide security against Denial-of-Service attack, identity of users must be verified at the user side prior to creation of verification request. The enhanced scheme verifies the entered password and identifier by comparing W/ with the stored W, during the verification request phase. If U enters either password or identifier incorrect, the smart card prompt U to re-enter correct password as well as correct identifier. In addition, it is infeasible to guess correct identifier and password simultaneously by using stolen smart card. Hence, there is no chance for Denial-of-Service attack.
5.8	Efficient Password Change Phase
In the proposed scheme, U can choose and change the password without any support from S. The smart card compares the computed W/ with the stored W, to verify the legitimacy of U before the update of new password. If it holds, smart card asks to enter a new password PW"ew, computes W"ew and updates W, to W"ew in the smart card memory. It eliminates the role of S during password change phase which diminishes burden on S.
5.9	Performance Comparison
In order to measure the security in terms of possible attacks, proposed scheme is compared with Hao et al.'s scheme. From Table 2, it can be clearly seen that the proposed scheme is more secure in comparison with Hao et al. 's scheme. It includes early wrong password and wrong identifier detection which resists Denial-of-Service attack either during verification request phase or password change phase.
Table 3 shows comparative results for Hao et al.'s scheme and the proposed enhanced scheme in terms of computational complexity. In this table, t denotes the number of tickets issued to user U, and r denotes the number of tickets remaining. From both the tables, it is clear that the proposed scheme is more efficient in comparison with Hao et al.'s scheme.
6 Conclusion
Nowadays, cloud has become one of the most popular business transaction platform. However, the growing security threat emerging due to the present security attacks obfuscates this powerful network. Weak authentication of responses and requests allows the attackers to compromise the cloud infrastructure. Hence, authentication of both the users and the cloud servers is a vital issue. To address this aforementioned issue, Hao et al. [26] proposed time-bound ticket-based mutual authentication scheme for cloud computing.
This paper pointed out that Hao et al.'s scheme is inadequate to provide security against Denial-of-Service attack. Further, password change phase is also insecure. To overcome these security flaws, this paper proposes an enhanced scheme over Hao et al.'s scheme. The enhanced scheme inherits all the merits of Hao et al. 's scheme and resists the identified security attacks. In addition, user can choose and change the password securely without any assistance from the cloud server.
Acknowledgement
The authors would like to thank ABV-Indian Institute of Information Technology and Management, Gwalior, India for providing the academic support.
Enhanced Time-Bound Ticket-Based Mutual...	Informatica 37 (2013) 149-156 155
Table 2: Comparison between proposed scheme and Hao et al. 's scheme in terms of security properties
Security Properties	Hao et al. 's Scheme	Proposed Scheme
User is allowed to choose and change the password	Yes	Yes
Provides mutual authentication	Yes	Yes
Provides secure session key generation	Yes	Yes
Resists replay attack	Yes	Yes
Resists guessing attack	Yes	Yes
Resists parallel session attack	Yes	Yes
Resists reflection attack	Yes	Yes
Resists privileged insider attack	Yes	Yes
Resists valid period extending attack	Yes	Yes
Resists impersonation attack	Yes	Yes
Resists Denial-of-Service attack	No	Yes
Free from cloud server involvement during password change	No	Yes
Provides early wrong password detection	No	Yes
Provides early wrong identifier detection	No	Yes
Table 3: Comparison between proposed scheme and Hao et al.'s scheme in terms of computational complexity
Authentication Schemes	Name of Phases	No. of Hash Functions (H)	No. of Exclusive-or Operations (XOR)	Total No. of Operations
Hao et al.'s Scheme	Registration Phase Verification Request Phase Mutual Authentication Phase Password Change Phase	(4 + t) (3) (7) (10)	(3 + t) (5) (4) (15 + 2r)	(24 + t) H (27 + t + 2r) XOR
Proposed Scheme	Registration Phase Verification Request Phase Mutual Authentication Phase Password Change Phase	(3 + t) (3) (7) (4)	(1 + t) (1) (1) (2)	(17 + t) H (5 + t) XOR
References
[1]	Li, Z., Chen, C. and Wang, K. (2011). Cloud computing for agent-based urban transportation systems. IEEE Intelligent Systems, 26(1), pp. 73-79.
[2]	Zhou, M., Zhang, R., Xie, W., Qian, W. and Zhou, A. (2010). Security and privacy in cloud computing: A survey. In Proceedings of 6th International Conference on Semantics, Knowledge and Grid, Shanghai, China, pp. 105-112.
[3]	Subashini, S. and Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), pp. 1-11.
[4]	Pearson, S. and Benameur, A. (2010). Privacy, security and trust issues arising from cloud computing. In
Proceedings of 2nd IEEE International Conference on Cloud Computing Technology and Science, Bristol, U.K., pp. 693-702.
[5]	Jensen, M., Schwenk, J., Gruschka, N. and Iacono, L. (2009). On technical security issues in cloud computing. In Proceedings of IEEE International Conference on Cloud Computing, Bangalore, India, pp. 109-116.
[6]	Kandukuri, B.R., Ramakrishna, P.V. and Rakshit, A. (2009). Cloud security issues. In Proceedings of
IEEE International Conference on Services Computing, Bangalore, India, pp. 517-520.
[7]	Takabi, H., Joshi, J.B.D. and Ahn, G.J. (2010). Se-cureCloud: Towards a comprehensive security framework for cloud computing environments. In Proceedings of 34th Annual IEEE Computer Software and Applications Conference Workshops, P.A., U.S.A., pp. 393-398.
[8]	Wang, C. and Yan, H. (2010). Study of cloud computing security based on private face recognition. In
Proceedings of International Conference on Computational Intelligence and Software Engineering, Beijing, China, pp. 1-5.
[9]	Shen, Z. and Tong, Q. (2010). The security of cloud computing system enabled by trusted computing technology. In Proceedings of 2nd International Conference on Signal Processing Systems, Wuhan, China, pp. 11-14.
[10]	Zech, P. (2011). Risk-based security testing in cloud computing environments. In Proceedings of 4th IEEE International Conference on Software Testing, Verification and Validation, Innsbruck, Austria, pp. 411414.
[11]	Hwang, M.S., Lee, C.C. and Tang, Y.L. (2001). An improvement of SPLICE/AS in WIDE against guessing attack. Informatica, 12(2), pp. 297-302.
156 Informatica 37 (2013) 149-156
R.S. Pippal et al.
[12]	Yang, C.C., Chang, T.Y. and Hwang, M.S. (2003). Security of improvement on methods for protecting password transmission. Informatica, 14(4), pp. 551558.
[13]	Yoon, E.J., Ryu, E.K. and Yoo, K.Y. (2005). Attacks and solutions of Yang et al.'s protected password changing scheme. Informatica, 16(2), pp. 285294.
[14]	Ku, W.C. and Tsai, H.C. (2005). Weaknesses and improvements of Yang-Chang-Hwang's password authentication scheme. Informatica, 16(2), pp. 203212.
[15]	http://en.wikipedia.org/wiki/Smart_card.
[16]	Chang, C.C. and Wu, T.C. (1991). Remote password authentication with smart cards. IEE Proceedings E: Computers and Digital Techniques, 138, pp. 165168.
[17]	Chen, T.H., Horng, G. and Wu, K.C. (2007). A secure YS-like user authentication scheme. Informatica, 18(1), pp. 27-36.
[18]	Liao, C.H., Chen, H.C. and Wang, C.T. (2009). An exquisite mutual authentication scheme with key agreement using smart card. Informatica, 33(2), pp. 125-132.
[19]	Pippal, R.S., Jaidhar, C.D. and Tapaswi, S. (2012). Highly secured remote user authentication scheme using smart cards. In Proceedings of 7th IEEE International Conference on Industrial Electronics and Applications, Singapore, pp. 988-992.
[20]	Hu, J., Chen, H.H. and Hou, T.W. (2010). A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations. Computer Standards and Interfaces, 32(5-6), pp. 274-280.
[21]	Yoon, E.J. and Yoo, K.Y. (2009). Robust key exchange protocol between set-top box and smart card in DTV broadcasting. Informatica, 20(1), pp. 139150.
[22]	Pippal, R.S., Tapaswi, S. and Jaidhar, C.D. (2012). Secure key exchange scheme for IPTV broadcasting. Informatica, 36(1), pp. 47-52.
[23]	He, D., Ma, M., Zhang, Y., Chen, C. and Bu, J. (2011). A strong user authentication scheme with smart cards for wireless communications. Computer Communications, 34(3), pp. 367-374.
[24]	Pippal, R.S., Jaidhar, C.D. and Tapaswi, S. (2013). Robust Smart Card Authentication Scheme for Multiserver Architecture. Wireless Personal Communications. DOI: 10.1007/s11277-013-1039-6.
[25]	Fan, R., He, D., Pan, X. and Ping, L. (2011). An efficient and DoS-resistant user authentication scheme for two-tiered wireless sensor networks. Journal of Zhejiang University-SCIENCE C (Computers and Electronics), 12(7), pp. 550-560.
[26]	Hao, Z., Zhong, S. and Yu, N. (2011). A time-bound ticket-based mutual authentication scheme for cloud computing. International Journal of Computers, Communications and Control, 6(2), pp. 227-235.
[27]	Yoon, E.J., Ryu, E.K. and Yoo, K.Y. (2005). An improvement of Hwang-Lee-Tang's simple remote user authentication scheme. Computers and Security, 24(1), pp. 50-56.