Secure Key Management Based Mobile Authentication in Cloud

Authentication is important to the security of user data in a mobilecloud environment. Because of the server’s user credentials, it is subject toattacks. To maintain data authentication, a novel authentication mechanism is proposed. It consists of three independent phases: Registration, login, and authentication and key agreement. The user registers with the Registration Center (RC)by producing a secret number that isn’t stored in the phone, which protects againstprivileged insider attacks. The user and server generate a nonce for dynamic useridentity and agree on a session secret key for safe communication. The passwordsare not stored on the computer or provided in plain text, they are resistant toreplay, guessing, and stolen verification attacks. The suggested protocol uses aone-way hash function and XOR operations, with the client having remote accessto a large number of servers over a secure communication channel. Concentrateson HMAC and SHA3 for Collision Free Hashing and to overcome length extension attacks. HMACs are substantially less affected by collisions than their underlying hashing algorithms alone. So adding an HMAC to an MD5 or SHA hashwould make it substantially more difficult to break via a rainbow table.