Authentication in Mobile Cloud Computing - A Survey

Journal of Network and Computer Applications 61 (2016) 59–80
Contents lists available at ScienceDirect
Journal of Network and Computer Applications

journal homepage: www.elsevier.com/locate/jnca
Review
Authentication in mobile cloud computing: A survey

Mojtaba Alizadeh a,b, Saeid Abolfazli c,n, Mazdak Zamani d, Sabariah Baharun b,
Kouichi Sakurai a
a
Department of Informatics, Graduate School and Faculty of Information Science, Kyushu University, Fukuoka, Japan
b
Malaysia-Japan International Institute of Technology (MJIIT), Universiti Teknologi, Malaysia
c
YTL Communications and Xchanging, Malaysia
d
Department of Computer Science, Kean University, NJ, USA
art ic l e i nf o a b s t r a c t
Article history: Mobile cloud computing (MCC) is the state-of-the-art mobile distributed computing model that incor-
Received 29 March 2015 porates multitude of heterogeneous cloud-based resources to augment computational capabilities of the
Received in revised form plethora of resource-constraint mobile devices. In MCC, execution time and energy consumption are
21 September 2015
significantly improved by transferring execution of resource-intensive tasks such as image processing, 3D
Accepted 18 October 2015
Available online 6 November 2015
rendering, and voice recognition from the hosting mobile to the cloud-based resources. However,
accessing and exploiting remote cloud-based resources is associated with numerous security and privacy
Keywords: implications, including user authentication and authorization. User authentication in MCC is a critical
Cloud computing requirement in securing cloud-based computations and communications. Despite its critical role, there is
Mobile cloud computing
a gap for a comprehensive study of the authentication approaches in MCC which can provide a deep
Security
insight into the state-of-the-art research. This paper presents a comprehensive study of authentication
Authentication
methods in MCC to describe MCC authentication and compare it with that of cloud computing. The
taxonomy of the state-of-the-art authentication methods is devised and the most credible efforts are
critically reviewed. Moreover, we present a comparison of the state-of-the-art MCC authentication
methods considering five evaluation metrics. The results suggest the need for futuristic authentication
methods that are designed based on capabilities and limitations of MCC environment. Finally, the design
factors deemed could lead to effective authentication mechanisms are presented, and open challenges
are highlighted based on the weaknesses and strengths of existing authentication methods.
& 2015 Elsevier Ltd. All rights reserved.
Contents
1. Introduction and motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

2. Authentication in mobile cloud computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
2.1. Mobile cloud computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
2.2. User authentication in mobile cloud computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
2.3. MCC vs. cloud computing authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
3. The state-of-the-art of authentication approaches in MCC: taxonomy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
3.1. Cloud-side authentication methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
3.1.1. Identity-based authentication methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
3.1.2. Context-based authentication methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
3.2. User-side authentication methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
3.2.1. Identity-based authentication methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
3.2.2. Context-based authentication methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
3.3. Evaluation criteria for authentication in MCC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
3.3.1. Usability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
3.3.2. Efficiency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
n
Corresponding author.
E-mail addresses: amojtaba2@live.utm.my, 9IE14015W@s.kyushu-u.ac.jp (M. Alizadeh), abolfazli@ieee.org (S. Abolfazli), mzamani@kean.edu (M. Zamani),
sabariahb@utm.my (S. Baharun), sakurai@csce.kyushu-u.ac.jp (K. Sakurai).
http://dx.doi.org/10.1016/j.jnca.2015.10.005
1084-8045/& 2015 Elsevier Ltd. All rights reserved.
60 M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80
3.3.3. Security and robustness. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

3.3.4. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
3.3.5. Adaptable to MCC environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
4. Prospective authentication algorithms in MCC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
4.1. Mobile device characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
4.2. Usability preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
4.3. Security and privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
4.4. Mobility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
4.5. Support heterogeneity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
4.6. Adaptiveness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
5. Open challenges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
5.1. Heterogeneous infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
5.2. Seamless handover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
5.3. Identity privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
5.4. Resource scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
6. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Acknowledgement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
1. Introduction and motivation et al., 2014; Xuanxia et al., 2014; Khan et al., 2013a; Sood, 2012).
Successful diffusion of cloud computing technology with mobile
The mobile cloud computing (MCC) is “a rich mobile computing devices incites users desires for efficient and also secure service
technology that leverages unified elastic resources of varied clouds delivery. Furthermore, in MCC environment, typical mobile devi-
and network technologies toward unrestricted functionality, storage, ces communicate through the combination of heterogeneous
and mobility to serve a multitude of mobile devices anywhere, wireless networks, which is more energy-intensive compared to
anytime through the channel of Ethernet or the Internet regardless of wired communication. Hence, reducing mobile devices' resource
heterogeneous environments and platforms based on the pay-as- consumption is an important and critical problem in delivering
you-use principle.” (Sanaei et al., 2013). MCC incorporates cloud sustainable and long-lasting on-demand services to the end-users
computing, mobile computing, and wireless networking and aims to (Shon et al., 2014). Although mobile devices' resource poverty can
provide cloud-based services to the mobile consumers (Abolfazli be alleviated by cloud computing and cloud-based augmentation
et al., 2014a; Fernando et al., 2013). In MCC, execution time and techniques (Abolfazli et al., 2014a), inadequate security manage-
energy consumption are significantly improved by transferring ment inhibits development and successful deployment of cloud-
execution of resource-intensive application from the hosting mobile connected security-sensitive applications in broad areas, including
to the cloud-based resources.Therefore, once MCC is fully deployed, health-care, financial services, and e-government services.
the mobile devices do not require high resources, such as central Researchers in several efforts (Yang et al., 2014; Li and Li, 2014;
processing unit (CPU), random access memory (RAM), storage, and Si et al., 2014; Xia et al., 2014; Sookhak et al., 2014; Kaewpuang
particularly battery, because the entire data or complex computing et al., 2013; Rahimi et al., 2013; Yang et al., 2013; Ma and Wang,
are manipulated in the remote cloud-based resources (Ko et al., 2012; 2012; Satyanarayanan et al., 2009; Ra et al., 2011) have studied
Abolfazli et al., 2012; Liu et al., 2015). MCC has emerged as a subset of varied aspects of MCC, including task outsourcing, heterogeneity,
cloud computing to enable intensive on-demand elastic computing virtualization, energy saving, and remote auditing, aiming to
and storage on the go to the potential mobile users. Mobile devices, enhance the MCCs performance and efficiency. However, security
particularly tablet personal computers, smart phones, and PDAs are (as another crucial aspect of MCC), particularly authentication is
becoming an integral part of today's lifestyle as they are convenient overlooked. The security challenges in MCC are twofold, namely
and effective communication endpoint. The swift development of cloud security and mobile network security because of the co-
mobile computing has become a forceful pattern in IT technology's existence of cloud computing and mobile computing in MCC (Peng
development in commerce and related fields. According to Cisco et al., 2014; Morrow, 2011; Zissis and Lekkas, 2012; Dijiang et al.,
visual networking index statistics (Cisco, 2014), the usage of smart- 2011). One of the most important security issues for MCC users is
phone and global mobile data traffic grew 50 and 81 percent in 2013, authentication and authorization (Esposito and Ciampi, 2015; Yu
respectively. Nevertheless, performance and functionality of mobile and Wen, 2012; Riley et al., 2011). As an example, a lost or stolen
devices are hindered by several limitations, particularly computing mobile device could be abused to access a host and download
and storage resources (i.e., CPU, RAM), wireless communication sensitive data from the cloud, if a mobile user is registered with a
throughput, battery life, local data safety, communication security, particular cloud service provider, both mobile device and cloud
and mobility impeding development of the quality of service (Abol- server should authenticate each other in order to secure the
fazli et al., 2014a). The idea of remote computing and the process of communication when the mobile user accesses the cloud from
augmenting mobile devices using remote cloud-based computing different locations using heterogeneous networks and various
and storage resources is envisioned to overcome the inherent chal- mobile devices (Clarke et al., 2002).
lenges and shortcomings in mobile computing (Aminzadeh et al., Several studies (Xu et al., 2013; Wang et al., 2013; Noureddine and
2015). This is carried out by utilizing other resource providers besides Bashroush, 2013; Ghazizadeh et al., 2014; Singh and Singh, 2012; Guo
the mobile device to host the delivery of resource-intensive mobile et al., 2012; Dinesha and Agrawal, 2012; Li et al., 2013; Zhi-Hua et al.,
applications (Dinh et al., 2013; Alizadeh et al., 2013a,b). 2012; Zhang et al., 2012; Yongqing and Xiang, 2012; Yassin et al.,
Although MCC is proven to be advantageous in augmenting 2012; Wang and Jia, 2012; Sang-Ho et al., 2012; Ahn et al., 2011) have
computational capabilities of mobile devices and conserving their been conducted to propose suitable authentication schemes in cloud
native resources, leveraging remote resources introduces several computing. However, authentication in MCC, as one of the most
challenges, including reliability, security, trust, and privacy (Khalil crucial security countermeasures, has not been studied yet. Moreover,
M. Alizadeh et al. / Journal of Network and Computer Applications 61 (2016) 59–80 61
several efforts have been undertaken to study varied aspects of the Table 1
MCC. Khan et al. (2013a) evaluated and identified the security issues List of acronyms and corresponding full forms.
of the existing security schemes in MCC infrastructure. Furthermore,
Acronym Full form
the security issues and challenges of MCC are discussed in Khan et al.
(2013b,c), Popa et al. (2013), Jin et al. (2013), Kumar and Rajalakshmi 2D 2 dimensional
(2013), Alizadeh and Wan (2013), Hui et al. (2013) and Shahzad and 2G 2nd generation
Hussain (2013) by surveying the current state of mobile cloud devices 3G 3th generation
4G 4th generation
security vulnerabilities, and exploring the various possible solutions. AES Advanced encryption standard
However, authentication as one of the most crucial security coun- AS Authentication server
termeasures, has not been studied yet. Therefore, we aim to fill the CER Crossover error rate
gap by conducting a comprehensive survey to assess and analyze CPU Central processing unit
FAR False acceptance rate
various authentication schemes in MCC aiming to furnish an
FRR False rejection rate
insightful view of the state-of-the-art of authentication methods GPS Global positioning system
in MCC. IA Integrated authentication
The significance of applying appropriate authentication meth- ID Identifier
IMEI International mobile station equipment identity
ods and also lack of suitable authentication mechanisms in MCC
IMSI International mobile subscriber identity
based on security and usability criteria motivates us to evaluate LTE Long term evolution
and analyze the state-of-the-art authentication approaches. MCC Mobile cloud computing
The main contributions of this paper are: MDA Message digest algorithm
NFC Near field communication
We provide a description of MCC security challenges. OTP One-time pad
PDA Personal digital assistant
Comprehensive survey of the state-of-the-art authentication PIN Personal identification number
methods in MCC is provided. PRNG Pseudorandom number generator
Security and performance of authentication mechanisms are QR Quick response
ROC Relative operating characteristic
analyzed for MCC based on five critical metrics.
We identify and discuss several important factors deemed could RSA
SI
Rivest Shamir Adleman
State identifier
contribute to the successful development of future authentica- SLA Service-level agreement
tion methods for mobile devices in MCC environment. SMS Short message service
Several open challenges that ground future researches are SNR Signal to noise ratio
SSL Secure socket layer
discussed.
TCG Trusted computing group
TLS Transport layer security
Authentication in MCC benefits communications and networking TNC Trusted network connect
communities by providing a comprehensive insight into the domain TPA Third party agent
TTP Trusted
so future wireless communication technologies and architectures can
URI Uniform resource identifier
efficiently and effectively furnish cloud-based resources to the mobile VM Virtual machine
users with high security and low footprint. Discussed evaluation WAN Wide area network
criteria highlight effective factors as a guideline to design suitable Wi-Fi Wireless fidelity
authentication schemes, which can benefit the research community. WiMAX Worldwide interoperability for microwave access
WLAN Wireless local area network
The open challenges grant future research directions toward pro-
ZKP Zero knowledge proof
posing a suitable authentication scheme that mitigates security issues
in MCC. In this paper, the terms mobile devices and smartphones are
used interchangeably with similar notion. Table 1 shows the list of computing phenomenon. MCC as the state-of-the-art mobile dis-
acronyms used in the paper. tributed computing technology incorporates three principal tech-
Section 2 provides a brief introduction to MCC and discusses nologies, namely mobile computing (Imielinski and Korth, 1996),
the evaluation criteria to analyze authentication methods in this cloud computing (Mell and Grance, 2011), and wireless networking
environment. Section 3 surveys the state-of-the-art authentication (Lei et al., 2013). Therefore, MCC can be defined as “a rich mobile
methods in MCC. In Section 4, the important factors that are
computing technology that leverages unified elastic resources of
deemed could benefit design and development of future MCC
varied clouds and network technologies towards unrestricted func-
authentication methods are presented. The open challenges are
tionality, storage, and mobility to serve a multitude of mobile devices
discussed in Section 5. Finally, we conclude this study in Section 6.
anywhere, anytime through the channel of Ethernet or the Internet
regardless of heterogeneous environments and platforms based on
2. Authentication in mobile cloud computing the pay-as-you-use principle” (Sanaei et al., 2013).
In MCC, a shared pool of various configurable cloud-based
In this section, we present a brief introduction over MCC from computing resources is utilized to enhance and optimize mobile
authentication point of view. In the first part, definition of MCC is devices computing capabilities such as executing resource-
presented based on the existing studies. We then describe possible intensive applications. MCC has penetrated into a very large
MCC architectures and its different components. Furthermore, number of domains, and researchers are increasingly adopting
authentication in MCC is presented and the significant role of cloud computing to augment mobile devices in critical domains,
authentication in successful adoption of cloud-based mobile appli- particularly health-care (An et al., 2014; Al-Zoube and Alqudah,
cations is highlighted.
2014; Hoang and Chen, 2010; Doukas et al., 2010), education
2.1. Mobile cloud computing (Mahalingam and Rajan, 2013; Chen et al., 2013; Dong et al., 2012;
Huang, 2011), remote monitoring (Xu et al., 2012; Zhang et al.,
In this part, some of the credible MCC definitions are provided to 2014), tourist industry (Song et al., 2012; Pal and Henderson, 2013;
furnish the fundamental knowledge of this rapidly emerging Li et al., 2011), and transportation (Chandra et al., 2013).
On the other hand, MCC can also be referred to a mixture of cloud limitations, and insufficient maintenance, hinder utilization of
computing and mobile web, which are dominant preferred tools of such nearby resources (He et al., 2015a). Third resource type refers
mobile users when consuming Internet services and applications (Liu to the proximate mobile computing entities such as PDAs, Tablets,
et al., 2010; Christensen, 2009). MCC services focus on furnishing Laptops, wearable computers, and smartphones that provide
varied cloud-based services, particularly computing and data storage resources to the other nearby mobile nodes. The security and
to mobile users. Therefore, cloud-connected mobile users can per- privacy threats such as eavesdropping, denial-of-service, Trojans,
form infinite computing and data storage on demand. malware, viruses, worms, and mobile loss, are the critical concerns
Cloud resources are different for mobile users compared to using these kinds of resources (He et al., 2015b; Louk
immobile users. Immobile users consume computing and storage et al., 2014; Allam et al., 2014; Mylonas et al., 2013; Wang et al.,
resources from the private or public cluster of visualized servers, 2012). The last type is the hybrid infrastructures which are com-
known as cloud data centers mostly via wired connectivity. prised of various kinds of distant and proximate computing
However, intrinsic and non-intrinsic limitations of mobile devices, machines.
including resource poverty, interruptible battery, and wireless The mobile devices are connected to the cloud-based resources
communication (Abolfazli et al., 2014b) are obligating highly het- dominantly through the risky channel of the Internet via the wireless
erogeneous types of cloud-based resources (Sanaei et al., 2013) to medium, though Internet-free connection to nearby or private
fulfill varied computing requirements of mobile users in different resources is also conceivable. Therefore, the remote computing and
occasions. Throughout the MCC efforts, four types of computing data transmission are completed in collaboration of mobile clients,
resources (known as cloud-based resources) are introduced, cloud-based resources, and heterogeneous wireless technologies.
namely distant immobile clouds, proximate immobile computing According to the classification of cloud-based resources, four possible
entities, proximate mobile computing entities, and hybrid architectures depicted in Fig. 1, can be plausible for MCC.
resources (Abolfazli et al., 2014a; Satyanarayanan et al., 2009). In Each of the plausible MCC architectures has different security and
the distant immobile cloud, the mobile user connects to the sta- privacy requirements depend on the type of cloud-based resources
tionary cloud servers in distance through the risky channel of the and wireless communication technology/medium. The security and
Internet. Though the distant stationary cloud server such as the privacy threats within different parts of MCC, including cloud
public cloud provides more secure enforcements, they are vul- resources (Xiao and Xiao, 2013), mobile devices (La Polla et al., 2013),
nerable to security breaches and crashes due to bulky volume of and wireless networking makes designing a secure framework more
sensitive data such as Amazon EC2 crash (Cachin and Schunter, challenging. Though mobile devices have some resource limitations to
2011). The second cloud-based resource type is the stationary perform complex cryptographic algorithms, the cloud resources can
computers that are located near the mobile nodes. These machines process resource-intensive algorithms instead of mobile devices.
are available for the mobile device in public places such as air- In this research, the security issues as one of the important con-
ports, coffee shops, and malls, and can process resource-intensive cerns in MCC are considered, and some proposed solutions are
parts of mobile applications. The security and privacy issues such reviewed. The user authentication is highly important to protect
as lack of strong security approaches, security infrastructure networks from different security threats (Furnell et al., 2000, 2008;
Distant Immobile Proximate Mobile Computing

Proximate Immobile Computing
Cloud
BTS Internet
Access Point
Access Point
Hybrid Computing
Access Point
BTS
BTS
Internet
Fig. 1. Four mobile cloud computing architecture models – (a) distant immobile clouds perform elastic computing, (b) proximate immobile computing entities near the user
perform elastic computing, (c) proximate mobile computing entities in user vicinity perform elastic computing on behalf of user and (d) hybrid model converges varied types
of cloud-based resources to perform elastic computing.
Clarke and Furnell, 2007; Simmons, 1988; Weiwei et al., 2011). Suc- mobile devices introduce some challenges for designing effective
cessful adoption of MCC highly necessitates robust and effective and efficient authentication mechanisms. Some of the most
authentication solutions by which users can utilize the cloud-based important differences between authentication requirements and
services for their mobile devices anytime, anywhere, from any mobile principles in MCC and cloud computing are described below.
device with low computing cost on the native resources. The MCC
authentication is different from a typical mobile device because in Resource limitations: Resource limitation among mobile devices
MCC environment, the mobile device connects to the Internet to refers to incapacitation in computational power, battery life-
perform authentication. Furthermore, the resource-intensive parts of span, and storage capacity in comparison to typical computers
authentication mechanism can be transferred and processed in cloud in cloud networks. Computational performance and function-
servers using a suitable algorithm. alities of mobile devices are significantly hindered by such as
During the last few years, authentication for cloud computing incapacitation. Consequently, most of the mobile devices are
has been investigated in several researches (Ghazizadeh et al., incapable of efficiently executing sophisticated resource-
2014; Xu et al., 2013; Wang et al., 2013; Noureddine and Bash- intensive encryption algorithms, for example, RSA algorithm
roush, 2013; Singh and Singh, 2012; Guo et al., 2012; Dinesha and with 2048 bits (Sheng and Gong, 2010). However, non-mobile
Agrawal, 2012; Chow et al., 2010; Li et al., 2013; Zhi-Hua et al., cloud users are benefiting from plenty of local computational
2012; Zhang et al., 2012; Yongqing and Xiang, 2012; Yassin et al., resources, high speed wired Internet connection, and contin-
2012; Wang and Jia, 2012; Sang-Ho et al., 2012; Ruj et al., 2012); uous power source, which allow resource-intensive authentica-
however, comprehensive study of MCC authentication, which is tion algorithms without serious effect on user experience
crucial in design and development of future authentication (Qureshi et al., 2011). Therefore, mobile devices require robust
methods is lacking and demands further efforts. The lack of secure but lightweight authentication mechanisms that can ensure
and efficient authentication methods necessitates a vital need to authenticity of users without draining local resources (Yang
conduct a comprehensive research to gain deep insight into the et al., 2010).
filed. Different authentication methods aiming to improve the Mobile device sensors: Mobile device sensors such as touch
MCC security are analyzed in the following parts. screen, gyroscope, accelerometer, camera, digital compass, and
microphone give the researcher this opportunity to add other
2.2. User authentication in mobile cloud computing authentication factors, particularly biometrics to improve the
level of security in MCC (Giuffrida et al., 2014; Lane et al., 2010;
User authentication in MCC is the process of validating the Jeong et al., 2013; Le et al., 2013). The authentication mechan-
identity of the mobile user to ensure that the user is legitimate to isms can benefit from the various types of mobile device
access mobile cloud resources (Schwab and Yang, 2013). Authen- sensors, which can measure user's biometric attributes, such
tication as a critical aspect of security enforcement approaches in as fingerprint, and facial, retina, iris, voice, gait and keystroke
MCC is essential to protect users against existing security and patterns that are used as authentication factors (Omri et al.,
privacy issues by preventing unauthorized access to the mobile 2012; Al Rassan and AlShaher, 2014). Although the authentica-
cloud user information (Park et al., 2011; Zhu et al., 2009). The tion methods in cloud computing can benefit from peripheral
security and privacy issues of mobile cloud users are the main accessories and equipments on end-user computers, additional
hurdles to the successful and rapid MCC deployment, which exist cost can create a hurdle. Besides the significant benefits of latest
in three MCC components, namely cloud, wireless communication, sensors, they introduce security breach points too that compli-
and mobile device. Therefore, considering characteristics and cate designing authentication methods in MCC. For instance,
computing limitations of mobile devices, effective and efficient researchers in Owusu et al. (2012) could unveil credentials of a
MCC authentication solutions are expected to be lightweight with user by decoding accelerometer sensor readings on smartphone
the least possible computing, memory, and storage overheads. when the user enters his/her credentials.
The aim of effective authentication solutions is to minimize the High mobility: Mobility can originate latency due to WAN
security threats to mobile devices. Discussion over the security latency that is intensified by signal handoff in the presence of
and privacy threats in MCC is out of scope of this paper, and thus heterogeneous networks. The miniature nature and mobility of
we only point the most important threats and provide relevant mobile devices can intensify chance of robbery and loss leading
references for interested readers. Some of the most important to high probability of user privacy and security violation in the
security threats to mobile users are information leakage, denial of absence of robust authentication solutions (Khalil et al., 2014).
service, malfunction of devices and theft or loss of the device (Park In addition, in contrast to static computers, the quality of
et al., 2011). Moreover, security threats found in mobile devices connection to the Internet is not stable in MCC because of
can manifest as attacks via the services offered through the mobility of peers (Ardagna et al., 2014). Furthermore, fast
wireless networks, including network profiling, information lea- authentication procedure is desired to protect seamless con-
kages by sniffing, session hijacking, and jamming (La Polla et al., nectivity for mobile devices in roaming (Lingfeng and Hoang,
2013; Xiao and Xiao, 2013; Morshed et al., 2011; Zissis and Lekkas, 2013; Mansoor et al., 2015; Jana and Bandyopadhyay, 2013).
2012; Khan et al., 2013a). Furthermore, the potential threats in the Network heterogeneity: The mobile devices connect to Hetero-
cloud computing system include denial of services, information geneous Network (HetNet) (Sanaei et al., 2013; Lei et al., 2013),
leakages due to mismanagement, authentication threats and which has various kinds of radio access such as Wi-Fi, WiMAX,
control of access with default applications (Jang et al., 2011), can 2G, 3G, 4G and LTE to accomplish the data traffic demand in
be considered in MCC. MCC. In addition, a proper handoff scheme is critical for
In the following parts, The differences between authentication heterogeneous networks to have seamless connectivity and
in cloud computing environment and MCC are discussed in the authentication plays key role in handoff procedure (Avelar
following part. et al., 2015; Bin et al., 2012; Chu et al., 2012). An authentication
method must be designed based on security and performance
2.3. MCC vs. cloud computing authentication requirements of each network technology that is a challenging
part in MCC. In cloud computing environment, the user is
Authentication mechanisms in MCC are different from cloud typically immobile and authentication procedure can be done
computing in several ways. The capabilities and limitations of without using HetNet.
Wired or wireless communication: The type of communication information such as password and biometrics are highly exposed
technology can be considered in designing security frameworks to risk (Rahul and Sharda, 2013). Therefore, robust authentication
and risk evaluation schemes to (near) optimally fit authentica- method is a critical requirement for mobile-cloud environment.
tion methods based on limitation and capabilities of commu- We further classify cloud-side authentication methods into two
nication technology. Typically, the wireless communication that groups of identity-based and context-based that are explained as
is used to access cloud resources introduces some security and follows.
privacy issues in MCC compared to mostly used wired com-
munications in cloud environment (Ardagna et al., 2014; Mor- 3.1.1. Identity-based authentication methods
shed et al., 2011). Moreover, the probability of failure of security In identity-based authentication methods, users are authenti-
protection such as authentication in MCC is potentially high due cated through user identification attributes such as unique ID,
to inconsistency of wireless communications (Honggang et al., password, and (seldom) biometrics. However, the user attributes
2014). Besides, the user authentication procedure in cloud are usually fixed (users try to simplify the authentication process
environment can be done through the wired network without by selecting similar user names and passwords for varied vendors)
connecting to various wireless networks, which makes design- in this kind of authentication, which introduces some issues such
ing the authentication mechanism less challenging compare to as exposing private biometrics information and user ID to different
MCC environment. service providers leading to weakening their authentication power
(Zhi-Hua et al., 2012). Consider a particular user who is main-
The differences between MCC authentication and cloud com- taining identical user names and passwords for multiple services
puting that are recommended to be considered to propose a sui- such as Gmail, YouTube, and Facebook. If security of one of these
table authentication mechanism are summarized in Table 2. servers is compromised, all other accounts are in risk due to
similarity of the credentials. The authenticator entity checks the
user attributes directly without extra analyzing indirect proce-
3. The state-of-the-art of authentication approaches in MCC: dures such as the user behavioral analysis. The authentication
taxonomy provider is the responsible entity for identity management and
performing primary user authentication.
In this section, we comprehensively analyze various methods Below we critically review some of the most credible identity-
based on the type of authentication components used in authen- based authentication methods.
tication procedure. We classify authentication methods into two
main categories, namely, cloud-side and user-side authentication Multifactor-based authentication: Jeong et al. (2013) proposed a
approaches. Each category is again divided into two sub-categories multi-factor authentication method for MCC. Different authen-
based on types of authentication credentials. The credential is tication features such as basic ID/password, mobile identifica-
defined as a unique identifier that can be used for node authen- tion number, and various bio-information of user are combined
tication. There are two types of credentials based on this classifi- to preserve security. This method enhanced authentication
cation, namely, identity-based and context-based credentials efficiency and performance by processing these authentication
(Aboudagga et al., 2005). Figure 2 illustrates our devised taxonomy factors in bulk not one by one in mobile cloud environment.
of authentication in MCC which is described as follows.
Proposed architecture comprises of four main entities, includ-
3.1. Cloud-side authentication methods ing mobile devices, storage, a management server, and a cluster
host. The authors assumed that Transport Layer Security (TLS)
In cloud-side authentication approaches, most of the authen- protocol/Secure Sockets Layer (SSL) is utilized for communications
tication steps are processed in the cloud server. The cloud between the authentication system and wireless access points. The
resources bring some advantages to improve the performance of task of each entity is applied according to the multi-factor
authentication method by providing elastic processing and storage authentication architecture, and the five employed authentica-
capabilities. Furthermore, different kinds of authentication factors tion parameters are used to authenticate the mobile users,
can be incorporated to authentication procedure based on security including: (1) ID/password, (2) international mobile equipment
requirements of the user. In addition, the cloud-based authenti- identity (IMEI), (3) international mobile subscriber identity (IMSI),
cation methods are more flexible, efficient, and adjustable com- (4) voice recognition, (5) face recognition. The cluster host dis-
pared to other authentication methods because of using unlimited tributes these five parameters to individual VMs to improve per-
resources of cloud servers. formance of the authentication process. The management server
Although, the cloud-based authentication introduces some manages the load balancing on the VMs in the clustered host. To
benefits in case of performance and usability, it introduces some protect the user in case of mobile device loss and theft, IMEIs and
security and privacy issues. In the era that mobile users are con- IMSIs are used. All the user authentication information are stored
suming cloud services from the plethora of different cloud vendors in the storage. It is worth noticing that the provided hash function
who store user's data on multiple instances around the globe encrypts IMSI and IMEI to prevent exposure of these two private
(redundant data for data safety), the user's private authentication IDs. The details of this architecture are described in Fig. 3.
The procedure of this authentication method is similar to
Table 2 normal multi-factor authentication methods that use biometrics
MCC and cloud authentication comparison. with other factors together; however the authors designed a
method to be more fit to MCC as they utilized processing capacity
Metrics MCC Cloud Computing
of VMs in MCC environment. The individual VMs process each
Resource limitations N/A factor of authentication simultaneously to reduce the time of an
Mobile device features √ N/A authentication procedure.
High mobility N/A Although, this method improved the performance of authen-
Network heterogeneity
tication compared to other methods in this area, the privacy issues
Wired or wireless communication N/A
of using biometrics factors are neglected in security and privacy
( ) – challenge, (√) – opportunity and – (N/A) not effective. evaluation. The bio-information are very sensitive data that are
State-of-the-art
MCC Authentication
Cloud-side User-side
Identity-based Context-based Identity-based Context-based
FDZ [94] TrustCube [92]

Multi-factors [103] Cloud-based Biometric [105]
QR code-based [119] SMCBA [106]
MDA [117] SeDiCi 2.0 [120] NemoAuth [104]
Fig. 2. Taxonomy of the state-of-the-art authentication in MCC.
ID/PW
Face Recognition
Voice Recognition
IMEI IMEI
Management Server
Hash
VM1
VM2
Wireless AP VMn
Smartphone L2 Switch
Cluster Host
IMEI
ID/PW Face Voice Log
IMSI
Storage
Fig. 3. The multi-factor authentication architecture.
recommended to be confidential and appropriate encryption mobile user authentication and subsequently the mobile device
algorithms can be applied to preserve the confidentiality of data. verifies authenticity of the cloud in the second phase. First
Another security issue that is being ignored in this method, is mobile device sends the authentication request to the cloud
mutual authentication between mobile users and MCC server. The server as shown in Fig. 4.
user can check authenticity of the MCC servers to prevent different
attacks such as man-in-the-middle, where an attacker can monitor As Figure. 4 shows, the user has two message digests, MDcloud
or alter communication messages, and masquerading attack, and MDuser that are used to create MD. The password is hashed and
which means an attacker impersonates either user or authenti- XORed by user ID, to protect user from an attacker during
cator. Although authors could fit devised authentication method authentication. The Pseudo Random Number Generator (PRNG) is
into MCC domain by utilizing the processing power of the cloud an algorithm to generate random number using seed and State
server to improve authentication performance. Identifier (SI). The mobile node sends ♯CF J ETk fEauth_keyi fMDg J SIg to
the cloud server. In this message, ♯CF is a column reference of
Message digest authentication: Dey et al. (2013) proposed an stored mobile user and Eauth_keyi is the nth sequence of bits, which
authentication scheme using message digest (MD) called MDA. are generated by PRNG. The ETk is calculated by XOR-ing hashed
This method is designed based on existing mobile device user password and userID.
hardware and platforms to protect mobile user against different The cloud server checks user authentication after receiving
potential security attacks. The vulnerability of the system is mobile device authentication request message. The procedure of
computed by vulnerability score, Sv, which is a measure of the this phase is shown in Fig. 5.
number of attacks that the method can prevent. The Sv is Firstly, the cloud server checks ♯CF, to find userID and hashed
calculated according to the following equation:
password. Then, it generates T k to decrypt the received message
Sv ¼ ðN success Þ=ðNÞ ð1Þ from the mobile device. After decrypting the message, the cloud
where N is the number of attacks that are launched on the server obtains MD, and compares both message digests to check
authentication method, and Nsuccess is the number of recorded user authenticity. The authenticity of the mobile device is verified
successful attacks. The amount of Sv is between 0.0 and 1.0. only if MD and MDn messages are match. Once the mobile user is
Mutual authentication is an important security countermeasure authenticated to the cloud server, the procedure of cloud server
that is considered in this method. The procedure of this method authentication will be initiated. The cloud server sends its digital
includes two phases; in the first phase, cloud server checks signature that is encrypted by its private key, Pkpriv_cloud , to the
MDcloud MDuser MDcloud MDuser
Hash
Hash
If MD* matches MD, then the cloud MD

MD
is legitimate
Auth_keyi
MD*
User ID From Cloud End
ENC
DScloud DEC
User ID PRNG Hash {Password}
Seed Tk
Pkpub_cloud
XOR SI
DEC
Hash ||
{Password} ETk{PKpub_cloud || MDuser ||MDcloud ||#CF}
Fig. 6. The cloud server authentication procedure in MDA.

Tk
together. Furthermore, user privacy is preserved by hashing userID
and Password. Nevertheless, the security and privacy of this
ENC
method are protected compared to other methods, but the pro-
cedure of this authentication scheme is somehow complicated.
Additionally, it is recommended to transfer some processing steps
that are processed in the mobile device, to the cloud server to
improve the performance of the scheme, however, doing such kind
#CF
of improvement will be more complicated.
Fig. 4. The procedure of the authentication request message in MDA method.

3.1.2. Context-based authentication methods
In Context-based methods, the users are authenticated by
sent to mobile
#CF || ETk{Eauth_keyi {MD*} || SI} device analyzing multiple passive user information such as IP address,
If MD* matches MD,
then user is legitimate DScloud device location, user biometrics, signal to noise ratio, and beha-
vioral features of users (Aboudagga et al., 2005). The context-
E {MD }
DEC DEC MD* MD ENC based methods are more autonomous compared to the identity-
based method because the authentication procedure is completed
#CF SI with the minimal user interaction. However, the usability of
authentication mechanism can be improved by reducing user
TK PRNG
involvement during the authentication procedure; the accuracy of
Hash Pkpriv_cloud context-based method is lower than identity-based methods
Seed
(Cloud Private Key) because authentication procedure depends on the accuracy of the
User ID XOR Hash {Password} result of analyzing user pattern information. Furthermore, ana-
lyzing the MCC user private information such as location, bio-
metrics, calling pattern, and web searching pattern, which can be
MDcloud used to improve the accuracy of context-based method, increases
the privacy issue. In contrast to the accuracy and privacy issues,
MDuser
context-based methods can get some benefits from the various
#CF ||user ID||hash {Password} ||MDcloud ||MDuser} smartphone capabilities in MCC environment for both capturing
Fig. 5. The mobile device authentication procedure in MDA.
required user information and processing the retrieved data to
improve accuracy.
mobile device. The mobile device decrypts the cloud server mes-
Cloud-ready biometric: Omri et al. (2012) proposed to use user
sage to check the authenticity of the cloud server. If the MD
handwriting as an authentication factor to access the cloud
matches with mobile device MD, then the cloud server is
securely. The mobile user writes his password manually using
authenticated. The details of the procedure are shown in Fig. 6.
his smartphone touch screen and sends the image to cloud server
In MDA method, a secure authentication scheme based on
to be check the validity of password. There are two criteria to
message digest is proposed. Furthermore, most of security and check authentication of users, first the unique handwriting of the
privacy criteria that must be achieved to propose a suitable user and the second is the password. In the proposed method, the
authentication algorithm are applied. One of the important connection between the cloud and the mobile phone is established
security criteria is mutual authentication that is achieved in this by a Hadoop server. The architecture of the system is described in
method by authenticating both mobile device and the cloud server Fig. 7.
3.2.1. Identity-based authentication methods

Similar to identity-based methods in cloud-side, authentication
methods that use user identities; however, mobile device pro-
cesses and analyzes user attributes to check user authentication
instead of cloud servers. The private user identities such as bio-
Cloud Server metrics are stored locally in the mobile device during authenti-
Smartphone
cation procedure in user-side identity-based authentication
mechanisms, which increase the privacy issues, especially in case
of loss or stolen mobile device.
Decryption Fuzzy vault, digital signature, and zero-knowledge combination:

Schwab and Yang (2013) proposed an authentication scheme
called FDZ to authenticate mobile device in cloud computing
environment. In this method, entity authentication for mobile
3456 device's user who wants to connect to the cloud server is
Encryption Image Processing provided. This proposed method is based on zero-knowledge
authentication, digital signature, and fuzzy vault. Firstly, the
secure encrypted channel between the mobile device and the
Fig. 7. Handwriting-based recognition system for MCC. server is created, then entity authentication will be processed.
The authors used Diffie–Hellman key exchange protocol to
The uniqueness of biometrics features is useful beneficial in create a shared Advanced Encryption Standard (AES) session
improving the security of different authentication methods; key. In addition, RSA key pairs are used to protect the Diffie–
however, some usability and privacy issues are risen by using of Hellman key exchange against attacks especially man-in-the-
these features. Unlike usual methods, some biometrics such as middle attack, and fuzzy password are used to avoid some
fingerprint and iris, which are more confidential, advised not to be drawbacks of traditional password. This approach is resistant to
used as authentication credentials to preserve user privacy. some of the popular security treats and attacks such as
impersonation, loss of device, man-in-the-middle, and reply
Moreover, the privacy risk for handwriting is lower than other
attacks. Asymmetric RSA key pairs and a fuzzy picture password
biometrics; however, the accuracy of using handwriting is low as
system are used respectively to authenticate the client and
well. It is recommended that low accuracy authentication metrics
mobile device's user by the server. Finally, a secure encrypted
such as handwriting can be applied to other methods such as
channel between mobile devices and the cloud servers is
using ID and Password together, if handwriting authentication fails,
created using Diffie–Hellman (DH) key exchange, after complet-
the system can ask for other methods. Furthermore, MCC cap-
ing authentication steps. The different steps of proposed
abilities are not considered to improve performance of the method are shown in Fig. 8.
method, and the mobile phone should process resource-intensive
handwriting image encrypting. Additionally, some other security In this method, Diffie–Hellman key exchange protocol is used
enforcements such as mutual authentication, and anonymity can to provide key management between server and the client. The
be considered to make authentication method more secure against difficulty of the discrete logarithm problem makes this key
different attacks. exchange protocol more secure (Forouzan, 2008). It is assumed
that an attacker can easily sniff R1 and R2, even in this case,
3.2. User-side authentication methods finding x and y is computationally difficult. There is no existing
solution to solve the discrete logarithm problem since the Diffie–
In user-side authentication methods, most of the authentica- Hellman protocol was introduced. The authors proposed to choose
tion steps are processed in mobile devices. In the recent years, the more than 300 decimal for the prime p, and to do not reuse x and y
mobile devices' functionalities have been improved rapidly, hence values. Furthermore, this prime p should be selected in the way
these mobile devices are capable of running resource-intensive that (p 1) has at least one prime factor, which must be greater
than 60 digits. One of the attacks against Diffie–Hellman protocol
applications. Furthermore, the mobile devices are equipped with
is a man-in-the-middle attack; however, in this scheme, RSA keys
high-technology sensors that can be used to capture and analyze
is used for digital signatures to protect the protocol against this
different inputs. In the user-side methods, these capabilities of
attack. The proposed protocol provides encryption services using
mobile devices are utilized to check authenticity of mobile users.
AES, which uses large key sizes such as 128, 192, or 256 bits to
Compared to the conventional PCs, smartphones are able to use
prevent a brute force attack.
a network through several paths and remain connected all the
As analyzing authentication approaches is the main goal of this
time. However, this also presents huge threats to users of smart-
paper, we focus on the authentication part of this method. For
phones. Additionally, there is the serious issue in case of losing or authentication, fuzzy password system is applied, where the
misplacing the mobile device, which means the loss of valuable mobile user can select seven images among provided images. If
user confidential information (Park et al., 2011). the user selects five images correctly, he will be granted to access
Transferring resource-intensive processing tasks to the cloud as to server resources; in other cases, the server will reject the
one of the main MCC goals contrasts with the processing of the authentication request. The encryption system is provided using
authentication mechanism inside the mobile devices in user-side the AES encryption algorithm that is a secure encryption algorithm
authentication methods, which makes the user-side approaches less against brute force attack.
efficient and secure for cloud-connected mobile devices compared to However, the proposed method uses some security algorithms
cloud-side methods. Furthermore, most of the required information that make the method more secure against various threats; it has
for authentication are stored in the mobile device in user-side some drawbacks. First of all, the details of the graphical password
authentication methods, which increases the user privacy risk in system are not specified, which make security analysis more dif-
case of device robbery or loss. ficult. Moreover, the proposed graphical password is not secure
Amazon Cloud
Android (Client)
(Server)
R1
a. Calculate R2 = g y mod p a. Calculate R1 = gx mod p
2 1
b. Calculate Session Key K b. Send R1
a. Send R2
b. Sign R2 With RSAcli- R2, Enc (Sign(R2)) a. Calculate Session Key K
3 4
c. Encrypt with K b. Verify Android Signature
d. Send Signed/Encrypted R2
a. Sign R1 With RSA serv-,

Enc (Sign(R1))
6 Verify Cloud Signature 5 b. Encrypt with K and
c. send Signed/Encrypted R1
K=AES Session Key, RSA=Asymmetric Key, -=Private Value
Fig. 8. Entity authentication protocol.
enough, hence more secure graphical password can be proposed Grid DATA
to improve the security of authentication part. Additionally, the
method needs more computing power to process different steps of
this authentication method. Various cryptography algorithms such
as RSA key exchange, AES encryption, Diffie–Hellman key
exchange are used in this approach, which need more computa-
tional resources.
QR code-based: According to Oh et al. (2011), the QR code, which

is typically a 2-dimensional (2D) code can be used for the
authentication scheme in the MCC. “Quick Response” or QR is a
form of the matrix that allows quick decoding, utilizing a form
of mass storage of high density and uses the Reed–Solomon
error correction. Typically, the IDs and passwords, certificates of
authentication, and One-Time Password (OTP), which are the
most commonly authentication methods, increase the network
traffic even if it is only a one-time process of user authentica-
tion. In QR code-based scheme, users are able to authorize a
whole new set of information in contrast to information using a
new form of data that has three types of QR code by changing
the user's information to three different versions of QR code and
Circulation Loop Method
keeping all the QR codes in a distributed format in the cloud Sequential Save
server in circulated method. This method would be appropriate
to show the necessary information for authentication of the
user via its strong points such as compressibility, error correc-
tion capability, and high data integration.
The image, ID, and password of mobile user are converted to QR

code to implement this kind of code. After creating this code, QR
Fig. 9. The grid shaped QR Code for storing distributed server storage.
will be stored in one divided cell, which shapes as a grid, and it
will be used as an authentication certification for using different
services of cloud servers as shown in Fig. 9. between the server and the client. Finally, using a visual password
This protocol uses fuzzy password system using the similar for user authentication makes the protocol resistant to imperso-
method used by Schwab and Yang (2013), for authenticate the mobile nation attack.
user. Fuzzy password is a usable method for authentication because it In Oh et al's method (Oh et al., 2011), the network traffic is
reduces the difficulty of remembering a password with enough reduced by utilizing QR codes as an authentication system in
length and randomness of password. The user can select seven mobile cloud environment. The evaluation of security of this
images for getting access to the server, and if he chooses five images method is difficult because the details of the proposed authenti-
out of seven images correctly, he will be granted to access to the cation method are not provided.
resources. Each image is defined as a number between 1 and 255 by
the system, which makes 2557 possible combination of password. SeDiCi 2.0: Grzonkowski et al. (2011) proposed the SeDiCi 2.0 pro-
The protocol is resistant to different attacks such as man-in- tocol, which is another form of Zero Knowledge Proof (ZKP)
middle, replay, and sniffing attacks. For protecting system against technique. This technique provides mutual authentications, which
man-in-the-middle, both client and server use digital signature, are supposed to be more secure when it comes to phishing attack
then send information for both party authentication. Replay attack as compared to the present system of using third party protocols.
is impossible because the Diffie–Hellman key exchange generates SeDiCi 2.0 (Grzonkowski, 2010) is part of the protocol known as
a secure channel randomly. Sniffing attack is avoided using a the TTP (Third Trusted Party) protocol, which uses the ZKP
temporary session key, which encrypts the exchanged data technique. The main goal is to provide an improved solution for
phishing attempts by offering mutual authentication, where users smartphones that increases the user privacy risk due to device loss
do not have to disclose their passwords at each of the websites compared to more reliable cloud environment.
that they visit. The user runs his authentication on the browser
that domain is controlled Third Trusted Party (TTP), and can login TrustCube: Chow et al. (2010) proposed an extended version of
to the system if the name of a service is on the trusted list. Fig. 10 their previous authentication method known as TrustCube
shows the different steps of SeDiCi 2.0 authentication protocol. (Song et al., 2009) by integrating the implicit authentication
There are three parties that are participating in the protocol, (Shi et al., 2011) to perform mobile client authentication (both
including Service (S), Authentication Service (AS), and Client (C). the initial method and extended method feature common name
of TrustCube). TrustCube is a cloud-based authentication solu-
The client communicates with both authentication and con- tion that is policy-based and utilizes an open standard. It also
sumer services to start authentication procedure. The same policy supports the combination of different authentication methods
of typical web-browsers is applied in the case of using web-based for the sake of robustness and adaptability. The policy-based
applications. In SeDiCi 2.0 protocol, a plug-in-based implementa- authentication has several unique advantages such as the
tion is utilized to allow the application to bypass the browsers' utilization of policies that are user-specific and finely grained,
policy. The URI or other identifiers is required to find user location. which can be immediately updated according to users' prefer-
ences. In addition, TrustCube uses a framework with federated
The URI has two useful characteristics; it contains authentication
authentication, more similar to the OpenID; the algorithms of
service and user name, and it is also globally unique. Furthermore,
the implicit authentication are not specified, and the top-level
the users are required to have control over the authentication
system description is provided. This system is developed with
domain, which can be considered as a second factor for authen-
an implicit authentication, which utilizes mobile data such as
tication (Adida, 2007). The user never type password at his visited SMS messages, calling logs, location, and website accesses, in
websites, which is the only revealed information in login step. On the current mobile environment. The mobile device constraints
the other hand, if malicious servers obtain the login information, in input requirements make using complicated passwords more
the adversary will attack the user. One of the SeDiCi 2.0 protocol difficult, and this leads to select short passwords and PINs,
advantages is that the physical token is not required. Nonetheless, which has the higher rates of security risks.
a plug-in is required in the case of utilizing the user browser,
which overwrites the standard websites' security mechanisms TrustCube supports a broad range of policies, including the
because a web-browser communicates with external services in platform, device's runtime environment, and user. The author
this way. called this method as TrustCube because of using the wide range
of policies. Fig. 11 shows the architecture of this framework.
3.2.2. Context-based authentication methods In TrustCube scheme, the Trusted Network Connect (TNC)
The context-based methods in the user-side analyze user protocol is used for authentication between the authentication
behavior features, similar to the cloud-side methods. The only server and the smartphone; the OpenID protocol is used to
difference between cloud-side and user-side context-based redirect service requests to the integrated authentication service.
The Android is used for developing client agent because it can run
authentication method is that the mobile device processes and
a background monitoring service, and this ability is critical for data
evaluates user information instead of cloud server.
collection of implicit authentication.
Typically, a context-based authentication mechanism needs
After receiving the mobile client's request by the web server,
more computation power compared to the identity-based meth-
the request details are redirected to the integrated authenticated
ods, and processing these kinds of resource-intensive mechanisms
(IA) service. Subsequently, the IA retrieves the policy for each
by mobile devices, introduces performance issues due to resource access request, and then sends it to the client device after
limitations of mobile devices. Therefore, context-based user-side extracting the needed information through the trusted network.
authentication methods are less appropriate in MCC compared to The client device generates the report, and sends it back to IA
cloud-based methods. Furthermore, in context-based methods, server. Finally, the authentication roles are applied, and authenti-
various kinds of users' sensitive information are stored inside cation results are determined by the IA, and the authentication
result will be sent to the web server.
The usage patterns of users include the calling pattern, SMS
activity, website access, and location need to be stored during the
implicit authentication method; however, it leads to privacy issues
for the users; the problem can be solved using a suitable encryp-
tion method. The proposed system is compatible with different
authentication methods from passwords to TCG-style integrity
measurements. Furthermore, the proposed system can support
cloud-oriented authentication methods because of its flexibility.
Securing mobile cloud computing using biometric authentication

(SMCBA): In 2014, Al Rassan and AlShaher (2014) proposed an
authentication algorithm based on fingerprint. In this method,
the fingerprint image is captured by existing mobile device
camera, which does not need to implement sensors in the
mobile device. The whole process of capturing and matching
fingerprint is hosted on the cloud server to take all benefits
from cloud. The main idea of this method is alike to other
normal finger recognition methods that use mobile device
camera to capture fingerprint. The procedure of this method is
Fig. 10. SeDiCi 2.0 authentication protocol. described in Fig. 12.
The procedure is initiated with the capturing fingerprint image captured by mobile device camera, is lower than using sensors
to be processed on the cloud server. After capturing, the pre- to capture the fingerprint images; therefore, it is recommended to
processing of the image is applied to convert RGB to gray-scale add other authentication factors such as using ID and Password to
image and other steps such as reducing the blur effect, ridge this method.
enhancement, and segmentation are completed. This pre-
processed image is sent to feature extraction phase, and in the NemoAuth: Le et al. (2013) proposed an authentication method
final phase, the server checks the similarity of the extracted fea- called NemoAuth based on the mnemonic multimodal approach.
tures to store information of user fingerprint. NemoAuth utilizes different mobile device sensors such as gyro-
The privacy issues of using biometrics introduce the require- scopic, gravity, orientation, proximity, pressure, ambient light,
ment of applying privacy preserving approaches. In a similar temperature, touch screen, and moisture sensors as well as other
situation, some cryptographic algorithms should be applied to the facilities such as microphone and camera to measure and extract
captured image by the mobile device before sending it to the cloud the biometric features of mobile device user. In general, the
server, however, the fingerprint image is sent in plain text in this dynamic knowledge and biometric based approaches are combined
method. Furthermore, the details of utilizing MCC processing and to improve accuracy of authentication method in NemoAuth.
storage resources are not clearly explained in this approach, and
the fit utilization framework for MCC is advised to be designed. In The procedure of NemoAuth is similar to biometric based
the other word, the adaptability to MCC is not clearly defined in methods that predefines and trains user's signature profile during
this method. In addition, the accuracy of fingerprint that is system setup step. The user's signature includes a set of multi-
modal signatures, and each signature is composed of a set of
Integrated Authentication Service Implicit Authentication Service mnemonic and atomic motions. The atomic actions that associate
with the mnemonics help users to memorize the secret keys more
Policy Engine IA Engine conveniently. There are varied types of atomic actions that can be
utilized according to types of mobile device sensors. As an
example, the set of atomic actions for touch screen can be taped,
TNC Server Database Database
line, hold, circle, and cross, and a mobile user can use a fingertip to
tap at specific position or hold the fingertip for certain duration on
the mobile screen that shows the mnemonic image. Fig. 13 shows
an example of using mnemonic image to ease atomic actions that
is tap or hold a determined position of the mobile screen. In
Fig. 13, the mnemonic image is composed of 16 elements, and each
element is located at a determined position of the mobile screen.
There is no need to remember the position of image that user
wants to tap or hold for certain duration of time, because the user
can just remember the memorized elements of mnemonic image.
Furthermore, the user can select desirable signature profile
according to preferable level of security and usability. In addition,
Web Server Mobile Client each signature profile consists of a set of duple that shows the kind
of authentication method and the trigger time. The user can set
Fig. 11. The TrustCube architecture.
signature profile to use different authentication methods in the
different period of the day; for example, the mobile device can
automatically enable voice signature during non-bed time and GPS
Fingerprint Image authentication at home.
The main objective of the NemoAuth is to utilize different
capabilities of the mobile device to improve the usability of
Pre-processing Image
authentication by using mnemonic images. However, this method
simplifies remembering a password for users and provides dif-
ferent options according to mobile device capacities, but the per-
Core-point Detection formance and accuracy of authentication are in question because
the performance metrics such as False-Acceptance Rate (FAR),
False-Rejection Rate (FRR), Relative Operating Characteristic (ROC),
Enrolment
and Crossover Error Rate (CER) are not evaluated in this study.
Feature Extraction
Furthermore, applying a multi-modal method needs enough pro-
cessing and storage power that can be provided by the cloud
server; however, the framework to transfer these intensive pro-
cessing steps is not provided. The suitable algorithm to transfer
intensive processing phases to cloud can be designed to improve
No
Matching Database performance.
3.3. Evaluation criteria for authentication in MCC
Yes
In this section, the criteria that are used to evaluate authenti-
cation schemes in MCC are discussed. We focus on five critical
User is Accepted criteria, including, usability, efficiency, security and robustness,
privacy, and adaptability to MCC environment. Furthermore, each
Fig. 12. Fingerprint recognition procedure in MCC. criterion is defined based on different sub-criteria for precise
evaluation. The authentication methods presented in this survey 3.3.1. Usability

are evaluated based on the criteria explained as follows. Usability in authentication refers to “the extent to which a
product can be used by specified users to achieve specified goals with
effectiveness, efficiency and satisfaction in a specified context of use”
ISO (1998). Accordingly, several criteria are introduced to evaluate
the usability of existing authentication schemes such as effortless
memorization, fine-grained protection, and easy-to-learn (Craw-
ford et al., 2013; Braz and Robert, 2006; Bonneau et al., 2012). The
effortless memorization means that no need to remember any
secrets, and to make the procedure of authentication clear and
easy for users, which means the authentication method is easy-to-
learn. In addition, the security level of authentication procedure is
Mnemonic Image tunable based on the users preferences in fine-grained protection.
The usability as one of the most important criterion of authenti-
cation can be preserved to increase the acceptance rate of method
by end-users. Interaction in MCC authentication is performed
through mobile devices, which have some limitations such as the
small size of screen and small keyboard that introduces some
difficulties for users to input required information to complete
authentication procedure. The usability limitations and benefits of
existing authentication methods are summarized in Table 3.
3.3.2. Efficiency
Efficiency in MCC authentication is achieved when the provi-
Fingertip sion of authentication service does not require too much resources
(Lopez et al., 2004; Abolfazli et al., 2013). In mobile cloud envir-
onment, the mobile device accesses cloud resources, however,
some parts of authentication protocol are processed in the mobile
device. Furthermore, transferring the most resource consuming
parts of authentication protocol to cloud server by designing
proper method can improve efficiency of authentication proce-
Fig. 13. An example of atomic action using mnemonic image. dure. The efficiency of each method is discussed in Table 4.
Table 3
Usability of MCC authentication schemes: pros and cons.
Scheme Pros Cons
Multi-factors (Jeong et al., 2013) Using voice and face recognition, which is easy to User should memorize complicated password
provide and hard to replicate instead of complex Using biometrics and password at the same time,
password demands more computational resources
MDA (Dey et al., 2013) Using just one factor for authentication simplifies the User should memorize complicated password to
authentication procedure achieve high level of security
Cloud-based biometrics (Omri et al., 2012) Inserting password using handwriting is more intuitive Any other authentication factor is not available if the
than using tiny keyboard of the mobile devices to enter system fails to identify the handwriting image
password
4-digit handwritten password which is easy to
remember
FDZ (Schwab and Yang, 2013) Using graphical password, which is easier to remember Memorizing some secrets makes the procedure more
difficult for a mobile user
QR code-based (Oh et al., 2011) No need to memorize all images The authentication procedure is complicated to the user
SeDiCi 2.0 (Grzonkowski et al., 2011) The authentication is simple to the user as the Using complicated password, which introduces mem-
authentication responsibility is carried out by TTP orizing difficulty for user
TrustCube (Chow et al., 2010) Using the fine-grained method that can be customized Using specific mobile data patterns is required to
based on user preference improve the accuracy of TrustCube method, which is
Using implicit authentication method that does not difficult for the users
need the user interferes
SMCBA (Al Rassan and AlShaher, 2014) Easy procedure for user is provided by no longer Using error-prone biometric reduces the usability of the
needing to memorize passwords authentication mechanism
NemoAuth (Le et al., 2013) Applying atomic actions using mnemonics to make User should memorize some secrets
memorizing secrets easier for user
Using biometrics is easy for the users Using both secret and biometrics makes procedure
more difficult for the users
Using fine-grained method that can be customized
based on user situations
Table 4
Efficiency evaluation of MCC authentication schemes: pros and cons.
Scheme Pros Cons
Multi-factors (Jeong Processing authentication factors in bulk, which makes authen- Processing several parameters such as ID/password, IMEI, IMSI, voice
et al., 2013) tication procedure faster and face recognition, make the authentication procedure more
Using powerful cloud resources to process authentication factors complicated
Each factor is processed by one VM in cloud
MDA (Dey et al., The authentication procedure requires just ID/password to make The mobile device must process several steps to send an authenti-
2013) procedure faster cation request to the cloud
The number of communication messages is high because of applying
mutual authentication, which increases the authentication procedure
overhead
Cloud-based bio- The powerful cloud server processes the handwriting image Handwriting pattern is the error-prone method as the mobile user
metrics (Omri et instead of the mobile device to reduce the authentication time may write the same digits in different styles
al., 2012) The authentication process is simple to the mobile user because of
using handwriting to enter the password
FDZ (Schwab and Using graphical password can reduce authentication time Several encryption algorithms such as RSA, AES, and Diffie–Hellman
Yang, 2013) key exchange are utilized to process authentication, which reduce the
efficiency of the authentication mechanism
QR code-based (Oh et The network traffic is reduced using compressed codes like QR Some time-consuming operations such as converting the user data to
al., 2011) Only user name and password is utilized for authentication QR code, are processed by the mobile device
SeDiCi 2.0 (Grzon- Using just password as the only authentication factor makes the Number of communication messages are high because of using TTP
kowski et al., procedure simple
2011)
TrustCube (Chow et No need to process data by mobile device because the IA engine Processing several patterns such as SMS activities, calling pattern,
al., 2010) processes all the information and location, needs many computation power, make the authentication
procedure more complicated
SMCBA (Al Rassan The authentication procedure does not require any password to The mobile device processes resource-intensive task such as pro-
and AlShaher, reduce authentication time cessing the user fingerprint image
2014)
NemoAuth (Le et al., Using mnemonics, which are easier to remember than typical Several authentication factors are utilized for user authentication,
2013) password, makes authentication mechanism faster which increases the authentication procedure time
3.3.3. Security and robustness entities. The authentication method should protect private infor-
Security and robustness metrics are highly important criteria to mation of users from eavesdropping during the authentication
evaluate the authentication methods. These criteria show the procedure. Moreover, anonymity is one of the best approaches to
strength and weakness of the algorithm under different attacks in preserve both user and server privacy (Zeng et al., 2009; Kim et al.,
various situations. According to our review, security criteria 2008; Chang et al., 2009). Other privacy criteria include resistant
include resistant to attacks such as impersonation, replay, and to phishing and eavesdropping attacks (Grzonkowski et al., 2011).
man-in-the-middle attack. Impersonation attack means that an In phishing attack; an attacker collects credentials of user or server
attacker can masquerade user and access to the confidential to launch impersonation attack, and in eavesdropping attack, an
information (Truong et al., 2012); however, in reply attack, an attacker can read the communication messages. The privacy issues
attacker can obtain the user information by replying the pre- and provided protection mechanisms of the MCC authentication
viously sent messages (Yoon et al., 2012). In addition, in the man-
schemes are summarized in Table 6.
in-the-middle attack, an attacker can access to all the messages
that are transferred between mobile device and servers, to get 3.3.5. Adaptable to MCC environment
intended information by analyzing these messages. This criterion shows how much the proposed method is sui-
Furthermore, preferably an authentication method can provide table for MCC environment based on the capabilities and limita-
some security services such as untraceability, mutual authentications of this computing paradigm. The limitations and capabilities
tion, and user unlinkability to have more secure protection. If an
of MCC are advised to be considered. For example, some authen-
attacker cannot trace a user using obtained messages, the untra-
tication methods are proposed based on resource limitation of
ceability of the user is preserved; and if an attacker cannot link
mobile devices such as PDA, laptop, cellphone. However, in MCC
sniffed messages to a specific user, the unlinkability of the
environment, the mobile device can transfer resource-intensive
authentication algorithm is well-preserved (Park, 2004). In addi-
parts of the authentication algorithm to the cloud server to solve
tion, mutual authentication means that both user and server
its processing power limitation. In addition, the user needs enough
should be authenticated to each other (He et al., 2011). The
bandwidth to connect to the cloud server for uploading the
security services and limitations of current authentication
schemes are discussed in Table 5. required data, which introduce some issues such as network
bandwidth and availability of the network.
3.3.4. Privacy Among different categories that mentioned above, the most
Privacy is a significantly critical requirement in authentication important category is compatibility of proposed methods with
methods to ensure that the user is known only to legitimate MCC environment. After defining different evaluation criteria, the
Table 5
Security and robustness of MCC authentication schemes: pros and cons.
Scheme Pros Cons
Multi-factors (Jeong et Using TLS and SSL for communication between network entities Mutual authentication is not applied
al., 2013) Utilizing several authentication factors
MDA (Dey et al., 2013) Providing mutual authentication procedure User untraceability is not considered
Hashing ID and password before transmission
Cloud-based biometrics The uniqueness of handwriting style prevents an attacker to do any actions, even if he knows Mutual authentication is not applied
(Omri et al., 2012) the user password Lack of security attack-resistant
mechanisms
Mutual authentication is not applied
FDZ (Schwab and Yang, Providing secure channel between mobile device and server using Diffie–Hellman protocol The password space of proposed gra-
2013) phical password is not large enough
Resistant against device loss, impersonation, and MITM attack Mutual authentication is not applied
Using AES encryption algorithm
QR code-based (Oh et Using Diffie–Hellman protocol to prevent replay attack Lack of security attack-resistant
al., 2011) mechanisms
Preventing impersonation attack using graphical password The password space of proposed gra-
phical password is not large enough
Mutual authentication is not applied
SeDiCi 2.0 (Grzon- Mutual authentication is provided User untraceability and unlinkability
kowski et al., 2011) mechanism are not considered
TrustCube (Chow et al., It is difficult to impersonate the user, because an attacker must access to different user infor- Mutual authentication is not applied
2010) mation such as calling pattern, SMS activity, website access, and location
SMCBA (Al Rassan and Uniqueness of user fingerprint authentication Mutual authentication is not applied
AlShaher, 2014) User untraceability and unlinkability
mechanism are not considered
NemoAuth (Le et al., Using the user activity patterns, which are similar to the biometrics and cannot be replicated Mutual authentication is not applied
2013) User untraceability and unlinkability
mechanism are not considered
existing authentication approaches can be assessed to find the authentication methods are required to focus more on mobile-
most important issues of existing authentication algorithms. friendliness when exploiting cloud resources for mobile users.
All reviewed/evaluated authentication methods have been
presented in Table 7. These methods have been evaluated based on 4.1. Mobile device characteristics
security and performance evaluation criteria, which are discussed
in Section 3.3. The important features in the mobile device perspective are sto-
rage capacity, memory, battery limitation, and processing power.
Among these factors, energy considered as the critical resource since
the mobile devices consumes the considerable amount of energy to
4. Prospective authentication algorithms in MCC
remain connected to the Internet and also process authentication
procedure (Abolfazli et al., 2014a). In addition, the suitable authen-
In this section, we present guidelines deemed beneficial for
tication scheme is compatible to the normal mobile devices with
designing relatively more secure, efficient, and adaptive authentica-
typical resource capability. Furthermore, the consideration of the
tion systems for MCC. The important factors that are essential to be
structure and limitations such as processing power and battery of
applied in coming MCC authentication approaches are discussed and
current mobile devices makes designing an authentication method
illustrated in Fig. 14. We classified these factors into five classes of
more complicated, and effects selecting the security mechanisms
mobile device characteristics: (i) usability, (ii) efficiency, (iii) security such as encryption type and key management scheme (Aiash and
and robustness, (iv) privacy, and (v) adaptability to MCC environ- Loo, 2013).
ment. The comparison of proposed methods based on mentioned According to our review, the mobile device should be equipped
criteria is discussed in Table 7. For ranking purpose, we deployed two with the high quality camera in some of the authentication approa-
different scales based on Likert scale; firstly we use very low, low, ches such as Jeong et al. (2013) and Al Rassan and AlShaher (2014) to
moderate, and high for usability, efficiency, and adaptability criteria. get better results. In the other word, the quality of the mobile device
Secondly, we use poor, fair, good, and very good for security and camera affects the accuracy of authentication decision. Hence, no
robustness as well as privacy (shown in Table 7). need to install extra hardwares such as different kinds of sensors is
The results in this table advocate lack of adaptivity of current preferable in designing authentication method.
MCC authentication schemes for MCC ecosystem. Furthermore,
most of these schemes are based on traditional methods that 4.2. Usability preferences
previous researchers recommended to be used in conventional
mobile computing environment. In the other word, the proposed Security is often recognized as one of the important barriers to
schemes hardly considered capabilities and limitations of mobile usability of authentication methods (Braz et al., 2007). The trade-off
devices. The results of this comparison indicate that MCC-ready between usability and performance is an important criterion to
Table 6
Privacy evaluation of MCC authentication schemes: pros and cons.
Scheme Pros Cons
Multi-factors (Jeong et Secure against phishing and eavesdropping attacks using TLS and SSL for communication Privacy issues of using biometrics
al., 2013) between network entities Anonymity of both user and server is
not preserved
Lack of providing user biometrics pro-
tection mechanism
MDA (Dey et al., 2013) Providing user and server anonymity using XoR and hash function The untraceability is not applied, which
Secure against phishing and eavesdropping attacks introduce privacy issue for the user
Cloud-based bio- Protect user privacy by using just handwriting pattern instead of using other private biometrics Anonymity of both user and server is
metrics (Omri et not preserved
al., 2012) Lack of providing secure mechanism
against phishing and eavesdropping
attack
FDZ (Schwab and Yang, Secure against phishing and eavesdropping attacks Anonymity of both user and server is
2013) not preserved
QR code-based (Oh Secure against phishing and eavesdropping attacks using Diffie–Hellman protocol Lack of user and server anonymity
et al. (2011)) preservation
SeDiCi 2.0 (Grzon- Not using private information preserves the user privacy User and server anonymity mechanism
kowski et al., 2011) are not considered
TrustCube (Chow et al., Using OpenID to protect user anonymity Using many private information of user
2010) Protect user against phishing and eavesdropping attacks to process authentication
SMCBA (Al Rassan and The mobile device processes fingerprint data, then sends the result of the authentication to the Fingerprint as one of the most private
AlShaher, 2014) cloud server not the biometrics information to prevent eavesdropping risk information of user is not protected
Lack of providing secure mechanism
against phishing and eavesdropping
attacks
NemoAuth (Le et al., The NemoAuth method uses less private biometrics than typical biometrics methods Using many private information of user
2013) to process authentication
No privacy mechanism is provided to
protect the user private information
evaluate authentication schemes. However, the authentication fingerprint, iris, retina, face, and voice recognition are highly vul-
method is expected to protect varied network entities against nerable to privacy attacks, henceforth the proper privacy protection
security and privacy threats while it is sufficiently user-friendly. The techniques can be applied to the authentication methods. The mutual
usability dramatically drops when the authentication methods are authentication is an important feature that can be provided by
designed with major focus on security that leads to more complexity authentication mechanism. In the other words, mobile device can
and less usability. Furthermore, the authentication mechanism can be check authentication of cloud server while the cloud server can check
in accordance with the user preferable model to reach user satis- mobile end-user authentication. Another important feature of
faction. As an example, the user might prefer graphical password authentication method is untraceability that means if an attacker can
authentication over other methods because of easiness of entering sniff the transferring packets, the relation between different packets
the password by tapping the touch screen. The usability analysis of should not be revealed.
various kinds of authentication methods is investigated in Braz and
Robert (2006), which shows the biometric authentication such as 4.4. Mobility
voice recognition is more usable for the users because of inherent
characteristics of these kinds of authentication methods such as easy- In contrast to wired network that all the nodes are static, the
to-use and effortless-memorizing. Based on our review, the graphical mobility is the inherent characteristic of mobile devices in MCC,
password and biometrics authentication methods are two types of which introduces new challenges to design authentication proto-
the trending methods in the field of MCC authentication. cols (Chen and Hoang, 2013). The mobile devices rapidly roam in
different wireless networks to preserve connectivity, hence the
4.3. Security and privacy authentication delay should be acceptable according to the wire-
less network's standards. Furthermore, the packet loss and sig-
In MCC, mitigating the security and privacy issues during the naling cost as two important criteria in mobile device roaming
offloading procedure is a critical task because neglecting these issues procedure can be considered.
inhibits adoption of MCC services by the end-users (Khan et al., 2014).
The security and privacy issues of MCC such as revealed mobile user 4.5. Support heterogeneity
location, stolen device, insecure access to rogue access points, near
field communication (NFC) hacking (Xuanxia et al., 2014; Yu and Heterogeneity in MCC can be discussed in three main cate-
Wen, 2013; Yu-Jia and Li-Chun, 2011; Yu and Wen, 2012; Zhou and gories including mobile device, cloud, and wireless networks. The
Huang, 2012; Itani et al., 2010; Ren et al., 2011; Weiwei et al., 2011; diversity of infrastructure, hardware, software, architectures, and
Sue-Chen et al., 2011) can be mitigated by suitable authentication technologies in MCC makes this environment more complicated.
methods. The user privacy is highly important, especially in MCC, Sanaei et al. (2013) explained open challenges and issues regard-
where the authentication information are stored in the cloud servers. ing heterogeneity in MCC comprehensively. Mobile devices in
Among different approaches, biometric information such as heterogeneous networks switch between different types of
Table 7
Comparison of evaluated authentication methods.
networks to preserve network connectivity, henceforth there is a 5.1. Heterogeneous infrastructure

need to consider the characteristics of these heterogeneous net-
works in authentication mechanisms. As an example, when a The heterogeneity is an intrinsic characteristic of MCC because
mobile device connects to a network, different parameters such as of using various wireless networks to preserve mobile device
security and QoS will be defined by the network as service level connectivity. The variety of wireless technologies includes WLAN
agreement, and the preferences of each network differ from other and cellular, as well as the diversity of technologies of mobile
networks, hence these various requirements are recommended to devices, including software, hardware, and architecture, make
be considered. designing authentication method more complicated and difficult,
because the authentication approach should be applicable and
comply with the network and mobile device requirements. Several
4.6. Adaptiveness
security concerns are arisen in heterogeneous networks' authen-
In the cloud-based authentication methods, some parts of tication procedure such as initially authentication and handover
authentication when the mobile node is roaming between differ-
mechanism are processed on the cloud server, hence a suitable
ent types of networks. Furthermore, as different communication
authentication methods are required to manage the load balancing
technologies offer different security levels, consequently, some
of VMs in cloud servers, among the reviewed authentication
networks are less able to provide the required security level for
methods in MCC, Jeong et al. (2013) designed a server to manage
mobile nodes. The diversities of wireless networks, mobile devi-
load balancing. In addition, some managing services such as
ces, and cloud technologies are marginally considered in designing
resource scheduler are required, where one of the mobile device
authentication methods for MCC. It is recommended to design
or cloud server can be selected to process the specific steps of
multilevel authentication methods, which are adaptive to the
authentication mechanism based on the intrinsic properties of the
capabilities and limitations of various network entities. In multi-
entities (Sanaei et al., 2012).
level authentication methods, such as Thorwat and Shetty (2014),
Naik and Koul (2013) and Dinesha and Agrawal (2012), the
security level can be selected automatically and extra security
5. Open challenges plugins can be added based on a tradeoff between sensitivity and
available resources.
This section highlights several open challenges related to
authentication in MCC that demand future research and devel- 5.2. Seamless handover
opment efforts. Addressing these challenges can significantly
enhance authentication in MCC leading to successful adoption The authentication as a critical phase in handover procedure,
of MCC. is a challenging task to achieve seamless handover in MCC
Mobile Device Characteristics Usability Preferences
Mobile architecture Minimize User Effort

Memory Infrequent-Errors
CPU processing power Memorizing-effortless
Battery limitations
Security and Privacy Mobility
Latency
Packet Loss
Mutual Authentication Signaling Cost
Untraceability
Resistant to attacks
Privacy protection
Support Heterogeneity Adaptiveness
Cloud server manger

Mobile Devices
Resource scheduler
Wireless Networks
Cloud Servers
Fig. 14. Effective factors in designing authentication scheme in MCC.
(Gani et al., 2014). The authentication standards are defined in mitigated by providing shared pool computational processing
different ways for various wireless technologies such as Wi–Fi, resources in cloud (Abolfazli et al., 2014b; Zhu et al., 2014; Ver-
WiMAX, ZigBee, and Cellular, which supports specific authentica- belen et al., 2014; Shojafar et al., 2015). The mobile processing
tion protocols according to the defined architecture, software and power constraint demands transferring the resource-intensive
hardware. Furthermore, some network technologies support sev- parts of the authentication mechanisms to the cloud for proces-
eral authentication protocols, which makes the appropriate sing. Computing off-loading technique reduces the time of appli-
authentication selection method more challenging for the mobile cation execution on mobile devices, which results in reduction of
device. In addition, the protection of seamless connectivity is a power consumption. However, the energy consumption of trans-
challenging task, especially in high mobility networks such as ferring the data is not considered in most of the current studies
MCC, and authentication has a key role to reduce handover latency (Yao et al., 2013). Therefore, designing the appropriate resource
for seamless handover achievement. The suitable authentication scheduling algorithm, which decides on transferring resource-
method must fulfill the acceptable latency rate requirement dis- intensive parts of an authentication mechanism to the cloud, is a
cussed in literature (Tolia et al., 2006), which are provided for the challenging task that affects authentication latency, performance,
mobile user in MCC. and energy consumption.
5.3. Identity privacy
In MCC, the mobile user privacy preservation is more challenging 6. Conclusions

compared to the immobile users. In terms of user privacy, both
communication content and the user personal data need to be pro- Security and privacy are among the most important issues in
tected (Zhu et al., 2009). The mobility feature of the MCC user may MCC that decelerate development of this technology. In the core of
connect to different access points owned by several kinds of networks, MCC, authentication is the most critical process to preserve
and the targeted network has to check the user authenticity during security and privacy of end-users. Although authentication is not
handover procedure using his identity information. Furthermore, the new in computing, it is immature in MCC due to unique features,
user information may be stored in parallel cloud storage to improve requirements, opportunities, and challenges existing in mobile-
performance and reliability, which increases the risk of disclosure of cloud environments. Mobility, resource poverty, small form factor,
the user private information (Barsoum et al., 2013). Henceforth, a and pervasive usability of mobile devices on one hand, and wire-
proper privacy preservation mechanism in MCC is a challenging task. less communication, cloud resource provisioning, computation
offloading, and heterogeneity on the other hand necessitate pro-
5.4. Resource scheduling posing authentication mechanisms that are developed for mobile-
cloud users. Therefore, it is essential to critically analyse existing
Energy conservation of the mobile device is highly important in authentication methods taking into account unique characteristics
MCC, where the battery limitation of the mobile device is and challenges of MCC to highlight the security and efficiency
issues of the current methods and suggest the future research Alizadeh M, Wan HH. Challenges and opportunities of mobile cloud computing. In:
directions toward fully unleashing the power of mobile cloud. 2013 9th international on wireless communications and mobile computing
conference. Sardinia, Italy: IEEE; 2013. p. 660–6.
In this study, we present a comprehensive survey of authenti- Alizadeh M, Hassan WH, Behboodian N, Karamizadeh S. A brief review of mobile
cation in MCC that critically examines various existing authenti- cloud computing opportunities. Res Notes Inf Sci 2013a;12(April):155–60. http:
cation approaches to portrait the state-of-the-art and also high- //dx.doi.org/10.4156/rnis.vol12.27.
Alizadeh M, Hassan WH, Zamani M, Khodadadi T, Chaeikar SS. A prospective study
light the most important challenges as future research directions. of mobile cloud computing. Int J Adv Comput Technol 2013b;5(11).
We present an in-depth discussion over authentication in MCC Allam S, Flowerday SV, Flowerday E. Smartphone information security awareness: a
victim of operational pressures. Comput Secur 2014;42(May):56–65. http://dx.
and highlight its challenging characteristics compared to cloud
doi.org/10.1016/j.cose.2014.01.005.
computing technology. Furthermore, the existing authentication Al Rassan I, AlShaher H. Securing mobile cloud computing using biometric
methods in MCC are evaluated and analyzed based on criteria such authentication (SMCBA). In: 2014 International conference on computational
science and computational intelligence, vol. 1. Las Vegas, USA: IEEE Computer
as usability, efficiency, security, privacy and adaptability to MCC. Society; 2014. p. 157–61. http://dx.doi.org/10.1109/CSCI.2014.33.
The current authentication methods are proposed based on tra- Al-Zoube MA, Alqudah YA. Mobile cloud computing framework for patients' health
ditional authentication schemes without considering adaptability data analysis. Biomed Eng: Appl, Basis Commun 2014;26(02) 1450020–9.
http://dx.doi.org/10.4015/S1016237214500203.
to MCC specifications. The results of the evaluation show that Aminzadeh N, Sanaei Z, Ab Hamid SH. Mobile storage augmentation in mobile cloud
some important factors such as user preferences, mobility, het- computing: taxonomy, approaches, and open issues. Simul Model Pract Theory
erogeneity, mobile device characteristics, and MCC-friendliness 2015;50(January):96–108. http://dx.doi.org/10.1016/j.simpat.2014.05.009.
An N, Huynh C-T, Lee B, Hong C, Huh E-N. An efficient block classification for media
are highly critical to be considered when designing the future healthcare service in mobile cloud computing. Multimed Tools Appl 2014:1–15.
authentication mechanisms for MCC. The results also suggest that http://dx.doi.org/10.1007/s11042-014-2039-6.
Ardagna CA, Conti M, Leone M, Stefa J. An anonymous end-to-end communication
the most appropriate authentication method in MCC would be
protocol for mobile cloud environments. IEEE Trans Serv Comput 2014;
hybrid adaptive methods with varied degrees of fidelity that can 7(3):373–86. http://dx.doi.org/10.1109/TSC.2014.2304717.
be adopted depending on user location, Internet connectivity, Avelar E, Marques L, dos Passos D, Macedo R, Dias K, Nogueira M. Interoperability issues
on heterogeneous wireless communication for smart cities. Comput Commun
native resource level, and remote resource proximity. While the 2015;58(March):4–15. http://dx.doi.org/10.1016/j.comcom.2014.07.005.
most effective MCC solutions perform resource-intensive complex Barsoum A, Hasan A, Member S. Enabling dynamic data and indirect mutual trust for cloud
authentication processes using remote resources in the cloud that computing storage systems. IEEE Trans Parallel Distrib Syst 2013;24(12):2375–85.
Bin M, Xiaofeng L, Xianzhong X. Risk-aware vertical handoff algorithm for security
offers high fidelity, lightweight, yet robust approaches running access support in heterogeneous wireless networks. In: 5th international
natively on the end-user device can be utilized in the absence of conference on biomedical engineering and informatics. Chongqing, China:
remote cloud resources leading to lower fidelity. Such approaches IEEE; 2012. p. 1515–9. http://dx.doi.org/10.1109/BMEI.2012.6512937.
Bonneau J, Herley C, van Oorschot PC, Stajano F. The quest to replace passwords: a
in near future, that demand future R&D efforts can autonomously framework for comparative evaluation of web authentication schemes. In: 2012
determine fidelity level considering user's context. IEEE symposium on security and privacy. San Francisco, USA: IEEE; 2012. p.
553–67. http://dx.doi.org/10.1109/SP.2012.44.
Braz C, Robert J-M. Security and usability: the case of the user authentication
methods. In: Proceedings of the 18th international conference of the associa-
Acknowledgement tion francophone d'interaction homme–machine. Montreal, Canada: ACM;
2006. p. 199–203.
Braz C, Seffah A, MRaihi D. Designing a trade-off between usability and security: a metrics
Authors acknowledge support from Malaysia-Japan Interna- based-model. In: Baranauskas C, Palanque P, Abascal J, Barbosa S, editors. Human-
tional Institute of Technology (MJIIT) center at Universiti Teknologi computer interaction. Lecture notes in computer Science, vol. 4663. Berlin, Heidel-
berg: Springer; 2007. p. 114–26. http://dx.doi.org/10.1007/978-3-540-74800-7_9.
Malaysia, Japan Student Services Organization (JASSO), and
Cachin C, Schunter M. A cloud you can trust. IEEE Spectrum 2011;48(12):28–51.
Kyushu University, Fukuoka, Japan. Chandra DG, Prakash R, Lamdharia S. Mobile ticketing system for automatic fare
collection model for public transport. In: 2013 5th international conference on
computational intelligence and communication networks. Mathura, India:
IEEE; 2013, p. 600–3. http://dx.doi.org/10.1109/CICN.2013.131.
Chang C-C, Lee C-Y, Chiu Y-C. Enhanced authentication scheme with anonymity for
References
roaming service in global mobility networks. Comput Commun 2009;32
(4):611–8. http://dx.doi.org/10.1016/j.comcom.2008.11.032.
Abolfazli S, Sanaei Z, Shiraz M, Gani A. MOMCC: market-oriented architecture for Chen L, Hoang DB. Addressing data and user mobility challenges in the cloud. In:
mobile cloud computing based on service oriented architecture. In: 1st IEEE 2013 IEEE sixth international conference on cloud computing. Santa Clara, USA:
international conference on communications in china workshops. Beijing, IEEE; 2013. p. 549–56. http://dx.doi.org/10.1109/CLOUD.2013.26.
China: IEEE Computer Society; 2012. p. 8–13. doi: http://dx.doi.org/10.1109/ Chen M, Ma Y, Liu Y, Jia F, Ran Y, Wang J. Mobile learning system based on cloud com-
ICCCW.2012.6316481. puting. J Netw 2013;8(11):2572–7. http://dx.doi.org/10.4304/jnw.8.11.2572-2577.
Abolfazli S, Sanaei Z, Alizadeh MM, Gani A, Xia F, Member S. An experimental Chow R, Jakobsson M, Masuoka R, Molina J, Niu Y, Shi E, et al. Authentication in the
analysis on cloud-based mobile augmentation in mobile cloud computing. IEEE clouds: a framework and its application to mobile users. In: Proceedings of the
Trans Consum Electron 2014;99(1):1–9. 2010 ACM workshop on cloud computing security workshop. Chicago, USA:
Abolfazli S, Sanaei Z, Ahmed E, Gani A, Buyya R. Cloud-based augmentation for mobile ACM; 2010. p. 1–6. http://dx.doi.org/10.1145/1866835.1866837.
devices: motivation, taxonomies, and open challenges. IEEE Commun Surv Tutor Christensen JH. Using RESTful web-services and cloud computing to create next
2014a;16(1):337–68. http://dx.doi.org/10.1109/SURV.2013.070813.00285. generation mobile applications. In: 24th ACM SIGPLAN conference companion
Abolfazli S, Sanaei Z, Gani A, Xia F, Yang LT. Rich mobile applications: genesis, on Object oriented programming systems languages and applications. New
taxonomy, and open issues. J Netw Comput Appl 2014b;40(April):345–62. http: York, USA: ACM; 2009. p. 627–34.
//dx.doi.org/10.1016/j.jnca.2013.09.009. Chu C-H, Ouyang Y-C, Jang C-B. Secure data transmission with cloud computing in
Aboudagga N, Refaei MT, Eltoweissy M, DaSilva LA, Quisquater J-J. Authentication heterogeneous wireless networks. Secur Commun Netw 2012;5(12):1325–36.
protocols for ad hoc networks: taxonomy and research issues. In: Proceedings http://dx.doi.org/10.1002/sec.409.
of the 1st ACM international workshop on quality of service and security in Cisco T. Cisco visual networking index: global mobile data traffic forecast update,
wireless and mobile networks. Montreal, Canada: ACM; 2005. p. 96–104. 2013–2018. Technical Report. Cisco; 2014.
http://dx.doi.org/10.1145/1089761.1089777. Clarke NL, Furnell SM. Advanced user authentication for mobile devices. Comput
Adida B. Beamauth: two-factor web authentication with a bookmark. In: Pro- Secur 2007;26(2):109–19. http://dx.doi.org/10.1016/j.cose.2006.08.008.
ceedings of the 14th ACM conference on computer and communications Clarke NL, Furnell SM, Rodwell PM, Reynolds PL. Acceptance of subscriber
security. Alexandria, USA: ACM; 2007. p. 48–57. http://dx.doi.org/10.1145/ authentication methods for mobile telephony devices. Comput Secur 2002;
1315245.1315253. 21(3):220–8. http://dx.doi.org/10.1016/S0167-4048(02)00304-8.
Ahn H, Chang H, Jang C, Choi E. User authentication platform using provisioning in Crawford H, Renaud K, Storer T. A framework for continuous, transparent mobile
cloud computing environment. In: 3rd international conference on advanced device authentication. Comput Secur 2013;39(Part B, November):127–36. http:
communication and networking. Brno, Czech republic: Springer-Verlag; 2011. p. //dx.doi.org/10.1016/j.cose.2013.05.005.
132–8. doi: http://dx.doi.org/10.1007/978-3-642-23312-8_16. Dey S, Sampalli S, Ye Q. Message digest as authentication entity for mobile cloud
Aiash M, Loo J. Introducing a novel authentication protocol for secure services in computing. In: 32nd international performance computing and communica-
heterogeneous environments using Casper/FDR. Int J Commun Syst 2013; tions conference. San Diego, USA: IEEE; 2013. p. 1–6. http://dx.doi.org/10.1109/
27(12):3600–18. http://dx.doi.org/10.1002/dac.2561. PCCC.2013.6742784.
Dijiang H, Zhibin Z, Le X, Tianyi X, Yunji Z. Secure data processing framework for Jana D, Bandyopadhyay D. Efficient management of security and privacy issues in
mobile cloud computing. In: 2011 IEEE conference on computer communica- mobile cloud environment. In: 2013 annual IEEE india conference. Mumbai,
tions workshops. Shanghai, China: IEEE; 2011. p. 614–8. http://dx.doi.org/10. India: IEEE; 2013. p. 1–6. http://dx.doi.org/10.1109/INDCON.2013.6726077.
1109/INFCOMW.2011.5928886. Jang EY, Kim HJ, Park CS, Kim JY, Lee J. The study on a threat countermeasure of
Dinesha HA, Agrawal VK. Multi-level authentication technique for accessing cloud mobile cloud services. Korea Inst Inf Secur Cryptol 2011;21(1).
services. In: 2012 international conference on computing, communication and Jeong Y-S, Park JS, Park JH. An efficient authentication system of smart device using
applications. Dindigul, India: IEEE; 2012. p. 1–4. doi: http://dx.doi.org/10.1109/ multi factors in mobile cloud service architecture. Int J Commun Syst 2015;
ICCCA.2012.6179130. 28(4):659–74. http://dx.doi.org/10.1002/dac.2694.
Dinh HT, Lee C, Niyato D, Wang P. A survey of mobile cloud computing: architecture, Jin AH, Sangmin S, Namgi K, Byoung-Dai L. A study of secure data transmissions in
applications and approaches. Wirel Commun Mob Comput 2013;13(18):1587–611. mobile cloud computing from the energy consumption side. In: 2013 interna-
Dong J, Han J, Liu J, Yin H. Shallow analysis of mobile learning environment under Cloud tional conference on information networking. Bangkok, Thailand: IEEE; 2013. p.
computing. In: 2011 7th international conference on MEMS, NANO and smart sys- 250–5. http://dx.doi.org/10.1109/ICOIN.2013.6496385.
tems. Switzerland, Kuala Lumpur, Malaysia: Trans Tech Publications; 2012. p. Kaewpuang R, Niyato D, Wang P, Hossain E. A framework for cooperative resource
1447–50. http://dx.doi.org/10.4028/www.scientific.net/AMR.403-408.1447. management in mobile cloud computing. IEEE J Sel Areas Commun 2013;
Doukas C, Pliakas T, Maglogiannis I. Mobile healthcare information management 31(12):2685–700. http://dx.doi.org/10.1109/JSAC.2013.131209.
utilizing cloud computing and android OS. In: 2010 annual international con- Khalil I, Khreishah A, Azeem M. Consolidated identity management system for
ference of the IEEE engineering in medicine and biology society. Buenos Aires, secure mobile cloud computing. Comput Netw 2014;65(June):99–110. http:
Argentina: IEEE; 2010. p. 1037–40. //dx.doi.org/10.1016/j.comnet.2014.03.015.
Esposito C, Ciampi M. On security in publish/subscribe services: a survey. IEEE Commun Khan AN, Mat Kiah M, Khan SU, Madani SA. Towards secure mobile cloud com-
Surv Tutor 2015; PP (99). http://dx.doi.org/10.1109/COMST.2014.2364616. puting: a survey. Future Gener Comput Syst 2013a;29(5):1278–99. http://dx.
Fernando N, Loke SW, Rahayu W. Mobile cloud computing: a survey. Future Gener doi.org/10.1016/j.future.2012.08.003.
Comput Syst 2013;29(1):84–106. http://dx.doi.org/10.1016/j.future.2012.05.023. Khan AN, Mat Kiah ML, Madani Sa, Khan AUR, Ali M. Enhanced dynamic credential
Forouzan BA. Introduction to cryptography and network security. McGraw-Hill generation scheme for protection of user identity in mobile-cloud computing. J
Higher Education; 2008. Supercomput 2013b;66(3):1687–706. http://dx.doi.org/10.1007/s11227-013-0967-y.
Furnell SM, Dowland PS, Illingworth HM, Reynolds PL. Authentication and super- Khan AN, Kiah MLM, Khan SU, Madani SA, Khan AR. A study of incremental cryp-
vision: a survey of user attitudes. Comput Secur 2000;19(6):529–39. http://dx. tography for security schemes in mobile cloud computing environments. In:
doi.org/10.1016/S0167-4048(00)06027-2. 2013 IEEE symposium on wireless technology and applications. Kouching,
Furnell S, Clarke N, Karatzouni S. Beyond the PIN: enhancing user authentication for Malaysia: IEEE; 2013. p. 62–7. http://dx.doi.org/10.1109/ISWTA.2013.6688818.
mobile devices. Comput Fraud Secur 2008;2008(8):12–7. http://dx.doi.org/ Khan A, Kiah MLM, Madani S, Ali M, Khan A, Shamshirband S. Incremental proxy re-
10.1016/S1361-3723(08)70127-1. encryption scheme for mobile cloud computing environment. J Supercomput
Gani A, Nayeem GM, Shiraz M, Sookhak M, Whaiduzzaman M, Khan S. A review on
2014;68(2):624–51. http://dx.doi.org/10.1007/s11227-013-1055-z.
interworking and mobility techniques for seamless connectivity in mobile Kim S, Rhee HS, Chun JY, Lee DH. Anonymous and traceable authentication scheme
cloud computing. J Netw Comput Appl 2014;43(August):84–102. http://dx.doi.
using smart cards. In: International conference on information security and
org/10.1016/j.jnca.2014.04.009.
assurance. Busan, South Korea: IEEE; 2008. p. 162–5. http://dx.doi.org/10.1109/
Ghazizadeh E, Zamani M, Ab Manan JL, Alizadeh M. Trusted computing strengthens cloud
ISA.2008.52.
authentication. Sci World J 2014;2014:17. http://dx.doi.org/10.1155/2014/260187.
Ko SKV, Lee JH, Kim SW. Mobile cloud computing security considerations. J Secur
Giuffrida C, Majdanik K, Conti M, Bos H. I sensed it was you: authenticating mobile
Eng 2012;9(2):143–50.
users with sensor-enhanced keystroke dynamics. In: Dietrich S, editor. Detection
Kumar R, Rajalakshmi S. Mobile cloud computing: standard approach to protecting
of intrusions and malware and vulnerability assessment SE - 6. Lecture notes in
and securing of mobile cloud ecosystems. In: 2013 international conference on
computer science, vol. 8550. Egham, London, UK: Springer International Pub-
computer sciences and applications. Wuhan, China: IEEE; 2013. p. 663–9.
lishing; 2014. p. 92–111. http://dx.doi.org/10.1007/978-3-319-08509-8_6.
http://dx.doi.org/10.1109/CSA.2013.161.
Grzonkowski S. SeDiCi: an authentication service taking advantage of zero-
Lane ND, Miluzzo E, Lu H, Peebles D, Choudhury T, Campbell AT. A survey of mobile
knowledge proofs. In: Sion R, editor. Financial cryptography and data secur-
phone sensing. IEEE Commun Mag 2010;48(9):140–50.
ity. Lecture notes in computer science, vol. 6052. Springer; 2010. p. 426.
La Polla M, Martinelli F, Sgandurra D. A survey on security for mobile devices. IEEE
Grzonkowski S, Corcoran PM, Coughlin T. Security analysis of authentication pro-
Commun Surv Tutor 2013;15(1):446–71.
tocols for next-generation mobile and CE cloud services. In: 2011 IEEE inter-
Le Z, Zhang X, Gao Z. NemoAuth: a mnemonic multimodal approach to mobile user
national conference on consumer electronics. Berlin, Germany: IEEE; 2011. p.
authentication. In: 2013 IEEE region 10 conference (31194). Xi'an, China: IEEE;
83–7. http://dx.doi.org/10.1109/ICCE-Berlin.2011.6031855.
2013. p. 1–6.
Guo M-H, Liaw H-T, Hsiao L-L, Huang C-Y, Yen C-T. Authentication using graphical
Lei L, Zhong Z, Zheng K, Chen J, Meng H. Challenges on wireless heterogeneous
password in cloud. In: 15th international symposium on wireless personal multi-
networks for mobile cloud computing. IEEE Wirel Commun 2013;20(3) http://
media communications. Taipei, Taiwan: IEEE Computer Society; 2012. p. 177–81.
He D, Ma M, Zhang Y, Chen C, Bu J. A strong user authentication scheme with smart dx.doi.org/10.1109/MWC.2013.6549281.
Li C, Li L. Phased scheduling for resource-constrained mobile devices in mobile
cards for wireless communications. Comput Commun 2011;34(3):367–74. http:
cloud computing. Wirel Person Commun 2014;77(4):2817–37. http://dx.doi.
//dx.doi.org/10.1016/j.comcom.2010.02.031.
He D, Chan S, Guizani M. User privacy and data trustworthiness in mobile crowd org/10.1007/s11277-014-1669-3.
sensing. IEEE Wirel Commun 2015a;22(1):28–34. http://dx.doi.org/10.1109/ Li R, Zhang Y, Wang Z, Sun X. The implementation of the travel cloud interpretation
MWC.2015.7054716. system. In: 2011 international conference on computer science and network
He D, Chan S, Guizani M. Mobile application security: malware threats and technology. Harbin, China: IEEE Computer Society; 2011. p. 1449–51. http://dx.
defenses. IEEE Wirele Commun 2015b;22(1):138–44. http://dx.doi.org/10.1109/ doi.org/10.1109/ICCSNT.2011.6182238.
MWC.2015.7054729. Li X, He J, Zhang T. A service-oriented identity authentication privacy protection
Hoang DB, Chen L. Mobile cloud for assistive healthcare (MoCAsH). In: 2010 IEEE method in cloud computing. Int J Grid Distrib Comput 2013;6(1):77–86.
Asia-Pacific services computing conference, APSCC. Hangzhou, China: IEEE; Lingfeng C, Hoang DB. Addressing data and user mobility challenges in the cloud.
2010. p. 325–32. http://dx.doi.org/10.1109/APSCC.2010.102. In: 2013 IEEE sixth international conference on cloud computing. Santa Clara,
Honggang W, Shaoen W, Min C, Wei W. Security protection between users and the USA: IEEE; 2013. p. 549–56. http://dx.doi.org/10.1109/CLOUD.2013.26.
mobile media cloud. IEEE Commun Mag 2014;52(3):73–9. http://dx.doi.org/ Liu L, Moulic R, Shea D. Cloud service portal for mobile device management. In:
10.1109/MCOM.2014.6766088. 2010 IEEE 7th international conference on e-business engineering. Shanghai,
Huang B. The study of mobile education development based on 3G technique and China: IEEE; 2010. p. 474–8. http://dx.doi.org/10.1109/ICEBE.2010.102.
cloud computing. In: 2011 international conference on uncertainty reasoning Liu J, Ahmed E, Shiraz M, Gani A, Buyya R, Qureshi A. Application partitioning
and knowledge engineering. Kuala Lumpur, Malaysia: IEEE; 2011. p. 86–9. algorithms in mobile cloud computing: taxonomy, review and future directions.
http://dx.doi.org/10.1109/URKE.2011.6007847. J Netw Comput Appl 2015;48(February):99–117. http://dx.doi.org/10.1016/j.
Hui S, Zhuohua L, Jiafu W, Keliang Z, Security and privacy in mobile cloud com- jnca.2014.09.009.
puting. In: 2013 9th international on wireless communications and mobile Lopez J, Oppliger R, Pernul G. Authentication and authorization infrastructures
computing conference. Sardinia, Italy: IEEE; 2013. p. 655–9. http://dx.doi.org/ (AAIs): a comparative survey. Comput Secur 2004;23(7):578–90. http://dx.doi.
10.1109/IWCMC.2013.6583635. org/10.1016/j.cose.2004.06.013.
Imielinski T, Korth H. Introduction to mobile computing. In: Imielinski T, Henry KF, Louk M, Lim H, Lee H. An analysis of security system for intrusion in smartphone
editors. Mobile computing, the Kluwer international series in engineering and environment. Sci World J 2014;2014:1–12. http://dx.doi.org/10.1155/2014/
computer science, vol. 353. US: Springer; 1996. p. 1–43 [Chapter 1]. URL 983901.
http://faculty.winthrop.edu/domanm/csci411/Handouts/NIST.pdf. Ma RKK, Wang C-L. Lightweight application-level task migration for mobile cloud
ISO W. 9241-11. Ergonomic requirements for office work with visual display computing. In: IEEE 26th international conference on advanced information
terminals (VDTs). Technical Report. The international organization for stan- networking and applications (AINA), Fukuoka, Japan: IEEE; 2012. p. 550–7.
dardization; 1998. http://dx.doi.org/10.1109/AINA.2012.124.
Itani W, Kayssi A, Chehab A. Energy-efficient incremental integrity for securing Mahalingam T, Rajan AV. Cloud and mobile computing: affordances of the 21st
storage in mobile cloud computing. In: 2010 international conference on century teaching and learning. In: 2013 international conference on current
energy aware computing. Cairo, Egypt: IEEE; 2010. p. 1–2. http://dx.doi.org/10. trends in information technology. Dubai, UAE: IEEE; 2013. p. 125–8. http://dx.
1109/ICEAC.2010.5702296. doi.org/10.1109/CTIT.2013.6749490.
Mansoor N, Muzahidul Islam AKM, Zareei M, Baharun S, Wakabayashi T, Komaki S. Satyanarayanan M, Bahl P, Caceres R, Davies N. The case for VM-based cloudlets in
Cognitive radio ad-hoc network architectures: a survey. Wirel Person Commun mobile computing. IEEE Pervas Comput 2009;8(4):14–23. http://dx.doi.org/
2015;81(3):1117–42. http://dx.doi.org/10.1007/s11277-014-2175-3. 10.1109/MPRV.2009.82.
Mell P, Grance T. The NIST definition of cloud computing draft. 2011. Schwab D, Yang L. Entity authentication in a mobile-cloud environment. In: 8th
Morrow S. Data security in the cloud. In: Rajkumar B, James B, Andrzej G, editors. annual cyber security and information intelligence research workshop: federal
Cloud computing: principles and paradigms. John Wiley & Sons, Inc.; 2011. cyber security R and D program thrusts. Oak Ridge, United States: ACM; 2013.
p. 573–92. http://dx.doi.org/10.1145/2459976.2460024.
Morshed MSJ, Islam MM, Huq MK, Hossain MS, Basher MA. Integration of wireless Shahzad A, Hussain M. Security issues and challenges of mobile cloud computing.
hand-held devices with the cloud architecture: security and privacy issues. In: Int J Grid Distrib Comput 2013;6(6):37–50. http://dx.doi.org/10.14257/
2011 international conference on P2P, parallel, grid, cloud and internet com- ijgdc.2013.6.6.04.
puting. Barcelona, Spain: IEEE; 2011. p. 83–8. http://dx.doi.org/10.1109/3PGCIC. Sheng X, Gong W. Mobility can help: protect user identity with dynamic credential.
2011.22. In: 2010 eleventh international conference on mobile data management. Kan-
Mylonas A, Kastania A, Gritzalis D. Delegate the smartphone user? Security sas City, USA: IEEE; 2010. p. 378–80. http://dx.doi.org/10.1109/MDM.2010.73.
awareness in smartphone platforms Comput Secur 2013;34(May):47–66. http: Shi E, Niu Y, Jakobsson M, Chow R. Implicit authentication through learning user
//dx.doi.org/10.1016/j.cose.2012.11.004. behavior. In: Burmester M, Tsudik G, Magliveras S, Ilić I, editors. Information
Naik T, Koul S. Multi-dimensional and multi-level authentication techniques. Int J security. Lecture notes in computer science, Vol. 6531. Berlin, Heidelberg:
Comput Appl 2013;75(12):17–22. Springer; 2011. p. 99–113. http://dx.doi.org/10.1007/978-3-642-18178-8_9.
Noureddine M, Bashroush R. An authentication model towards cloud federation in Shon T, Cho J, Han K, Choi H. Toward advanced mobile cloud computing for the
the enterprise. J Syst Softw 2013;86(9):2269–75. http://dx.doi.org/10.1016/j. internet of things: current issues and future direction. Mob Netw Appl 2014;
jss.2012.12.031. 19(3):404–13. http://dx.doi.org/10.1007/s11036-014-0509-8.
Oh D-S, Kim B-H, Lee J-K. A study on authentication system using QR code for Shojafar M, Javanmardi S, Abolfazli S, Cordeschi N. FUGE: A joint meta-heuristic
mobile cloud computing environment. In: 6th international conference on approach to cloud job scheduling algorithm using fuzzy theory and genetic
future information technology. Loutraki, Greece: Springer-Verlag; 2011. p. method. Cluster Compute 2015;18(2):829–44.
500–7. http://dx.doi.org/10.1007/978-3-642-22333-4_65. Si P, Zhang Q, Richard YF, Zhang Y. QoS-aware dynamic resource management in
Omri F, Hamila R, Foufou S, Jarraya M. Cloud-ready biometric system for mobile security heterogeneous mobile cloud computing networks. China Commun 2014;
access. In: Benlamri R, editor. Networked digital technologies, communications in 11(4):144–59.
computer and information science, vol. 294. Berlin, Heidelberg: Springer; 2012. Simmons GJ. A survey of information authentication. Proc IEEE 1988;76(5):603–20.
p. 192–200. http://dx.doi.org/10.1007/978-3-642-30567-2_16 [Chapter 16]. http://dx.doi.org/10.1109/5.4445.
Owusu E, Han J, Das S, Perrig A, Zhang J. ACCessory: password inference using Singh M, Singh S. Design and implementation of multi-tier authentication scheme
accelerometers on smartphones. In: HotMobile '12, proceedings of the twelfth in cloud. Int J Comput Sci Issues 2012;9(5 5-2):181–7.
workshop on mobile computing systems and applications. New York, USA: Song Z, Molina J, Lee S, Lee H, Kotani S, Masuoka R. TrustCube: an infrastructure
ACM; 2012. p. 9:1–6. http://dx.doi.org/10.1145/2162081.2162095. that builds trust in client. In: Gawrock D, Reimer H, Sadeghi A-R, Vishik C,
Pal S, Henderson T. MobOCloud: extending cloud computing with mobile oppor- editors. Future of trust in computing. Vieweg þ Teubner; 2009.
tunistic networks. In: Proceedings of the 8th ACM MobiCom workshop on p. 68–79. http://dx.doi.org/10.1007/978-3-8348-9324-6_8.
Challenged networks. Miami, Florida, USA: ACM; 2013. p. 57–62. http://dx.doi. Song R, Li S, Yao Z, Li X. Design and implementation of the web content adaptation
org/10.1145/2505494.2505503. for intelligent tourism cloud platform. In: 2012 international conference on
Park C-S. Authentication protocol providing user anonymity and untraceability in control engineering and communication technology. Liaoning, China: IEEE;
wireless mobile communication systems. Comput Netw 2004;44(2):267–73. 2012. p. 759–62. http://dx.doi.org/10.1109/ICCECT.2012.100.
http://dx.doi.org/10.1016/j.comnet.2003.09.001. Sood SK. A combined approach to ensure data security in cloud computing. J Netw
Park J, Yi K, Park J. SSP-MCloud: a study on security service protocol for smartphone Comput Appl 2012;35(6):1831–8. http://dx.doi.org/10.1016/j.jnca.2012.07.007.
centric mobile cloud computing. In: Park JJ, Arabnia H, Chang H-B, Shon T, Sookhak M, Talebian H, Ahmed E, Gani A, Khan MK. A review on remote data
editors. IT convergence and services lecture notes in electrical engineering. auditing in single cloud server: taxonomy and open issues. J Netw Comput Appl
Lecture notes in electrical Engineering, vol. 107. Netherlands: Springer; 2011. 2014;43(August):121–41. http://dx.doi.org/10.1016/j.jnca.2014.04.011.
p. 165–72. http://dx.doi.org/10.1007/978-94-007-2598-0_18. Sue-Chen H, Jing-Yan L, Ming-Yen L. Secure cloud storage for convenient data
Peng S, Yu S, Yang A. Smartphone malware and its propagation modeling: a survey. archive of smart phones. In: 2011 IEEE 15th international symposium on con-
IEEE Commun Surv Tutor 2014;16(2):925–41. http://dx.doi.org/10.1109/ sumer electronics. Singapore: IEEE; 2011. p. 156–61. http://dx.doi.org/10.1109/
SURV.2013.070813.00214. ISCE.2011.5973804.
Popa D, Cremene M, Borda M, Boudaoud K. A security framework for mobile cloud Thorwat MPD, Shetty MS. Implementation of multilevel authentication scheme for
applications. In: 11th IEEE conference on roedunet international conference. multicloud environment. In: International conference on information and
Sinaia, Romania: IEEE; 2013. p. 1–4. doi: http://dx.doi.org/10.1109/RoEduNet. communication technologies. Karnataka, India; 2014. p. 247–52.
2013.6511724. Tolia N, Andersen DG, Satyanarayanan M. Quantifying interactive user experience
Qureshi SS, Ahmad T, Rafique K, Shuja Ul I. Mobile cloud computing as future for on thin clients. Computer 2006;39(3):46–52.
mobile applications—implementation methods and challenging issues. In: 2011 Truong T-T, Tran M, Duong A-D. Robust mobile device integration of a fingerprint
IEEE international conference on cloud computing and intelligence systems. biometric remote authentication scheme. In: 26th IEEE international con-
Beijing, China: IEEE Computer Society; 2011. p. 467–71. http://dx.doi.org/10. ference on advanced information networking and applications. Fukuoka, Japan:
1109/CCIS.2011.6045111. Institute of Electrical and Electronics Engineers Inc.; 2012. p. 678–5. http://dx.
Ra M-R, Sheth A, Mummert L, Pillai P, Wetherall D, Govindan R. Odessa: enabling doi.org/10.1109/AINA.2012.47.
interactive perception applications on mobile devices. In: Proceedings of the Verbelen T, Simoens P, De Turck F, Dhoedt B. Adaptive deployment and config-
9th international conference on mobile systems, applications, and services. uration for mobile augmented reality in the cloudlet. J Netw Comput Appl
New York, USA: IEEE Computer Society; 2011. p. 43–56. 2014;41(May):206–16. http://dx.doi.org/10.1016/j.jnca.2013.12.002.
Rahimi MR, Venkatasubramanian N, Vasilakos AV. MuSIC: mobility-aware optimal Wang JK, Jia X. Data security and authentication in hybrid cloud computing model.
service allocation in mobile cloud computing. In: IEEE sixth international In: 2012 IEEE global high tech congress on electronics. Shenzhen, China: IEEE;
conference on cloud computing. Santa Clara Marriott, USA: IEEE; 2013. p. 2012. p. 117–20. doi: http://dx.doi.org/10.1109/GHTCE.2012.6490136.
75–82. http://dx.doi.org/10.1109/CLOUD.2013.100. Wang Y, Streff K, Raman S. Smartphone security challenges. Computer 2012;
Rahul S, Sharda DJK. Security and privacy issues in cloud computing. Int J Eng Res 45(12):52–8. http://dx.doi.org/10.1109/MC.2012.288.
Technol 2013;2(3). Wang S-C, Liao W-P, Yan K-Q, Wang S-S, Tsai S-H. Security of cloud computing
Ren W, Yu L, Gao R, Xiong F. Lightweight and compromise resilient storage out- lightweight authentication protocol. In: 2nd international conference on engi-
sourcing with distributed secure accessibility in mobile cloud computing. neering and technology innovation 2012. Kaohsiung, Taiwan: Trans Tech Pub-
Tsinghua Sci Technol 2011;16(5):520–8. lications; 2013. p. 3502–6. doi: http://dx.doi.org/10.4028/www.scientific.net/
Riley M, Akkaya K, Fong K. A survey of authentication schemes for vehicular ad hoc AMM.284-287.3502.
networks. Secur Commun Netw 2011;4(10):1137–52. http://dx.doi.org/10.1002/ Weiwei J, Haojin Z, Zhenfu C, Lifei W, Xiaodong L. SDSM: a secure data service
sec.239. mechanism in mobile cloud computing. In: 2011 IEEE conference on computer
Ruj S, Stojmenovic M, Nayak A. Privacy preserving access control with authenti- communications workshops. Shanghai, China: IEEE; 2011. p. 1060–5. http://dx.
cation for securing data in clouds. In: 12th IEEE/ACM international symposium doi.org/10.1109/INFCOMW.2011.5928784.
on cluster, cloud and grid computing. Ottawa, Canada: IEEE; 2012. p. 556–63. Xia F, Ding F, Li J, Kong X, Yang L, Ma J. Phone2Cloud: exploiting computation
Sanaei Z, Abolfazli S, Shiraz M, Gani A. SAMI: service-based arbitrated multi-tier offloading for energy saving on smartphones in mobile cloud computing. Inf
infrastructure model for mobile cloud computing. In: Proceedings of the IEEE Syst Front 2014;16(1):95–111. http://dx.doi.org/10.1007/s10796-013-9458-1.
MobiCC'12. Beijing, China: IEEE; 2012. p. 14–9. Xiao Z, Xiao Y. Security and privacy in cloud computing. IEEE Commun Surv Tutor
Sanaei Z, Abolfazli S, Gani A, Buyya R. Heterogeneity in mobile cloud computing: 2013;15(2):843–59.
taxonomy and open challenges. IEEE Commun Surv Tutor 2013;16(1):369–92. Xuanxia Y, Xiaoguang H, Xiaojiang D. A lightweight access control mechanism for
http://dx.doi.org/10.1109/SURV.2013.050113.00090. mobile cloud computing. In: 2014 IEEE conference on computer communica-
Sang-Ho S, Dong-Hyun K, Yoo K-Y. A lightweight multi-user authentication scheme tions workshops. Toronto, Canada: IEEE; 2014. p. 380–5. http://dx.doi.org/10.
based on cellular automata in cloud environment. In: 2012 IEEE 1st interna- 1109/INFCOMW.2014.6849262.
tional conference on cloud networking. Paris, France: IEEE; 2012. p. 176–8. doi: Xu L, Zheng X, Guo W, Chen G. A cloud-based monitoring framework for smart
http://dx.doi.org/10.1109/CloudNet.2012.6483680. home. In: 4th IEEE international conference on cloud computing technology
and science. Taipei, Taiwan: IEEE Computer Society; 2012. p. 805–10. http://dx. and basic technologies. Wuhan, China: SPIE; 2013. http://dx.doi.org/10.1117/12.
doi.org/10.1109/CloudCom.2012.6427534 . 2014030.
Xu L, Cao X, Zhang Y, Wu W. Software service signature (S3) for authentication in Yu-Jia C, Li-Chun W. A security framework of group location-based mobile appli-
cloud computing. Clust Comput 2013;16(4):1–10. http://dx.doi.org/10.1007/ cations in cloud computing. In: 40th international conference on parallel pro-
s10586-013-0262-y. cessing workshops. Taipei City: IEEE; 2011. p. 184–90. http://dx.doi.org/10.1109/
Yang SY, Hsu CL, Lee DL. An ontology-supported ubiquitous interface agent for ICPPW.2011.6.
cloud computing-example on Bluetooth wireless technique with java pro- Zeng P, Cao Z, Choo K-k, Wang S. On the anonymity of some authentication
gramming. In: Ninth international conference on machine learning and schemes for wireless communications. IEEE Commun Lett 2009;13(3):170–1.
cybernetics. Qingdao, China: IEEE; 2010. p. 2971–8. http://dx.doi.org/10.1109/LCOMM.2009.081821.
Yang S, Kwon Y, Cho Y, Yi H, Kwon D, Youn J, et al. Fast dynamic execution off- Zhang Z-h, Li J-j, Jiang W, Zhao Y, Gong B. An new anonymous authentication
loading for efficient mobile cloud computing. In: 2013 IEEE international con- scheme for cloud computing. In: 7th international conference on computer
ference on pervasive computing and communications (PerCom). San Diego, science and education. Melbourne, Australia: IEEE; 2012. p. 896–8. doi: http://
USA: IEEE; 2013. p. 20–8. http://dx.doi.org/10.1109/PerCom.2013.6526710. dx.doi.org/10.1109/ICCSE.2012.6295212.
Yang S, Kwon D, Yi H, Cho Y, Kwon Y, Paek Y. Techniques to minimize state transfer costs Zhang J, Liu YS, Xue L. A remote monitoring system based on measuring instrument
for dynamic execution offloading in mobile cloud computing. IEEE Trans Mob cloud. In: 4th international conference on industry, information system and
Comput 2014;13(11):2648–60. http://dx.doi.org/10.1109/TMC.2014.2307293. material engineering. Switzerland, Nanjing, China: Trans Tech Publications;
Yao D, Yu C, Jin H, Zhou J. Energy efficient task scheduling in mobile cloud com- 2014. p. 525–9. http://dx.doi.org/10.4028/www.scientific.net/AMR.1014.525.
puting. In: Hsu C-H, Li X, Shi X, Zheng R, editors. Network and parallel com- Zhi-Hua Z, Jiang X-F, Jian-Jun L, Wei J. An identity-based authentication scheme in
puting. Lecture notes in computer science, vol. 8147. Berlin, Heidelberg: cloud computing. In: 2012 international conference on industrial control and
Springer; 2013. p. 344–55. http://dx.doi.org/10.1007/978-3-642-40820-5_29. electronics engineering. Xi'an, China: IEEE; 2012. p. 984–6. doi: http://dx.doi.
Yassin AA, Jin H, Ibrahim A, Zou D. Anonymous password authentication scheme by org/10.1109/ICICEE.2012.261.
using digital signature and fingerprint in cloud computing. In: Second inter- Zhou Z, Huang D. Efficient and secure data storage operations for mobile cloud
national conference on cloud and green computing. Xiangtan, China: IEEE; computing. In: Proceedings of the 8th international conference on network and
2012. p. 282–9. doi: http://dx.doi.org/10.1109/CGC.2012.91. service management. International Federation for Information Processing, Las
Yongqing S, Xiang Z. Desktop cloud-based research on unified authentication Vegas, USA; 2012. p. 37–45.
architecture. In: 2012 spring congress on engineering and technology. Xian, Zhu H, Lin X, Shi M, Ho P-h, Shen XS. PPAB: a privacy-preserving authentication and
China: IEEE; 2012. p. 1–4. doi: http://dx.doi.org/10.1109/SCET.2012.6342101. billing architecture for metropolitan area sharing networks. IEEE Trans Veh
Yoon E-J, Choi S-B, Yoo K-Y. A secure and efficiency ID-based authenticated key Technol 2009;58(5):2529–43. http://dx.doi.org/10.1109/TVT.2008.2007983.
agreement scheme based on elliptic curve cryptosystem for mobile devices. Zhu X, Yang LT, Chen H, Wang J, Yin S, Liu X. Real-time tasks oriented energy-aware
Comput Sci Eng 2012;8(4):2637–53. scheduling in virtualized clouds. IEEE Trans Cloud Comput 2014;2(2):168–80.
Yu X, Wen Q. Design of security solution to mobile cloud storage. In: Tan H, editor. Knowledge http://dx.doi.org/10.1109/TCC.2014.2310452.
discovery and data mining- advances in intelligent and soft computing. Berlin, Heidel- Zissis D, Lekkas D. Addressing cloud computing security issues. Future Gener Comput Syst
berg: Springer; 2012. p. 255–63. http://dx.doi.org/10.1007/978-3-642-27708-5_34. 2012;28(3):583–92. http://dx.doi.org/10.1016/j.future.2010.12.006.
X. Yu, Q. Wen, A protect solution for data security in mobile cloud storage. In: 5th
international conference on machine vision: algorithms, pattern recognition

Authentication in Mobile Cloud Computing - A Survey

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Authentication in Mobile Cloud Computing - A Survey

Uploaded by

Copyright:

Available Formats

Journal of Network and Computer Applications 61 (2016) 59–80

Contents lists available at ScienceDirect

Journal of Network and Computer Applications

Authentication in mobile cloud computing: A survey

1. Introduction and motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

3.3.3. Security and robustness. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Distant Immobile Proximate Mobile Computing

Identity-based Context-based Identity-based Context-based

FDZ [94] TrustCube [92]

MDA [117] SeDiCi 2.0 [120] NemoAuth [104]

Fig. 2. Taxonomy of the state-of-the-art authentication in MCC.

MDcloud MDuser MDcloud MDuser

If MD* matches MD, then the cloud MD

Fig. 6. The cloud server authentication procedure in MDA.

Fig. 4. The procedure of the authentication request message in MDA method.

3.2.1. Identity-based authentication methods

Decryption Fuzzy vault, digital signature, and zero-knowledge combination:

a. Sign R1 With RSA serv-,

Fig. 8. Entity authentication protocol.

QR code-based: According to Oh et al. (2011), the QR code, which

The image, ID, and password of mobile user are converted to QR

Securing mobile cloud computing using biometric authentication

3.3. Evaluation criteria for authentication in MCC

evaluation. The authentication methods presented in this survey 3.3.1. Usability

Scheme Pros Cons

Scheme Pros Cons

Scheme Pros Cons

Scheme Pros Cons

networks to preserve network connectivity, henceforth there is a 5.1. Heterogeneous infrastructure

Mobile Device Characteristics Usability Preferences

Mobile architecture Minimize User Effort

Security and Privacy Mobility

Support Heterogeneity Adaptiveness

Cloud server manger

Fig. 14. Effective factors in designing authentication scheme in MCC.

5.3. Identity privacy

In MCC, the mobile user privacy preservation is more challenging 6. Conclusions

You might also like