Journal of Telecommunication, Electronic and Computer Engineering (JTEC)
Abstract
Evolving enterprise in application and data with flexible and scalable infrastructure in cloud services could improve efficiency and productivity of a business operation. Cloud services also offer resource sharing, data storage and application platform as on-demand services that could reduce the operational expenditure. Nevertheless, increasing usage and accessibility to the cloud services require strong security control to preserve user’s privacy and data integrity due to network communication vulnerabilities. There are many possible attacks that could cause security breach and abuse the user’s identity, leading to illegal access to the server. Man-inthe-middle attack is one of the attacks that can intercept communication between users and collect all users’ information. The attacker can misuse the information and act as a legal user to gain access to the system. It is a big challenge to preserve user’s privacy and provide protection from malicious attack. This paper proposes anonymous authentication scheme to preserve user’s privacy and provide protection to such possible attacks. The proposed scheme also provides secure mutual authentication, anonymity, session key establishment and non-dependency with the third party. The proposed scheme uses password-based authentication as an authentication method with anonymity feature to preserve user’s privacy. Experiment was conducted to test and validate the proposed scheme with man-in-the-middle attack. The result of the experiment shows that the proposed scheme is able to provide the privacy to mitigate and successfully preserve the user’s identity from the attack
