A Time-Bound Ticket-Based Mutual Authentication Scheme for Cloud Computing

Zhuo Hao, Sheng Zhong, Nenghai Yu


Cloud computing is becoming popular quickly. In cloud computing, people store their important data in the cloud, which makes it important to ensure the data integrity and availability. Remote data integrity checking enables the client to perform data integrity verification without access to the complete file. This service brings convenience to clients, but degrades the server’s performance severely. Proper schemes must be designed to reduce the performance degradation.
In this paper, a time-bound ticket-based mutual authentication scheme is proposed for solving this problem. The proposed authentication scheme achieves mutual authentication between the server and the client. The use of timebound tickets reduces the server’s processing overhead efficiently. The correspondence relationship between the digital ticket and the client’s smart card prevents user masquerade attack effectively. By security analysis, we show that the proposed scheme is resistant to masquerade attack, replay attack and password guessing attack. By performance analysis, we show that the proposed scheme has good efficiency. The proposed scheme is very suitable for cloud computing.


cloud computing, mutual authentication, digital ticket, masquerade attack

Full Text:



B. Hayes, "Cloud computing," Commun. ACM, vol. 51, no. 7, pp. 9–11, 2008.

C. Cachin, I. Keidar, and A. Shraer, "Trusting the cloud," SIGACT News, vol. 40, no. 2, pp. 81–86, 2009.

Amazon.com, "Amazon Web Services (AWS)," http://aws.amazon.com/s3/, 2009.

Microsoft.com, "Microsoft Windows SkyDrive," http://windowslive.com/online/skydrive, 2009.

Nirvanix.com, "Nirvanix cloudNAS," http://www.nirvanix.com/products-services/, 2009.

G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, "Provable data possession at untrusted stores," in CCS '07: Proceedings of the 14th ACM conference on Computer and communications security, (New York, NY, USA), pp. 598–609, ACM, 2007.

A. Juels and B. S. Kaliski, Jr., "Pors: proofs of retrievability for large files," in CCS '07: Proceedings of the 14th ACM conference on Computer and communications security, (New York, NY, USA), pp. 584–597, ACM, 2007.

E.-C. Chang and J. Xu, "Remote integrity check with dishonest storage server," in 13th ESORICS, pp. 223–237, Springer Berlin / Heidelberg, 2008.

A. Heitzmann, B. Palazzi, C. Papamanthou, and R. Tamassia, "Efficient integrity checking of untrusted network storage," in StorageSS '08, pp. 43–54, ACM, 2008.

K. D. Bowers, A. Juels, and A. Oprea, "HAIL: a high-availability and integrity layer for cloud storage," in CCS '09, (New York, NY, USA), pp. 187–198, ACM, 2009.

I.-C. Lin and C.-C. Chang, "A countable and time-bound password-based user authentication scheme for the applications of electronic commerce," Information Sciences, vol. 179, no. 9, pp. 1269 – 1277, 2009.

P. C. Kocher, J. Jaffe, and B. Jun, "Differential power analysis," in CRYPTO '99: Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, (London, UK), pp. 388–397, Springer-Verlag, 1999.

T. Messerges, E. Dabbish, and R. Sloan, "Examining smart-card security under the threat of power analysis attacks," IEEE Transactions on Computers, vol. 51, no. 5, pp. 541–552, 2002.

H. Krawczyk, M. Bellare, and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication," RFC2104, February 1997.

"Crypto++ 5.6.0 benchmarks," http://www.cryptopp.com/benchmarks.html.

"Secure hash standard," Federal Information Processing Standards Publication 180-2, August 2002.

DOI: https://doi.org/10.15837/ijccc.2011.2.2170

Copyright (c) 2017 Zhuo Hao, Sheng Zhong, Nenghai Yu

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

CC-BY-NC  License for Website User

Articles published in IJCCC user license are protected by copyright.

Users can access, download, copy, translate the IJCCC articles for non-commercial purposes provided that users, but cannot redistribute, display or adapt:

  • Cite the article using an appropriate bibliographic citation: author(s), article title, journal, volume, issue, page numbers, year of publication, DOI, and the link to the definitive published version on IJCCC website;
  • Maintain the integrity of the IJCCC article;
  • Retain the copyright notices and links to these terms and conditions so it is clear to other users what can and what cannot be done with the  article;
  • Ensure that, for any content in the IJCCC article that is identified as belonging to a third party, any re-use complies with the copyright policies of that third party;
  • Any translations must prominently display the statement: "This is an unofficial translation of an article that appeared in IJCCC. Agora University  has not endorsed this translation."

This is a non commercial license where the use of published articles for commercial purposes is forbiden. 

Commercial purposes include: 

  • Copying or downloading IJCCC articles, or linking to such postings, for further redistribution, sale or licensing, for a fee;
  • Copying, downloading or posting by a site or service that incorporates advertising with such content;
  • The inclusion or incorporation of article content in other works or services (other than normal quotations with an appropriate citation) that is then available for sale or licensing, for a fee;
  • Use of IJCCC articles or article content (other than normal quotations with appropriate citation) by for-profit organizations for promotional purposes, whether for a fee or otherwise;
  • Use for the purposes of monetary reward by means of sale, resale, license, loan, transfer or other form of commercial exploitation;

    The licensor cannot revoke these freedoms as long as you follow the license terms.

[End of CC-BY-NC  License for Website User]

INTERNATIONAL JOURNAL OF COMPUTERS COMMUNICATIONS & CONTROL (IJCCC), With Emphasis on the Integration of Three Technologies (C & C & C),  ISSN 1841-9836.

IJCCC was founded in 2006,  at Agora University, by  Ioan DZITAC (Editor-in-Chief),  Florin Gheorghe FILIP (Editor-in-Chief), and  Misu-Jan MANOLESCU (Managing Editor).

Ethics: This journal is a member of, and subscribes to the principles of, the Committee on Publication Ethics (COPE).

Ioan  DZITAC (Editor-in-Chief) at COPE European Seminar, Bruxelles, 2015:

IJCCC is covered/indexed/abstracted in Science Citation Index Expanded (since vol.1(S),  2006); JCR2018: IF=1.585..

IJCCC is indexed in Scopus from 2008 (CiteScore2018 = 1.56):

Nomination by Elsevier for Journal Excellence Award Romania 2015 (SNIP2014 = 1.029): Elsevier/ Scopus

IJCCC was nominated by Elsevier for Journal Excellence Award - "Scopus Awards Romania 2015" (SNIP2014 = 1.029).

IJCCC is in Top 3 of 157 Romanian journals indexed by Scopus (in all fields) and No.1 in Computer Science field by Elsevier/ Scopus.


 Impact Factor in JCR2018 (Clarivate Analytics/SCI Expanded/ISI Web of Science): IF=1.585 (Q3). Scopus: CiteScore2018=1.56 (Q2); Editors-in-Chief: Ioan DZITAC & Florin Gheorghe FILIP.